dqz84361326 2012-01-03 06:23 采纳率: 0%
浏览 6
已采纳

在以下情况下我是否需要清理Javascript?

My question is about sanitization. Do I need to sanitize the javascript in the following situation?

I'm sending a javascript array as Json to php via ajax. The array will be manipulated in php then some of the data will be posted to mysql. Please note that at no time does the user write values themselves. The array is created based on the buttons the user clicks.

On further reading

Based on Sanitize (radio buttons, checkboxes and <option>) I'm assuming that I need to sanitize the javascript. If this is correct, what sanitization would you recommend I do?

The array I'm using is a multidimensional array like Array[5][3]=2. It should only contains number values.

  • 写回答

2条回答 默认 最新

  • dongshi3818 2012-01-03 06:27
    关注

    There is only one simple rule you need to know about sanitization:

    1. Never trust the client.

    So, following this rule means that it does not matter whether you sanitize the input on the client or not. You still need to sanitize it on the server.

    To dive deeper into your specific case, trusting JavaScript alone to do the job is not enough as some people may not have JavaScript enabled. Or, somebody with a malicious intent could make those HTTP calls from outside the browser environment skipping JavaScript altogether.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 Centos7 / PETGEM
  • ¥15 csmar数据进行spss描述性统计分析
  • ¥15 各位请问平行检验趋势图这样要怎么调整?说标准差差异太大了
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 wpf界面一直接收PLC给过来的信号,导致UI界面操作起来会卡顿
  • ¥15 init i2c:2 freq:100000[MAIXPY]: find ov2640[MAIXPY]: find ov sensor是main文件哪里有问题吗
  • ¥15 运动想象脑电信号数据集.vhdr
  • ¥15 三因素重复测量数据R语句编写,不存在交互作用
  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