分为两种情况
postmessage引起的:
这种安全漏洞一般是因为在使用postmessage发送接收消息的时候没有判断origin引起的,当然如果判断了origin还爆出这种问题,可以尝试对消息体进行转码进行规避。
首先可以进行oring的判断,有些情况不用编码就可以符合安全漏洞的扫描规则。
ajax数据请求引起的
可以尝试对消息体进行转码进行规避。
编码方法
function htmlEncodeOut (str){
var s = "";
if (str.length == 0) return "";
//s = str.replace(/ /g, " ");
//s = str.replace(/&/g, "&");
s = str.replace(/</g, "<");
s=s.replace(/%3C/g,"<");
s=s.replace(/%3c/g,"<");
s = s.replace(/>/g, ">");
s = s.replace(/%3E/g, ">");
s = s.replace(/%3e/g, ">");
s = s.replace(/%26lt%3B/g, "<");
s = s.replace(/%26lt%3b/g, "<");
s = s.replace(/%26gt%3B/g, ">");
s = s.replace(/%26gt%3b/g, ">");
//s = s.replace(/\'/g, "'");
//s = s.replace(/\"/g, """);
//s = s.replace(/\n/g, "<br>");
return s;
};
function dataEncodeOut(data){
var rel=data;
var source="";
if(typeof(rel) == "object"){
source=htmlEncodeOut(JSON.stringify(rel));
source=JSON.parse(source);
rel=source;
}else if(typeof(rel) == "string"){
source=htmlEncodeOut(rel);
rel=source;
}
return rel;
};
解码方法
function htmlEncode (str){
var s = "";
if (str.length == 0) return "";
//s = str.replace(/ /g, " ");
//s = str.replace(/&/g, "&");
s = str.replace(/</g, "%26lt%3B");
s=s.replace(/%3C/g,"%26lt%3B");
s=s.replace(/%3c/g,"%26lt%3B");
s = s.replace(/>/g, "%26gt%3B");
s = s.replace(/%3E/g, "%26gt%3B");
s = s.replace(/%3e/g, "%26gt%3B");
//s = s.replace(/\'/g, "'");
//s = s.replace(/\"/g, """);
//s = s.replace(/\n/g, "<br>");
return s;
};
function dataEncode(data){
var rel=data;
var source="";
if(typeof(rel) == "object"){
source=htmlEncode(JSON.stringify(rel));
source=JSON.parse(source);
rel=source;
}else if(typeof(rel) == "string"){
source=htmlEncode(rel);
rel=source;
}
return rel;
};
postmessage接收消息
window.addEventListener('message', function (event) {
if(event.origin === 'www.baidu.com'){
var res = dataEncodeOut(event.data)
console.log(res)
}
}
ajax消息请求
$.ajax({
type: 'POST',
url: url + '/login',
contentType: 'application/json',
data: JSON.stringify(dataJson),
success: function(data) {
data = dataEncodeOut(data);
},
error: function(e) {
e = dataEncodeOut(e);
}