Chrome提醒他网页存在XSS。然而虎绿林的回帖页面显然没有XSS。所以是怎么回事呢?
我简单的复现了一下。只要把我正在使用的网页插件代码粘贴到回复里面,就会引起这种误判。Chrome会认为网站把你发的内容当做代码显示了出来(构成XSS),然而事实刚好相反,只是你把网站(从你登录后)一直以来都在使用的代码做为内容发了出来而已
不信各位可以试试,使用这段网页插件,然后再把这段网页插件的代码粘贴到你的回复里发出去。100%可以引发问题。
<script src="/tpl/jhin/js/jquery-3.1.1.min.js"></script>
<script>
$(function(){
var head = "<!-- markdown -->\n";
$('#reply_topic_button,#quick_chat_button,#post_topic_button').click(function(){
var content = $('#content').val();
if (head == content.substr(0, head.length)) head = '';
$('#content').val(head + content);
})
});
</script>
<script>
$(document).ready(function () {
$("#content").after('<p id="face"><img title="冷" src="/tpl/classic/img/face/e586b7.gif" /><img title="勉强" src="/tpl/classic/img/face/e58b89e5bcba.gif" /><img title="吐舌" src="/tpl/classic/img/face/e59090e8888c.gif" /><img title="吐" src="/tpl/classic/img/face/e59090.gif" /><img title="呵呵" src="/tpl/classic/img/face/e591b5e591b5.gif" /><img title="呼" src="/tpl/classic/img/face/e591bc.gif" /><img title="咦" src="/tpl/classic/img/face/e592a6.gif" /><img title="哈哈" src="/tpl/classic/img/face/e59388e59388.gif" /><img title="啊" src="/tpl/classic/img/face/e5958a.gif" /><img title="喷" src="/tpl/classic/img/face/e596b7.gif" /><img title="太开心" src="/tpl/classic/img/face/e5a4aae5bc80e5bf83.gif" /><img title="委屈" src="/tpl/classic/img/face/e5a794e5b188.gif" /><img title="开心" src="/tpl/classic/img/face/e5bc80e5bf83.gif" /><img title="怒" src="/tpl/classic/img/face/e68092.gif" /><img title="惊哭" src="/tpl/classic/img/face/e6838ae593ad.gif" /><img title="惊讶" src="/tpl/classic/img/face/e6838ae8aeb6.gif" /><img title="汗" src="/tpl/classic/img/face/e6b197.gif" /><img title="泪" src="/tpl/classic/img/face/e6b3aa.gif" /><img title="滑稽" src="/tpl/classic/img/face/e6bb91e7a8bd.gif" /><img title="狂汗" src="/tpl/classic/img/face/e78b82e6b197.gif" /><img title="疑问" src="/tpl/classic/img/face/e79691e997ae.gif" /><img title="真棒" src="/tpl/classic/img/face/e79c9fe6a392.gif" /><img title="睡觉" src="/tpl/classic/img/face/e79da1e8a789.gif" /><img title="笑眼" src="/tpl/classic/img/face/e7ac91e79cbc.gif" /><img title="花心" src="/tpl/classic/img/face/e88ab1e5bf83.gif" /><img title="鄙视" src="/tpl/classic/img/face/e98499e8a786.gif" /><img title="酷" src="/tpl/classic/img/face/e985b7.gif" /><img title="钱" src="/tpl/classic/img/face/e992b1.gif" /><img title="阴险" src="/tpl/classic/img/face/e998b4e999a9.gif" /><img title="黑线" src="/tpl/classic/img/face/e9bb91e7babf.gif" /></p>');
$('#face img').click(function () {
var title = "{" + $(this).attr("title") + "}";
var oldvalue = $("#content").val();
$("#content").val(oldvalue + title);
});
});
</script>
我在提交给chrome的bug报告中提到了这样一种情况:
