CINXE.COM
解析检查 —— 存储型XSS漏洞解决方案 - 博客 - 腾讯安全应急响应中心
<!DOCTYPE html> <html lang="zh-CN"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge" > <base href="https://security.tencent.com/" > <!--[if lte IE 6]></base><![endif]--> <title> 解析检查 —— 存储型XSS漏洞解决方案 - 博客 - 腾讯安全应急响应中心 </title> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="description" content="腾讯安全应急响应中心,Tencent Security Response Center,TSRC"> <meta name="keywords" content="腾讯,Tencent,安全团队,应急响应,腾讯安全应急响应中心,Tencent Security Response Center,TSRC"> <meta name="renderer" content="webkit"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <link rel="icon shortcut" href="static/v2.0/images/favicon.ico"> <link rel="stylesheet" href="static/v2.0/css/main.min.css?t=20231113"> <!--[if (gte IE 6)&(lte IE 8)]> <script type="text/javascript" src="static/plugins/selectivizr.min.js"></script> <script type="text/javascript" src="static/plugins/respond.min.js"></script> <![endif]--> <script type="text/javascript" src="static/plugins/jquery.js"></script> <style type="text/css"> .header>div .userpanel .userpanel_login .login-btn-1 { width: 80px; margin: 0 2px; -webkit-transition: color .2s,border-color .2s,width .5s,height .5s,line-height .5s; transition: color .2s,border-color .2s,width .5s,height .5s,line-height .5s; } .header>div .userpanel .userpanel_login .login-btn-2 { width: 80px; margin: 0 2px; -webkit-transition: color .2s,border-color .2s,width .5s,height .5s,line-height .5s; transition: color .2s,border-color .2s,width .5s,height .5s,line-height .5s; } .header>div .userpanel .userpanel_login .login-qq {margin-left:10px;} .header>div .logo>a .logo_pic { background-image: -webkit-image-set(url(static/v2.0/images/logo@1x.png?t=20180424) 1x,url(static/v2.0/images/logo@2x.png?t=20180424) 2x); background-position: 0px -8.5px; } .header-scroll>div .logo>a .logo_pic { background-position: 0px -6px; } .header>div .userpanel .userpanel_user .user_username { max-width: 80px; } .header>div .nav { float: left; margin-left: 10px; } .header>div .header-separator { content: ''; position: absolute; width: 1px; height: 28px; margin-left: 3px; margin-top: 31px; background-color: #d9d9d9; -webkit-transition: height .5s,margin-top .5s; transition: height .5s,margin-top .5s; } .header-scroll>div .header-separator { height: 17px; margin-top: 18px; margin-left: 3px; content: ''; position: absolute; width: 1px; background-color: #d9d9d9; transition: height .5s,margin-top .5s; } .header-change { height:90px; line-height:90px; float:right; } .header-change a { position: absolute; margin-left: 10px; text-decoration:none; } .header-change a:hover{ color: #4183c4; } .header-scroll>div .header-change { height:50px; line-height:50px; float:right; } .header>div .userpanel .userpanel_user .user_menu {width: 185px;} .header>div .nav>ul {margin-right:0px;} .header>div .nav>ul>li {margin: 0 8px;} </style> </head> <script type="text/javascript"> $(function(){ // 选择导航栏 var top_tab = 'blog'; $('.header .nav li[name='+ top_tab +']').attr('class', 'nav_item-active'); // 登录处理 seajs.use('modules/utils', function(m) { // 设置登录url var cur_url = encodeURIComponent(location.href); $('.login-qq').attr('href', 'index.php/login/in?type=qq&redirect_uri='+cur_url); $('.login-wx').attr('href', 'index.php/login/in?type=wx&redirect_uri='+cur_url); // 如果是在微信上访问,则使用授权登录 if (m.iswechat()) { $('.login-wx').attr('href', 'index.php/login/in?type=wxgz&redirect_uri='+cur_url); } // 绑定退出登录事件 m.logout_bind('logout'); }); // 导航栏效果 $(window).scroll(function () { if($(this).scrollTop() > 