浏览器是否会尝试解析img> [英] Would a browser ever try to parse img>
问题描述
当<
标签
例如
< div> $ test< / div>
$ b
其中 $ test
可以是包含>
,但不是<
。例如 img>
,但不是< img
全面披露:这个问题是专门查看是否我发布的评论是正确的。
您在技术上不需要<或>。在IE中加载它,它会运行一个JavaScript警报。但不知道是否可以在不破坏charset的情况下。
< HTML>
< HEAD>
< META charset =UTF-7>
< / HEAD>
< BODY>
< DIV> + ADw-script + AD4-alert(+ ACI-XSS + ACI-)+ ADw- / script + AD4-< / DIV>
< / BODY>
< / HTML>
来源: http://securityoverride.org/articles.php?article_id=13
Is it likely or possible for img
tag, or any other to be parsed, when the <
tag is several characters prior, or perhaps omitted? Would this happen in any notable HTML parsers?
For example
<div>$test</div>
.
Where $test
could be any string containing a >
, but not a <
. Such as img>
, but not <img
Full disclosure: This question is specifically to see whether or not the comment I posted was correct.
You don't technically need either < or >. Load this up in IE, and it'll run a javascript alert. Not sure if it's possible without messing with the charset though.
<HTML>
<HEAD>
<META charset="UTF-7">
</HEAD>
<BODY>
<DIV>+ADw-script+AD4-alert(+ACI-XSS+ACI-)+ADw-/script+AD4-</DIV>
</BODY>
</HTML>
Source: http://securityoverride.org/articles.php?article_id=13
这篇关于浏览器是否会尝试解析img>的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!