We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
开启了 html 标签白名单以后,如果用户插入一段这样的代码
<i onclick="alert(233)">XSS</i>
还是可以成功触发 onclick 事件 是否能加入一个白名单的功能,比如指定了只能加入 style、class 这些 tag 谢谢。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
开启了 html 标签白名单以后,如果用户插入一段这样的代码
还是可以成功触发 onclick 事件
是否能加入一个白名单的功能,比如指定了只能加入 style、class 这些 tag
谢谢。
The text was updated successfully, but these errors were encountered: