中文摘要：

跨站脚本是一类基于网站应用程序的安全漏洞攻击,将研究和解决快速化的自动化检测。为了有效地防止跨站脚本被滥用,决定创建一种基于Web的跨站脚本检测方式,以发现Web站点中潜在的跨站风险。完成主要的6大模块有：登陆模块、检测模块、扫描模块、输出模块、报表模块、日志模块。核心代码模块是检测和扫描部分,他们相互配合构造跨站参数并抓取反馈信息,其他模块配合核心代码起到辅助作用。选择PHP进行构造是一大亮点,PHP是一种Web程序语言,能够快速地解析前端DOM内容,在脚本语言中速度仅次于Python。用Web方式构造和检测本就属于Web攻击的跨站脚本,将更加快捷、高效。

英文摘要：

The XSS（cross site scripting） is a kind of attack against the security hole based on network application program. Its fast auto- test is studied in this paper. In order to prevent the abuse of XSS effectively,a Web- based XSS testing method is designed to detect the potential cross-site risks in Web sites. Six main modules（login module,detection module,scanning module,output module,report module and log module）were fulfilled,in which the kernel code modules are detection and scanning ones,which cooperate each other to construct cross-site parameters and grab the feedback data. PHP is a Web program language,which can resolve the front-end DOM contents quickly,and its rate is second only to Python in scripting language. To use Web method to structure and detect XSS belonging to the Web attack is more convenient and efficient.