XSS分类

• 反射型XSS
• 存储型XSS
• Dom型XSS

Anti XSS:

• http://htmlpurifier.org/

Resource:

• http://d.hatena.ne.jp/hasegawayosuke/20061105/p1
• http://openmya.hacker.jp/hasegawa/security/expression.txt (https://gist.github.com/jht5945/6d9dc08b9cab182af9e4)
• http://utf-8.jp/public/20150214/es6-literals-xss.pdf
• http://segmentfault.com/blog/barretlee/1190000000497596

XSS案例：

• http://www.wooyun.org/bugs/wooyun-2010-016008

XSS auditor bypass：

• http://www.thespanner.co.uk/2015/01/07/bypassing-the-ie-xss-filter/
• http://www.thespanner.co.uk/2015/02/10/xss-auditor-bypass/
• http://www.thespanner.co.uk/2015/02/19/another-xss-auditor-bypass/