Content-Security-Policy-note

June 30, 2019

csp的一些测试<?php#header("Content-Security-Policy: default-src 'self'; script-src 'self' https://wwww.lincsama.cn:8080;");header("Content-Security-Policy: default-src 'self '; script-src * ");$a = $_GET['a'];#$a = htmlspecialchars($a);echo $a;// payload:可以[...] Read more

© today is best day 2019.10.22