Ruby China

产品推广 花了几个小时做了个抱怨 app,ui 创新了一下

jinxin238357 · December 19, 2020 · Last by piaowuxk replied at January 04, 2021 · 1066 hits

http://fannaoji.herokuapp.com/

1 likes
jinxin238357 #1 December 19, 2020

那位说我网站简陋的哥们,你的评论是我的网站的第一个访客评论,谢谢 you made my day

jicheng1014 #2 December 23, 2020

看到了无数个试图注入的 似乎失败了

msl12 #3 December 23, 2020

看到页面 更烦恼了..

1 likes
238357 #4 December 24, 2020
Reply to jicheng1014

恩原来是可以注入的,实在烦得不行了才过滤

jicheng1014 #6 December 24, 2020
Reply to 238357

我很好奇 rails 是带防注入的

7 Floor has deleted
8 Floor has deleted
238357 #9 December 24, 2020
Reply to jicheng1014

我也不知道用了.html_safe 然后以为没事了,不知道为什么还是可以注入,然后用了 sanitize 才没事

spike76 #11 December 24, 2020
Reply to 238357

貌似我以前也踩过这个坑...html_safe 用来标记字符串是安全的,不用转义......而不是把原字符串转换成安全字符串。

238357 #12 December 24, 2020
Reply to jicheng1014

明白了,谢谢

238357 #13 December 24, 2020
Reply to spike76

恩,现在明白了,谢谢

piaowuxk #14 January 04, 2021

这界面够乱

You need to Sign in before reply, if you don't have an account, please Sign up first.