0  

Depends on the kind of data you expects, but in any case it is good to track in some log that someone have tried a XSS attack or any other.

取决于您期望的数据类型，但无论如何，在某些日志中跟踪某人尝试过X​​SS攻击或任何其他攻击是很好的。

One more good practices is to implement an alert launched when someone tries a XSS attack. In case you have a lot of traffic you could generate a report daily with all the information about the attacks detected during the day.

另一个好的做法是在有人尝试XSS攻击时实施警报。如果您有大量流量，您可以每天生成一份报告，其中包含有关当天检测到的攻击的所有信息。

After you track this information, if you throw and exception or sanitize the data depends on you, this few questions could help you:

跟踪此信息后，如果您抛出异常或清理数据取决于您，这几个问题可以帮助您：

• It is relevant for you the information the user tries to submit?
• 它与您的用户尝试提交的信息相关吗？
• Are you interested in let it know you have blocked its XSS attack?
• 您是否有兴趣让它知道您已阻止其XSS攻击？
• Are you interested in let it be in web site after detect it as a potential attacker?
• 在将其识别为潜在攻击者后，您是否有兴趣将其置于网站中？