《阿里前端智勇大闯关第三季》:http://ued.campus.alibaba.com/quiz3/index.php
各关参考答案,自己随意弄的,不一定够标准。基本 console 敲入回车即可。
1. Console
(function(){ var i = 10; while(i-- > 0) powder.blow(); })();
2. CSS
(function(a, b) {
a = document.getElementById(a).style;
b = document.getElementById(b).style;
a.left = '800px';
a.top = '560px';
a['-webkit-transform'] = 'rotateZ(-60deg)';
b.left = '750px';
b['-webkit-transform'] = 'rotateZ(-154deg)';
})('ma', 'mb');
3. Canvas
(function(){
var a = document.body.innerHTML.match(/\<\!\-\-\n([\d\,\s]*)\n\-\-\>/i)[1].split(' ');
var b = document.getElementById('qr-canvas').getContext('2d');
b.fillStyle = '#000';
for (var i = 0, n = a.length; i < n; i++) b.fillRect.apply(b, a[i].split(','));
})();
4. TOOLS
less, ubuntu, stackoverflow, php, jade, npm, ctrl + v, wordpress, grunt, sprite, w3, sublime text …
5. AJAX
(function() {
var regM = /\<p id=\"message\"\>(.*)\<\/p\>/i,
regR = /\<span id=\"next\-room\"\>(.*)\<\/span\>/i,
baseURI = location.href.split('&')[0],
url = '';
function task(room) {
if (!room) return;
$.get(
baseURI + '&room=' + room,
function(t) {
var r;
if ( (r = match(regM, t)) && (url || /^\//.test(r))) url += r;
console.info(room, url);
if ( (r = match(regR, t)) ) return task(r);
window.location = url;
}
)
}
function match(reg, str) {
var d;
return (d = str.match(reg)) && d[1];
}
task( document.getElementById('next-room').innerText );
})();
6. XSS
正常方式 (css)
body > div.cover {
position: absolute;
left: 584px !important;
top: 334px;
z-index: 999;
background-color: white;
opacity: 1 !important;
}
.finger-print {
z-index: 998;
}
偷懒捷径式 (js)
window.location = Base64.decode(KISSY.DOM.attr("#page", "data-p"))