\u3053\u306e\u30e1\u30bd\u30c3\u30c9\u3092\u4f7f\u3048\u3070\u30d5\u30a9\u30fc\u30e0\u304b\u3089JavaScript\u3092\u5165\u529b\u3055\u308c\u305f\u3068\u3057\u3066\u3082\u30b5\u30cb\u30bf\u30a4\u30b8\u30f3\u30b0\uff08\u7121\u5bb3\u5316\uff09<\/strong><\/span>\u3059\u308b\u4e8b\u304c\u3067\u304d\u307e\u3059\u3002\u30e1\u30bd\u30c3\u30c9\u306e\u540d\u524d\u304c\u9577\u3044\u306e\u3067\u57fa\u672c\u7684\u306b\u306f\u95a2\u6570\u5316\u3057\u307e\u3059\u3002<\/p>\n\n\n\n \u4e0a\u8a18\u306e\u95a2\u6570\u3092\u4f7f\u3063\u3066\u30d5\u30a9\u30fc\u30e0\u306e\u78ba\u8a8d\u753b\u9762\u306b\u4e0b\u8a18\u306e\u3088\u3046\u306b\u95a2\u6570\u3092\u4ed5\u8fbc\u307f\u307e\u3059\u3002<\/p>\n\n\n\n PHP\u30d5\u30a1\u30a4\u30eb\u306e\u4e00\u756a\u4e0a\u306b\u4e0b\u8a18\u306e\u8a18\u8ff0\u3092\u3057\u307e\u3059\u3002<\/p>\n\n\n\n PHP\u306eheader\u95a2\u6570\u3092\u4f7f\u3046\u3068HTTP\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u30d8\u30c3\u30c0\u306b\u5bfe\u3057\u3066\u9805\u76ee\u3092\u8ffd\u52a0\u3059\u308b\u4e8b\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n $_SESSION\u3092\u4f7f\u3063\u3066\u5408\u8a00\u8449\u3092\u6b8b\u3057\u307e\u3059\u3002<\/p>\n\n\n\n random_bytes\u95a2\u6570<\/strong><\/span>\u3067\u30bb\u30ad\u30e5\u30a2\u306a\u6587\u5b57\u5217\u3092\u751f\u6210\u3057\u3066\u3001\u305d\u308c\u3092bin2hex\u95a2\u6570<\/strong><\/span>\u306b\u3088\u308a16\u9032\u6570\u306b\u5909\u63db\u3057\u30bb\u30c3\u30b7\u30e7\u30f3\u5909\u6570\u306b\u4ee3\u5165\u3057\u307e\u3059\u3002<\/p>\n\n\n\n \u5b9a\u7fa9\u3057\u305f\u30bb\u30c3\u30b7\u30e7\u30f3\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306b\u30d5\u30a9\u30fc\u30e0\u306b\u57cb\u3081\u8fbc\u307f\u307e\u3059\u3002<\/p>\n\n\n\n \u6b21\u306e\u753b\u9762\uff08\u78ba\u8a8d\u753b\u9762\u7b49\uff09\u306e\u4e0a\u306e\u65b9\u3067\u4e0b\u8a18\u306e\u3088\u3046\u306b\u753b\u9762\u30d5\u30a9\u30fc\u30e0\u306b\u57cb\u3081\u8fbc\u3093\u3060csrf\u30c8\u30fc\u30af\u30f3\u306e\u5024\u3068\u30bb\u30c3\u30b7\u30e7\u30f3\u306eCSRF\u30c8\u30fc\u30af\u30f3\u306e\u5024\u304c\u4e00\u81f4\u3057\u3066\u3044\u308b\u304b\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n\n\n\n \u5b8c\u4e86\u753b\u9762\u3067\u3082\u540c\u3058\u3088\u3046\u306b\u30c1\u30a7\u30c3\u30af\u3057\u305f\u4e0a\u3067\u4e0d\u8981\u306a\u30c8\u30fc\u30af\u30f3\u3092\u524a\u9664\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\nfunction h($str)\n{\n return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');\n}<\/pre>\n\n\n\n\u30d5\u30a9\u30fc\u30e0\u304b\u3089\u5165\u529b\u3055\u308c\u305f\u5024\n<?php echo h($_POST['your_name']) ; ?><\/pre>\n\n\n\n
\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0\u306e\u5bfe\u7b56<\/h2>\n\n\n\n
header('X-FRAME-OPTIONS:DENY');<\/pre>\n\n\n\nCSRF\u5bfe\u7b56<\/h2>\n\n\n\n
\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u5ba3\u8a00\u3059\u308b\u3002<\/h3>\n\n\n\n
session_start();<\/pre>\n\n\n\n
\u6700\u521d\u306e\u753b\u9762\uff08\u30d5\u30a9\u30fc\u30e0\u5165\u529b\u753b\u9762\u7b49\uff09\u3067\u5408\u8a00\u8449\u3092\u5ba3\u8a00\u3059\u308b\u3002<\/h3>\n\n\n\n
\u5165\u529b\u753b\u9762\u5074<\/h4>\n\n\n\n
if(!isset($_SESSION['csrfToken'])){\n $_SESSION['csrfToken'] = bin2hex(random_bytes(32));\n}<\/pre>\n\n\n\n<input type=\"hidden\" name=\"csrf\" value=\"<?php $_SESSION['csrfToken'] ?>\"><\/input><\/pre>\n\n\n\n
\u78ba\u8a8d\u753b\u9762\u5074<\/h4>\n\n\n\n
<?php if($_POST['csrf'] ===$_SESSION['csrfToken']) : ?>\n\n<form>\n\u8868\u793a\u3055\u305b\u308b\u30d5\u30a9\u30fc\u30e0\n<\/form>\n\n<?php endif; ?><\/pre>\n\n\n\n
\u5b8c\u4e86\u753b\u9762\u5074<\/h4>\n\n\n\n
<?php if($_POST['csrf'] ===$_SESSION['csrfToken']) : ?>\n\n<?php unset($_SESSION['csrfToken']); ?>\n\n<?php endif; ?>\n<\/pre>\n","protected":false},"excerpt":{"rendered":"XSS\u5bfe\u7b56 htmlspecialchars \u3053\u306e\u30e1\u30bd\u30c3\u30c9\u3092\u4f7f\u3048\u3070\u30d5\u30a9\u30fc\u30e0\u304b\u3089JavaScript\u3092\u5165\u529b\u3055\u308c\u305f\u3068\u3057\u3066\u3082\u30b5\u30cb\u30bf\u30a4\u30b8\u30f3\u30b0\uff08\u7121\u5bb3\u5316\uff09\u3059\u308b\u4e8b\u304c\u3067\u304d\u307e\u3059\u3002\u30e1\u30bd\u30c3\u30c9\u306e\u540d\u524d\u304c\u9577\u3044\u306e\u3067\u57fa\u672c\u7684\u306b\u306f\u95a2\u6570\u5316\u3057\u307e\u3059\u3002 funct […]","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[100],"tags":[],"_links":{"self":[{"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=\/wp\/v2\/posts\/10415"}],"collection":[{"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10415"}],"version-history":[{"count":7,"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=\/wp\/v2\/posts\/10415\/revisions"}],"predecessor-version":[{"id":23656,"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=\/wp\/v2\/posts\/10415\/revisions\/23656"}],"wp:attachment":[{"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10415"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.code-magagine.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}