> For the complete documentation index, see [llms.txt](https://web-sec.gitbook.io/wsa/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://web-sec.gitbook.io/wsa/client-side.md). # 客户端主题 - [跨站脚本(XSS)](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting.md) - [跨站脚本](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/index.md) - [反射型XSS](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/reflected.md) - [存储型XSS](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/stored.md) - [基于DOM的XSS](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/dom-based.md) - [XSS上下文](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/contexts.md) - [跨站脚本上下文](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/contexts/index.md) - [客户端模版注入](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/contexts/client-side-template-injection.md) - [利用跨站脚本漏洞](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/exploiting.md) - [内容安全策略](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/content-security-policy.md) - [悬空标记注入](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/dangling-markup.md) - [如何防范XSS漏洞](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/preventing.md) - [跨站脚本(XSS)速查表](https://web-sec.gitbook.io/wsa/client-side/cross-site-scripting/cheat-sheet.md) - [跨站请求伪造(CSRF)](https://web-sec.gitbook.io/wsa/client-side/csrf.md) - [跨站请求伪造(CSRF)](https://web-sec.gitbook.io/wsa/client-side/csrf/index.md) - [XSS与CSRF](https://web-sec.gitbook.io/wsa/client-side/csrf/xss-vs-csrf.md) - [绕过CSRF令牌验证](https://web-sec.gitbook.io/wsa/client-side/csrf/rao-guo-csrf-ling-pai-yan-zheng.md) - [绕过SameSite Cookie限制](https://web-sec.gitbook.io/wsa/client-side/csrf/rao-guo-samesite-cookie-xian-zhi.md) - [绕过基于Referer的CSRF防御](https://web-sec.gitbook.io/wsa/client-side/csrf/rao-guo-ji-yu-referer-de-csrf-fang-yu.md) - [如何防范CSRF漏洞](https://web-sec.gitbook.io/wsa/client-side/csrf/ru-he-fang-fan-csrf-lou-dong.md) - [跨域资源共享(CORS)](https://web-sec.gitbook.io/wsa/client-side/cors.md) - [跨域资源共享(CORS)](https://web-sec.gitbook.io/wsa/client-side/cors/kua-yu-zi-yuan-gong-xiang-cors.md) - [同源策略(SOP)](https://web-sec.gitbook.io/wsa/client-side/cors/same-origin-policy.md) - [CORS和Access-Control-Allow-Origin响应标头](https://web-sec.gitbook.io/wsa/client-side/cors/access-control-allow-origin.md) - [点击劫持](https://web-sec.gitbook.io/wsa/client-side/clickjacking.md) - [点击劫持(UI伪装)](https://web-sec.gitbook.io/wsa/client-side/clickjacking/dian-ji-jie-chi-ui-wei-zhuang.md) - [基于DOM的漏洞](https://web-sec.gitbook.io/wsa/client-side/dom-based.md) - [基于DOM的漏洞](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-lou-dong.md) - [控制Web消息源](https://web-sec.gitbook.io/wsa/client-side/dom-based/dom-clobbering.md) - [基于DOM的开放重定向](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-kai-fang-zhong-ding-xiang.md) - [基于DOM的Cookie操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-cookie-cao-zong.md) - [基于DOM的JavaScript注入](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-javascript-zhu-ru.md) - [基于DOM的document-domain操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-documentdomain-cao-zong.md) - [基于DOM的WebSocket URL投毒](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-websocket-url-tou-du.md) - [基于DOM的链接操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-lian-jie-cao-zong.md) - [Web消息操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/web-xiao-xi-cao-zong.md) - [基于DOM的Ajax请求标头操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-ajax-qing-qiu-biao-tou-cao-zong.md) - [基于DOM的本地文件路径操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-ben-di-wen-jian-lu-jing-cao-zong.md) - [基于DOM的客户端SQL注入](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-ke-hu-duan-sql-zhu-ru.md) - [基于DOM的HTML5 Storage操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-html5-storage-cao-zong.md) - [基于DOM的客户端XPath注入](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-ke-hu-duan-xpath-zhu-ru.md) - [基于DOM的客户端JSON注入](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-ke-hu-duan-json-zhu-ru.md) - [DOM-data操纵](https://web-sec.gitbook.io/wsa/client-side/dom-based/domdata-cao-zong.md) - [基于DOM的拒绝服务](https://web-sec.gitbook.io/wsa/client-side/dom-based/ji-yu-dom-de-ju-jue-fu-wu.md) - [WebSocket](https://web-sec.gitbook.io/wsa/client-side/websockets.md) - [测试WebSocket安全漏洞](https://web-sec.gitbook.io/wsa/client-side/websockets/index.md) - [什么是WebSocket?](https://web-sec.gitbook.io/wsa/client-side/websockets/what-are-websockets.md) - [跨站WebSocket劫持](https://web-sec.gitbook.io/wsa/client-side/websockets/cross-site-websocket-hijacking.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://web-sec.gitbook.io/wsa/client-side.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.