对于一个测试项目,我想创建一个易受XSS攻击的站点。我的基本结构是一个论坛,人们可以通过输入字段和提交按钮添加论坛帖子。目前,我渲染的新帖子应该通过innerHTML显示,但用这种方法的恶意(例如<script>alert("123")</script>)脚本,我想插入作为一个攻击者得到不执行。我搜索了innerHTML的其他替代方案,但没有一个有效。我如何在我的代码中实现JavaScript渲染?
Things I tried
appendChild();
eval();
insertAdjacentElement();
创建新职位的输入字段
<form>
<label for="topic"
>Topic:
<br />
<input id="topic" required
/></label>
<br />
<br />
<label for="text"
>Text:
<br />
<input id="text" type="text" required
/></label>
<br />
<button type="submit" id="submit">submit</button>
</form>
输入示例文本字段(localStorage是来自输入字段的存储)
<div id="post">
<script>
if (localStorage.length > 0) {
post.innerHTML += localStorage.key(0);
}
</script>
</div>
解决方案
这个函数实际上给了我想要的行为。
<div id="post">
<script>
if (localStorage.length > 0) {
post.innerHTML += localStorage.key(0);
eval(localStorage.getItem(localStorage.key(0)));
}
</script>
</div>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<form>
<label for="topic"
>Topic:
<br />
<input id="topic" required
/></label>
<br />
<br />
<label for="text"
>Text:
<br />
<input id="text" type="text" required
/></label>
<br />
<button id="submit" onclick="test()">submit</button>
</form>
<div id="TESTDIV">
</div>
<script>
function test(){
if(localStorage.length >0){
item+=localStorage.setItem(document.getElementById("topic").value,document.getElementById("text").value);
}
else{
var item=localStorage.setItem(document.getElementById("topic").value,document.getElementById("text").value);
}
document.getElementById("TESTDIV").innerHTML= localStorage.getItem(document.getElementById("topic").value);
}
</script>
</body>
</html>
Hi! Hope You are well i think i will works.