80) { $('.header').addClass('header-scroll'); } else { $('.header').removeClass('header-scroll'); } }); }); </script> <body> <div class="header"> <div> <div class="logo"> <a href="index.php"> <div class="logo_pic"> </div> <div class="logo_name"> <p>腾讯安全应急响应中心</p> <p>Tencent Security Response Center</p> </div> </a> </div> <div class="nav"> <ul> <li name="index"><a href="index.php">首页</a></li> <li name="report_add"><a href="index.php/report/add">提交漏洞</a></li> <li name="thanks"><a href="index.php/thanks">英雄榜</a></li> <li name="shop"><a href="index.php/shop">礼品</a></li> <li name="blog"><a href="index.php/blog">博客</a></li> <li name="ti"><a href="index.php/ti">情报</a></li> <li name="opensource"><a href="index.php/opensource">实验室</a></li> <li name="aixin"><a href="index.php/aixin">公益</a></li> <li name="xsrc"><a href="index.php/xsrc">xSRC</a></li> <li name="about"><a href="index.php/about">关于我们</a></li> <li style="display: none;" name="news"> <a href="index.php/news">预警 </a> </li> </ul> </div> <div style="float:right;"> <div class="userpanel" style="float:left;"> <div class="userpanel_login" style="display:block"> <a class="mod-btn mod-btn-black login-btn-1 login-qq" href="javascript:void(0)">QQ 登录</a> <a class="mod-btn mod-btn-black login-btn-2 login-wx" href="javascript:void(0)">微信登录</a> </div> <div class="userpanel_user" style="display:none"> <img class="user_avatar mod-avatar-30" src="" alt=""> <span class="user_username"><i class="i-header-message" style="display:none"></i></span> <i class="user_arrow"></i> <div class="user_menu"> <ul class="menu_list"> <li class="list_item list_item-user"> <a href="index.php/user"> <i class="item_icon"></i> <span class="item_text">个人主页</span> </a> </li> <li class="list_item list_item-message"> <a href="index.php/user/message"> <i class="item_icon"></i> <span class="item_text">消息中心</span> <i class="item_icon-message" style="display:none"></i> </a> </li> <li class="list_item list_item-account"> <a href="index.php/user/info"> <i class="item_icon"></i> <span class="item_text">账户设置</span> </a> </li> <li class="list_item list_item-logout"> <a id="logout" href="javascript:void(0)"> <i class="item_icon"></i> <span class="item_text">退出</span> </a> </li> </ul> </div> </div> </div> <div class="header-change"> <span class="header-separator"></span> <a href="https://en.security.tencent.com">En</a> </div> </div> </div> </div> <style type="text/css"> #blog-text a {text-decoration: underline; color:#0000ff;} #blog-text strong {font-weight:bold;} #blog-text b {font-weight:bold;} #blog-text i {font-style:italic;} #blog-text table {} .mod-share-dropdown .share_dropdownpanel {z-index: 10000} /** * markdown css */ .markdown-body a, abbr, acronym, address, applet, article, aside, audio, b, big, blockquote, body, canvas, caption, center, cite, code, dd, del, details, dfn, div, dl, dt, em, embed, fieldset, figcaption, figure, footer, form, h1, h2, h3, h4, h5, h6, header, hgroup, html, i, iframe, img, ins, kbd, label, legend, li, mark, menu, nav, object, ol, output, p, pre, q, ruby, s, samp, section, small, span, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, time, tr, tt, u, ul, var, video { font-size: 15; } </style> <div class="container container-blogdetail"> <div> <!