Our production Rails 2.3.5 app, running on Heroku, is receiving bizarre requests that include snippets of JavaScript in the URL. We have error reporting set up with Hoptoad/Airbrake on Heroku, where I'm seeing requests like the following:
http://cooksnetwork.williams-sonoma.com/publi开发者_如何学编程shers/448/widgets/;if(c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/);f=e.css( http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/,c.css(this[a], http://cooksnetwork.williams-sonoma.com/publishers/448/widgets/).css(
These are RESTful routes, with widgets nested under publishers. The strings following widgets/ are found in the minified jQuery 1.4.2 source, which we have in public/javascripts. Each request results in an ActionView::MissingTemplate error, with everything between widgets/ and .css being interpreted as the desired action, ex.:
ActionView::MissingTemplate: Missing template widgets/;if(c.erb in view path app/views
It seems to be the same four snippets, in the same order, occurring as a set every 1-5 minutes and taking 1-2 minutes from start to finish. The publisher ID varies over time.
These errors have been logged over 60,000 times now. Does anyone have similar experience or an idea what's happening?
Is this site public? Someone might be trying to find XSS exploits
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论