我的index.php正在对ajax.php进行ajax后调用,并得到回显json的结果,然后解析并用js显示。所以它是POST。我希望能够通过链接mydomain/index.php?q=foo&q1=foo1
分享该结果。以安全的方式通过网址分享页面?
这里是基本的伪代码的情况是不安全的,我想建议如何以安全的方式实现这一点?
//index.php
//js
$.post('ajax.php', querystring, function(){
collect_result = result;
});
//ajax.php
parse($_POST);
echo json_encode(result);
// I want to be able to share result in way
http://.../index.php?q=foo&q1=foo1
//index.php
if(!empty($_GET['q]))
$querystr = http_build_query($_GET, '', '&');
<div id="div1" style="display:none"><?php echo $querystr; ?></div>
//then get it wuth jquery and make ajax.post()
$.post('ajax.php', $('#div1').html(), function(){
collect_result = result;
});
//BUT THEN USER IS ABLE TO DIRECT INJECT CODE INTO MY HTML (XSS)
//IS THERE SAFE WAY TO DO THIS SHARING VIA LINK???