更新: 21 个文件 - 2026-03-17 00:00:00
这个提交包含在:
hao
@@ -14,9 +14,12 @@
|
||||
## 当前内容
|
||||
|
||||
- 工具: [xss-fuzzer.py](/Users/x/websafe/02-xss/tools/xss-fuzzer.py), [xss-scanner.go](/Users/x/websafe/02-xss/tools/xss-scanner.go)
|
||||
- 主题扩展: [前端与框架案例](/Users/x/websafe/07-framework-security/frontend-js/README.md)
|
||||
- 主题扩展: [frameworks/README.md](/Users/x/websafe/07-framework-security/frameworks/README.md)
|
||||
- 重点系统: [React](/Users/x/websafe/07-framework-security/frameworks/react/README.md), [Next.js](/Users/x/websafe/07-framework-security/frameworks/nextjs/README.md), [Vue](/Users/x/websafe/07-framework-security/frameworks/vue/README.md), [Nuxt](/Users/x/websafe/07-framework-security/frameworks/nuxt/README.md), [Vite](/Users/x/websafe/07-framework-security/frameworks/vite/README.md)
|
||||
- 实证链路: `xss-fuzzer/xss-scanner -> Playwright 回放 -> run bundle -> case/index 回写`
|
||||
|
||||
## 当前缺口
|
||||
## 当前状态
|
||||
|
||||
- `defense/`, `exploitation/`, `payloads/` 仍需补充实验专用内容
|
||||
- CSP、Trusted Types、Token 存储和前端敏感配置暴露已经转入 [07-framework-security/frontend-js](/Users/x/websafe/07-framework-security/frontend-js/README.md)
|
||||
- `defense/`, `exploitation/`, `payloads/` 仍保留实验载荷与说明位,但主题主索引已迁到 `07-framework-security/frameworks/*`
|
||||
- CSP、Trusted Types、Token 存储和前端敏感配置暴露通过系统页和 `05-defense/secure-code/*` 反向关联
|
||||
- 前端类 case 默认要求浏览器层证据;只有 HTTP 命中而无回放时,不记为 `verified-*`
|
||||
|
||||
在新工单中引用
屏蔽一个用户