Django Book 翻译
菜单>:
TOC
返回
原文:
A canonical example is a site that stores a simple user preference (like a pages background color) in a cookie. An attacker could trick a user into clicking a link to submit a color that actually contains an XSS attack; if that color isnt escaped, the user could again inject malicious code into the users environment.
翻译:
一个经典的例子就是一个站点在某个cookie中存储了简单的用户偏好(比如一个页面背景颜色)。攻击者能够诱骗用户点击某个链接来提交某种颜色,而实际上链接中已经包含了某个XXS攻击,如果这个颜色没有被转义,攻击者就可以继续向该用户环境中注入恶意代码。
备注:
译者: