首先我們打開網站後先看看程式碼,看到了一個留言框,輸入個內容看看,輸入個123,後看看代碼,我們看到。
所以換去/source路徑看看代碼,< TODO: Fix b/1337 in /source that could lead to XSS --> <script> const note = "123"; /*恰恰好可以形成XSS*/ const note_id = "7706dc51-7508-48e7-8f5b-240fe75a0537"; const note_el = document.getElementById('note-content'); const note_url_el = document.getElementById('note-title'); const clean = DOMPurify.sanitize(note); note_el.innerHTML = clean; note_url_el.href = `/${note_id}`; note_url_el.innerHTML = `${note_id}`; </script>