Recently studied XSS, according to the Etherdream Great God's blog Extended XSS Life Cycle wrote a sub-page parent page to modify each other's demo.
One, sub-pages, parent pages modify each other--window.opener, window.open
The window.open function is used to modify sub-pages in the parent page:
<Script>varTarget_page=window.open ("parent-call.html", ""); Target_page.document.write ('I was rewritten by my father! ');</Script>
To modify a parent page on a child page, use the Window.opener function:
<Script> if(Window.opener) {Window.opener.document.write ('I'm a bad boy, I've rewritten my father.') } Else{alert ('who is my father? I don't know! ') }</Script>
When calling Window.opener.document to modify the parent page element, first check to see if the Window.opener exists. This is because the child page does not necessarily exist opener, for example, the parent page jumps directly to the child page (when the parent page no longer exists)
Second, the IFRAME sub-page and the parent page of mutual modification--window.frames, window.parent
The IFRAME tag is a magical presence on the page, another page that exists on the current page, and is two completely different windows.
The IFRAME modifies the parent page, calling Window.parent:
<type= "Text/javascript"> window.parent.document.write ( ' I am a bad boy, I modified my father '</script>
The parent page modifies the IFRAME sub-page, called window.frames[]:
<Script>window.frames['Change_by_father'].contentwindow.document.write ('modifications from the parent page') //Change_by_father is the ID of the frame</Script>
When you modify a sub-page, it is important to note that the IFRAME document does not belong directly to the current frame, but belongs to Contentwindow.
Third, XSS infection
What I understand about XSS infection is the use of small tricks like this to inject malicious code into other pages that the user opens. With small loopholes to control the big scene, in the fishing, XSS expansion attacks will have a more prominent performance.
Originally did not prepare to write the demo, last night looked very high, unknowingly put the demo written--is a more funny tone explained the relevant knowledge, welcome to exchange.
Demo Address:
Http://pan.baidu.com/s/1sjoeTbR
Opener, IFrame in the basic--javascript of XSS infection