1.CSRF(cross-site request forgery)跨站请求伪造
防御:token验证,referer验证,隐藏令牌
2.XSS(cross-site Scripting)跨站脚本攻击