更新

panqiuna · Mar 18, 2017 · cc43ad2 · cc43ad2
1 parent b7c0ed2
commit cc43ad2
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 6 deletions.
diff --git a/index.1.html b/index.1.html
@@ -0,0 +1 @@
+<!doctype html><body><script type=text/javascript src="http://127.0.0.1/app.js"></script></body>
diff --git a/src/data/exam/12.a1.js b/src/data/exam/12.a1.js
@@ -1,5 +1,5 @@
 function render (input) {
-  input = input.replace(/script/g, '')
+  input = input.replace(/script/ig, '')
   input = input.toUpperCase()
   return '<h1>' + input + '</h1>'
 }
diff --git a/src/data/exam/15.html.js b/src/data/exam/15.html.js
@@ -5,6 +5,7 @@ function render (input) {
             .replace(/"/g, '&quot;')
             .replace(/</g, '&lt;')
             .replace(/>/g, '&gt;')
+            .replace(/\//g, '&#x2f;')
   }
-  return `<a href="" onclick="alert('${escapeHtml(input)}')"></a>`
+  return `<img src onerror="console.error('${escapeHtml(input)}')">`
 }
diff --git a/src/data/exam/8.style.js b/src/data/exam/8.style.js
@@ -1,5 +1,5 @@
 function render (src) {
-  src = src.replace(/<\/style>/g, '/* \u574F\u4EBA */')
+  src = src.replace(/<\/style>/ig, '/* \u574F\u4EBA */')
   return `
     <style>
       ${src}

diff --git a/src/data/exam/index.js b/src/data/exam/index.js
@@ -51,7 +51,7 @@ export default {
       "title": "strip tag"
     },
     "0x08": {
-      "beCode": "function render (src) {\n  src = src.replace(/<\\/style>/g, '/* \\u574F\\u4EBA */')\n  return `\n    <style>\n      ${src}\n    </style>\n  `\n}",
+      "beCode": "function render (src) {\n  src = src.replace(/<\\/style>/ig, '/* \\u574F\\u4EBA */')\n  return `\n    <style>\n      ${src}\n    </style>\n  `\n}",
       "title": "style"
     },
     "0x09": {
@@ -67,7 +67,7 @@ export default {
       "title": "uppercase"
     },
     "0x0C": {
-      "beCode": "function render (input) {\n  input = input.replace(/script/g, '')\n  input = input.toUpperCase()\n  return '<h1>' + input + '</h1>'\n}",
+      "beCode": "function render (input) {\n  input = input.replace(/script/ig, '')\n  input = input.toUpperCase()\n  return '<h1>' + input + '</h1>'\n}",
       "title": "a1"
     },
     "0x0D": {
@@ -79,7 +79,7 @@ export default {
       "title": "a2"
     },
     "0x0F": {
-      "beCode": "function render (input) {\n  function escapeHtml(s) {\n    return s.replace(/&/g, '&amp;')\n            .replace(/'/g, '&#39;')\n            .replace(/\"/g, '&quot;')\n            .replace(/</g, '&lt;')\n            .replace(/>/g, '&gt;')\n  }\n  return `<a href=\"\" onclick=\"alert('${escapeHtml(input)}')\"></a>`\n}",
+      "beCode": "function render (input) {\n  function escapeHtml(s) {\n    return s.replace(/&/g, '&amp;')\n            .replace(/'/g, '&#39;')\n            .replace(/\"/g, '&quot;')\n            .replace(/</g, '&lt;')\n            .replace(/>/g, '&gt;')\n            .replace(/\\//g, '&#x2f;')\n  }\n  return `<img src onerror=\"console.error('${escapeHtml(input)}')\">`\n}",
       "title": "html"
     }
   }

diff --git a/src/main.js b/src/main.js
@@ -1,6 +1,15 @@
 /**
  * 这是网站的启动入口，用于初始化全局配置，不要在这里写过多业务逻辑
  */
+
+;(function (document) {
+  const s = document.createElement('script')
+  s.src = 'https://s4.cnzz.com/z_stat.php?id=1261523779&web_id=1261523779'
+  s.charset = 'utf-8'
+  s.async = true
+  document.body.appendChild(s)
+})(document)
+
 import 'babel-polyfill'
 import Vue from 'vue'
 import Vuex from 'vuex'
@@ -47,3 +56,11 @@ new Vue({
   template: '<App/>',
   components: {App}
 })
+
+// pwa
+// if (navigator.serviceWorker) {
+//   navigator.serviceWorker.register('sw.js')
+//     .then(function (registration) {
+//       console.log('Registered events at scope: ', registration.scope)
+//     })
+// }
diff --git a/sw.js b/sw.js
@@ -0,0 +1,31 @@
+/* global self caches  */
+
+var cacheStorageKey = 'xss-1'
+
+var cacheList = [
+  '/',
+  'http://127.0.0.1/app.js'
+]
+self.addEventListener('install', function (e) {
+  e.waitUntil(
+    caches.open(cacheStorageKey).then(function (cache) {
+      return cache.addAll(cacheList)
+    }).then(function () {
+      return self.skipWaiting()
+    })
+  )
+})
+
+self.addEventListener('activate', function (event) {
+  event.waitUntil(
+    caches.keys().then(function (cacheNames) {
+      return Promise.all(
+        cacheNames.map(function (cacheName) {
+          if (cacheName !== CACHE_NAME && cacheName !== IMAGE_CACHE_NAME) {
+            return caches.delete(cacheName)
+          }
+        })
+      )
+    })
+  )
+})
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		<!doctype html><body><script type=text/javascript src="http://127.0.0.1/app.js"></script></body>