==========28.활용-보안(XSS)
cross site scripting
hehe
<script>alert('haha')</script>
<script>location.href="http://opentutorials.org"</script>
<script></script>
----------xss.html
<html>
<body>
<script>alert(1)</script>
</body>
</html>
----------
<script>alert(1)</script>
----------
description=description.replace('<','<')
description=description.replace('>','>')
-----------코드정리index.py
#!python
print("Content-Type: text/html\n")
import cgi, os, view
# def getList():
# files=os.listdir('data')
# #print(files)
# listStr=''
# for item in files:
# listStr=listStr+'<li><a href="index.py?id={name}">{name}</a></li>'.format(name=item)
# #print(listStr)
# return listStr
form = cgi.FieldStorage()
if 'id' in form:
pageId=form["id"].value
description=open('data/'+pageId,'r').read()
description=description.replace('<','<')
description=description.replace('>','>')
update_link='<a href="update.py?id={}">update</a>'.format(pageId)
delete_action='''
<form action="process_delete.py" method="post">
<input type="hidden" name="pageId" value="{}">
<input type="submit" value="delete">
</form>
'''.format(pageId)
else:
pageId='Welcome'
description='Hello, WEB'
update_link=''
delete_action=''
print('''
<!doctype html>
<html>
<head>
<title>WEB1 - Welcome</title>
<meta charset="utf-8">
</head>
<body>
<h1><a href="index.py">WEB</a></h1>
<ol>
{listStr}
</ol>
<a href="create.py">creat</a>
{update_link}
{delete_action}
<h2>{title}</h2>
<p>{desc}</p>
</body>
</html>
'''.format(
title=pageId, desc=description,listStr=view.getList(),
update_link=update_link,delete_action=delete_action))#query string
'컴퓨터 > Python' 카테고리의 다른 글
| 생활코딩30강 (0) | 2019.01.27 |
|---|---|
| 생활코딩29강 (0) | 2019.01.27 |
| 생활코딩26~27강 (0) | 2019.01.27 |
| 생활코딩23~25강 (0) | 2019.01.27 |
| 생활코딩19~22강 (0) | 2019.01.27 |