Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS 漏洞 #293

Closed
MHuiG opened this issue Apr 24, 2020 · 6 comments
Closed

XSS 漏洞 #293

MHuiG opened this issue Apr 24, 2020 · 6 comments
Labels

Comments

@MHuiG
Copy link

@MHuiG MHuiG commented Apr 24, 2020

If you want to report a bug, please provide the following information:

  • The steps to reproduce.
  1. 转到 https://valine.js.org/
  2. 输入以下内容
<input type="checkbox" onfocus="alert(1)" autofocus="">
  1. 点击发送
  2. 浏览器新建一个标签页转到百度,然后转到https://valine.js.org/ 标签页
    ,或者直接点击提交的 checkbox

5.效果
image

@MHuiG
Copy link
Author

@MHuiG MHuiG commented Apr 24, 2020

@xCss
现在直接跳转到 https://valine.js.org/ 即可看到效果

刚刚的测试,不要忘记删掉~

@Reqwey
Copy link

@Reqwey Reqwey commented Apr 24, 2020

@xCss
现在直接跳转到 https://valine.js.org/ 即可看到效果

刚刚的测试,不要忘记删掉~

我靠, 你够狠啊, 估计只能让他禁止直接渲染HTML了

@MHuiG
Copy link
Author

@MHuiG MHuiG commented Apr 24, 2020

@xCss
现在直接跳转到 https://valine.js.org/ 即可看到效果
刚刚的测试,不要忘记删掉~

我靠, 你够狠啊, 估计只能让他禁止直接渲染HTML了

正则表达式了解一下

@xCss xCss added the bug label Apr 24, 2020
@xaoxuu
Copy link
Contributor

@xaoxuu xaoxuu commented Apr 25, 2020

可怕😨

@xCss
Copy link
Owner

@xCss xCss commented Apr 25, 2020

v1.4.10 已修复,感谢反馈

@xCss xCss closed this as completed Apr 25, 2020
@MHuiG
Copy link
Author

@MHuiG MHuiG commented Apr 26, 2020

@xCss ReOpen 回来重改!!!! #298

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants