Ниже приведен URL-адрес:
https://xyz.abc.com/gadgets/proxy?container=default&debug=0&nocache=0&refresh=86400&html_tag_context=img&url=w49y1<a+href%3da+onmouseover%3dalert(1);>ClickMe</a>d6zjo
Ответ:
Invalid request url scheme in url: vdfv; only "http" and "https" supported.
заголовки:
General:
Request Method: GET
Status Code: 400 Bad Request
Remote Address: 10.78.95.57:8445
Referrer Policy: no-referrer-when-downgrade
Response Headers:
Cache-Control: public,max-age=1
Connection: close
Content-Length: 95
Date: Thu, 16 May 2019 07:34:30 GMT
Expires: Thu, 16 May 2019 07:34:31 GMT
Server:
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Request Headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Pragma: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
Когда ответ отображается в браузере, добавляется предварительный тег.
<code><pre style="word-wrap: break-word; white-space: pre-wrap;">Invalid url: w49y1&lt;a href=a onmouseover=alert(1);&gt;ClickMe&lt;/a&gt;d6zjo
Как / почему / откуда появляется этот предварительный тег?