{"id":477493,"date":"2023-08-09T09:15:39","date_gmt":"2023-08-09T09:15:39","guid":{"rendered":""},"modified":"2023-09-05T11:14:50","modified_gmt":"2023-09-05T11:14:50","slug":"html-injection","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/html-injection\/","title":{"rendered":"HTML\u6ce8\u5165"},"content":{"rendered":"

HTML \u6ce8\u5165\u5728\u7f51\u7edc\u5b89\u5168\u9886\u57df\u662f\u6307\u5141\u8bb8\u653b\u51fb\u8005\u5c06\u6076\u610f HTML \u4ee3\u7801\u6ce8\u5165\u7f51\u7ad9\u3001\u6539\u53d8\u5176\u663e\u793a\u6216\u529f\u80fd\u65b9\u5f0f\u7684\u6f0f\u6d1e\u3002\u8fd9\u79cd\u5f62\u5f0f\u7684\u4ee3\u7801\u6ce8\u5165\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5404\u79cd\u7c7b\u578b\u7684\u653b\u51fb\uff0c\u5305\u62ec\u7f51\u7edc\u9493\u9c7c\u3001\u4f1a\u8bdd\u52ab\u6301\u548c\u7f51\u7ad9\u7be1\u6539\u3002<\/p>\n

HTML \u6ce8\u5165\u7684\u8d77\u6e90\u53ca\u5176\u6700\u521d\u7684\u63d0\u53ca<\/h2>\n

HTML \u6ce8\u5165\u7684\u51fa\u73b0\u672c\u8d28\u4e0a\u4e0e\u4e92\u8054\u7f51\u548c\u57fa\u4e8e Web \u7684\u6280\u672f\u7684\u53d1\u5c55\u7d27\u5bc6\u76f8\u5173\u3002\u968f\u7740 20 \u4e16\u7eaa 90 \u5e74\u4ee3\u672b\u548c 2000 \u5e74\u4ee3\u521d\u52a8\u6001\u7f51\u7ad9\u7684\u51fa\u73b0\uff0c\u7f51\u7edc\u53d8\u5f97\u66f4\u5177\u4ea4\u4e92\u6027\uff0c\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u98ce\u9669\u4e5f\u968f\u4e4b\u589e\u52a0\u3002 HTML \u6ce8\u5165\u4f5c\u4e3a\u4e00\u4e2a\u672f\u8bed\u548c\u6982\u5ff5\uff0c\u5f00\u59cb\u5728\u8fd9\u4e2a\u65f6\u4ee3\u83b7\u5f97\u7f51\u7edc\u5b89\u5168\u793e\u533a\u7684\u8ba4\u53ef\u3002<\/p>\n

HTML \u6ce8\u5165\u9996\u6b21\u5728 2000 \u5e74\u4ee3\u521d\u7684\u5b89\u5168\u7814\u7a76\u548c\u767d\u76ae\u4e66\u4e2d\u88ab\u91cd\u70b9\u63d0\u53ca\uff0c\u5f53\u65f6 Web \u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u6027\u4ecd\u5904\u4e8e\u521d\u7ea7\u9636\u6bb5\u3002\u4ece\u90a3\u65f6\u8d77\uff0c\u7531\u4e8e\u5b83\u6709\u53ef\u80fd\u7834\u574f\u7f51\u7edc\u529f\u80fd\u5e76\u5371\u53ca\u7528\u6237\u6570\u636e\uff0c\u5b83\u4e00\u76f4\u6210\u4e3a\u4eba\u4eec\u5173\u6ce8\u7684\u7126\u70b9\u3002<\/p>\n

\u5c55\u5f00 HTML \u6ce8\u5165\u5c42<\/h2>\n

HTML \u6ce8\u5165\u5229\u7528\u4e86\u7528\u6237\u8f93\u5165\u672a\u7ecf\u9002\u5f53\u7684\u6e05\u7406\u6216\u9a8c\u8bc1\u5c31\u76f4\u63a5\u5408\u5e76\u5230\u7f51\u9875\u4e2d\u7684\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5c06 HTML \u4ee3\u7801\u3001JavaScript \u6216\u5176\u4ed6 Web \u8bed\u8a00\u5f15\u5165\u9875\u9762\u3001\u4fee\u6539\u5176\u7ed3\u6784\u6216\u884c\u4e3a\u6765\u64cd\u7eb5\u6b64\u884c\u4e3a\u3002<\/p>\n

