gpt4 book ai didi

query-string - 查询字符串中哪些字符不安全?

转载 作者:行者123 更新时间:2023-12-04 11:17:54 28 4
gpt4 key购买 nike

我需要防止导致 URL 漏洞的字符。
我的示例 URL 是 http://localhost/add.aspx?id=4;req=4。
请给出我需要阻止的字符列表。
我正在使用 ASP.NET网页。我正在绑定(bind)来自 SQL Server 的信息数据库。
我只想列出字符以远离黑客在 URL 中输入不需要的字符串。

最佳答案

根据您使用的技术,通常有一个内置函数可以为您处理此问题。

ASP.NET (VB) 和经典 ASP

myUrl = Server.UrlEncode(myUrl)

ASP.NET (C#)
myUrl = Server.UrlEncode(myUrl);

PHP
$myUrl = urlencode($myurl);

如果您只是想 删除不安全字符 ,你需要一个正则表达式。 RFC 1738定义哪些字符对于 URL 是不安全的:

Unsafe:

Characters can be unsafe for a number of reasons. The space
character is unsafe because significant spaces may disappear and
insignificant spaces may be introduced when URLs are transcribed or
typeset or subjected to the treatment of word-processing programs. The characters "<" and ">" are unsafe because they are used as the
delimiters around URLs in free text; the quote mark (""") is used to
delimit URLs in some systems. The character "#" is unsafe and should
always be encoded because it is used in World Wide Web and in other
systems to delimit a URL from a fragment/anchor identifier that might follow it. The character "%" is unsafe because it is used for
encodings of other characters. Other characters are unsafe because
gateways and other transport agents are known to sometimes modify such characters. These characters are "{", "}", "|", "\", "^", "~", "[", "]", and "`".

关于query-string - 查询字符串中哪些字符不安全?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/726662/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com