你如何保护 css id
How do you protect css id
我有一个最终将成为 html id= 属性的值。我无法控制设置该值的内容,因此它可能不安全。我知道要检查单引号和双引号,但我如何检查以确保它干净?
variables.result &= '<div class="alert alert-danger"';
if(attributes.id != "") variables.result &= ' id="#attributes.id#"';
如果我的理解正确,那么这可能就是您要查找的内容:
http://code.google.com/p/google-caja/wiki/JsHtmlSanitizer
编辑:在 PHP 中:
What's the best method for sanitizing user input with PHP?
EDIT2:没看到你在使用 coldfusion,也许就是这样:
Cleansing string / input in Coldfusion 9
如果使用ColdFusion生成变量名,可以使用Inflector CFC的"variablise"方法。它会将任何字符串转换为安全的下划线分隔列表,可用作 ColdFusion 变量名。 (变形器基于 Rails ActiveSupport::Inflector class 上的 Ruby。)
https://github.com/timblair/coldfusion-inflector
<cffunction name="variablise" access="public" returntype="string" output="no" hint="Converts a string to a variable name, e.g. CamelCase becomes camel_case, 'big CSSDogThing' becomes big_css_dog_thing etc.">
<cfargument name="string" type="string" required="yes" hint="The string to variablise">
<cfset arguments.string = replace(trim(rereplace(arguments.string, "([^[:alnum:]_-]+)", " ", "ALL")), " ", "-", "ALL")>
<cfset arguments.string = rereplace(arguments.string, "([A-Z]+)([A-Z][a-z])", "_", "ALL")>
<cfset arguments.string = rereplace(arguments.string, "([a-z\d])([A-Z])", "_", "ALL")>
<cfreturn lcase(replace(arguments.string, "-", "_", "ALL"))>
</cffunction>
我有一个最终将成为 html id= 属性的值。我无法控制设置该值的内容,因此它可能不安全。我知道要检查单引号和双引号,但我如何检查以确保它干净?
variables.result &= '<div class="alert alert-danger"';
if(attributes.id != "") variables.result &= ' id="#attributes.id#"';
如果我的理解正确,那么这可能就是您要查找的内容:
http://code.google.com/p/google-caja/wiki/JsHtmlSanitizer
编辑:在 PHP 中:
What's the best method for sanitizing user input with PHP?
EDIT2:没看到你在使用 coldfusion,也许就是这样:
Cleansing string / input in Coldfusion 9
如果使用ColdFusion生成变量名,可以使用Inflector CFC的"variablise"方法。它会将任何字符串转换为安全的下划线分隔列表,可用作 ColdFusion 变量名。 (变形器基于 Rails ActiveSupport::Inflector class 上的 Ruby。)
https://github.com/timblair/coldfusion-inflector
<cffunction name="variablise" access="public" returntype="string" output="no" hint="Converts a string to a variable name, e.g. CamelCase becomes camel_case, 'big CSSDogThing' becomes big_css_dog_thing etc.">
<cfargument name="string" type="string" required="yes" hint="The string to variablise">
<cfset arguments.string = replace(trim(rereplace(arguments.string, "([^[:alnum:]_-]+)", " ", "ALL")), " ", "-", "ALL")>
<cfset arguments.string = rereplace(arguments.string, "([A-Z]+)([A-Z][a-z])", "_", "ALL")>
<cfset arguments.string = rereplace(arguments.string, "([a-z\d])([A-Z])", "_", "ALL")>
<cfreturn lcase(replace(arguments.string, "-", "_", "ALL"))>
</cffunction>