回答 11 已采纳
I want to prevent XSS attacks in my web application. I found that HTML Encoding the output can really prevent XSS attacks. Now the problem is that how do I HTML encode every single output in my application? I there a way to automate this?
I appreciate answers for JSP, ASP.net and PHP.
回答 2 已采纳
The question is not really about parsing the HTML, but rather parsing the HTML and adding elements to the DOM according to the HTML tags.
For example - I want to be able to take an HTML page, add attribute to the HTML tags - such as "class='replace'", put some PHP/ASPNET code in the page (make an ASPX page with ASPNET or put some include with PHP) and make them parse the page every time it is accessed and manipulate the DOM of the tags marked as 'class="replace".
For example if I have < div class='replace'>< /div>, after I run the script I'll get something like < div class='replace'>This is a new text< /div>