\u6076\u610f\u4ee3\u7801\u53ef\u4ee5\u901a\u8fc7\u8868\u5355\u5b57\u6bb5\u3001URL \u53c2\u6570\u751a\u81f3 cookie \u7b49\u591a\u79cd\u65b9\u5f0f\u5f15\u5165\u3002\u5f53\u5176\u4ed6\u7528\u6237\u67e5\u770b\u6b64\u6ce8\u5165\u7684\u4ee3\u7801\u65f6\uff0c\u5b83\u4f1a\u5728\u5176\u6d4f\u89c8\u5668\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\uff0c\u4ece\u800c\u5bfc\u81f4\u6f5c\u5728\u7684\u6570\u636e\u76d7\u7a83\u6216\u7f51\u9875\u5185\u5bb9\u7684\u66f4\u6539\u3002<\/p>\n

HTML\u6ce8\u5165\u7684\u5185\u90e8\u673a\u5236<\/h2>\n

HTML \u6ce8\u5165\u7684\u6838\u5fc3\u662f\u5c06\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u76f4\u63a5\u8f93\u51fa\u5230\u7f51\u9875\u7684\u539f\u7406\u3002\u4ee5\u4e0b\u662f HTML \u6ce8\u5165\u653b\u51fb\u4e2d\u7684\u7b80\u5316\u4e8b\u4ef6\u5e8f\u5217\uff1a<\/p>\n

    \n
  1. \u653b\u51fb\u8005\u8bc6\u522b\u51fa\u4e00\u4e2a\u5c06\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u76f4\u63a5\u5305\u542b\u5728\u5176 HTML \u8f93\u51fa\u4e2d\u7684\u7f51\u9875\u3002<\/li>\n
  2. \u7136\u540e\uff0c\u653b\u51fb\u8005\u901a\u5e38\u901a\u8fc7\u8868\u5355\u5b57\u6bb5\u6216 URL \u53c2\u6570\u5236\u4f5c\u6076\u610f HTML\/JavaScript \u4ee3\u7801\u5e76\u5c06\u5176\u8f93\u5165\u5230\u7f51\u9875\u4e2d\u3002<\/li>\n
  3. \u670d\u52a1\u5668\u5c06\u6b64\u6ce8\u5165\u7684\u4ee3\u7801\u5408\u5e76\u5230\u7f51\u9875\u7684 HTML \u4e2d\u3002<\/li>\n
  4. \u5f53\u5176\u4ed6\u7528\u6237\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u7f51\u9875\u65f6\uff0c\u6076\u610f\u4ee3\u7801\u4f1a\u5728\u5176\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\uff0c\u4ece\u800c\u9020\u6210\u653b\u51fb\u7684\u9884\u671f\u6548\u679c\u3002<\/li>\n<\/ol>\n

    HTML \u6ce8\u5165\u7684\u4e3b\u8981\u7279\u5f81<\/h2>\n

    HTML \u6ce8\u5165\u7684\u4e3b\u8981\u529f\u80fd\u5305\u62ec\uff1a<\/p>\n

      \n
    1. \u64cd\u7eb5\u7f51\u9875\u5185\u5bb9\uff1aHTML \u6ce8\u5165\u53ef\u4ee5\u4fee\u6539\u7f51\u9875\u7684\u663e\u793a\u65b9\u5f0f\u6216\u529f\u80fd\u3002<\/li>\n
    2. \u4f1a\u8bdd\u52ab\u6301\uff1a\u6ce8\u5165\u7684\u4ee3\u7801\u53ef\u7528\u4e8e\u7a83\u53d6\u4f1a\u8bdd cookie\uff0c\u4ece\u800c\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002<\/li>\n
    3. \u7f51\u7edc\u9493\u9c7c\uff1aHTML \u6ce8\u5165\u53ef\u4ee5\u521b\u5efa\u865a\u5047\u7684\u767b\u5f55\u8868\u5355\u6216\u5f39\u51fa\u7a97\u53e3\uff0c\u8bf1\u9a97\u7528\u6237\u6cc4\u9732\u5176\u51ed\u636e\u3002<\/li>\n
    4. \u8de8\u7ad9\u811a\u672c (XSS)\uff1aHTML \u6ce8\u5165\u6784\u6210\u4e86 XSS \u653b\u51fb\u7684\u57fa\u7840\uff0c\u5176\u4e2d\u6076\u610f\u811a\u672c\u88ab\u6ce8\u5165\u5230\u53d7\u4fe1\u4efb\u7684\u7f51\u7ad9\u4e2d\u3002<\/li>\n<\/ol>\n

