WordPress \u306e\u8a18\u4e8b\u5185\u306b\u3061\u3087\u3063\u3068\u3057\u305f JavaScript \u3092\u8a18\u8ff0\u3057\u3088\u3046\u3068\u601d\u3063\u305f\u306e\u3060\u304c\u3001\u306a\u304b\u306a\u304b\u3046\u307e\u304f\u3044\u304b\u306a\u304b\u3063\u305f\u306e\u3067\u3001WordPress \u306e\u52d5\u4f5c\u3068 JavaScript \u3092\u8a18\u8ff0\u3059\u308b\u65b9\u6cd5\u3092\u691c\u8a3c\u3057\u3066\u307f\u305f\u3002
\n\u203b\u672c\u8a18\u4e8b\u306f WordPress 3.7.1\u2013ja \u3092\u5229\u7528\u3057\u305f\u3068\u304d\u306b\u63b2\u8f09\u3057\u305f\u8a18\u4e8b\u3067\u3059\u3002<\/p>\n
WordPress \u306f\u8a18\u4e8b\u5185\u306e\u6587\u5b57\u5217\u3092\u305d\u306e\u307e\u307e\u51fa\u529b\u3057\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u306a\u304f\u3001\u6574\u5f62\u3057\u3066\u51fa\u529b\u3057\u3066\u3044\u308b\u3002JavaScript \u3092\u8a18\u8ff0\u3059\u308b\u4e0a\u3067\u5f71\u97ff\u306e\u3042\u308a\u305d\u3046\u306a\u51e6\u7406\u3092\u307e\u3068\u3081\u308b\u3002<\/p>\n
onclick \u30cf\u30f3\u30c9\u30e9\u30fc\u3084\u3001<script\/>\u30bf\u30b0\u306a\u3069\u306f\u524a\u3089\u308c\u306a\u3044\u3088\u3046\u3060\u3002
\n\u305f\u3060\u3057\u3001onclick \u30cf\u30f3\u30c9\u30e9\u30fc\u3092\u66f8\u3044\u3066 Chrome \u3067\u300c\u30d7\u30ec\u30d3\u30e5\u30fc\u300d\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u8b66\u544a\u304c\u8868\u793a\u3055\u308c\u308b\u3002<\/p>\n
The XSS Auditor refused to execute a script in 'https:\/\/www.united-bears.co.jp\/blog\/?p=2049&preview=true' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.<\/pre>\nChrome \u306e\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u5bfe\u7b56\u306b\u3072\u3063\u304b\u304b\u3063\u3066\u3001\u30cf\u30f3\u30c9\u30e9\u30fc\u306e\u4e2d\u8eab\u3092\u6d88\u3055\u308c\u3066\u3057\u307e\u3046\u3002XSS Auditor \u306e\u52d5\u4f5c\u306f\u304d\u3061\u3093\u3068\u8abf\u3079\u3066\u3044\u306a\u3044\u306e\u3067\u4e0d\u660e\u306a\u70b9\u304c\u591a\u3044\u306e\u3060\u304c\u3001\u300c\u30d7\u30ec\u30d3\u30e5\u30fc\u300d\u30dc\u30bf\u30f3\u3092\u62bc\u3055\u305a\u306b URL \u3092\u76f4\u63a5\u6307\u5b9a\u3059\u308c\u3070\u52d5\u4f5c\u3059\u308b\u3002\u8b66\u544a\u306e\u5185\u5bb9\u901a\u308a\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u542b\u307e\u308c\u308b\u5185\u5bb9\u3068 HTML \u3092\u6bd4\u8f03\u3057\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u542b\u307e\u308c\u308b\u5185\u5bb9\u304c\u76f4\u63a5\u51fa\u529b\u3055\u308c\u305f\u5834\u5408\u3001\u30c1\u30a7\u30c3\u30af\u306b\u5f15\u3063\u304b\u304b\u308b\u3088\u3046\u3060\u3002\u306a\u304a\u3001\u5bfe\u7b56\u306f\u66f8\u3044\u3066\u3042\u308b\u3068\u304a\u308a\u300cX-XSS-Protection\u300d\u304b\u300cContent-Security-Policy\u300d\u30d8\u30c3\u30c0\u30fc\u3092\u51fa\u529b\u3059\u308c\u3070\u3044\u3044\u3089\u3057\u3044\u3002<\/p>\n
JavaScript \u306e\u8a18\u8ff0<\/h2>\n
\u6ce8\u610f\u4e8b\u9805\u3068\u5bfe\u7b56<\/h3>\n
JavaScript \u3092\u8a18\u8ff0\u3059\u308b\u969b\u306e\u6ce8\u610f\u4e8b\u9805\u306f\u30012\u3064\u3002<\/p>\n
\u6700\u521d\u306e\u6ce8\u610f\u4e8b\u9805\u306f\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u304c\u898b\u306b\u304f\u304f\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u3092\u9664\u3051\u3070\u306a\u3093\u306e\u554f\u984c\u3082\u306a\u3044\u30022\u3064\u3081\u306f\u5c11\u3057\u3084\u3063\u304b\u3044\u3060\u3002\u8ad6\u7406\u7a4d(&)\u3068\u3001\u8ad6\u7406\u6f14\u7b97\u5b50(&&)\u304c\u4f7f\u3048\u306a\u3044\u304b\u3089\u3060\u3002<\/p>\n
