xgqfrms™, xgqfrms® : xgqfrms's offical website of cnblogs! xgqfrms™, xgqfrms® : xgqfrms's offical website of GitHub!

javascript protocol All In One

javascript protocol All In One

JavaScript Security Vulnerabilities / JavaScript 安全漏洞

demos


<a href="javascript:alert('👻 vulnerable message')">Hello World!</a>

<a href="javascript:alert('👻 vulnerable message')" target="_blank">Hello World!</a>

image

<a href="#" onclick="doSomething(1);">Link 1</a>
<br>

<a href="#" onclick="doSomething(2); return false;">Link 2</a>
<br>

<a href="javascript://" onclick="doSomething(3);">Link 3</a>
<br>


function doSomething(i) {
  emojis = ``.padEnd(i*2, `👻`)
  console.log(`do something =`, i, emojis)
}

image

https://codepen.io/xgqfrms/pen/poxOqVN?editors=1011

???

image

https://youtu.be/ypNKKYUJE5o?t=321

(🐞 反爬虫测试!打击盗版⚠️)如果你看到这个信息, 说明这是一篇剽窃的文章,请访问 https://www.cnblogs.com/xgqfrms/ 查看原创文章!

refs

https://stackoverflow.com/questions/2321469/when-do-i-need-to-specify-the-javascript-protocol

https://learn.microsoft.com/en-us/previous-versions/aa767736(v=vs.85)

©xgqfrms 2012-2021

www.cnblogs.com/xgqfrms 发布文章使用:只允许注册用户才可以访问!

原创文章,版权所有©️xgqfrms, 禁止转载 🈲️,侵权必究⚠️!

posted @ 2023-05-17 11:20  xgqfrms  阅读(3)  评论(4编辑  收藏  举报