JS中判别来自开发者工具的语句 RRS feed

  • 问题

  • 手上有个庞大的项目,在IE6时期开发的,对权限的控制主要是通过把按钮设定为Disable来进行的。




    2014年2月19日 3:53


  • Hi,

    I think it hard to be detected. So I suggest that you should better configure user role permission restriction in server side instead of disabling/enabling button only.

    In addition, effective conceptual defense methods against the DOM XSS include, but are not limited to:

    • Avoiding client-side sensitive actions such as rewriting or redirection, using client-side data;
    • Sanitization of the client-side code by inspecting and securely handling references to DOM objects that pose a threat, such as url, location and referrer, especially in cases when the DOM may be modified;
    • Using intrusion prevention systems which are able to inspect inbound URL parameters and prevent the inappropriate pages to be served.

    For more information, you can refer here

    Hope it can hlep you.

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a href=""> HERE</a> to participate the survey.

    2014年2月20日 2:47