标签:
package main import ( "crypto/md5" "fmt" "html/template" "io" "log" "net/http" "strconv" "strings" "time" ) func sayHelloName(w http.ResponseWriter, r *http.Request) { r.ParseForm() //解析函数,默认是不会解析的 fmt.Println(r.Form) //这些信息是输出到服务器端的打印信息 fmt.Println("path", r.URL.Path) fmt.Println("scheme", r.URL.Scheme) fmt.Println(r.Form["url_long"]) for k, v := range r.Form { fmt.Println("key:", k) fmt.Println("val:", strings.Join(v, "v")) } fmt.Fprintf(w, "Hello astaxie") //这个写入到w的是输出到客户端的 } func login(w http.ResponseWriter, r *http.Request) { fmt.Println("login method:", r.Method) //获取请求的方法 if r.Method == "GET" { t, e := template.ParseFiles("login.gtpl") crutime := time.Now().Unix() h := md5.New() io.WriteString(h, strconv.FormatInt(crutime, 10)) token := fmt.Sprintf("%x", h.Sum(nil)) fmt.Println("token:", token) //t, e := template.ParseFiles("login.gtpl") if e != nil { log.Fatal(e) } t.Execute(w, token) } else { r.ParseForm() //请求的是登录数据,那么执行登录的逻辑判断 token := r.Form.Get("token") if token != "" { } else { } fmt.Println("username len:", len(r.Form["username"][0])) fmt.Println("username:", template.HTMLEscapeString(r.Form.Get("username"))) //输出到服务端 fmt.Println("password", template.HTMLEscapeString(r.Form.Get("password"))) template.HTMLEscape(w, []byte(r.Form.Get("username"))) //输出到客户端 } } func main() { http.HandleFunc("/", sayHelloName) //设置访问的路由 http.HandleFunc("/login", login) //设置访问的路由 err := http.ListenAndServe(":9090", nil) //设置监听的端口 if err != nil { log.Fatal("ListenAndServe", err) } }
login.gtpl
<html> <head> <title></title> </head> <body> <form action="http://127.0.0.1:9090/login" method="post"> <input type="checkbox" name="interest" value="football">足球 <input type="checkbox" name="interest" value="basketball">篮球 <input type="checkbox" name="interest" value="tennis">网球 用户名:<input type="text" name="username"> 密码:<input type="password" name="password"> <input type="hidden" name="token" value="{{.}}"> <input type="submit" value="登录"> </form> </body> </html>
重复提交表单判断与 跨站脚本转换
<script>while(true){alert(1)}</script>
点击登录
输出
<script>while(true){alert(1)}</script>
标签:
原文地址:http://www.cnblogs.com/huang361964533/p/5123740.html