Original link: https://www.leavesongs.com/PENETRATION/xss-from-my-blog.html
I received a few reminders this evening, and I opened it and saw that someone was testing XSS in the comment area of my blog:
Originally this kind of testing is commonplace, and this person failed to find XSS, I mostly closed the page before it was released.
But tonight I didn’t know why, so I took a look at the code I wrote and found an XSS vulnerability by myself:
what is the reason?
0x01 Introduction to Development History
When I was developing this reply button, for convenience, I directly used the JavaScript pseudo-protocol to call the reply_to function, such as:
reply
This article is reprinted from: https://www.leavesongs.com/PENETRATION/xss-from-my-blog.html
This site is for inclusion only, and the copyright belongs to the original author.