康拍樂 compiler note

開啟專案時，pod instal 發生錯誤 [!] Automatically assigning platform `iOS` with version `11.0` on target `M2Test` because no platform was specified. Please specify a platform for this target in your Podfile. See `https://guides.cocoapods.org/syntax/podfile.html#platform`. 解決方法∶ 1 打開Podfile 2 移除第二行 #platform:ios, ‘9.0’ 中的# 3 打開終端機重新 pod install [!] Couldn't determine repo type for URL: `https://cdn.cocoapods.org/`: Permission bits for '/Users/D/.netrc' should be 0600, but are 644 解決方法∶ chmod 600 ~/.netrc

Checkmarx 弱點：Reflected XSS All Clients 該元素的值於程式流程中沒有被正確地過濾(Filter)或驗證，並最終顯示於使用者端方法DisplayDetails()這可能為跨站腳本(Cross-Site-Scripting)攻擊 一般在輸出網頁時內嵌 JSON 轉成 JavaScript <script> var DataItem = @Html.Raw(Newtonsoft.Json.JsonConvert.SerializeObject(Model.DataItem)); </script> 但如果model 裡有含html字串，會導致XSS 風險 宣告產出如下： <script> var DataItem = @Html.Raw( Newtonsoft.Json.JsonConvert.SerializeObject(Model.DataItem, new Newtonsoft.Json.JsonSerializerSettings { StringEscapeHandling = Newtonsoft.Json.StringEscapeHandling.EscapeHtml })); </script> JsonConvert.DefaultSettings = () => new JsonSerializerSettings { StringEscapeHandling = Newtonsoft.Json.StringEscapeHandling.EscapeHtml };