= A small pitfall was buried in the previous article. I did not expect sogili to discover it so soon.
The elegance of chrome xss filter I mentioned is that chrome uses Firefox's CSP policy.
For more information about CSP policies, see wiki.mozilla.org/Security/CSP/Specification.
CSP policy is one of the browser security policies recommended and developed by various WEB security experts in foreign countries. It was often praised by the black box.
The improvement space is that the CSP policy used by chrome xss filter is not in-depth. What if the same source resource file is an image?
For the sake of science popularization, let's look at the figure.
Therefore, we can see that XSS is not as simple as other people think. It should combine different web vulnerabilities and consider various special client security policies.
PS:
Some people still do not understand this. These are just one of the CSP policy rules.
The first figure shows Cross-Site Scripting of a.com loading http: // 127.0.0.1/1.js
SRC was corrected to about: blank.
The second figure shows Cross-Site Scripting for a.com loading http://www.a.com/1.jpg
Scripts with the same source and non-JS suffixes run
From: RAyh4c Black Box