      HTML \u6ce8\u5165\u7684\u7c7b\u578b<\/h2>\n

      HTML\u6ce8\u5165\u53ef\u4ee5\u5206\u4e3a\u4e24\u79cd\u4e3b\u8981\u7c7b\u578b\uff1a<\/p>\n\n\n\n\n\n\n
      \u7c7b\u578b<\/th>\n\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n
      \u5b58\u50a8\u7684 HTML \u6ce8\u5165<\/td>\n\u6ce8\u5165\u7684\u4ee3\u7801\u6c38\u4e45\u5b58\u50a8\u5728\u76ee\u6807\u670d\u52a1\u5668\u4e0a\u3002\u6bcf\u5f53\u9875\u9762\u52a0\u8f7d\u65f6\u5c31\u4f1a\u6267\u884c\u653b\u51fb\u3002<\/td>\n<\/tr>\n
      \u53cd\u5c04 HTML \u6ce8\u5165<\/td>\n\u6ce8\u5165\u7684\u4ee3\u7801\u4f5c\u4e3a URL \u8bf7\u6c42\u7684\u4e00\u90e8\u5206\u5305\u542b\u5728\u5185\u3002\u4ec5\u5f53\u8bbf\u95ee\u6076\u610f\u5236\u4f5c\u7684 URL \u65f6\u624d\u4f1a\u53d1\u751f\u653b\u51fb\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      HTML \u6ce8\u5165\u7684\u5229\u7528\uff1a\u6311\u6218\u548c\u8865\u6551\u63aa\u65bd<\/h2>\n

      HTML \u6ce8\u5165\u4e3b\u8981\u7528\u4e8e\u6076\u610f\u76ee\u7684\uff0c\u5229\u7528 Web \u5e94\u7528\u7a0b\u5e8f\u4e2d\u7684\u6f0f\u6d1e\u3002\u5176\u5f71\u54cd\u8303\u56f4\u4ece\u7834\u574f\u7f51\u7ad9\u5230\u7a83\u53d6\u654f\u611f\u7528\u6237\u6570\u636e\u3002<\/p>\n

      \u9488\u5bf9 HTML \u6ce8\u5165\u7684\u7f13\u89e3\u7b56\u7565\u901a\u5e38\u5305\u62ec\uff1a<\/p>\n

        \n
      1. \u8f93\u5165\u9a8c\u8bc1\uff1a\u68c0\u67e5\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u4e2d\u662f\u5426\u6709\u4efb\u4f55 HTML \u6216\u811a\u672c\u6807\u8bb0\u3002<\/li>\n
      2. \u8f93\u51fa\u7f16\u7801\uff1a\u5c06\u7528\u6237\u8f93\u5165\u8f6c\u6362\u4e3a\u5b89\u5168\u683c\u5f0f\uff0c\u4f7f HTML \u6807\u7b7e\u53d8\u5f97\u65e0\u5bb3\u3002<\/li>\n
      3. \u4f7f\u7528\u5b89\u5168 HTTP \u6807\u5934\uff1a\u53ef\u4ee5\u8bbe\u7f6e\u67d0\u4e9b HTTP \u6807\u5934\u6765\u9650\u5236\u811a\u672c\u7684\u6267\u884c\u65b9\u5f0f\u548c\u4f4d\u7f6e\u3002<\/li>\n<\/ol>\n

