利用http的referer头和Servlet隐藏JavaScript代码
1. 定义一个用于输出JavaScript代码 的Servlet类。
package com.mycompany.response.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class HideJavaScript extends HttpServlet {
protected void service(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
response.setContentType("text/javascript;charset=UTF-8");
PrintWriter out = response.getWriter();
String referer = request.getHeader("referer");
if(!(referer==null)&&!referer.equalsIgnoreCase("")&&referer.startsWith("http://localhost:8080/response/"))
{
out.println("document.write('这些就是隐藏的JavaScript代码!')");
out.println("window.alert('执行了此代码!')");
}
&n
相关文档:
技术的js的replace默认只替换第一个,这不知道哪个设计的,如果我是 A / B / C / D 的字符串要变成 A-B-C-D 就要在被转内容使用后加/g,因为又带了/,加上各空格,在replace 的第一个参数应该是
var rut = /\/ /g;
然后
replace(rut, "-"); ......
第一种:
+展开
-HTML
<html>
<head>
</head>
<body>
<form name="form1">
<input type="text" name="getinfo" value="http://www.shuwo.net" size="40"><button onclick="alert(document.form1.getinfo.value ......
Struts Validator Framework provides an easy-to-use mechanism for performing client-side validation. It's very useful to validate some fields on the client-side before sending the data to the server for processing. By this way we can ensure that the data send to the server is valid. Performing valida ......
从2004年下半年开始学习Web编程至今3年有余。从HTML,asp开始到现在的VS2008一路学过来,其中学的最多的还是服务器端编程,对客户端编程的学习还是不成系统。虽然在很多个系统里面应用过脚本,有些还起到了比较重要的作用。但一直是只知其然不知其所以然,用的是小心翼翼。现在脚本编程从以前的"雕虫小技"变成了一个Web开 ......
