渗透测试XSS跨站漏洞input输入js特殊字符过滤

修复建议：建议对用户得输入与输出进行过滤，过滤一些比较危险得标签和关键字，如、alert等

代码如下：在input输入框加入onblur事件；定义οnblur="checkText('id',this.value)"；id为文本框DOM id 属性

//验证文本框输入特殊字符
function checkText(id,text){//xss攻击特殊字符过滤
		var arr=new Array();
		arr=["alert","eval","","onblur","onload","onfocus","onerror","onclick","onMouseOver",
		     "onMouseOut","onSelect","onChange","onSubmit","console","href",
		     "","","","","",
		     "","","","","","","document","location","javascript"];
		$.each(arr,function(index,value){
			if(text.indexOf(value)!=-1){
				layer.msg("输入信息包含"+value+"特殊字符", {
	 				icon : 5,
	 				anim : 5,
	 				time : 1000,
	 				shade : 0.5
	 			});
				$('#'+id).val("");
	 			$('#'+id).focus();
			    return false; 
			}
		});
	}