tffff.github.io/docs__interview__safe__00.md.js at master · tffff/tffff.github.io · GitHub

1
(window["webpackJsonp"]=window["webpackJsonp"]||[]).push([[29],{pPFn:function(e,l,a){"use strict";a.r(l);var t=a("q1tI"),n=a.n(t),c=a("dEAq"),r=n.a.memo((e=>{e.demos;return n.a.createElement(n.a.Fragment,null,n.a.createElement(n.a.Fragment,null,n.a.createElement("div",{className:"markdown"},n.a.createElement("h2",{id:"\u524d\u7aef\u5b89\u5168"},n.a.createElement(c["AnchorLink"],{to:"#\u524d\u7aef\u5b89\u5168","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"\u524d\u7aef\u5b89\u5168"),n.a.createElement("h3",{id:"1-xss-\u8de8\u7ad9\u811a\u672c\u653b\u51fb"},n.a.createElement(c["AnchorLink"],{to:"#1-xss-\u8de8\u7ad9\u811a\u672c\u653b\u51fb","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"1. XSS \u8de8\u7ad9\u811a\u672c\u653b\u51fb"),n.a.createElement("p",null,"\u5c31\u662f\u653b\u51fb\u8005\u60f3\u5c3d\u4e00\u5207\u529e\u6cd5\u5c06\u53ef\u4ee5\u6267\u884c\u7684\u4ee3\u7801\u6ce8\u5165\u5230\u7f51\u9875\u4e2d"),n.a.createElement("ul",null,n.a.createElement("li",null,n.a.createElement("p",null,n.a.createElement("code",null,"\u5b58\u50a8\u578b(server\u7aef)")),n.a.createElement("ul",null,n.a.createElement("li",null,"\u573a\u666f\uff1a\u89c1\u4e8e\u5f85\u7528\u6237\u4fdd\u5b58\u6570\u636e\u7684\u7f51\u7ad9\u529f\u80fd\uff0c\u5982\uff1a\u8bba\u575b\u53d1\u5e16\u3001\u5546\u54c1\u8bc4\u8bba\u3001\u79c1\u4fe1\u7b49"),n.a.createElement("li",null,"\u653b\u51fb\u6b65\u9aa4\uff1a",n.a.createElement("ul",null,n.a.createElement("li",null,"\u653b\u51fb\u8005\u5c06\u6076\u610f\u4ee3\u7801\u63d0\u4ea4\u5230\u76ee\u6807\u7f51\u7ad9\u7684\u6570\u636e\u5e93\u4e2d"),n.a.createElement("li",null,"\u7528\u6237\u5c06\u76ee\u6807\u7f51\u7ad9\u6253\u5f00\uff0c\u4ece\u670d\u52a1\u53d6\u51fa\u91cc\u9762\u7684\u6076\u610f\u4ee3\u7801\u62fc\u63a5\u6210 HTML \u8fd4\u56de\u5230\u9875\u9762"),n.a.createElement("li",null,"\u7528\u6237\u6d4f\u89c8\u5668\u5728\u6536\u5230\u54cd\u5e94\u4e4b\u540e\u89e3\u6790\u6267\u884c\uff0c\u6df7\u5728\u5176\u4e2d\u7684\u6076\u610f\u4ee3\u7801\u4e5f\u88ab\u6267\u884c"),n.a.createElement("li",null,"\u6076\u610f\u4ee3\u7801\u7a83\u53d6\u7528\u6237\u6570\u636e\uff0c\u5e76\u53d1\u9001\u5230\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\uff0c\u6216\u8005\u5192\u5145\u7528\u6237\u884c\u4e3a\u8c03\u7528\u76ee\u6807\u7f51\u7ad9\u7684\u670d\u52a1\uff0c\u8fdb\u884c\u6076\u610f\u64cd\u4f5c"))))),n.a.createElement("li",null,n.a.createElement("p",null,n.a.createElement("code",null,"\u653e\u5c04\u578b(server\u7aef)"),"\u4e0e\u5b58\u50a8\u578b\u7684\u533a\u522b\u662f\uff0c\u653e\u5c04\u578b\u7684\u653b\u51fb\u4ee3\u7801\u662f\u5728 URL \u4e0a\uff0c\u5b58\u50a8\u578b\u7684\u662f\u5728\u5b58\u5728\u6570\u636e\u5e93\u4e2d"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u573a\u666f\uff1a\u901a\u8fc7 url \u4f20\u9012\u7684\u53c2\u6570\u653b\u51fb\uff0c\u5982\u641c\u7d22\u3001\u8df3\u8f6c\u7b49"),n.a.createElement("li",null,"\u653b\u51fb\u6b65\u9aa4\uff1a",n.a.createElement("ul",null,n.a.createElement("li",null,"\u653b\u51fb\u8005\u5305\u542b\u6076\u610f\u7684\u4ee3\u7801\u5728 url \u4e0a"),n.a.createElement("li",null,"\u7528\u6237\u6253\u5f00\u5e26\u6709\u6076\u610f\u4ee3\u7801\u7684\u94fe\u63a5\uff0c\u7f51\u7ad9\u670d\u52a1\u5c06\u6076\u610f\u4ee3\u7801\u53d6\u51fa\uff0c\u62fc\u5728 html \u4e0a\u9762\u8fd4\u56de\u7ed9\u6d4f\u89c8\u5668"),n.a.createElement("li",null,"\u7528\u6237\u6d4f\u89c8\u5668\u63a5\u6536\u5230\u4e4b\u540e\u89e3\u6790\uff0c\u6df7\u5728\u91cc\u9762\u7684\u6076\u610f\u4ee3\u7801\u4e5f\u88ab\u6267\u884c"),n.a.createElement("li",null,"\u6076\u610f\u4ee3\u7801\u7a83\u53d6\u7528\u6237\u6570\u636e\uff0c\u5e76\u53d1\u9001\u5230\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\uff0c\u6216\u8005\u5192\u5145\u7528\u6237\u884c\u4e3a\u8c03\u7528\u76ee\u6807\u7f51\u7ad9\u7684\u670d\u52a1\uff0c\u8fdb\u884c\u6076\u610f\u64cd\u4f5c"))))),n.a.createElement("li",null,n.a.createElement("p",null,n.a.createElement("code",null,"DOM\u578b(\u6d4f\u89c8\u5668\u7aef)"),"Dom \u578b xss \u653b\u51fb\u4e2d\uff0c\u53d6\u51fa\u6076\u610f\u4ee3\u7801\u7531\u6d4f\u89c8\u5668\u5b8c\u6210\uff0c\u5c5e\u4e8e\u524d\u7aef javascript \u81ea\u8eab\u7684\u5b89\u5168\u6f0f\u6d1e"),n.a.createElement("ul",null,n.a.createElement("li",null,n.a.createElement("p",null,"\u573a\u666f\uff1a\u901a\u8fc7 url \u4f20\u9012\u7684\u53c2\u6570\u653b\u51fb\uff0c\u5982\u641c\u7d22\u3001\u8df3\u8f6c\u7b49")),n.a.createElement("li",null,n.a.createElement("p",null,"\u653b\u51fb\u6b65\u9aa4\uff1a"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u653b\u51fb\u8005\u5305\u542b\u6076\u610f\u7684\u4ee3\u7801\u5728 url \u4e0a"),n.a.createElement("li",null,"\u7528\u6237\u6253\u5f00\u5e26\u6709\u6076\u610f\u4ee3\u7801\u7684 url"),n.a.createElement("li",null,"\u7528\u6237\u6d4f\u89c8\u5668\u63a5\u6536\u5230\u4e4b\u540e\u89e3\u6790\uff0c\u524d\u7aef javascript \u53d6\u51fa\u4ee3\u7801\u6267\u884c\uff0c\u6df7\u5728\u91cc\u9762\u7684\u6076\u610f\u4ee3\u7801\u4e5f\u88ab\u6267\u884c"),n.a.createElement("li",null,"\u6076\u610f\u4ee3\u7801\u7a83\u53d6\u7528\u6237\u6570\u636e\uff0c\u5e76\u53d1\u9001\u5230\u653b\u51fb\u8005\u6307\u5b9a\u7684\u7f51\u7ad9\uff0c\u6216\u8005\u5192\u5145\u7528\u6237\u884c\u4e3a\u8c03\u7528\u76ee\u6807\u7f51\u7ad9\u7684\u670d\u52a1\uff0c\u8fdb\u884c\u6076\u610f\u64cd\u4f5c")))))),n.a.createElement("p",null,n.a.createElement("strong",null,"\u9884\u9632\u65b9\u6848")),n.a.createElement("ul",null,n.a.createElement("li",null,"\u5bf9\u6570\u636e\u8fdb\u884c\u4e25\u683c\u7684\u7f16\u7801\uff0c\u5982 html \u7f16\u7801\u3001js \u7f16\u7801\u3001css \u7f16\u7801\u3001url \u7f16\u7801\uff0c\u907f\u514d\u62fc\u63a5 html;vue/react \u6280\u672f\u6808\u907f\u514d\u4f7f\u7528 v-html/dangerouslySetInnerHTML"),n.a.createElement("li",null,"CSP HTTP Header\uff0c\u5373 Content-Security-Policy\u3001X-XSS-Protection",n.a.createElement("ul",null,n.a.createElement("li",null,"\u589e\u52a0\u653b\u51fb\u96be\u5ea6\uff0c\u914d\u7f6e CSP(\u672c\u8d28\u662f\u5efa\u7acb\u767d\u540d\u5355\uff0c\u7531\u6d4f\u89c8\u5668\u62e6\u622a)"),n.a.createElement("li",null,"Content-Security-Policy: default-src 'self' -\u6240\u6709\u5185\u5bb9\u5747\u6765\u81ea\u7ad9\u70b9\u7684\u540c\u4e00\u4e2a\u6e90\uff08\u4e0d\u5305\u62ec\u5176\u5b50\u57df\u540d\uff09"),n.a.createElement("li",null,"Content-Security-Policy: default-src 'self' *.trusted.com-\u5141\u8bb8\u5185\u5bb9\u6765\u81ea\u4fe1\u4efb\u7684\u57df\u540d\u53ca\u5176\u5b50\u57df\u540d (\u57df\u540d\u4e0d\u5fc5\u987b\u4e0e CSP \u8bbe\u7f6e\u6240\u5728\u7684\u57df\u540d\u76f8\u540c)"),n.a.createElement("li",null,"Content-Security-Policy: default-src ",n.a.createElement(c["Link"],{to:"https://baidu.com-/%E8%AF%A5%E6%9C%8D%E5%8A%A1%E5%99%A8%E4%BB%85%E5%85%81%E8%AE%B8%E9%80%9A%E8%BF%87HTTPS%E6%96%B9%E5%BC%8F%E5%B9%B6%E4%BB%85%E4%BB%8Ebaicu.com%E5%9F%9F%E5%90%8D%E6%9D%A5%E8%AE%BF%E9%97%AE%E6%96%87%E6%A1%A3"},"https://baidu.com-\u8be5\u670d\u52a1\u5668\u4ec5\u5141\u8bb8\u901a\u8fc7HTTPS\u65b9\u5f0f\u5e76\u4ec5\u4ecebaicu.com\u57df\u540d\u6765\u8bbf\u95ee\u6587\u6863")))),n.a.createElement("li",null,"\u8f93\u5165\u9a8c\u8bc1\uff1a\u6bd4\u5982\u4e00\u4e9b\u5e38\u89c1\u7684\u6570\u5b57\u3001\u90ae\u7bb1\u3001url\u3001\u7535\u8bdd\u53f7\u7801\u8fdb\u884c\u5224\u65ad"),n.a.createElement("li",null,"\u5f00\u542f\u6d4f\u89c8\u5668 XSS \u9632\u5fa1\uff0chttp only cookie\uff0c\u7981\u6b62 javascript \u8bfb\u53d6\u67d0\u4e9b\u654f\u611f cookie\uff0c\u653b\u51fb\u8005\u5b8c\u6210 XSS \u6ce8\u5165\u540e\u4e5f\u65e0\u6cd5\u7a83\u53d6\u6b64 cookie"),n.a.createElement("li",null,"\u9a8c\u8bc1\u7801")),n.a.createElement("h3",{id:"2-csrf-\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020"},n.a.createElement(c["AnchorLink"],{to:"#2-csrf-\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"2. CSRF: \u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020"),n.a.createElement("p",null,"\u653b\u51fb\u8005\u8bf1\u5bfc\u53d7\u5bb3\u8005\u8fdb\u5165\u7b2c\u4e09\u65b9\u7f51\u7ad9\uff0c\u5728\u7b2c\u4e09\u65b9\u7f51\u7ad9\u4e2d\uff0c\u5411\u88ab\u653b\u51fb\u7f51\u7ad9\u53d1\u9001\u8de8\u7ad9\u8bf7\u6c42\uff0c\u5229\u7528\u53d7\u5bb3\u8005\u5728\u88ab\u653b\u51fb\u7f51\u7ad9\u6240\u53d6\u5f97\u7684\u6ce8\u518c\u51ed\u8bc1\u7ed5\u8fc7\u540e\u53f0\u7684\u9a8c\u8bc1\uff0c\u8fbe\u5230\u5192\u5145\u7528\u6237\u5230\u88ab\u653b\u51fb\u8005\u7684\u7f51\u7ad9\u6267\u884c\u60f3\u7684\u6743\u5229"),n.a.createElement("ul",null,n.a.createElement("li",null,n.a.createElement("p",null,"\u653b\u51fb\u4e3e\u4f8b\uff1a"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u53d7\u5bb3\u8005\u767b\u5f55\u4e00\u4e2a\u7f51\u7ad9 a \u5e76\u4fdd\u7559\u4e86\u767b\u5f55\u51ed\u8bc1(cookie)"),n.a.createElement("li",null,"\u653b\u51fb\u8005\u5f15\u8bf1\u53d7\u5bb3\u8005\u8bbf\u95ee\u53e6\u4e00\u4e2a\u7f51\u7ad9 b"),n.a.createElement("li",null,"\u7f51\u7ad9 b \u5411 a \u53d1\u9001\u4e86\u4e00\u4e2a\u8bf7\u6c42 a.com/act=xxx \u6d4f\u89c8\u5668\u4f1a\u9ed8\u8ba4\u643a\u5e26 a.com \u7684 cookie"),n.a.createElement("li",null,"\u7f51\u7ad9 a \u63a5\u6536\u5230\u8bf7\u6c42\u540e\uff0c\u5bf9\u8bf7\u6c42\u8fdb\u884c\u8ba4\u8bc1\uff0c\u786e\u8ba4\u662f\u7528\u6237\u7684\u51ed\u8bc1\uff0c\u8bef\u4ee5\u4e3a\u662f\u7528\u6237\u81ea\u5df1\u53d1\u9001\u7684\u8bf7\u6c42"),n.a.createElement("li",null,"\u7f51\u7ad9 a \u4ee5\u7528\u6237\u7684\u540d\u4e49\u6267\u884c\u4e86 act=xxx"),n.a.createElement("li",null,"\u653b\u51fb\u5b8c\u6210\uff0c\u653b\u51fb\u8005\u5728\u7528\u6237\u4e0d\u77e5\u9053\u7684\u60c5\u51b5\u4e0b\uff0c\u5192\u5145\u4e86\u53d7\u5bb3\u5219\uff0c\u8ba9\u7f51\u7ad9 a \u6267\u884c\u4e86\u81ea\u5df1\u5b9a\u4e49\u7684\u64cd\u4f5c"))),n.a.createElement("li",null,n.a.createElement("p",null,"\u653b\u51fb\u7c7b\u578b\uff1a"),n.a.createElement("ul",null,n.a.createElement("li",null,n.a.createElement("code",null,"get\u7c7b\u578b"),"\uff1a\u6bd4\u5982\u67d0\u4e2a img \u53d1\u9001\u4e86\u4e00\u4e2a\u8bf7\u6c42"),n.a.createElement("li",null,n.a.createElement("code",null,"post\u7c7b\u578b"),"\uff1a\u901a\u8fc7\u81ea\u52a8\u63d0\u4ea4\u8868\u5355\u5230\u6076\u610f\u7f51\u7ad9"),n.a.createElement("li",null,n.a.createElement("code",null,"\u94fe\u63a5\u578b"),"\uff1a\u8bf1\u5bfc\u7528\u6237\u70b9\u51fb\u6076\u610f\u94fe\u63a5"))),n.a.createElement("li",null,n.a.createElement("p",null,"\u9884\u9632\u65b9\u6848\uff1a \u56e0\u4e3a CSRF \u901a\u5e38\u662f\u901a\u8fc7\u7b2c\u4e09\u65b9\u7f51\u7ad9\u6765\u53d1\u8d77\u653b\u51fb\uff0c\u6240\u4ee5\u53ea\u80fd\u63d0\u9ad8\u81ea\u5df1\u7f51\u7ad9\u7684\u5b89\u5168\u624d\u80fd\u9632\u5907"),n.a.createElement("ul",null,n.a.createElement("li",null,n.a.createElement("p",null,"\u540c\u6e90\u68c0\u6d4b\uff1a\u901a\u8fc7 header \u4e2d\u7684 origin header\u3001referer header \u786e\u5b9a\uff0c\u5728\u4e0d\u540c\u6d4f\u89c8\u5668\u4f1a\u6709\u4e0d\u540c\u7684\u5b9e\u73b0\uff0c\u4e0d\u80fd\u5b8c\u5168\u4fdd\u8bc1")),n.a.createElement("li",null,n.a.createElement("p",null,"CSRF token \u9a8c\u8bc1\uff1a\u5c06 CSRF token \u8f93\u51fa\u5230\u9875\u9762\u4e2d\uff08\u901a\u5e38\u4fdd\u5b58\u5728 session \u4e2d\uff09\uff0c\u9875\u9762\u63d0\u4ea4\u7684\u8bf7\u6c42\u5e26\u4e0a\u8fd9\u4e2a token,\u670d\u52a1\u5668\u9a8c\u8bc1 token \u662f\u5426\u6b63\u786e")),n.a.createElement("li",null,n.a.createElement("p",null,"\u53cc\u91cd cookie \u9a8c\u8bc1\uff1a\u5728\u7528\u6237\u8bbf\u95ee\u9875\u9762\u7684\u65f6\u5019\u5e26\u4e00\u4e2a cookie(\u968f\u673a\u5b57\u7b26\u4e32)\uff0c\u524d\u7aef\u50cf\u540e\u7aef\u53d1\u8d77\u8bf7\u6c42\u65f6\u643a\u5e26\u8fd9\u4e2a cookie,\u5e76\u4e14\u6dfb\u52a0\u5230 url \u4e0a\uff0c\u670d\u52a1\u5668\u9a8c\u8bc1 cookie \u7684\u5b57\u6bb5\u662f\u5426\u662f\u548c url \u4e0a\u9762\u662f\u4e00\u6837\u7684\uff0c\u4e0d\u4e00\u81f4\u5c31\u62d2\u7edd"),n.a.createElement("p",null,n.a.createElement("strong",null,"\u4f18\u70b9")),n.a.createElement("p",null,"\u65e0\u9700\u4f7f\u7528 session,\u9002\u7528\u9762\u66f4\u5e7f\uff0c\u6613\u4e8e\u5b9e\u65bd\uff1btoken \u5b58\u5728\u5ba2\u6237\u7aef\u4e2d\uff0c\u4e0d\u4f1a\u7ed9\u670d\u52a1\u5668\u538b\u529b\uff1b\u76f8\u5bf9\u4e8e token \u5b9e\u65bd\u6210\u672c\u66f4\u4f4e\uff0c\u53ef\u4ee5\u524d\u540e\u7aef\u7edf\u4e00\u6821\u9a8c\u62e6\u622a\uff0c\u4e0d\u9700\u8981\u4e00\u4e2a\u4e00\u4e2a\u63a5\u53e3\u52a0"),n.a.createElement("p",null,n.a.createElement("strong",null,"\u7f3a\u70b9"),"cookie \u4e2d\u589e\u52a0\u4e86\u989d\u5916\u7684\u5b57\u6bb5\u3002 -\u5982\u679c\u6709\u5176\u4ed6\u6f0f\u6d1e\uff08\u4f8b\u5982 XSS\uff09\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u6ce8\u5165 cookie\uff0c\u90a3\u4e48\u8be5\u9632\u5fa1\u65b9\u5f0f\u5931\u6548\u3002 -\u96be\u4ee5\u505a\u5230\u5b50\u57df\u540d\u7684\u9694\u79bb\u3002 -\u4e3a\u4e86\u786e\u4fdd cookie \u4f20\u8f93\u5b89\u5168\uff0c\u91c7\u7528\u8fd9\u79cd\u9632\u5fa1\u65b9\u5f0f\u7684\u6700\u597d\u786e\u4fdd\u7528\u6574\u7ad9 HTTPS \u7684\u65b9\u5f0f\uff0c\u5982\u679c\u8fd8\u6ca1\u5207 HTTPS \u7684\u4f7f\u7528\u8fd9\u79cd\u65b9\u5f0f\u4e5f\u4f1a\u6709\u98ce\u9669\u3002Cookie \u7684",n.a.createElement(c["Link"],{to:"http://www.ruanyifeng.com/blog/2019/09/cookie-samesite.html"},"SameSite \u5c5e\u6027"),"\u7528\u6765\u9650\u5236\u7b2c\u4e09\u65b9 Cookie\uff0c\u4ece\u800c\u51cf\u5c11\u5b89\u5168\u98ce\u9669"))))),n.a.createElement("h3",{id:"3iframe"},n.a.createElement(c["AnchorLink"],{to:"#3iframe","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"3\u3001iframe"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u5d4c\u5165\u7b2c\u4e09\u65b9 iframe \u4f1a\u6709\u5f88\u591a\u4e0d\u53ef\u63a7\u7684\u95ee\u9898\uff0c\u540c\u65f6\u5f53\u7b2c\u4e09\u65b9 iframe \u51fa\u73b0\u95ee\u9898\u6216\u88ab\u52ab\u6301\u4e4b\u540e\uff0c\u4e5f\u4f1a\u8bf1\u53d1\u5b89\u5168\u6027\u95ee\u9898"),n.a.createElement("li",null,"\u70b9\u51fb\u52ab\u6301\uff0c\u653b\u51fb\u8005\u5c06\u76ee\u6807\u7f51\u7ad9\u901a\u8fc7 iframe \u524d\u53f0\u7684\u65b9\u5f0f\u5d4c\u5165\u81ea\u5df1\u7684\u7f51\u9875\u4e2d\uff0c\u5e76\u5c06 iframe \u8bbe\u7f6e\u900f\u660e\uff0c\u8bf1\u5bfc\u7528\u6237\u70b9\u51fb"),n.a.createElement("li",null,"\u7981\u6b62\u81ea\u5df1\u7684 iframe \u4e2d\u7684\u94fe\u63a5\u5916\u90e8\u7f51\u7ad9\u7684 js")),n.a.createElement("p",null,n.a.createElement("strong",null,"\u9884\u9632\u65b9\u6848")),n.a.createElement("ul",null,n.a.createElement("li",null,"\u4e3a iframe \u8bbe\u7f6e sandbox \u5c5e\u6027\uff0c\u901a\u8fc7\u4ed6\u53ef\u4ee5\u5bf9 iframe \u7684\u5404\u79cd\u884c\u4e3a\u8fdb\u884c\u63a7\u5236\uff0c\u5145\u5206\u5b9e\u73b0",n.a.createElement("strong",null,"\u6700\u5c0f\u6743\u9650"),"\u539f\u5219"),n.a.createElement("li",null,"\u670d\u52a1\u7aef\u8bbe\u7f6e ",n.a.createElement("code",null,"X-Frame-Options Header"),"\u5934\uff0c\u62d2\u7edd\u9875\u9762\u88ab\u5d4c\u5957\uff0c",n.a.createElement("code",null,"X-Frame-Options"),"\u662f http \u54cd\u5e94\u5934\u4e2d\u7684\u7528\u6765\u544a\u8bc9\u6d4f\u89c8\u5668\u4e00\u4e2a\u9875\u9762\u662f\u5426\u53ef\u4ee5\u5d4c\u5165 iframe \u4e2d"),n.a.createElement("li",null,"\u8bbe\u7f6e ",n.a.createElement("code",null,"CSP")," \u5373",n.a.createElement("code",null,"Content-Security-Policy"),"\u8bf7\u6c42\u5934"),n.a.createElement("li",null,"\u51cf\u5c11\u5bf9 iframe \u7684\u4f7f\u7528")),n.a.createElement("h3",{id:"4\u9519\u8bef\u7684\u5185\u5bb9\u63a8\u65ad"},n.a.createElement(c["AnchorLink"],{to:"#4\u9519\u8bef\u7684\u5185\u5bb9\u63a8\u65ad","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"4\u3001\u9519\u8bef\u7684\u5185\u5bb9\u63a8\u65ad"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u8bf4\u660e \u6587\u4ef6\u4e0a\u4f20\u7c7b\u578b\u6821\u9a8c\u5931\u8d25\u540e\uff0c\u5bfc\u81f4\u6076\u610f\u7684 js \u6587\u4ef6\u4e0a\u4f20\u540e\uff0c\u6d4f\u89c8\u5668\u9ed8\u8ba4\u7684 content-type header \u7684\u89e3\u6790\u4e3a\u53ef\u6267\u884c\u7684\u6587\u4ef6"),n.a.createElement("li",null,"\u9884\u9632\u65b9\u6848 \u8bbe\u7f6e ",n.a.createElement("code",null,"X-Content-Type-Options")," \u5934")),n.a.createElement("h3",{id:"5\u7b2c\u4e09\u65b9\u4f9d\u8d56\u5305"},n.a.createElement(c["AnchorLink"],{to:"#5\u7b2c\u4e09\u65b9\u4f9d\u8d56\u5305","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"5\u3001\u7b2c\u4e09\u65b9\u4f9d\u8d56\u5305"),n.a.createElement("p",null,"\u51cf\u5c11\u7b2c\u4e09\u65b9\u5305\u7684\u4f9d\u8d56\uff0c\u4f8b\u5982 event-stream \u88ab\u7206\u51fa\u6076\u610f\u653b\u51fb\u6570\u5b57\u8d27\u5e01"),n.a.createElement("h3",{id:"6https"},n.a.createElement(c["AnchorLink"],{to:"#6https","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"6\u3001HTTPS"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u63cf\u8ff0 \u9ed1\u5ba2\u5229\u7528 SSL Stripping \u8fd9\u79cd\u653b\u51fb\u624b\u6bb5\uff0c\u5f3a\u5236\u8ba9 HTTPS \u964d\u56de HTTP\uff0c\u4ece\u800c\u7ee7\u7eed\u4ece\u4e2d\u95f4\u4eba\u653b\u51fb"),n.a.createElement("li",null,"\u9884\u9632\u65b9\u6848 \u4f7f\u7528 HSTS(HTTP Strict Transport Security),\u4ed6\u901a\u8fc7\u4e0b\u9762\u7684\u8fd9\u4e2a http header \u4ee5\u53ca\u9884\u52a0\u8f7d\u7684\u6e05\u5355\uff0c\u6765\u544a\u77e5\u6d4f\u89c8\u5668\u548c\u7f51\u7ad9\u8fdb\u884c\u901a\u4fe1\u7684\u65f6\u5019\u5f3a\u5236\u6027\u7684\u4f7f\u7528 Https,\u800c\u4e0d\u662f\u901a\u8fc7\u660e\u6587\u7684 HTTPS \u8fdb\u884c\u901a\u4fe1\uff0c\u8fd9\u91cc\u7684\u5f3a\u5236\u6027\u8868\u73b0\u4e3a\u6d4f\u89c8\u5668\u65e0\u8bba\u5728\u4efb\u4f55\u60c5\u51b5\u4e0b\u90fd\u76f4\u63a5\u5411\u670d\u52a1\u7aef\u53d1\u8d77 HTTP \u8bf7\u6c42\uff0c\u800c\u4e0d\u518d\u50cf\u4ee5\u5f80\u90a3\u6837\u4ece HTTP \u8df3\u8f6c\u5230 HTTPS,\u53e6\u5916\uff0c\u5f53\u9047\u5230\u8bc1\u4e66\u6216\u8005\u94fe\u63a5\u4e0d\u5b89\u5168\u7684\u65f6\u5019\uff0c\u9996\u5148\u8b66\u544a\u7528\u6237\uff0c\u5e76\u4e14\u4e0d\u5728\u7528\u6237\u9009\u62e9\u662f\u5426\u7ee7\u7eed\u9009\u62e9\u4e0d\u5b89\u5168\u7684\u901a\u4fe1")),n.a.createElement("h3",{id:"7\u672c\u5730\u5b58\u50a8\u6570\u636e"},n.a.createElement(c["AnchorLink"],{to:"#7\u672c\u5730\u5b58\u50a8\u6570\u636e","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"7\u3001\u672c\u5730\u5b58\u50a8\u6570\u636e"),n.a.createElement("p",null,"\u907f\u514d\u91cd\u8981\u7684\u7528\u6237\u4fe1\u606f\u5b58\u5728\u6d4f\u89c8\u5668\u7f13\u5b58\u4e2d"),n.a.createElement("h3",{id:"8\u9759\u6001\u8d44\u6e90\u5b8c\u6574\u6027\u6821\u9a8c"},n.a.createElement(c["AnchorLink"],{to:"#8\u9759\u6001\u8d44\u6e90\u5b8c\u6574\u6027\u6821\u9a8c","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"8\u3001\u9759\u6001\u8d44\u6e90\u5b8c\u6574\u6027\u6821\u9a8c"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u63cf\u8ff0 \u4f7f\u7528\u5185\u63a8\u5206\u53d1\u7f51\u7edc(CDN\uff09\u5728\u591a\u4e2a\u7ad9\u70b9\u4e4b\u95f4\u5171\u4eab\u811a\u672c\u548c\u6837\u5f0f\u8868\u7b49\u6587\u4ef6\u53ef\u4ee5\u63d0\u9ad8\u7ad9\u70b9\u6027\u80fd\u5e76\u8282\u7701\u5e26\u5bbd\uff0c\u4f46\u662f\u4f7f\u7528 CDN \u4e5f\u4f1a\u5b58\u5728\u98ce\u9669\uff0c\u5982\u679c\u653b\u51fb\u8005\u83b7\u5f97\u5bf9 CDN \u7684\u63a7\u5236\u6743\uff0c\u5219\u53ef\u4ee5\u5c06\u4efb\u610f\u6076\u610f\u5185\u5bb9\u6ce8\u5165\u5230 CDN \u4e0a\u7684\u6587\u4ef6\u4e2d\uff08\u6216\u8005\u66ff\u6362\u6389\u6587\u4ef6\uff09\uff0c\u56e0\u6b64\u53ef\u80fd\u6f5c\u5728\u7684\u653b\u51fb\u6240\u6709\u4ece\u8be5 CDN \u83b7\u53d6\u6587\u4ef6\u7684\u7ad9\u70b9"),n.a.createElement("li",null,"\u9884\u9632\u65b9\u6848 \u5c06\u4f7f\u7528 base64 \u7f16\u7801\u8fc7\u540e\u7684\u6587\u4ef6 hash \u503c\u5199\u5165\u4f60\u6240\u5f15\u7528\u7684 script \u6807\u7b7e\u548c link \u6807\u7b7e\u7684 integrity \u5c5e\u6027\u4e2d\u5373\u53ef\u542f\u7528\u5b50\u8d44\u6e90\u5b8c\u6574\u6027")),n.a.createElement("h3",{id:"9\u7f51\u7edc\u52ab\u6301"},n.a.createElement(c["AnchorLink"],{to:"#9\u7f51\u7edc\u52ab\u6301","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"9\u3001\u7f51\u7edc\u52ab\u6301"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u63cf\u8ff0",n.a.createElement("ul",null,n.a.createElement("li",null,"DNS \u52ab\u6301(\u6d89\u5acc\u8fdd\u6cd5)\uff1a\u4fee\u6539\u8fd0\u884c\u5546\u7684 DNS \u8bb0\u5f55\uff0c\u91cd\u5b9a\u5411\u5230\u5176\u4ed6\u7f51\u7ad9\uff0cDNS \u52ab\u6301\u662f\u8fdd\u6cd5\u7684\u884c\u4e3a\uff0c\u76ee\u524d DNS \u52ab\u6301\u5df2\u7ecf\u88ab\u76d1\u7ba1\uff0c\u5df2\u7ecf\u5f88\u5c11\u89c1\u4e86"),n.a.createElement("li",null,"HTTP \u52ab\u6301\uff1a\u524d\u63d0\u662f\u6709 HTTP \u8bf7\u6c42\uff0c\u56e0 HTTP \u662f\u660e\u6587\u4f20\u8f93\uff0c\u8fd0\u8425\u5546\u4fbf\u53ef\u501f\u673a\u4fee\u6539 HTTP \u54cd\u5e94\u5185\u5bb9\uff08\u6bd4\u5982\u5e7f\u544a\uff09"))),n.a.createElement("li",null,"\u9884\u9632\u65b9\u6848 \u5168\u7ad9 HTTPS")),n.a.createElement("h3",{id:"10\u4e2d\u95f4\u4eba\u653b\u51fb"},n.a.createElement(c["AnchorLink"],{to:"#10\u4e2d\u95f4\u4eba\u653b\u51fb","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"10\u3001\u4e2d\u95f4\u4eba\u653b\u51fb"),n.a.createElement("p",null,"\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6307\u653b\u51fb\u8005\u4e0e\u901a\u4fe1\u7684\u4e24\u7aef\u5206\u522b\u521b\u5efa\u72ec\u7acb\u7684\u8054\u7cfb\uff0c\u5e76\u4ea4\u6362\u5176\u6240\u6536\u5230\u7684\u6570\u636e\uff0c\u4f7f\u901a\u8baf\u7684\u4e24\u7aef\u8ba4\u4e3a\u4ed6\u4eec\u6b63\u5728\u901a\u8fc7\u4e00\u4e2a\u79c1\u5bc6\u7684\u94fe\u63a5\u4e0e\u5bf9\u65b9\u76f4\u63a5\u5bf9\u8bdd\uff0c\u4f46\u662f\u4e8b\u5b9e\u4e0a\u6574\u4e2a\u5bf9\u8bdd\u90fd\u4f1a\u88ab\u7a83\u542c\u3001\u7be1\u6539\u751a\u81f3\u63a7\u5236\uff0c\u6ca1\u6709\u8fdb\u884c\u4e25\u683c\u7684\u8bc1\u4e66\u6821\u9a8c\u662f\u4e2d\u95f4\u4eba\u653b\u51fb\u7740\u624b\u70b9\u3002\u76ee\u524d\u5927\u591a\u6570\u52a0\u5bc6\u534f\u8bae\u90fd\u63d0\u4f9b\u4e86\u4e00\u4e9b\u7279\u6b8a\u8ba4\u8bc1\u65b9\u6cd5\u4ee5\u963b\u6b62\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u6bd4\u5982 SSL \u534f\u8bae\u53ef\u4ee5\u9a8c\u8bc1\u53c2\u4e0e\u901a\u8baf\u7684\u7528\u6237\u7684\u8bc1\u4e66\u662f\u5426\u6709\u6743\u5a01\uff0c\u53d7\u4fe1\u4efb\u7684\u6570\u5b57\u8bc1\u591a\u6237\u8ba4\u8bc1\u673a\u6784\u9881\u53d1\uff0c\u5e76\u4e14\u80fd\u6267\u884c\u53cc\u5411\u8eab\u4efd\u8ba4\u8bc1\uff0c\u653b\u51fb\u573a\u666f\u5982\u7528\u6237\u5728\u4e00\u4e2a\u672a\u52a0\u5bc6\u7684 wifi \u4e0b\u8bbf\u95ee\u7f51\u7ad9\uff0c\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u4e2d\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u62e6\u622a\u901a\u8baf\u53cc\u65b9\u7684\u7ae5\u8bdd\u5e76\u63d2\u5165\u65b0\u7684\u5185\u5bb9"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u573a\u666f",n.a.createElement("ul",null,n.a.createElement("li",null,"\u5728\u4e00\u4e2a\u672a\u52a0\u5bc6\u7684 wifi \u65e0\u7ebf\u63a5\u5165\u70b9\u7684\u63a5\u53d7\u8303\u56f4\u5185\u7684\u4e2d\u95f4\u4eba\u653b\u51fb\u8005\uff0c\u53ef\u4ee5\u5c06\u81ea\u5df1\u4f5c\u4e3a\u4e00\u4e2a\u4e2d\u95f4\u4eba\u63d2\u5165\u7f51\u7ad9"),n.a.createElement("li",null,"Fidder/Charles \u4ee3\u7406\u5de5\u5177"),n.a.createElement("li",null,"12306 \u4e4b\u524d\u7684\u81ea\u5df1\u8bc1\u4e66"))),n.a.createElement("li",null,"\u8fc7\u7a0b",n.a.createElement("ul",null,n.a.createElement("li",null,"\u5ba2\u6237\u7aef\u53d1\u9001\u9a91\u725b\u5230\u670d\u52a1\u5668\uff0c\u8bf7\u6c42\u88ab\u4e2d\u95f4\u4eba\u622a\u83b7"),n.a.createElement("li",null,"\u670d\u52a1\u5668\u5411\u5ba2\u6237\u7aef\u53d1\u9001\u516c\u94a5"),n.a.createElement("li",null,"\u4e2d\u95f4\u4eba\u622a\u83b7\u516c\u94a5\uff0c\u4fdd\u7559\u5728\u81ea\u5df1\u624b\u4e0a\uff0c\u7136\u540e\u81ea\u5df1\u751f\u6210\u4e00\u4e2a\u4f2a\u9020\u7684\u516c\u94a5\uff0c\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef"),n.a.createElement("li",null,"\u5ba2\u6237\u7aef\u6536\u5230\u4f2a\u9020\u7684\u516c\u94a5\u540e\uff0c\u751f\u6210\u52a0\u5bc6 hash \u503c\u53d1\u7ed9\u670d\u52a1\u5668"),n.a.createElement("li",null,"\u670d\u52a1\u5668\u7528\u79c1\u94a5\u89e3\u5bc6\u83b7\u5f97\u5047\u79d8\u94a5\uff0c\u7136\u540e\u52a0\u5bc6\u6570\u636e\u4f20\u8f93\u7ed9\u5ba2\u6237\u7aef"))),n.a.createElement("li",null,"\u4f7f\u7528\u6293\u5305\u5de5\u5177 fiddle \u6765\u8fdb\u884c\u4e3e\u4f8b\u8bf4\u660e",n.a.createElement("ul",null,n.a.createElement("li",null,"\u9996\u5148\u901a\u8fc7\u4e00\u4e9b\u9014\u5f84\u5728\u5ba2\u6237\u7aef\u5b89\u88c5\u8bc1\u4e66"),n.a.createElement("li",null,"\u7136\u540e\u5ba2\u6237\u7aef\u53d1\u9001\u94fe\u63a5\u8bf7\u6c42\uff0cfiddle \u5728\u4e2d\u95f4\u622a\u53d6\u8bf7\u6c42\uff0c\u5e76\u8fd4\u56de\u81ea\u5df1\u4f2a\u9020\u7684\u8bc1\u4e66"),n.a.createElement("li",null,"\u5ba2\u6237\u7aef\u5df2\u7ecf\u5b89\u88c5\u4e86\u653b\u51fb\u8005\u7684\u6839\u8bc1\u4e66\uff0c\u6240\u4ee5\u9a8c\u8bc1\u901a\u8fc7"),n.a.createElement("li",null,"\u5ba2\u6237\u7aef\u5c31\u4f1a\u6b63\u5e38\u548c fiddle \u8fdb\u884c\u901a\u4fe1\uff0c\u628a fiddle \u5f53\u505a\u6b63\u786e\u7684\u670d\u52a1\u5668"),n.a.createElement("li",null,"\u540c\u4e8b fiddle \u4f1a\u8ddf\u539f\u6709\u7684\u670d\u52a1\u5668\u8fdb\u884c\u901a\u4fe1\uff0c\u83b7\u53d6\u6570\u636e\u4ee5\u53ca\u52a0\u5bc6\u7684\u5bc6\u94a5\uff0c\u53bb\u89e3\u5bc6\u5bc6\u94a5"))),n.a.createElement("li",null,"\u5e38\u89c1\u7684\u653b\u51fb\u65b9\u5f0f",n.a.createElement("ol",null,n.a.createElement("li",null,"\u55c5\u63a2\uff1a\u55c5\u63a2\u662f\u4e00\u79cd\u7528\u6765\u6355\u83b7\u6d41\u8fdb\u548c\u6d41\u51fa\u7684\u7f51\u7edc\u6570\u636e\u5305\u7684\u6280\u672f"),n.a.createElement("li",null,"\u6570\u636e\u5305\u6ce8\u5165\uff1a\u5728\u8fd9\u79cd\uff0c\u653b\u51fb\u8005\u4f1a\u5c06\u6076\u610f\u6570\u636e\u5305\u6ce8\u5165\u5230\u5e38\u89c4\u6570\u636e\u4e2d\uff0c\u56e0\u4e3a\u8fd9\u4e9b\u6076\u610f\u6570\u636e\u662f\u5728\u6b63\u5e38\u7684\u6570\u636e\u91cc\u9762\u7684\uff0c\u7528\u6237\u548c\u7cfb\u7edf\u5f88\u96be\u53d1\u73b0\u8fd9\u4e2a\u5185\u5bb9"),n.a.createElement("li",null,"\u4f1a\u8bdd\u52ab\u6301\uff1a\u5f53\u6211\u4eec\u8fdb\u884c\u4e00\u4e2a\u7f51\u7ad9\u7684\u767b\u5f55\u7684\u65f6\u5019\u5230\u9000\u51fa\u767b\u5f55\u8fd9\u4e2a\u65f6\u5019\uff0c\u4f1a\u4ea7\u751f\u4e00\u4e2a\u4f1a\u8bdd\uff0c\u8fd9\u4e2a\u4f1a\u8bdd\u662f\u653b\u51fb\u8005\u7528\u6765\u653b\u51fb\u7684\u9996\u8981\u76ee\u6807\uff0c\u56e0\u4e3a\u8fd9\u4e2a\u4f1a\u8bdd\u5305\u542b\u4e86\u7528\u6237\u5927\u91cf\u7684\u6570\u636e\u548c\u79c1\u5bc6\u4fe1\u606f"),n.a.createElement("li",null,"SSL \u5265\u79bb\uff1aHTTPS \u662f\u901a\u8fc7 SSL/TLS \u8fdb\u884c\u52a0\u5bc6\u8fc7\u7684\uff0c\u5728 SSL \u5265\u79bb\u653b\u51fb\u4e2d\uff0c\u4f1a\u4f7f SSL/TLS \u65ad\u5f00\uff0c\u8ba9\u53d7\u4fdd\u62a4\u7684 HTTPS \u53d8\u6210\u4e0d\u6536\u4fdd\u62a4\u7684 HTTP\uff08\u8fd9\u5bf9\u4e8e\u7f51\u7ad9\u6765\u8bf4\u90fd\u633a\u81f4\u547d\uff09"),n.a.createElement("li",null,"NDS \u6b3a\u9a97\uff1a\u653b\u51fb\u8005\u5f80\u5f80\u901a\u8fc7\u5165\u4fb5\u5230 DNS \u670d\u52a1\u5668\uff0c\u6216\u8005\u7be1\u6539\u7528\u6237\u7684 host \u6587\u4ef6\uff0c\u7136\u540e\u53bb\u52ab\u6301\u7528\u6237\u53d1\u7684\u8bf7\u6c42\uff0c\u7136\u540e\u8f6c\u53d1\u5230\u653b\u51fb\u8005\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668"),n.a.createElement("li",null,"ARP \u6b3a\u9a97\uff1aARP \u5730\u5740\u89e3\u6790\u534f\u8bae\uff0c\u653b\u51fb\u8005\u5229\u7528 ARP \u7684\u6f0f\u6d1e\uff0c\u7528\u5f53\u524d\u5c40\u57df\u7f51\u4e2d\u7684\u4e00\u53f0\u670d\u52a1\u5668\uff0c\u6765\u5192\u5145\u5ba2\u670d\u7aef\u60f3\u8981\u8bf7\u6c42\u7684\u670d\u52a1\u5668\uff0c\u5411\u5ba2\u6237\u7aef\u53d1\u9001\u81ea\u5df1\u7684 MAC \u5730\u5740\uff0c\u5ba2\u6237\u7aef\u65e0\u4ece\u5f97\u5230\u771f\u6b63\u7684\u4e3b\u673a\u7684 MAC \u5730\u5740\uff0c\u6240\u4ee5\u4f1a\u628a\u8fd9\u4e2a\u5730\u5740\u5f53\u505a\u771f\u6b63\u7684\u4e3b\u673a\u6765\u8fdb\u884c\u901a\u4fe1\uff0c\u5c06 MAC \u5b58\u5165 ARP \u7f13\u5b58\u8868\u4e2d"),n.a.createElement("li",null,"\u4ee3\u7406\u670d\u52a1\u5668"))),n.a.createElement("li",null,"\u9884\u9632\u65b9\u6848",n.a.createElement("ol",null,n.a.createElement("li",null,"\u7528\u53ef\u4fe1\u7684\u7b2c\u4e09\u65b9 CA \u5382\u5546"),n.a.createElement("li",null,"\u4e0d\u4e0b\u8f7d\u672a\u77e5\u6765\u6e90\u7684\u8bc1\u4e66\uff0c\u4e0d\u8981\u4e0b\u8f7d\u4e00\u4e9b\u4e0d\u5b89\u5168\u7684\u6587\u4ef6"),n.a.createElement("li",null,"\u786e\u8ba4\u4f60\u8bbf\u95ee\u7684 URL \u662f