douliangpo0128 2014-09-02 01:02
浏览 7
已采纳

显示来自其他站点和安全性的内容

I'd need to load an user given URL and display a div with my content after the content of the user given website.

Implementing this would be trivial: 

$c = file_get_contents($url); 
echo $c . $myDivCode;

However, wouldn't this open my server to all kinds of security issues, such as XSS?

If so, what would be the best way to handle this taking into account I would like to be able to display the content of the user given URL as well as possible (i.e. run all the safe scripts).

  • 写回答

2条回答 默认 最新

  • douzuita7325 2014-09-02 01:08
    关注

    The best way probably would be to display site in an iframe like that: 

    echo "<iframe src=\"$url\"></iframe>";

    This way user loads the page directly from the url, without your server proxying it. However, since you're displaying information from another site, your site will always be vulnerable to XSS unless you remove scripts and HTML completely.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度