-- section-subnav 标题--> <div class="section section-subnav"> <div class="section_subnav"> <p class="subnav_title"><a href="index.php/blog">博客</a><span> / 解析检查 —— 存储型XSS漏洞解决方案</span></p> </div> </div> <div class="section section-article"> <div class="section_article"> <div class="article_header"> <div class="header_title"> <h1 class="title_content">解析检查 —— 存储型XSS漏洞解决方案</h1> <p class="title_info">作者:<span class="info_author">大马胖子</span>公布时间:<span class="info_date">2014-06-24</span>阅读次数:<span class="info_times">4237010</span>评论:<span class="info_commments">1082</span></p> </div> <div class="mod-share-dropdown"> <div class="mod-btn mod-btn-shop-black"><i class="i-share"></i>分享</div> <div class="share_dropdownpanel"> <div> <div class="dropdownpanel_links"> <ul class="links_list"> <li class="list_item list_item-weixin mod-qrcode"> <a href="javascript:void(0)"><i class="i-weixin"></i></a> <div class="qrcode"> <div class="qrcode_pic"> <img src="https://security.tencent.com/qrcode/blogmsg-53.png" alt=""> </div> <span class="qrcode_text">扫一扫分享到微信朋友圈</span> </div> </li> <li class="list_item"> <a href="javascript:void(0)" onclick="shareto('sinawb')"><i class="i-weibo-sina"></i></a> </li> <li class="list_item"> <a href="javascript:void(0)" onclick="shareto('qqwb')"><i class="i-weibo-tencent"></i></a> </li> </ul> </div> <div class="dropdownpanel_copyright">版权所有,转载请注明出处!</div> </div> </div> </div> </div> <div id="blog-text" class="article_body"><p style="text-align:left;"><strong><span style="font-size:10.0pt;font-family:'微软雅黑','sans-serif';color:#333333;background:white;">TSRC</span><span style="font-size:10.0pt;font-family:'微软雅黑','sans-serif';color:#333333;background:white;">编者按:</span></strong></p><p style="text-align:left;"><strong><span style="font-size:10.0pt;font-family:'微软雅黑','sans-serif';color:#333333;background:white;"><br />Web2.0</span><span style="font-size:10.0pt;font-family:'微软雅黑','sans-serif';color:#333333;background:white;">时代,XSS漏洞不容小觑。特别是在UGC业务,支持“安全的”HTML是业务必须的特性,这就对UGC安全过滤器要求特别高,稍有不慎就会出现存储XSS漏洞。腾讯安全中心从2007年就面向内部UGC业务推出“安全API”项目用于解决这类场景,原理是对用户提交内容进行预解析,过滤掉产生安全问题的语句。大马胖子在这方面经验丰富,大家可以看看这块是如何实现的。也欢迎实测demo,发现问题方便我们改进。</span></strong></p><p style="text-align:left;"><span style="background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: white; "><br /><span style="font-family: 微软雅黑, sans-serif; color: rgb(51, 51, 51); "><strong>当然,整篇文章着眼点在“方案”,后续有机会我们还可以说说API的运营故事(这个元老级项目故事很多)。通过对API的精细化运营是可以发现0day漏洞的——API自身的,甚至包括浏览器。<span style="font-size:12px;">比如</span><span style="font-size:16px;"></span><strong><span style="font-size:10.0pt;font-family:'微软雅黑','sans-serif';color:#333333;background:white;">CVE-2009-1862</span><span style="font-size:10.0pt;font-family:'微软雅黑','sans-serif';color:#333333;background:white;">、</span></strong>CVE</strong></span><span style="color: rgb(51, 51, 51); font-family: 微软雅黑, sans-serif; font-size: 13px; "><strong>-2011-2458 以及一些其他八卦。</strong></span><br /></span><span style="font-family:微软雅黑, sans-serif;font-size:12px;color:#333333;"><strong><br /></strong></span></p><div><br /></div><p></p><p><span style="font-family: 微软雅黑, sans-serif; "><br /><span style="white-space:pre"> <br /></span><br /><span style="white-space:pre"> </span>存储型XSS漏洞,这个作为漏洞界的元老级漏洞类型,在当前web2.0时代,一旦被利用,对业务造成的影响也将是轰轰烈烈的,比如之前的“XX咖啡广告”:</span></p><br /><div style="text-align: center;"><span style="color: rgb(51, 51, 51); font-family: 微软雅黑, sans-serif; font-size: 13px; "><img src="https://security.tencent.com/uploadimg_dir/201406/8c52338b381680b0fb9fb6aa85fe9936.png" alt="" /></span></div><span style="font-size: 10pt; font-family: 微软雅黑, sans-serif; color: rgb(51, 51, 51); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: white; "></span><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>本文的主要目的是和大家一起探讨在支持业务富文本UGC的前提下,如何有效解决存储XSS漏洞,如果有写的不对或遗漏的地方,欢迎大家及时指正。