2018/02/03 学生LT at freee
XSS
View Slide
B1Twitter: @tmyk_kym: https://blog.koyama.me/: Network/Web/Server/Security: PyCon JP, Seccamp, etc
XSS(Cross Site Scripting)HTMLCWE-79: Improper Neutralization of Input DuringWeb Page Generation ('Cross-site Scripting') (3.0)
...XSS Sample$_GET['mode'] helloXSS Samplehello
...XSS Sample$_GET['mode'] alert()XSS Samplealert()
XSSStored XSS( )Re ected XSS( )DOM Based XSS
XSS== XSS
alert(1)">alert(1)" onmouseover="alert(1)x" onerror="alert(1) <- img srcjavascript:alert(1) <- a href
?/.XSS .XSS .
?
OWASPOWASP XSS2015XSS - OWASPhttps://jpcertcc.github.io/OWASPdocuments/CheatSheets/XSSFilterEvasion.html
( )3
[1]SRC="http://example.com/xss.js">/ ....src="http://example.com/xss.js">
[2]<alert("XSS");//<HTMLXSS ...."> alert("XSS");//<
[3]cript:alert('XSS')>... HTML (16 ) ....onerror="javascript:alert('XSS')">
( )
( )alert(String.fromCharCode(88,83,83))>
Electron MarpElectron Web ...alert()alert ...( )
JVN#21174546: Marp JavaScripthttps://jvn.jp/jp/JVN21174546/However, sanitizing inline script shouldconsider on future.[Security issue] Remote script can read user localresource · Issue #187 · yhatt/marp““
XSSXSSalert()Electron