yii xss简单攻击

<?php
namespace backend\controllers;

use Yii;
use yii\filters\AccessControl;
use yii\web\Controller;
use common\models\LoginForm;
use yii\filters\VerbFilter;

/**
 * Xss controller
 */
class XssController extends Controller
{
    public function actionIndex(){
        return $this->render('index');
    }
    public function actionShow(){
       // $name=$_GET['name'];
        $request=yii::$app->request;
        $name = $request->get("name");
       //var_dump($name);die;
        return $this->render('show',['name'=>$name]);
    }

}

//++++++==============

index.php

<?php
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>Document</title>

    <script src="jquery.1.12.js"></script>
</head>
<body>
     <center>
<!--         <form action="?r=xss/show" method="get">-->
              <table>
                  <input type="hidden" id="_csrf" name="<?php echo Yii::$app->request->csrfParam;?>" value="<?php echo yii::$app->request->csrfToken?>">
                <tr>
                    <td><input type="text" class="name" name="name"/></td>
                    <td><input type="submit"value="提交" id="but"/></td>
                </tr>
              </table>
<!--         </form>-->

     </center>
</body>
<script>

        $("#but").click(function(){
            var name=$(".name").val();
           // var url="?r=xss/show";
            //$.get(url,{'name':name},function(msg){
                //alert(msg)
                location.href="?r=xss/show&name="+name;
          //  })
        })
        function abc(html){
            //1.首先动态创建一个容器标签元素，如DIV
            var temp = document.createElement ("div");
            //2.然后将要转换的字符串设置为这个元素的innerText(ie支持)或者textContent(火狐，google支持)
            (temp.textContent != undefined ) ? (temp.textContent = html) : (temp.innerText = html);
            //3.最后返回这个元素的innerHTML，即得到经过HTML编码转换的字符串了
            var output = temp.innerHTML;
            temp = null;
            return output;
        }

</script>
<!--<script>alert(location.href="http://www.sina.com.cn/")</script>-->
</html>

///

show

<?php
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
    <title>Document</title>
</head>
<body>
<?php
echo "Welcome $name<br>";
echo "<a href='http://172.27.0.200/exam/index.php?m=Index&a=home'>Click to Download</a>";

?>
</body>
<!--<script>-->
<!--    window.onload = function() {-->
<!--        var link=document.getElementsByTagName("a");-->
<!--    link[0].href="http://www.sina.com.cn /";}-->
<!--</script>-->
<!--alert(-->
<!--<script>http://www.sina.com.cn /</script>)-->
</html>
<!--$request=yii::$app->request;-->
<!--$name = $request->get("name");-->
<!--echo "Welcome $name<br>";-->
<!--<!--echo "<a href='http://172.27.0.200/exam/index.php?m=Index&a=home'>Click to Download</a>";-->
<!--/*<script>window.onload = function(){var link=document.getElementsByTagName("a");link[0].href="http://www.sina.com.cn/";}-->
<!--</script>*-->