标签:
链接:http://demo.pythoner.com/itt2zh/ch3.html
(1)块和替换:
{% extends %}
(2)块基础:
{% block %}
(3)自动转义:使用自动转义不会(类似Django的过滤器safe)
在输入评论的时候,看看有没有xss漏洞
Totally hacked your site lulz <script>alert(‘RUNNING EVIL H4CKS AND SPL01TS NOW...‘)</script>
tornado的{{}}经过自动转义
Totally hacked your site lulz <script>alert(‘RUNNING EVIL H4CKS AND SPL01TS NOW...‘)</script>
标签:
原文地址:http://www.cnblogs.com/IDomyself/p/4792578.html
