현재 진행 중인 사용자 토론이 있습니다.
| r26 vs r27 | ||
|---|---|---|
| 1 | 1 | {{{#!html |
| 2 | 2 | <a href="javascript:alert('XSS')">XSS</a> |
| 3 | 3 | <script> |
| 4 | 4 | alert('hello'); |
| 5 | 5 | </script> |
| 6 | 6 | <meta http-equiv="refresh" content="0; url=https://namu.wiki"></meta> |
| 7 | 7 | <meta http-equiv="refresh" content="0; url=https://namu.wiki"></meta> |
| 8 | 8 | <img src="#" onerror="alert('XSS')"> |
| 9 | 9 | <ruby oncopy="alert('XSS')">XSS</ruby> |
| 10 | 10 | <a href="javas
cript
:
alert
('XSS')">XSS</a> |
| 11 | 11 | }}} |
| 12 | 12 | 막힌거 확인 |
| 13 | 13 | |
| 14 | 14 | {{{#!syntax javascript |
| 15 | 15 | router.get(/^\/contribution\/(ip|author)\/(.+)\/edit_request$/, async function EditRequestList(req, res) { |
| 16 | 16 | const ismember = req.params[0]; |
| 17 | 17 | const username = req.params[1]; |
| 18 | 18 | var moredata = []; |
| 19 | 19 | |
| 20 | 20 | var data = await curs.execute("select flags, title, namespace, rev, time, changes, log, iserq, erqnum, advance, ismember, username, loghider from history \ |
| 21 | 21 | where cast(time as integer) >= ? and ismember = ? " + (username.replace(/\s/g, '') ? "and lower(username) = ?" : "and (lower(username) like '%' || ?)") + " order by cast(time as integer) desc", [ |
| 22 | 22 | Number(getTime()) - 2592000000, ismember, username.toLowerCase() |
| 23 | 23 | ]); |
| 24 | 24 | }}} |
| 25 | 25 | |
| 26 | 26 | {{{#!html |
| 27 | 27 | <h1>와우 친구들! 빡빡이 아저씨야</h1> |
| 28 | 28 | }}} |
| 29 | 29 | |
| 30 | 30 | 렌더링 의외로 잘 되는듯 |
| 31 | 31 | |
| 32 | 32 | 솧툌춋 |
| 33 | 33 | [ruby(><script>alert('솧툌춋');<script> <--)] |
| ... | ... |