ÈçºÎÓÐÒ»¸ö×Ö·û´®ÊÇÕâÑùµÄÐÎʽstr = "&bbbLAA";
ÏëµÃµ½"L"µÄ»°¿ÉÒÔÕâÑùȥʵÏÖ£º
//sDataStr = "&bbbLAA";
//sLeftQuote = ""&bbb";
//sRightQuote = "&AA";
µ÷ÓÃÕâ¸ö·½·¨½«µÃµ½L×ֶΡ£
function abCutString( sDataStr, sLeftQuote, sRightQuote)
{
var sReturnVal = '';
var nStartPos = sDataStr.indexOf(sLeftQuote) ;
if (nStartPos < 0) return sReturnVal;
nStartPos += sLeftQuote.length ;
if (nStartPos >=0 ) {
var sWorkStr = sDataStr.substring( nStartPos , sDataStr.length );
var nEndPos = sWorkStr.indexOf(sRightQuote) //- sRightQuote.length + 1;
if ( nEndPos >= 1 ) {
sReturnVal = sWorkStr.substring( 0 , nEndPos );
}
}
return sReturnVal ;
}
Ç°ÃæµÄ¿Î³ÌÖУ¬ÎÒÃÇѧϰÁ˱í¸ñÔªËØ£¬ÉϽڿÎÖУ¬ÎÒÃÇͨ¹ýÒ»±¾±í¸ñÀ´¶Ô±íµ¥ÄÚµÄ×é¼þ½øÐÐλÖõĿØÖÆ£¬ÕâÆäʵ¾ÍÊÇÒ»ÖÖ¼òµ¥µÄ±í¸ñ²¼¾Ö¡£Õâ½Ú¿Î£¬ÎÒÃÇÏêϸÀ´ÌÖÂÛÒ»ÏÂʹÓñí¸ñµÄ²¼¾Ö·½·¨¡£
¿´ÈçÏ´úÂ룺
index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml ......
ÏÂÃæÕâ¸öÍøÕ¾ÂÞÁÐÁË£¬¼¸ºõËùÓеĹØÓÚHTML 5 ÔÚ¸÷ÖÖÖ÷Á÷ä¯ÀÀÆ÷ÉϵݲȫÎÊÌ⣬ÕâЩ°²È«ÎÊÌâºÜÓпÉÄܽ«»áÊǺڿ͹¥»÷ÄãµÄÍøÉϵÄÇÃÃÅש£¬ËûÃǼ¸ºõ¶¼ºÍJavascript¶¼ÓйØϵ£¬Äã¾ÍÒªºÃºÃ×¢ÒâÁË¡£
http://heideri.ch/jso/
ÏÂÃæÂÞÁм¸¸ö£º
1£©<table background=”javascript:alert(1)”>
IE6£¬7£¬8£¬9£¬ºÍOpera ......
Ç°¼¸Ìì×öÏîÄ¿¡£ÐèÒªÓõ½Ò»¸öWinFormµÄHTMLµÄ±à¼ºÍÏÔʾ¿Ø¼þ¡£.NET×Ô¼º²¢Ã»ÓÐÌṩÕâ·½ÃæµÄ¿Ø¼þ¡£È¥Googel°Ù¶ÈÁËһϡ£Ã»ÓÐÕÒµ½ºÏÊʵÄ.NET¿Ø¼þ¡£ÎÞÄÎÈ¥Ó¢ÎÄGoogelÁËһϡ£¹ûÈ»·¢ÏÖÁËÒ»¿îÃûΪ£º.NET Win HTML Editor Control 3.2µÄ¿Ø¼þ¡£ÏÂÔØÅäÖû·¾³ÊÔÓ᣷¢ÏÖÃâ·Ñ°æÌṩȫ¹¦ÄÜÊÔÓá£Î¨Ò»²»ºÃµÄµØ·½¾ÍÊÇÔÚ±à¼ÇøÓÐÒ»¸ö×¢²áµÄÁ ......