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>提到XSS漏洞,很多人可能第一印象就是把已公开的xsscode弄个正则全部屏蔽就万事大吉,但是往往事与愿违,付出了巨大的努力,XSS漏洞还依然存在。本文就根据XSS漏洞生成原理来逐个讲讲如何有效解决该问题。</span></p><h1><span style="font-family:宋体;"><br /><span style="font-size:24px;">一:整体过滤流程图</span></span></h1><p><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> <br /></span><span style="white-space:pre"> </span>废话少说,直接看过滤流程图:<br /><br /></span></p><span style="color: rgb(51, 51, 51); font-family: 微软雅黑, sans-serif; font-size: 13px; "> <img src="https://security.tencent.com/uploadimg_dir/201406/fc59d5539ef34cd7bd35cb93910780ba.png" alt="" /></span><span style="font-size: 10pt; font-family: 微软雅黑, sans-serif; color: rgb(51, 51, 51); background-image: initial; background-attachment: initial; background-origin: initial; background-clip: initial; background-color: white; "></span><p><span style="font-family: 宋体; "><br /><span style="font-size:24px;"><strong>二:属性值过滤</strong></span></span></p><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>针对过滤流程中的标签及黑属性,这里就不多说了,发现删除就可以,具体是哪些标签及属性可参考附件的配置文件,这里重点说下属性值安全</span></p><p><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> <br /></span><span style="white-space:pre"> </span>谈到属性值,才算正式进入本篇的重点,属性值大体分为3类</span></p><h2><br />2.1 URL</h2><p><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> <br /></span><span style="white-space:pre"> </span>这里指的URL,就是类似href,src等的值,这里核心的就是按照URL标准识别出引入的URL的协议,保留允许的协议即可,比如<br /><br /></span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/2ae99ebad163efdc3bc38d4f0bf7d900.png" alt="" /><br /><br /></div><h2> 2.2 CSS</h2><p><span style="font-family:'微软雅黑','sans-serif';"> <br /></span><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> </span>为什么要提到CSS呢,因为CSS是富文本UGC的一个核心,因为没有CSS,QQ空间日志内容则达不到用户想要的炫酷效果,为了保证CSS的安全,我们又得再实现一个CSS语法解析器(由于当时场景需要,我们是自己写的,不过大家也可以参考CSS Parse的开源代码)。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> <br /></span><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> </span>由于CSS的强大,所以我们首先定义了一串黑名单,比如出现expression,background,javascript,eval一旦出现这些黑名单,这里之前犯过一个错误,就是采用删除逻辑,当遇到下面的case,真的是欲哭无泪,后来评估正常UGC,极少出现黑名单里的用法,so直接清空css。</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/1296682853aaf2ceea0c342af435944b.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"> </span><strong><span style="font-family:'微软雅黑','sans-serif';">坑1:</span></strong><span style="font-family:'微软雅黑','sans-serif';">在完成黑名单清理后,你会发现IE浏览器竟然兼容如下格式的CSS(强大的\)</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/96850f0379f84b0eb496ef50e1a35f0a.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"> </span><strong><span style="font-family:'微软雅黑','sans-serif';">坑2:</span></strong><span style="font-family:'微软雅黑','sans-serif';">同时IE还兼容如下格式(&#编码,尼玛的支持编码就算了,最后的;还可有可无)</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/d23178a8d52dead87687a3fef7fe534a.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"> </span><strong><span style="font-family:'微软雅黑','sans-serif';">坑3:</span></strong><span style="font-family:'微软雅黑','sans-serif';">你以为他只认识html编码嘛,其实你错了,他还认识unicode编码。。</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/45e481dd01a57c7a84cad91b2729bb27.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"> </span><span style="font-family:'微软雅黑','sans-serif';">没办法,统统黑名单搞之:出现\ 或 &# 统统清空CSS啊,清空CSS。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> </span></p><p><span style="font-family:'微软雅黑','sans-serif';"> </span><strong><span style="font-family:'微软雅黑','sans-serif';">坑4:</span></strong><span style="font-family:'微软雅黑','sans-serif';">此时,你以为CSS应该没事了,但是尼玛的IE大爷又出现新的兼容方式:全角字符</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/7f431e02aff38047e41f6d8718afc528.