The previous article explained the hook program attack and defense combat, and realized a set of frame page monitoring scheme, the protection of all child pages. So far, the depth of our protection has been similar, but the breadth is still deficient. For example, our property hooks only consider setattribute, but ignore similar setattributenode. Although this method has never been used, it does not mean that people cannot use it. For example, creating an element is usually createelement, and in fact Createelementns is also possible. You can even use ready-made elements to clonenode and achieve your goals. Therefore, these are marginal methods are worth considering. The following is a review of the monitoring points discussed before. Inline event Execution Eval at the end of the first article, it is best to monitor eval,settimeout (' ... ') these functions that parse code to prevent execution of XSS code stored elsewhere. Let's first enumerate the functions: Evalsettimeout (String)/SetInterval (String) functionexecscript/setimmediate (string) in fact, using the hook technique on the previous article, They can all be monitored. But the reality is not as simple as we think. Is there a problem with the eval rewrite? Eval is not a function, why can't you rewrite it? Varraw_fn=window.eval; Window.eval=function (exp) {alert (' Execute eval: ' +exp '); returnraw_fn.apply (this,arguments); Console.log (eval (' 1+1 ')); no problem at all. That's because the code is so simple that the following Demo shows the flaw in the cottage version of Eval: (function () {eval (' vara=1 ');}) (); alert (TYPEOFA); Run is supposed to be undefined, but the result is number. Local variables are on the global table. What is this? In fact, Eval is not really a function of meaning, but a keyword! 1 2 3 4 Next >> view full-text navigation page 1th: Inline Event Execution eval page 2nd: Function rewrite does it make sense? 3rd: frames Page Message 4th page: Modify the accessor of a property original: Front firewall for XSS vulnerabilities: Seamless protection (1) Back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
