I'm going to store javascript code in the MongoDB (No-SQL) database.
But to prevent javascript injection I want to encrypt the javascript code which is in a string.
Is t开发者_JAVA技巧here a way to encrypt it and then decrypt it without having a defect javascript code?
There are lot of stuff other the web considering this.
I suggest you have a look at jquery plugin encryption jquery plugin encryption
I personnally have not used one of these encryption tools, but the integration seems pretty easy, and of course you should generate a random encryption key :
For instance here is the example of jqCrypt:
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="jquery.jqcrypt.js"></script>
<script type="text/javascript">
$(function(){
$('#form_id').jqcrypt({
keyname: 'jqckval',
randomkey: false,
key: 'some_key_value',
callback: function(form){
form.submit();
}
});
});
</script>
And here should be the decrypting example
function c2sdecrypt($s,$k){
$k = base64_decode(urldecode($k));
$s = urldecode($s);
$k = str_split(str_pad('', strlen($s), $k));
$sa = str_split($s);
foreach($sa as $i=>$v){
$t = ord($v)-ord($k[$i]);
$sa[$i] = chr( $t < 0 ?($t+256):$t);
}
return urldecode(join('', $sa));
}
From the jqCrypt plugin.
The only strong point will be the generation of a strong hash in the web page, to encrypt the value return from the Web Page Client.
精彩评论