注意防止jsonp callback中的注入攻击

callback字符串中如果有JS源码,是可以进行注入攻击的。

服务端应该校验callback中是否有这种注入的东西,比如限定callback串只能由字母和数字组成

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.