随着互联网技术的不断发展和WEB2.0技术的快速推广,各种应用WEB2.0和AJAX的平台也层出不穷,人们在感受到这种新技术带来的便利性的同时,也面临着这种新技术引发的种种安全困扰。其中,作为WEB2.0技术下的主要攻击手段,XSS攻击也受到了普遍关注。本文从剖析XSS攻击的原理和技术入手,提出防范XSS攻击的策略以及代码书写中应注意的事项。 With the continuous development of Internet technology and the rapid promotion of WEB2.0 technology, a variety of application WEB2.0 and AJAX platform also emerge in an endless stream, people feel the convenience brought by this new technology, but also face this New technologies lead to a variety of security problems. Among them, XSS attacks have also received widespread attention as the main attack technique under WEB2.0 technology. This article starts from the analysis of the principle and technology of XSS attack, and puts forward some strategies to guard against XSS attack and what should be noticed in code writing.