Table of contents
2. Among the following codes, which one can pop up 1 after the page is opened?
2. Return the integer part of the numeric parameter
1. Multiple choice questions
1. When a user logs in to an account, he usually enters the account name and password into the corresponding text boxes. Now, the account name and password are to be connected as the unique identifier of the user. How to realize this function ( )
A、userName.concat(pwd);
B、userName.append(pwd);
C、userName.appendTo(pwd);
D、userName.pop(pwd);
Correct answer: A Your answer: B
Parse:
(1) Option explanation
Option A: The concat() method is used to connect two or more arrays and strings. This method will not change the original arrays and strings, but will only return a copy of the concatenated arrays and strings
Option B: The append() method inserts the specified content at the end (still inside) of the selected elements . The append() function is to add content to the specified element. The content parameter to be added can be a character, an HTML element tag, or a function that returns the content of a string
C option: The appendTo() method inserts the specified content at the end (still inside) of the selected elements
D option: The pop() method is used to delete and return the last element of the array
(2) The difference between append and appendTo
①Append() is preceded by the object to be selected , followed by the content of the element to be inserted into the object
②AppendTo() is preceded by the content of the element to be inserted and is a Jquery object, and followed by the object to be selected
③That is, the former puts content in the parameter, and the latter takes content as an object, but these two methods are for jquery objects, not arrays/strings
2. Among the following codes, which one can pop up 1 after the page is opened?
A、<iframe src=”javascript: alert(1)”></iframe>
B、<img src=”” οnerrοr=”alert(1)”/>
C、IE下<s style=”top:expression(alert(1))”></s>
D、<div οnclick=”alert(1)”></div>
Correct answer: ABC Your answer: ACD
Parse:
(1) Option explanation
A Triggered when the page is loaded
B onerror event is triggered when the image does not exist
C will pop up continuously under ie7. IE5 and later versions support the use of expression in CSS to associate CSS properties with Javascript expressions . The CSS properties here can be inherent properties of the element or custom properties. That is to say, a CSS property can be followed by a Javascript expression. The value of the CSS property is equal to the calculation result of the Javascript expression. In the expression, you can directly refer to the properties and methods of the element itself, or you can use other browser objects. This expression is as if in a member function of this element
There is no content in the D div, and the width of the box is 0, so it cannot be clicked;
(2) Expansion: common xss attack methods
- <script>alert('XSS')</script>: the most common XSS
- <script>alert(document.cookie)</script>:获取 cookie
- <img src = "javascript:alert('XSS')">: img link address xss
- <script src='ls.js'></script>: external attack code
- <script>alert/*comment*/('XSS')</script>: comment method to prevent filtering
- <img src = ' ' οnerrοr=alert('XSS')>: load image failed to execute
- <iframe onload = alert('XSS')>: frame
- <script>location = 'baidu.com';</script>: jump to a page
- <a href="javascript:alert('XSS')"></a>: xss of a link
- body{bockground-image:url(javascript:alert('XSS'))}: added to the css style
(3) Reference materials
Window: error event - Web API interface reference | MDN
Behavior in CSS - expression - blue ideal
2. Programming questions
1. Please complete the JavaScript function to output the "year-month-day" corresponding to the timestamp parameter in the form of a string.
Example: _date(1631159776311) -> '2021-9-9'
Parse:
(1) `` template string
<script>
let number = 1631159776311
function _date(number){
let date = new Date(number)
return `${date.getFullYear()}-${date.getMonth()+1}-${date.getDate()}`
}
console.log(_date(number));
</script>(2) String concatenation
<script>
let number = 1631159776311
function _date(number){
let date = new Date(number)
return date.getFullYear() + '-' + (date.getMonth()+1) + '-' +date.getDate()
}
console.log(_date(number));
</script>2. Return the integer part of the numeric parameter
Parse:
(1) parseInt()
<script>
let value = 163.245
function _int(value){
return parseInt(value)
}
console.log(_int(value));
</script>(2)Math.floor()
<script>
let value = 163.245
function _int(value){
return Math.floor(value)
}
console.log(_int(value));
</script>(3) ~ is a bitwise inversion operator, two ~ are bitwise inversion and then inversion, which is equivalent to Math.floor(), and the efficiency will be higher
<script>
let value = 163.245
function _int(value){
return ~~value
}
console.log(_int(value));
</script>