jQuery DOM XSS漏洞

JQuery DOM方法中XSS漏洞：

漏洞截图：

测试代码：

<html class=" -webkit- js flexbox canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers no-applicationcache svg inlinesvg smil svgclippaths" style=""><head> <meta charset="UTF-8"><title>HTML5 Preview Panel</title><style>html {
    height: 100%;
}
body {
    background: #ff8800 -webkit-linear-gradient(transparent, rgba(100, 0, 0, 0.3));
    background: #ff8800 linear-gradient(transparent, rgba(100, 0, 0, 0.3));
    color: #333;
    margin: 1em;
}
h1 {
    color: black;
}
hr {
    border: 1px solid #ffaa00;
}
a {
    color: #ffff33;
}
#wrap {
    max-width: 500px;
    text-align: center;
    margin: 0 auto;
}
form {
    margin-bottom: 2em;
}
code {
    font-weight: normal;
    color: #800;
}
.info {
    font-size: 0.8em;
}
.out {
    min-height: 80px;
    border: 1px solid silver;
    background: #ddd;
    margin-bottom: 2em;
    color: #888;
}</style><script src="http://test.com.cn/js/jquery-1.7.2.min.js"></script></head><body><div id="wrap">
    <h1>XSS vulnerabilities in jQuery DOM methods</h1>

    <hr>

    <h3>Input</h3>
    <form>
        <input id="test" placeholder="Enter malicious input here" size="40" value="<script>alert('XSS injected!');</script>">
        <input type="submit" value="Submit">
    </form>

    <hr>

    <h3>Output (native <code>innerHTML</code>)</h3>
    <p class="info">The <a href="https://www.w3.org/TR/2008/WD-html5-20080610/dom.html#innerhtml0" target="_blank">HTML5 spec</a> states that script tags inserted via <code>innerHTML</code> will not be executed.</p>
    <div class="out" id="output-inner">
        Injection goes here...
    </div>

    <h3>Output (<code>$.html()</code>)</h3>
    <p class="info">jQuery DOM methods strip and <code>eval()</code> any script tags passed in, exposing an XSS vulnerability.</p>
    <div class="out" id="output-html">
        Injection goes here...
    </div>

    <h3>Output (<code>$.text()</code>)</h3>
    <p class="info">This method treats the passed string as a textNode, preventing it from being executed by the browser.</p>
    <div class="out" id="output-text">
        Injection goes here...
    </div>
</div>

<script src="http://test.com.cn/js/jquery-1.7.2.min.js"></script><script>$('form').on('submit', function(e) {
    e.preventDefault();

    var ov = $('#test').val();

    $('#output-inner').get(0).innerHTML = ov;
    $('#output-html').html(ov); // Comment this out to see how innerHTML does not fire the dialog
    $('#output-text').text(ov);

});</script></body></html>

参考链接：jQuery DOM方法中的XSS漏洞演示 - 踏得网