基于 DOM 的 XSS 文档很少。我已经知道反射 XSS 和存储 XSS 是什么了。
最佳答案
这里有很好的资源:
DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.
关于javascript - 什么是基于 DOM 的 XSS?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4306589/