开发者

Encrypt javascript code to prevent javascript injection in MongoDB?

开发者 https://www.devze.com 2023-01-18 07:31 出处:网络
I\'m going to store javascript code in the MongoDB (No-SQL) database. But to prevent javascript injection I want to encrypt the javascript code which is in a string.

I'm going to store javascript code in the MongoDB (No-SQL) database.

But to prevent javascript injection I want to encrypt the javascript code which is in a string.

Is t开发者_JAVA技巧here a way to encrypt it and then decrypt it without having a defect javascript code?


There are lot of stuff other the web considering this.

I suggest you have a look at jquery plugin encryption jquery plugin encryption

I personnally have not used one of these encryption tools, but the integration seems pretty easy, and of course you should generate a random encryption key :

For instance here is the example of jqCrypt:

    <script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="jquery.jqcrypt.js"></script>
<script type="text/javascript">
  $(function(){
      $('#form_id').jqcrypt({
          keyname:    'jqckval',
          randomkey:  false,
          key:        'some_key_value',
          callback: function(form){ 
              form.submit(); 
          }
      });
  });
</script>

And here should be the decrypting example

function c2sdecrypt($s,$k){
    $k = base64_decode(urldecode($k));
    $s = urldecode($s);
    $k = str_split(str_pad('', strlen($s), $k));
    $sa = str_split($s);
    foreach($sa as $i=>$v){
        $t = ord($v)-ord($k[$i]);
        $sa[$i] = chr( $t < 0 ?($t+256):$t);
    }
    return urldecode(join('', $sa));
 }

From the jqCrypt plugin.

The only strong point will be the generation of a strong hash in the web page, to encrypt the value return from the Web Page Client.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号