Django Book 翻译
菜单>:
TOC
返回
原文:
The problem gets worse if you store this data in the database and later display it it on your site. For example, MySpace was once found to be vulnerable to an XSS attack of this nature. A user inserted JavaScript into his profile that automatically added him as your friend when you visited his profile page. Within a few days, he had millions of friends.
翻译:
如果您将这些数据保存在数据库中,然后将其显示在您的站点上,那么问题就变得更严重了。例如,一旦MySpace被发现这样的特点而能够轻易的被XSS攻击,后果不堪设想。某个用户向他的简介中插入JavaScript,使得您在访问他的简介页面时自动将其加为您的好友,这样在几天之内,这个人就能拥有上百万的好友。
备注:
译者: