自定义一些变量,这些变量都带有html/js标签,存在XSS
#set($code = "<script>alert(1);</script>") :
#set($code2 = "<span>PandoraBoot</span>") :
#set($code3 = "<div>:D</div>") :
before ignore:
$code : <script>alert(1);</script>
$code2 : <span>PandoraBoot</span>
${code3} : <div>:D</div>
$!{ignoredName} (This is ignored by framework in application.properties through "spring.security.xss.ignored.context.names=ignoredName"):
after ignore by #xss_ignored:
#xss_ignored($code,$!code2,${code3})
$code :
$code2 : PandoraBoot
${code3} : :D
$!{ignoredName} :
save name :
Home