pikachu

pikachu copied to clipboard

xss_dom_x.php+号被解码成空格 导致加号无法使用

1

源码 function domxss(){ var str = window.location.search; var txss = decodeURIComponent(str.split("text=")[1]); var xss = txss.replace(/\+/g,' '); // alert(xss); document.getElementById("dom").innerHTML = "就让往事都随风,都随风吧"; } Bug: 当前decodeURIComponent和replace的实现顺序会将“+”和“%2B”都解码为空格 > decodeURIComponent("x%2By+z").replace(/\+/g, ' ') < "x...

lushanshan1995

FROM mattrayner/lamp:latest-2004-php7 是不是因为这个不存在了

sdlyzhuangd