假设一个网站的用户正在讨论如何对该网站正在使用的前端代码做出改进。
@老虎会游泳,你艾特错人了
@已重置,
试试BUG
我的chrome升级到最新版本依然会有这个问题。
@为你一人,你要首先使用这个插件,然后再回复这个插件的代码,就像这样(你可以复制我这一楼的内容。现在我每次编辑这一楼,保存的时候都会提示XSS让我回到首页):
<script src="/tpl/jhin/js/jquery-3.1.1.min.js"></script>
<script>
$(function(){
var head = "<!-- markdown -->\n";
$('#reply_topic_button,#quick_chat_button,#post_topic_button').click(function(){
var content = $('#content').val();
if (head == content.substr(0, head.length)) head = '';
$('#content').val(head + content);
})
});
</script>
<script src="/tpl/jhin/js/jquery-3.1.1.min.js"></script>
<script>
$(document).ready(function () {
$("#content").after('<p id="face"><img title="冷" src="/tpl/classic/img/face/e586b7.gif" /><img title="勉强" src="/tpl/classic/img/face/e58b89e5bcba.gif" /><img title="吐舌" src="/tpl/classic/img/face/e59090e8888c.gif" /><img title="吐" src="/tpl/classic/img/face/e59090.gif" /><img title="呵呵" src="/tpl/classic/img/face/e591b5e591b5.gif" /><img title="呼" src="/tpl/classic/img/face/e591bc.gif" /><img title="咦" src="/tpl/classic/img/face/e592a6.gif" /><img title="哈哈" src="/tpl/classic/img/face/e59388e59388.gif" /><img title="啊" src="/tpl/classic/img/face/e5958a.gif" /><img title="喷" src="/tpl/classic/img/face/e596b7.gif" /><img title="太开心" src="/tpl/classic/img/face/e5a4aae5bc80e5bf83.gif" /><img title="委屈" src="/tpl/classic/img/face/e5a794e5b188.gif" /><img title="开心" src="/tpl/classic/img/face/e5bc80e5bf83.gif" /><img title="怒" src="/tpl/classic/img/face/e68092.gif" /><img title="惊哭" src="/tpl/classic/img/face/e6838ae593ad.gif" /><img title="惊讶" src="/tpl/classic/img/face/e6838ae8aeb6.gif" /><img title="汗" src="/tpl/classic/img/face/e6b197.gif" /><img title="泪" src="/tpl/classic/img/face/e6b3aa.gif" /><img title="滑稽" src="/tpl/classic/img/face/e6bb91e7a8bd.gif" /><img title="狂汗" src="/tpl/classic/img/face/e78b82e6b197.gif" /><img title="疑问" src="/tpl/classic/img/face/e79691e997ae.gif" /><img title="真棒" src="/tpl/classic/img/face/e79c9fe6a392.gif" /><img title="睡觉" src="/tpl/classic/img/face/e79da1e8a789.gif" /><img title="笑眼" src="/tpl/classic/img/face/e7ac91e79cbc.gif" /><img title="花心" src="/tpl/classic/img/face/e88ab1e5bf83.gif" /><img title="鄙视" src="/tpl/classic/img/face/e98499e8a786.gif" /><img title="酷" src="/tpl/classic/img/face/e985b7.gif" /><img title="钱" src="/tpl/classic/img/face/e992b1.gif" /><img title="阴险" src="/tpl/classic/img/face/e998b4e999a9.gif" /><img title="黑线" src="/tpl/classic/img/face/e9bb91e7babf.gif" /></p>');
$('#face img').click(function () {
var title = "{" + $(this).attr("title") + "}";
var oldvalue = $("#content").val();
$("#content").val(oldvalue + title);
});
});
</script>
@老虎会游泳,怎么实现chrome点击右上角X关闭浏览器,提示我是否关闭?
