4.2.12. 参考链接

4.2.12.1. wiki

• AwesomeXSS

• w3c

• dom xss wiki

• content-security-policy.com

• markdwon xss

• xss cheat sheet

• html5 security cheatsheet

• http security headers

• XSSChallengeWiki

4.2.12.2. Challenges

• XSS Challenge By Google

• prompt to win

4.2.12.3. CSS

• rpo

• rpo攻击初探

• Reading Data via CSS

• css based attack abusing unicode range

• css injection

• css timing attack

4.2.12.4. 同源策略

• Same origin policy

• cors security guide

• logically bypassing browser security boundaries

4.2.12.5. bypass

• 666 lines of xss payload

• xss auditor bypass

• xss auditor bypass writeup

• bypassing csp using polyglot jpegs

• bypass xss filters using javascript global variables

4.2.12.6. 持久化

• 变种XSS 持久控制 by tig3r

• Using Appcache and ServiceWorker for Evil

4.2.12.7. Tricks

• Service Worker 安全探索

• 前端黑魔法