| 1 | | |
|---|
| 2 | | <a href="javascript:alert('XSS')">XSS</a> |
|---|
| 3 | | <script> |
|---|
| 4 | | alert('hello'); |
|---|
| 2 | |
|---|
| 3 | https://board.namu.wiki/b/report/2881617 |
|---|
| 4 | https://theseed.io/thread/ApatheticRebelliousYouthfulVolcano |
|---|
| 5 | https://board.namu.wiki/b/report/2882745 |
|---|
| 6 | https://www.alphawiki.org/w/%EC%82%AC%EC%9A%A9%EC%9E%90:Sena128 |
|---|
| 7 | https://www.alphawiki.org/thread/AdjoiningWakefulAbruptBasin |
|---|
| 8 | https://www.alphawiki.org/w/%EC%82%AC%EC%9A%A9%EC%9E%90:taejo79 |
|---|
| 9 | https://www.alphawiki.org/w/%EC%82%AC%EC%9A%A9%EC%9E%90:Fkou?rev=2 |
|---|
| 1 | |
|---|
|
|
|
| 13 | 2 | |
|---|
| 14 | | {{{#!syntax javascript |
|---|
| 15 | | router.get(/^\/contribution\/(ip|author)\/(.+)\/edit_request$/, async function EditRequestList(req, res) { |
|---|
| 16 | | const ismember = req.params[0]; |
|---|
| 17 | | const username = req.params[1]; |
|---|
| 18 | | var moredata = []; |
|---|
| 19 | 8 | |
|---|
| 20 | 9 | var data = await curs.execute("select flags, title, namespace, rev, time, changes, log, iserq, erqnum, advance, ismember, username, loghider from history \ |
|---|
| 21 | 10 | where cast(time as integer) >= ? and ismember = ? " + (username.replace(/\s/g, '') ? "and lower(username) = ?" : "and (lower(username) like '%' || ?)") + " order by cast(time as integer) desc", [ |
|---|
| 22 | 11 | Number(getTime()) - 2592000000, ismember, username.toLowerCase() |
|---|
| 23 | 12 | ]); |
|---|
| 24 | 13 | }}} |
|---|
| 25 | 14 | |
|---|
| 26 | 15 | {{{#!html |
|---|
| 27 | 16 | <h1>와우 친구들! 빡빡이 아저씨야</h1> |
|---|
| 28 | 17 | }}} |
|---|
| 29 | 18 | |
|---|
| 30 | 19 | 렌더링 의외로 잘 되는듯 |
|---|
| 31 | 20 | |
|---|
| 3 | https://board.namu.wiki/b/report/2881617 |
|---|
| 4 | https://theseed.io/thread/ApatheticRebelliousYouthfulVolcano |
|---|
| 5 | https://board.namu.wiki/b/report/2882745 |
|---|
| 6 | https://www.alphawiki.org/w/%EC%82%AC%EC%9A%A9%EC%9E%90:Sena128 |
|---|
| 7 | https://www.alphawiki.org/thread/AdjoiningWakefulAbruptBasin |
|---|
| 19 | 21 | |
|---|
| 20 | | var data = await curs.execute("select flags, title, namespace, rev, time, changes, log, iserq, erqnum, advance, ismember, username, loghider from history \ |
|---|
| 21 | 23 | where cast(time as integer) >= ? and ismember = ? " + (username.replace(/\s/g, '') ? "and lower(username) = ?" : "and (lower(username) like '%' || ?)") + " order by cast(time as integer) desc", [ |
|---|
| 22 | 24 | Number(getTime()) - 2592000000, ismember, username.toLowerCase() |
|---|
| ... | ... | |
|---|
| 22 | 다음은 Lpyton의 차단 내역이다. |
|---|