javascript protocol All In One
javascript protocol All In One
JavaScript Security Vulnerabilities / JavaScript 安全漏洞
demos
<a href="javascript:alert('👻 vulnerable message')">Hello World!</a>
<a href="javascript:alert('👻 vulnerable message')" target="_blank">Hello World!</a>
<a href="#" onclick="doSomething(1);">Link 1</a>
<br>
<a href="#" onclick="doSomething(2); return false;">Link 2</a>
<br>
<a href="javascript://" onclick="doSomething(3);">Link 3</a>
<br>
function doSomething(i) {
emojis = ``.padEnd(i*2, `👻`)
console.log(`do something =`, i, emojis)
}
https://codepen.io/xgqfrms/pen/poxOqVN?editors=1011
???
https://youtu.be/ypNKKYUJE5o?t=321
(🐞 反爬虫测试!打击盗版⚠️)如果你看到这个信息, 说明这是一篇剽窃的文章,请访问 https://www.cnblogs.com/xgqfrms/ 查看原创文章!
refs
https://stackoverflow.com/questions/2321469/when-do-i-need-to-specify-the-javascript-protocol
https://learn.microsoft.com/en-us/previous-versions/aa767736(v=vs.85)
©xgqfrms 2012-2021
www.cnblogs.com/xgqfrms 发布文章使用:只允许注册用户才可以访问!
原创文章,版权所有©️xgqfrms, 禁止转载 🈲️,侵权必究⚠️!
本文首发于博客园,作者:xgqfrms,原文链接:https://www.cnblogs.com/xgqfrms/p/17408057.html
未经授权禁止转载,违者必究!