原文出處:http://www.thespanner.co.uk/2018/07/29/bypassing-dompurify-with-mxss/
Injecting the title tag is important because it mutates, as I’ve tweeted about in the past. In order for the mXSS to be effective I needed to inject the title tag outside of SVG as DOMPurify/Edge would correctly encode the HTML. I found you could use “x” as a self closing tag in DOMPurify and this would enable me to use the title tag outside of SVG
文章圖片來源:https://vitalflux.com/angular-prevent-xss-attacks-code-examples/
前言引用來源:http://www.thespanner.co.uk/2018/07/29/bypassing-dompurify-with-mxss/
如文章侵犯,作者有疑義,請來信聯繫[email protected],將立即刪除,謝謝。
-------------------
如果你認同支持我們每日分享的文章的話,請幫我們按個讚並且點擊追蹤「搶先看」,這樣就可以快速獲得最新消息囉!
您的分享及點讚,是我們最大的動力來源。
https://www.facebook.com/LonelyPoPo/
