Skip to main content
在 Manus 中运行任何 Skill
一键导入

cross-site-scripting

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for cross-site scripting (CWE-79), including reflected, stored, and DOM-based XSS, mutation XSS (mXSS), framework sink gadgets (dangerouslySetInnerHTML, v-html, bypassSecurityTrust), template auto-escape bypasses, and HTML/attribute/JS/URL/CSS context confusion. Use when reviewing code that emits user data into HTML, the DOM, or a template. Writes confirmed findings to findings/13-cross-site-scripting.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly