摘要： 为了应对XSS漏洞的攻击我们有必要对暴露在外面的参数进行合法性检查，可以使用如下js函数：// 字符串去掉非法字符removeInvalidChar : function(str){ var codeArray = new Array(" ","<",">","'","\"",";","(",")","{","}","[","]" 阅读全文