수업소개
공격의 의도를 가진 자바스크립트 코드를 입력해서 이 코드를 웹 브라우저로 실행할 때 공격목적을 달성하는 공격 기법을 Cross site scripting (XSS) 이라고 합니다. 이를 막는 방법을 살펴보겠습니다.
강의
소스코드
author.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 | var db = require('./db');var template = require('./template.js');var qs = require('querystring');var url = require('url');var sanitizeHtml = require('sanitize-html');exports.home = function(request, response){ db.query(`SELECT * FROM topic`, function(error,topics){ db.query(`SELECT * FROM author`, function(error2,authors){ var title = 'author'; var list = template.list(topics); var html = template.HTML(title, list, ` ${template.authorTable(authors)} <style> table{ border-collapse: collapse; } td{ border:1px solid black; } </style> <form action="/author/create_process" method="post"> <p> <input type="text" name="name" placeholder="name"> </p> <p> <textarea name="profile" placeholder="description"></textarea> </p> <p> <input type="submit" value="create"> </p> </form> `, `` ); response.writeHead(200); response.end(html); }); });}exports.create_process = function(request, response){ var body = ''; request.on('data', function(data){ body = body + data; }); request.on('end', function(){ var post = qs.parse(body); db.query(` INSERT INTO author (name, profile) VALUES(?, ?)`, [post.name, post.profile], function(error, result){ if(error){ throw error; } response.writeHead(302, {Location: `/author`}); response.end(); } ) });}exports.update = function(request, response){ db.query(`SELECT * FROM topic`, function(error,topics){ db.query(`SELECT * FROM author`, function(error2,authors){ var _url = request.url; var queryData = url.parse(_url, true).query; db.query(`SELECT * FROM author WHERE id=?`,[queryData.id], function(error3,author){ var title = 'author'; var list = template.list(topics); var html = template.HTML(title, list, ` ${template.authorTable(authors)} <style> table{ border-collapse: collapse; } td{ border:1px solid black; } </style> <form action="/author/update_process" method="post"> <p> <input type="hidden" name="id" value="${queryData.id}"> </p> <p> <input type="text" name="name" value="${sanitizeHtml(author[0].name)}" placeholder="name"> </p> <p> <textarea name="profile" placeholder="description">${sanitizeHtml(author[0].profile)}</textarea> </p> <p> <input type="submit" value="update"> </p> </form> `, `` ); response.writeHead(200); response.end(html); }); }); });}exports.update_process = function(request, response){ var body = ''; request.on('data', function(data){ body = body + data; }); request.on('end', function(){ var post = qs.parse(body); db.query(` UPDATE author SET name=?, profile=? WHERE id=?`, [post.name, post.profile, post.id], function(error, result){ if(error){ throw error; } response.writeHead(302, {Location: `/author`}); response.end(); } ) });}exports.delete_process = function(request, response){ var body = ''; request.on('data', function(data){ body = body + data; }); request.on('end', function(){ var post = qs.parse(body); db.query( `DELETE FROM topic WHERE author_id=?`, [post.id], function(error1, result1){ if(error1){ throw error1; } db.query(` DELETE FROM author WHERE id=?`, [post.id], function(error2, result2){ if(error2){ throw error2; } response.writeHead(302, {Location: `/author`}); response.end(); } ) } ); });} |
template.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | var sanitizeHtml = require('sanitize-html');module.exports = { HTML:function(title, list, body, control){ return ` <!doctype html> <html> <head> <title>WEB1 - ${title}</title> <meta charset="utf-8"> </head> <body> <h1><a href="/">WEB</a></h1> <a href="/author">author</a> ${list} ${control} ${body} </body> </html> `; },list:function(topics){ var list = '<ul>'; var i = 0; while(i < topics.length){ list = list + `<li><a href="/?id=${topics[i].id}">${sanitizeHtml(topics[i].title)}</a></li>`; i = i + 1; } list = list+'</ul>'; return list; },authorSelect:function(authors, author_id){ var tag = ''; var i = 0; while(i < authors.length){ var selected = ''; if(authors[i].id === author_id) { selected = ' selected'; } tag += `<option value="${authors[i].id}"${selected}>${sanitizeHtml(authors[i].name)}</option>`; i++; } return ` <select name="author"> ${tag} </select> ` },authorTable:function(authors){ var tag = '<table>'; var i = 0; while(i < authors.length){ tag += ` <tr> <td>${sanitizeHtml(authors[i].name)}</td> <td>${sanitizeHtml(authors[i].profile)}</td> <td><a href="/author/update?id=${authors[i].id}">update</a></td> <td> <form action="/author/delete_process" method="post"> <input type="hidden" name="id" value="${authors[i].id}"> <input type="submit" value="delete"> </form> </td> </tr> ` i++; } tag += '</table>'; return tag; }} |