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"> </span><span style="font-family:'微软雅黑','sans-serif';">继续搞,只要出现全角字符,一概清空。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> </span><strong><span style="font-family:'微软雅黑','sans-serif';">不得不感慨一句:IE啊IE,你这么牛逼,你家人知道嘛。。。</span></strong></p><p><span style="font-family:'微软雅黑','sans-serif';"> </span></p><h2> 2.3 Flash</h2><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>讲到Flash安全,就重点保障2个属性值设置合理就行了: </span><span style="font-family:'微软雅黑','sans-serif';color:black;"><br /> <span style="white-space:pre"> </span>allowScriptAccess</span><span style="font-family:'微软雅黑','sans-serif';color:black;">: & allowNetworking </span></p><p><span style="font-size:10.5pt;font-family:'微软雅黑','sans-serif';color:black;"><br /><span style="white-space:pre"> </span>如果条件允许建议统一设置为:allowScriptAccess设置为never,allowNetworking设置为none</span></p><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>但是业务往往需要这2个属性,比如QQ空间日志中要能播放QQ音乐,所以需要首先识别出引入的Flash地址,然后仅对白名单的放开该权限即可。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>这里强烈建议大家不要使用object,因为他比embed处理要麻烦N倍,同时IE大爷对它兼容也超好,比如当识别属性名时,如下编码格式也是允许的:</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/e46d83b7be536e0d1ee39152f5b30134.png" alt="" /></div><h1><span style="font-family:宋体;"><br /><span style="font-size:24px;">三:重写</span></span></h1><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>打完收工的最后一步,也是蛮重要的一步,重写这里之前遇到个坑,就是严格安全用户的闭合字符来做,导致被绕的死去活来,后来一了百了,按照HTML标准直接强制双引号闭合,属性值全部编码过滤。</span></p><div style="text-align: center;"><img src="https://security.tencent.com/uploadimg_dir/201406/10f650687e40c13ca081082f3c3aec92.png" alt="" /></div><p><span style="font-size:9.0pt;font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> </span>注:DOM解析识别出style的闭合字符为空格,在丢弃无效的css后,结果变成了有漏洞的版本了。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> <br /><br /></span></p><p><span style="font-family: 宋体; "><span style="font-size:24px;"><strong>四:方案的弊端</strong></span></span></p><p><span style="font-family:'微软雅黑','sans-serif';"><br /><span style="white-space:pre"> </span>该方案要过滤的标签、属性都是要提前已知的,如果出现新标签,则要及时更新,不然会出现XSS漏洞,这里就经历过2次,第一次为html5新增标签、第二次则为<LISTING>特性。</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> </span></p><p><strong><span style="font-family:'微软雅黑','sans-serif';">附:过滤XSS利用代码的可执行程序及配置文件</span></strong></p><p><span style="font-family:'微软雅黑','sans-serif';"> <br /></span><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> </span>使用方法如下:(demo运行环境为gcc4 & linux32位系统)</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> <br /><span style="white-space:pre"> </span>./demo_filterall_aa</span><span style="font-family:'微软雅黑','sans-serif';">输入文件 1 1 输出文件</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> <br /></span><strong><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> </span>输入为用户的UGC</span></strong><span style="font-family:'微软雅黑','sans-serif';">:test.html</span></p><div style="text-align: center;"><br /><img src="https://security.tencent.com/uploadimg_dir/201406/12bf90b0fbf319ed747262fef1f89b21.