Below are their string rules:
1. <(script | link | style | iframe) (. | \ n) * <\/\ 1> \ s *
2. \ s * on [a-z] + \ s * = \ s * ("[^"] + "| '[^'] + '| [^ \ s] +) \ s *(? =>)
3. \ s * (href | src) \ s * = \ s * ("\ s * (javascript | vbscript ): [^ "] +" | '\ s * (javascript | vbscript): [^'] + '| (javascript | vbscript): [^ \ s] +) \ s *(? =>)
4. epression \ (. | \ n )*\);?
After learning about their rules, it is easy to catch insects.
<Pre class = "code" id = "bug" cols = "80" rows = "16"> <button id = "kick"> worm 1 </button> <link href='test.css '> </link> <style> a {height: expression (alert ('hei') ;}</style> </textarea> <button id = "kick"> worm capture 1 </button>
[Ctrl + A select all Note: If you need to introduce external Js, You need to refresh it to execute]
<Pre class = "code" id = "bug" cols = "80" rows = "5"> test </textarea> <button id = "kick"> worm catching 2 </button>
[Ctrl + A select all Note: If you need to introduce external Js, You need to refresh it to execute]
<Pre class = "code" id = "bug" cols = "80" rows = "5"> test </textarea> <button id = "kick"> worm 3 </button>
[Ctrl + A select all Note: If you need to introduce external Js, You need to refresh it to execute]
<Pre class = "code" id = "bug" cols = "80" rows = "5"> expression () test </textarea> <button id = "kick"> worm 4 </button>
[Ctrl + A select all Note: If you need to introduce external Js, You need to refresh it to execute]
In this way, you can call
K1 (k2 (k3 (k4 (str ))))
In this way, the script is simply filtered. The so-called "Dangerous scripts" should be able to determine which are "dangerous" scripts. If they are not dangerous, they will not be filtered ...... That's hard to do. It's equivalent to a firewall.