HTTPS\uff0c\u786e\u4fdd\u7f51\u7ad9\u4f7f\u7528\u4e86 SSL\uff0c\u786e\u4fdd\u7981\u7528\u4e00\u4e9b\u4e0d\u5b89\u5168\u7684 SSL\uff0c\u53ea\u5f00\u542f TSL1.1\u3001TSL1.2"),n.a.createElement("li",null,"\u4e0d\u8981\u4f7f\u7528\u516c\u7528\u7f51\u7edc\u53d1\u9001\u4e00\u4e9b\u654f\u611f\u7684\u4fe1\u606f"),n.a.createElement("li",null,"\u4e0d\u8981\u53bb\u70b9\u51fb\u4e00\u4e9b\u4e0d\u5b89\u5168\u7684\u94fe\u63a5\u6216\u8005\u6076\u610f\u94fe\u63a5\u548c\u7f51\u7ad9")))),n.a.createElement("h3",{id:"11sql-\u6ce8\u5165"},n.a.createElement(c["AnchorLink"],{to:"#11sql-\u6ce8\u5165","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"11\u3001sql \u6ce8\u5165"),n.a.createElement("p",null,"\u5c31\u662f\u901a\u8fc7 sql \u547d\u4ee4\u63d2\u5165\u5230 web \u8868\u5355\u63d0\u4ea4\u6216\u8f93\u5165\u57df\u540d\u6216\u7f51\u9875\u8bf7\u6c42\u7684\u67e5\u8be2\u5b57\u7b26\u4e32\uff0c\u6700\u7ec8\u8fbe\u5230\u6b3a\u9a97\u6570\u636e\u5e93\u670d\u52a1\u5668\u6267\u884c\u6076\u610f\u7684 sql \u547d\u4ee4\uff0c\u4ece\u800c\u8fbe\u5230\u548c\u670d\u52a1\u5668\u8fdb\u884c\u76f4\u63a5\u7684\u4ea4\u4e92"),n.a.createElement("p",null,n.a.createElement("strong",null,"\u9884\u9632\u65b9\u6848")),n.a.createElement("ul",null,n.a.createElement("li",null,"\u540e\u53f0\u8fdb\u884c\u8f93\u5165\u9a8c\u8bc1\uff0c\u5bf9\u654f\u611f\u5b57\u7b26\u8fc7\u6ee4"),n.a.createElement("li",null,"\u4f7f\u7528\u53c2\u6570\u5316\u67e5\u8be2\uff0c\u80fd\u907f\u514d\u62fc\u63a5 sql,\u5c31\u4e0d\u8981\u7528\u62fc\u63a5 sql \u8bed\u53e5")),n.a.createElement("h3",{id:"12\u524d\u7aef\u6570\u636e\u5b89\u5168"},n.a.createElement(c["AnchorLink"],{to:"#12\u524d\u7aef\u6570\u636e\u5b89\u5168","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"12\u3001\u524d\u7aef\u6570\u636e\u5b89\u5168"),n.a.createElement("p",null,"\u53cd\u722c\u866b\uff0c\u5982\u732b\u773c\u7535\u5f71\uff0c\u5929\u773c\u67e5\u7b49\uff0c\u4ee5\u6570\u636e\u5185\u5bb9\u4e3a\u6838\u5fc3\u7684\u4f01\u4e1a"),n.a.createElement("p",null,n.a.createElement("strong",null,"\u9884\u9632\u65b9\u6848")),n.a.createElement("ul",null,n.a.createElement("li",null,"font-face \u62fc\u63a5\u65b9\u5f0f\uff1a\u732b\u773c\u7535\u5f71\u3001\u5929\u773c\u67e5"),n.a.createElement("li",null,"background \u62fc\u63a5\uff1a\u7f8e\u56e2"),n.a.createElement("li",null,"\u4f2a\u5143\u7d20\u9690\u85cf\uff1a\u6c7d\u8f66\u4e4b\u5bb6"),n.a.createElement("li",null,"\u5143\u7d20\u5b9a\u4f4d\u8986\u76d6\u5f0f\uff1a\u53bb\u54ea\u513f"),n.a.createElement("li",null,"iframe \u5f02\u6b65\u52a0\u8f7d\uff1a\u7f51\u6613\u4e91\u97f3\u4e50")),n.a.createElement("h3",{id:"13\u5176\u4ed6"},n.a.createElement(c["AnchorLink"],{to:"#13\u5176\u4ed6","aria-hidden":"true",tabIndex:-1},n.a.createElement("span",{className:"icon icon-link"})),"13\u3001\u5176\u4ed6"),n.a.createElement("ul",null,n.a.createElement("li",null,"\u5b9a\u671f\u8bf7\u7b2c\u4e09\u65b9\u673a\u6784\u505a\u5b89\u5168\u6027\u6d4b\u8bd5\uff0c\u6f0f\u6d1e\u626b\u63cf"),n.a.createElement("li",null,"\u4f7f\u7528\u7b2c\u4e09\u65b9\u5f00\u6e90\u5e93\u505a\u4e0a\u7ebf\u524d\u7684\u5b89\u5168"),n.a.createElement("li",null,"code review \u4fdd\u8bc1\u4ee3\u7801\u8d28\u91cf"),n.a.createElement("li",null,"\u9ed8\u8ba4\u9879\u76ee\u4e2d\u8bbe\u7f6e\u7684 Header \u8bf7\u6c42\uff0c\u5982",n.a.createElement("code",null,"X-XSS-Protection"),"\uff0c",n.a.createElement("code",null,"X-Content-Type-options"),"\uff0c",n.a.createElement("code",null,"X-Frame-Options Header"),"\uff0c",n.a.createElement("code",null,"Content-Security-Policy"),"\u7b49"),n.a.createElement("li",null,"\u5bf9\u7b2c\u4e09\u65b9\u5305\u548c\u5e93\u505a\u68c0\u6d4b ",n.a.createElement("code",null,"NSP(Node Security Platform)"),",",n.a.createElement("code",null,"Snyk"))))))}));l["default"]=e=>{var l=n.a.useContext(c["context"]),a=l.demos;return n.a.useEffect((()=>{var l;null!==e&&void 0!==e&&null!==(l=e.location)&&void 0!==l&&l.hash&&c["AnchorLink"].scrollToAnchor(decodeURIComponent(e.location.hash.slice(1)))}),[]),n.a.createElement(r,{demos:a})}}}]);