Retrieving elements from an iFrame can be complicated process due to cross-browser incompatibility. While one method might work for a user accessing your site with Internet Explorer, it may not work ...
是的,iframe 的 src 可以放 javascript: 開頭的這種格式,就可以直接執行 JavaScript 程式碼,達成 XSS。 順帶一提, <form> 的 action 跟 <a> 的 href 也都可以放,這個我在 接觸資安才發現我不懂前端 有稍微提到。
If you this package helped you and you would like to spare me some change - you can do it via buymeacoffee.com or buycoffee.to. The official YouTube documentation ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results