红米Note4高配版(银色)
@水木易安,知乎体我还是很熟悉的,比如我是这个问题的创建者
https://www.zhihu.com/question/60942140
@玖月,参考 http://www.jb51.net/article/130010.htm
@老虎会游泳,骗粉可耻
全能型大佬
@已重置,又没有人强迫你粉是不是
@老虎会游泳,不粉对不起大佬女装
@已重置,这个真没有
@老虎会游泳,大佬女装很好看
测试测试
“
你要首先使用这个插件,然后再回复这个插件的代码,就像这样(你可以复制我这一楼的内容。现在我每次编辑这一楼,保存的时候都会提示XSS让我回到首页):
<script src="/tpl/jhin/js/jquery-3.1.1.min.js"></script>
<script>
$(function(){
var head = "<!-- markdown -->\n";
$('#reply_topic_button,#quick_chat_button,#post_topic_button').click(function(){
var content = $('#content').val();
if (head == content.substr(0, head.length)) head = '';
$('#content').val(head + content);
})
});
</script>
<script src="/tpl/jhin/js/jquery-3.1.1.min.js"></script>
<script>
$(document).ready(function () {
$("#content").after('<p id="face"><img title="冷" src="/tpl/classic/img/face/e586b7.gif" /><img title="勉强" src="/tpl/classic/img/face/e58b89e5bcba.gif" /><img title="吐舌" src="/tpl/classic/img/face/e59090e8888c.gif" /><img title="吐" src="/tpl/classic/img/face/e59090.gif" /><img title="呵呵" src="/tpl/classic/img/face/e591b5e591b5.gif" /><img title="呼" src="/tpl/classic/img/face/e591bc.gif" /><img title="咦" src="/tpl/classic/img/face/e592a6.gif" /><img title="哈哈" src="/tpl/classic/img/face/e59388e59388.gif" /><img title="啊" src="/tpl/classic/img/face/e5958a.gif" /><img title="喷" src="/tpl/classic/img/face/e596b7.gif" /><img title="太开心" src="/tpl/classic/img/face/e5a4aae5bc80e5bf83.gif" /><img title="委屈" src="/tpl/classic/img/face/e5a794e5b188.gif" /><img title="开心" src="/tpl/classic/img/face/e5bc80e5bf83.gif" /><img title="怒" src="/tpl/classic/img/face/e68092.gif" /><img title="惊哭" src="/tpl/classic/img/face/e6838ae593ad.gif" /><img title="惊讶" src="/tpl/classic/img/face/e6838ae8aeb6.gif" /><img title="汗" src="/tpl/classic/img/face/e6b197.gif" /><img title="泪" src="/tpl/classic/img/face/e6b3aa.gif" /><img title="滑稽" src="/tpl/classic/img/face/e6bb91e7a8bd.gif" /><img title="狂汗" src="/tpl/classic/img/face/e78b82e6b197.gif" /><img title="疑问" src="/tpl/classic/img/face/e79691e997ae.gif" /><img title="真棒" src="/tpl/classic/img/face/e79c9fe6a392.gif" /><img title="睡觉" src="/tpl/classic/img/face/e79da1e8a789.gif" /><img title="笑眼" src="/tpl/classic/img/face/e7ac91e79cbc.gif" /><img title="花心" src="/tpl/classic/img/face/e88ab1e5bf83.gif" /><img title="鄙视" src="/tpl/classic/img/face/e98499e8a786.gif" /><img title="酷" src="/tpl/classic/img/face/e985b7.gif" /><img title="钱" src="/tpl/classic/img/face/e992b1.gif" /><img title="阴险" src="/tpl/classic/img/face/e998b4e999a9.gif" /><img title="黑线" src="/tpl/classic/img/face/e9bb91e7babf.gif" /></p>');
$('#face img').click(function () {
var title = "{" + $(this).attr("title") + "}";
var oldvalue = $("#content").val();
$("#content").val(oldvalue + title);
});
});
</script>
@老虎会游泳,还是没有你说的那种体验