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"> <br /></span><span style="font-family:'微软雅黑','sans-serif';"><span style="white-space:pre"> </span>过滤后结果为:</span></p><div style="text-align: center;"><br /><img src="https://security.tencent.com/uploadimg_dir/201406/616293c120028289db89078aeeea3afe.png" alt="" /></div><p><span style="font-family:'微软雅黑','sans-serif';"><br />Demo</span><span style="font-family:'微软雅黑','sans-serif';">下载地址:<a href="http://security.tencent.com/index.php/opensource/detail/11" target="_blank">见TSRC实验室</a></span></p><p><span style="font-family:'微软雅黑','sans-serif';">欢迎大家测试,发现问题欢迎与我们交流 security@tencent.com</span></p><p><span style="font-family:'微软雅黑','sans-serif';"> </span></p><br /><br /></div> <div class="article_footer"> <div class="mod-share-normal"> <div class="share_links"> <span>分享到</span> <ul class="links_list"> <li class="list_item list_item-weixin mod-qrcode"> <a href="javascript:void(0)"><i class="i-weixin"></i></a> <div class="qrcode"> <div class="qrcode_pic"> <img src="https://security.tencent.com/qrcode/blogmsg-53.png" alt=""> </div> <span class="qrcode_text">扫一扫分享到微信朋友圈</span> </div> </li> <li class="list_item"> <a href="javascript:void(0)" onclick="shareto('sinawb')"><i class="i-weibo-sina"></i></a> </li> <li class="list_item"> <a href="javascript:void(0)" onclick="shareto('qqwb')"><i class="i-weibo-tencent"></i></a> </li> </ul> </div> <div class="share_copyright">版权所有,转载请注明出处!</div> </div> </div> </div> </div> <div class="section section-comment"> <div class="mod-form-comment"> <div class="comment_title"> <p>评论留言</p> </div> <div class="comment_list"> <ul id="comment-list"> <!-- <li class="list_item"> <div class="item_avatar"> <a href="user.html"><img src="../dist/images-test/blog/test-blog-user-1.png" alt=""></a> </div> <div class="item_user"> <a class="user_name" href="user.html">test</a> <p class="user_comment">不错的内容,感谢分享!</p> </div> <span class="item_time"> 2015-08-29 20:15:10 </span> </li> --> </ul> </div> <div class="comment_textarea"> <textarea name="" id="comment-input" cols="30" rows="10" placeholder="您可以在此输入您的评论内容,点击按钮或按Ctrl+Enter键提交"></textarea> </div> <div class="comment_submit"> <a id="comment-btn" class="mod-btn mod-btn-blue">提交评论</a> <span id="error-tip" class="formtips-error">您输入的漏洞名称有误,请重新输入</span> </div> </div> </div> </div> </div> <link rel="stylesheet" href="static/plugins/highlight/css/rainbow.css"> <script type="text/javascript" src="static/plugins/highlight/highlight.pack.js"></script> <script type="text/javascript" src="static/plugins/jQuery.autoIMG.min.js"></script> <script type="text/javascript"> jQuery(document).ready(function($) { // 准备传入模块的数据 var data = { blog_id : 53 }; // 页面初始化 seajs.use('modules/blog', function(m) { m.init('detail', data); }); }); </script> <!-- 确认弹窗 --> <div id="base-confirm" class="mod-popup mod-popup-report"> <div class="popup_mask"> </div> <div class="popup_body"> <div class="body_content"> <p class="content_title"></p> <p class="content_text"></p> </div> <div class="body_btns"> <a class="mod-btn mod-btn-blue" href="javascript:void(0)">确定</a> <a class="mod-btn mod-btn-black" href="javascript:void(0)">取消</a> </div> <i class="i-close"></i> </div> </div> <!-- 提示弹窗 --> <div id="base-alert" class="mod-popup mod-popup-success"> <div class="popup_mask"> </div> <div class="popup_body"> <div class="body_content"> <p class="content_pic"></p> <p class="content_text">捐款成功,感谢您的无私奉献</p> </div> <div class="i-close"></div> </div> </div> <!-- 登录弹窗 --> <div id="base-login-box" class="mod-popup mod-popup-report"> <div class="popup_mask"> </div> <div class="popup_body"> <div class="body_content"> <p class="content_title">登录提醒</p> <p class="content_text" style="text-align:center;"> 系统检测到您还未登录或登录态已失效,请先登录 </p> <div class="body_btns"> <a href="" class="mod-btn mod-btn-black login-qq" style="border-color:#007cfa;color:#007cfa">QQ 登录</a> <a href="" class="mod-btn mod-btn-black login-wx" style="border-color:#007cfa;color:#007cfa">微信 登录</a> </div> </div> <i class="i-close"></i> </div> </div> <style type="text/css"> #base-tip-box .popup_body { width: 500px; height: 300px; margin-left: -250px; margin-top: -150px; } #base-tip-box .content_text { text-align:left; margin-left:2px; } #base-tip-box .tip-btn-confirm { color: #fff; } #base-tip-box .tip-btn-close { color: #fff; background-color: #cce5fe; cursor: pointer; } #base-tip-box .tip-btn-close:hover{ border-bottom-color: #fff !important; } #base-tip-box .body_btns { margin: 0px auto 0; } </style> <!