Readers can refer to and subscribe to the column: Xss-Labs shooting range offensive and defensive combat
posture
Logical backend code:
Characters are escaped as follows:
This question is bypassed using the onblur/onfocus event
onblur/onfocus event
The onblur event is an event that fires when an HTML element loses focus. When the user switches from one element to another or clicks on a blank area of the page, the onblur event is triggered by the element that was originally focused.
You can apply the onblur event to various HTML elements, including input boxes, drop-down lists, buttons, and more. When an element loses focus, the corresponding JavaScript code can be executed to achieve a specific function or interaction.
Here's an example showing how to use the onblur event:
<input type="text" onblur="myFunction()">
<script>
function myFunction() {
alert("Input field lost focus!");
}
</script>
In the above example, when the text input box loses focus, myFunction()the function will be called and an Input field lost focus!alert box will pop up.
In addition to using the attribute directly on the HTML element onblur, JavaScript can also be used to dynamically bind and handle the onblur event. For example:
<input id="myInput" type="text">
<script>
document.getElementById("myInput").addEventListener("blur", function() {
alert("Input field lost focus!");
});
</script>
addEventListenerThe above code adds an onblur event listener to the text input using the method. When the input box loses focus, the bound function will be called, and a prompt box will also pop up.
The onfocus event is an event that fires when an HTML element gets focus. The onfocus event fires when the user clicks or selects an element, making it the active element.
You can apply the onfocus event to various HTML elements, including input boxes, drop-down lists, buttons, and more. When an element gets focus, the corresponding JavaScript code can be executed to achieve a specific function or interaction.
Here is an example showing how to use the onfocus event:
<input type="text" onfocus="myFunction()">
<script>
function myFunction() {
alert("Input field is focused!");
}
</script>
In the above example, when the text input box gets focus, myFunction()the function will be called and an Input field is focused!alert box will pop up.
In addition to using the attribute directly on HTML elements onfocus, JavaScript can also be used to dynamically bind and handle the onfocus event. For example:
<input id="myInput" type="text">
<script>
document.getElementById("myInput").addEventListener("focus", function() {
alert("Input field is focused!");
});
</script>
addEventListenerThe above code adds an onfocus event listener to the text input using the method. When the input box gets the focus, the bound function will be called, and a prompt box will also pop up.
method one
Trigger a popup by inserting JavaScript code in the element's onfocus event
' onfocus=javascript:alert("qiushuo") '
Method Two
Trigger a popup by inserting JavaScript code in the element's onblur event
' οnblur=javascript:alert("qiushuo") '
Summarize
The above is the detailed analysis of [Network Security] xss-labs level-3 problem solving, and the detailed analysis of [Network Security] xss-labs level-4 problem solving will be shared later.
I am Qiu said , see you next time.