https://answer.freetools.me/tags/xss/ Recent content in XSS on Answer Hugo -- 0.152.2 zh-cn Wed, 11 Mar 2026 04:08:14 +0800 https://answer.freetools.me/%E5%86%85%E5%AE%B9%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5%E4%B8%BA%E4%BD%95%E6%88%90%E4%B8%BA%E6%B5%8F%E8%A7%88%E5%99%A8%E5%AE%89%E5%85%A8%E7%9A%84%E5%8F%8C%E5%88%83%E5%89%91%E4%BB%8E%E7%99%BD%E5%90%8D%E5%8D%95%E9%99%B7%E9%98%B1%E5%88%B0%E4%B8%A5%E6%A0%BC%E6%A8%A1%E5%BC%8F%E7%9A%84%E5%8D%81%E5%B9%B4%E6%BC%94%E8%BF%9B/ Wed, 11 Mar 2026 04:08:14 +0800 https://answer.freetools.me/%E5%86%85%E5%AE%B9%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5%E4%B8%BA%E4%BD%95%E6%88%90%E4%B8%BA%E6%B5%8F%E8%A7%88%E5%99%A8%E5%AE%89%E5%85%A8%E7%9A%84%E5%8F%8C%E5%88%83%E5%89%91%E4%BB%8E%E7%99%BD%E5%90%8D%E5%8D%95%E9%99%B7%E9%98%B1%E5%88%B0%E4%B8%A5%E6%A0%BC%E6%A8%A1%E5%BC%8F%E7%9A%84%E5%8D%81%E5%B9%B4%E6%BC%94%E8%BF%9B/ 深入解析Content Security Policy从白名单机制到严格模式的技术演进，剖析DOM Clobbering、JSONP绕过等攻击技术，揭示为什么67%的CSP部署形同虚设，以及Strict CSP和Trusted Types如何重塑浏览器安全格局。 https://answer.freetools.me/%E4%B8%80%E8%A1%8C%E8%AF%B7%E6%B1%82%E7%98%AB%E7%97%AA%E7%99%BE%E4%B8%87%E7%94%A8%E6%88%B7web%E7%BC%93%E5%AD%98%E6%8A%95%E6%AF%92%E4%B8%BA%E4%BD%95%E6%88%90%E4%B8%BA%E4%BA%92%E8%81%94%E7%BD%91%E7%9A%84%E9%9A%90%E5%BD%A2%E6%9D%80%E6%89%8B/ Sat, 07 Mar 2026 07:54:05 +0800 https://answer.freetools.me/%E4%B8%80%E8%A1%8C%E8%AF%B7%E6%B1%82%E7%98%AB%E7%97%AA%E7%99%BE%E4%B8%87%E7%94%A8%E6%88%B7web%E7%BC%93%E5%AD%98%E6%8A%95%E6%AF%92%E4%B8%BA%E4%BD%95%E6%88%90%E4%B8%BA%E4%BA%92%E8%81%94%E7%BD%91%E7%9A%84%E9%9A%90%E5%BD%A2%E6%9D%80%E6%89%8B/ 深入解析Web缓存投毒攻击的技术原理、真实案例与防御策略。从James Kettle的开创性研究到2024年大规模测量数据，揭示这一被严重低估的安全威胁如何影响GitHub、Mozilla、Adobe等全球知名网站。 https://answer.freetools.me/markdown%E8%A7%A3%E6%9E%90%E5%99%A8%E7%9A%84%E4%BA%8C%E5%8D%81%E5%B9%B4%E5%8D%9A%E5%BC%88%E4%B8%BA%E4%BB%80%E4%B9%88%E4%B8%80%E8%A1%8C%E6%96%87%E6%9C%AC%E8%83%BD%E5%BC%95%E5%8F%91%E5%A6%82%E6%AD%A4%E5%A4%8D%E6%9D%82%E7%9A%84%E6%8A%80%E6%9C%AF%E6%88%98%E4%BA%89/ Sat, 07 Mar 2026 02:37:11 +0800 https://answer.freetools.me/markdown%E8%A7%A3%E6%9E%90%E5%99%A8%E7%9A%84%E4%BA%8C%E5%8D%81%E5%B9%B4%E5%8D%9A%E5%BC%88%E4%B8%BA%E4%BB%80%E4%B9%88%E4%B8%80%E8%A1%8C%E6%96%87%E6%9C%AC%E8%83%BD%E5%BC%95%E5%8F%91%E5%A6%82%E6%AD%A4%E5%A4%8D%E6%9D%82%E7%9A%84%E6%8A%80%E6%9C%AF%E6%88%98%E4%BA%89/ 深入解析Markdown解析器的技术演进历程。从2004年John Gruber的原始实现到CommonMark标准化，从强调解析的delimiter stack算法到XSS安全防护。基于CommonMark规范、mdast标准和多个CVE漏洞分析，系统梳理Markdown从文本到AST的完整技术链路，揭示简单语法背后复杂的解析器设计哲学。