-- tip弹窗 --> <div id="base-tip-box" class="mod-popup mod-popup-report"> <div class="popup_mask"> </div> <div class="popup_body"> <div class="body_content"> <p class="content_title">TSRC调查问卷</p> <div class="content_text"> <div style="font-size:15px;color: #333;"> 为了更好和大家互动,TSRC诚邀您填写问卷,我们将在提交联系方式的参与者中随机抽取部分幸运儿,赠送精美礼品! </div> <div class="body_btns" style="margin-top:15px;margin-bottom:15px;"> <a class="mod-btn mod-btn-blue tip-btn-confirm" target="_blank" href="https://wj.qq.com/s2/5474852/6011/">马上填写</a> <a class="mod-btn mod-btn-disabled-blue tip-btn-close tip-close" href="javascript:void(0)">下次再填</a> </div> <div style=""> 如您已在其他渠道填写过问卷,请勾选: <input class="input-checkbox" type="checkbox"> 忽略,不再弹出 </div> <div style="margin-top:25px;float:right;"> 如有疑问,请点击咨询:<a href="#">QQ</a> </div> </div> </div> <i class="i-close tip-close"></i> </div> </div> <!-- footer --> <div class="footer"> <div> <div class="footer_about"> <p class="about_link"> <a href="http://www.tencent.com/" target="_blank">关于腾讯</a> | <a href="http://www.tencent.com/index_e.shtml" target="_blank">About Tencent</a> | <a href="http://www.qq.com/contract.shtml" target="_blank">服务条款</a> | <a href="index.php/about#joinus">加入我们</a> | <a href="index.php/report/add">报告漏洞</a> | <a href="index.php/about#friends">合作伙伴</a> | <a href="http://service.qq.com/" target="_blank">腾讯客服</a> </p> <p class="about_copyright"> <span>Copyright © 1998 - 2025 Tencent. All Rights Reserved</span> <span>腾讯公司版权所有</span> </p> </div> <div class="footer_contact"> <a class="contact_icon-email" href="mailto:security@tencent.com"><i></i><span>专用邮箱</span>|</a> <a class="contact_icon-weibo-sina" href="http://weibo.com/u/1363173330" target="_blank"><i></i><span>新浪微博</span>|</a> <!-- <a class="contact_weibo-tencent" href="javascript:void(0)" target="_blank"><i></i><span>腾讯微博</span>|</a> --> <a class="contact_icon-weixin mod-qrcode" href="javascript:void(0)"> <i></i><span>微信公众号</span> <div class="qrcode"> <div class="qrcode_pic"> <img src="uploadimg_dir/other/tsrc-qrcode.jpg" alt=""> </div> <span class="qrcode_text">扫一扫关注 TSRC 公众号</span> </div> </a> </div> </div> </div> </body> <!-- csrc_token --> <div id="csrf_div"> <form action="https://security.tencent.com/index.php/blog/msg/53" method="post" accept-charset="utf-8" class="form_horizontal"><div style="display:none"> <input type="hidden" name="csrf_token" value="afbb0c5cb87c25b7d1a7de3dcd98873e" /> </div> </form> </div> <!-- sea --> <script type="text/javascript" src="static/plugins/sea.js?t=20151230"></script> <script type="text/javascript" src="static/v2.0/js/config.js?t=20231113"></script> <!-- stat --> <script type="text/javascript"> $(function() { $.getScript("https://pingjs.qq.com/tcss.fixedcgi.https.js", function() { var pgvInterv = window.setInterval(function() { window.clearInterval(pgvInterv); if (typeof(pgvMain) == 'function') { pgvMain(); } }); }); }); </script> <!-- common --> <script type="text/javascript"> jQuery(document).ready(function($) { seajs.use('modules/common', function(m) { m.init(); }); }); </script> </html>