        \u4e0e\u7c7b\u4f3c\u672f\u8bed\u7684\u6bd4\u8f83<\/h2>\n\n\n\n\n\n\n\n\n
        \u5b66\u671f<\/th>\n\u63cf\u8ff0<\/th>\n<\/tr>\n<\/thead>\n
        HTML\u6ce8\u5165<\/td>\n\u6d89\u53ca\u5c06\u6076\u610f HTML\/JavaScript \u4ee3\u7801\u6ce8\u5165\u7f51\u9875\u3002<\/td>\n<\/tr>\n
        SQL\u6ce8\u5165<\/td>\n\u6d89\u53ca\u5c06\u6076\u610f SQL \u67e5\u8be2\u6ce8\u5165\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u5e93\u67e5\u8be2\u3002<\/td>\n<\/tr>\n
        \u547d\u4ee4\u6ce8\u5165<\/td>\n\u6d89\u53ca\u5c06\u6076\u610f\u547d\u4ee4\u6ce8\u5165\u7cfb\u7edf\u547d\u4ee4\u884c\u3002<\/td>\n<\/tr>\n
        \u8de8\u7ad9\u811a\u672c (XSS)<\/td>\n\u4e00\u79cd\u7279\u5b9a\u7c7b\u578b\u7684 HTML \u6ce8\u5165\uff0c\u5176\u4e2d\u6076\u610f\u811a\u672c\u88ab\u6ce8\u5165\u5230\u53d7\u4fe1\u4efb\u7684\u7f51\u7ad9\u4e2d\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

        HTML \u6ce8\u5165\u7684\u672a\u6765\u524d\u666f\u548c\u6280\u672f<\/h2>\n

        \u968f\u7740 Web \u6280\u672f\u7684\u53d1\u5c55\uff0cHTML \u6ce8\u5165\u6280\u672f\u4e5f\u5728\u4e0d\u65ad\u53d1\u5c55\u3002\u968f\u7740\u5355\u9875\u5e94\u7528\u7a0b\u5e8f\u548c JavaScript \u6846\u67b6\u7684\u4f7f\u7528\u4e0d\u65ad\u589e\u52a0\uff0c\u653b\u51fb\u9762\u53ef\u80fd\u4f1a\u53d1\u751f\u53d8\u5316\uff0c\u4f46 HTML \u6ce8\u5165\u7684\u57fa\u672c\u539f\u7406\u4ecd\u7136\u5177\u6709\u76f8\u5173\u6027\u3002<\/p>\n

        \u672a\u6765\u7684\u5b89\u5168\u6280\u672f\u53ef\u80fd\u4f1a\u4fa7\u91cd\u4e8e\u589e\u5f3a\u6ce8\u5165\u6f0f\u6d1e\u7684\u81ea\u52a8\u68c0\u6d4b\u3001\u66f4\u5f3a\u5927\u7684\u6570\u636e\u6e05\u7406\u65b9\u6cd5\u4ee5\u53ca\u6539\u8fdb\u7684\u7528\u6237\u6559\u80b2\u4ee5\u9632\u6b62\u793e\u4f1a\u5de5\u7a0b\u6ce8\u5165\u653b\u51fb\u3002<\/p>\n

        \u4ee3\u7406\u670d\u52a1\u5668\u5728 HTML \u6ce8\u5165\u4e2d\u7684\u4f5c\u7528<\/h2>\n

        \u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u4f5c\u4e3a\u62b5\u5fa1 HTML \u6ce8\u5165\u7684\u4e00\u9053\u9632\u7ebf\u3002\u4ed6\u4eec\u53ef\u4ee5\u8fc7\u6ee4\u5bf9\u7f51\u7ad9\u7684\u4f20\u5165\u8bf7\u6c42\uff0c\u626b\u63cf\u6f5c\u5728\u6709\u5bb3\u7684 HTML \u6216\u811a\u672c\u6807\u8bb0\u3002\u5b83\u4eec\u8fd8\u53ef\u4ee5\u4e3a\u7528\u6237\u63d0\u4f9b\u989d\u5916\u7684\u533f\u540d\u5c42\uff0c\u51cf\u5c11\u6709\u9488\u5bf9\u6027\u7684\u653b\u51fb\u7684\u53ef\u80fd\u6027\u3002<\/p>\n

        \u7136\u800c\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u7684\u4f7f\u7528\u5fc5\u987b\u4e0e\u5176\u4ed6\u5b89\u5168\u5b9e\u8df5\u76f8\u7ed3\u5408\u3002\u4ec5\u4ee3\u7406\u670d\u52a1\u5668\u65e0\u6cd5\u4fdd\u62a4 Web \u5e94\u7528\u7a0b\u5e8f\u514d\u53d7\u6240\u6709\u7c7b\u578b\u7684 HTML \u6ce8\u5165\u653b\u51fb\u3002<\/p>\n

        \u76f8\u5173\u94fe\u63a5<\/h2>\n
          \n
        1. OWASP HTML \u6ce8\u5165<\/a><\/li>\n
        2. W3Schools HTML \u6ce8\u5165<\/a><\/li>\n
        3. Web \u5f00\u53d1\u4eba\u5458\u6307\u5357\uff1a\u4e86\u89e3 HTML \u6ce8\u5165<\/a><\/li>\n
        4. HTML \u6ce8\u5165\u548c XSS<\/a><\/li>\n
        5. \u9632\u6b62 HTML \u6ce8\u5165<\/a><\/li>\n<\/ol>","protected":false},"featured_media":477494,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477493","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about HTML Injection: An Exploration of Its Origins, Mechanics, and Significance<\/mark>","faq_items":[{"question":"What is HTML Injection?","answer":"

          HTML Injection refers to a type of vulnerability that allows an attacker to inject malicious HTML code into a website, altering its presentation or functionality. This form of code injection can lead to various types of attacks, including phishing, session hijacking, and defacement of websites.<\/p>"},{"question":"When was HTML Injection first identified?","answer":"

          HTML Injection started gaining recognition among the cybersecurity community in the late 1990s and early 2000s, when the web was becoming more interactive with the advent of dynamic websites.<\/p>"},{"question":"How does an HTML Injection attack work?","answer":"

          An HTML Injection attack works by an attacker identifying a webpage that includes user-supplied data into its HTML output directly. The attacker injects malicious HTML\/JavaScript code into the webpage, often via form fields or URL parameters. The server then incorporates this code into the HTML of the webpage. When another user visits the webpage, the malicious code gets executed in their browser.<\/p>"},{"question":"What are some key features of HTML Injection?","answer":"

          Key features of HTML Injection include manipulation of webpage content, session hijacking, phishing, and forming the basis for Cross-Site Scripting (XSS) attacks.<\/p>"},{"question":"What are the two main types of HTML Injection?","answer":"

          The two main types of HTML Injection are Stored HTML Injection, where the injected code is permanently stored on the target server and executed whenever the page is loaded, and Reflected HTML Injection, where the injected code is included as part of a URL request and the attack occurs when the malicious URL is accessed.<\/p>"},{"question":"What are some ways to mitigate HTML Injection attacks?","answer":"

          Mitigation strategies against HTML Injection usually involve input validation (checking user-supplied data for any HTML or script tags), output encoding (converting user input into a safe format), and the use of secure HTTP headers that restrict how and where scripts can be executed.<\/p>"},{"question":"How do HTML Injection and SQL Injection differ?","answer":"

          While HTML Injection involves injecting malicious HTML\/JavaScript code into a webpage, SQL Injection involves injecting malicious SQL queries into an application database query.<\/p>"},{"question":"How can proxy servers help against HTML Injection?","answer":"

          Proxy servers can serve as a line of defense against HTML Injection by filtering incoming requests to a website and scanning for potentially harmful HTML or script tags. They can also provide an additional layer of anonymity for users, reducing the likelihood of targeted attacks.<\/p>"},{"question":"What are some future perspectives in HTML Injection?","answer":"

          As web technologies evolve, HTML Injection techniques are expected to advance too. Future security technologies will likely focus on enhanced automatic detection of injection vulnerabilities, more robust data sanitization methods, and improved user education to prevent socially engineered injection attacks.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477493\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media\/477494"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media?parent=477493"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}