Django Book 翻译
菜单>:
TOC
返回
原文:
Of course, an attacker wouldnt use something as benign as ``
`` tags; he could include a whole set of HTML that hijacked your page with arbitrary content. This type of attack has been used to trick users into entering data into what looks like their banks Web site, but in fact is an XSS-hijacked form that submits their back account information to an attacker.
翻译:
当然,一个攻击者不会使用
标签开始的类似代码,他可能会用任意内容去包含一个完整的HTML集来劫持您的页面。这种类型的攻击已经运用于虚假银行站点以诱骗用户输入个人信息,事实上这就是一种劫持XSS的形式,用以使用户向攻击者提供他们的银行帐户信息。
备注:
译者: