我认为我可以通过简单地禁用 Internet Explorer 中的 XSS 过滤器来完成上述操作是否正确?还是还需要其他东西?另外我如何在 Firefox 中启用跨站点脚本(对于相同的场景?) 解决方案 IE 的 XSS 过滤器不能防止 基于DOM的XSS.因此,为了跨域执行 javascript 负载,您可以简单地运行 eval() 请求变量或使用 document.write().更常见的方法是使用跨域代理".主要是因为这种方法通常不会引入可用于攻击您的用户的巨大漏洞.I want to enable cross site scripting for some sites. Specifically, I want to submit a web form to a 3rd party site, I have set the target iframe for the web form's response to a child iframe, now I want my code in main window to retrieve content of the response web page.Am I correct in assuming that I can do the above by simply disabling the XSS Filter in Internet Explorer? Or is something else also required? Also how do I enable cross site scripting in Firefox (for the same scenario?) 解决方案 IE's XSS filter does not protect against DOM Based XSS. So in order to execute a javascript payload across domains you can simply run eval() the request variable or use document.write().A more common approach is to use a "cross-domain proxy". Mainly because this approach usually doesn't introduce a gaping vulnerability which could be used to attack your users. 这篇关于我可以通过简单地禁用 XSS 过滤器在 IE 中为任何/所有网站启用跨站点脚本吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云! 07-24 19:00