\u8ad6\u7406\u6f14\u7b97\u5b50\u306e\u65b9\u306f\u3001if \u6587\u3092\u30cd\u30b9\u30c8\u3059\u308b\u304b ? \u6f14\u7b97\u5b50\u3092\u4f7f\u3048\u3070\u3088\u3044\u3060\u3051\u306a\u306e\u3067\u3001\u305d\u308c\u307b\u3069\u96e3\u3057\u304f\u306a\u3044(\u30b3\u30fc\u30c9\u306f\u6c5a\u304f\u306a\u308b\u304c)\u3002<\/p>\n
\r\nif(condition1 && condition2) { return true }\r\nif(condition1) { if(condition2) { return true } }\r\nreturn condition1 ? (condition2 ? true : false) : false;\r\n<\/pre>\n\u8ad6\u7406\u7a4d(&)\u3092\u4f7f\u3048\u306a\u3044\u554f\u984c\u306f\u3001\u30c9\u30fb\u30e2\u30eb\u30ac\u30f3\u306e\u6cd5\u5247<\/a>\u3067\u3057\u306e\u3044\u3060\u3002<\/p>\n\r\nreturn m & n;\r\nreturn ~(~m | ~n);\r\n<\/pre>\nJavaScript \u3092\u8a18\u8ff0\u3057\u305f\u4f8b<\/h3>\n
Chrome \u306e XSS Auditor \u306b\u3072\u3063\u304b\u304b\u308b\u3068\u9762\u5012\u306a\u306e\u3067(\u307b\u304b\u306e\u30d6\u30e9\u30a6\u30b6\u3082\u5f15\u3063\u304b\u304b\u308b\u304b\u3082\u3057\u308c\u306a\u3044)\u3001\u30bf\u30b0\u306b\u306f\u30a4\u30d9\u30f3\u30c8\u30cf\u30f3\u30c9\u30e9\u30fc\u3092\u8ffd\u52a0\u305b\u305a\u3001<script\/>\u30bf\u30b0\u306b JavaScript \u3092\u8a18\u8ff0\u3059\u308b\u65b9\u6cd5\u3092\u9078\u3093\u3060\u3002WordPress \u306b\u306f jQuery \u304c\u542b\u307e\u308c\u3066\u3044\u308b\u306e\u3067\u3001jQuery \u3082\u6d3b\u7528\u3059\u308b\u3053\u3068\u306b\u3057\u305f\u3002\u5b9f\u969b\u306e\u4f8b\u306f\u3001\u672c\u30d6\u30ed\u30b0\u306e\u30c4\u30fc\u30eb<\/a>\u30ab\u30c6\u30b4\u30ea\u30fc\u306b\u3042\u308b\u3002<\/p>\n\u4e00\u756a\u5358\u7d14\u306a\u3001\u300cUNIX time \u3068\u65e5\u6642\u8868\u8a18(\u5730\u65b9\u6642)\u306e\u76f8\u4e92\u5909\u63db\u300d\u306e\u8a18\u4e8b\u306b\u8a18\u8ff0\u3055\u308c\u305f JavaScript \u3092\u629c\u7c8b\u3057\u3066\u307f\u305f\u3002<\/p>\n
\r\n<script type=\"text\/javascript\" src=\"\/blog\/wp-includes\/js\/jquery\/jquery.js\"><\/script>\r\n<script type=\"text\/javascript\">\r\njQuery(document).ready(function(){\r\nvar WEEK_DAY = ['\u65e5', '\u6708', '\u706b', '\u6c34', '\u6728', '\u91d1', '\u571f', '\u65e5'];\r\nvar now = new Date();\r\njQuery('#unixtime_now').html(now.getTime());\r\njQuery('#localtime_now').html(\r\nnow.getFullYear() + '\/' +\r\n('0' + (now.getMonth() + 1)).slice(-2) + '\/' +\r\n('0' + now.getDate()).slice(-2) +\r\n'(' + WEEK_DAY[now.getDay()] + ') ' +\r\n('0' + now.getHours()).slice(-2) + ':' +\r\n('0' + now.getMinutes()).slice(-2) + ':' +\r\n('0' + now.getSeconds()).slice(-2) + '.' +\r\n('000' + now.getMilliseconds()).slice(-3)\r\n);\r\njQuery('#show_unixtime').click(function() {\r\nvar result = jQuery('#unixtime_result');\r\nresult.html('');\r\nvar input = jQuery('#unixtime').val();\r\nif(!input) {\r\nresult.html('\u30df\u30ea\u79d2\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002');\r\nreturn;\r\n}\r\n... \u4ee5\u4e0b\u7565\r\n});\r\n<\/script>\r\n<\/pre>\n\u3061\u3087\u3063\u3068\u898b\u306b\u304f\u3044\u304c & \u3092\u4f7f\u3048\u306a\u3044\u3053\u3068\u3092\u306e\u305e\u304d\u3001\u666e\u901a\u306b JavaScript \u3092\u304b\u3051\u308b\u3088\u3046\u3060\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
WordPress \u306e\u8a18\u4e8b\u5185\u306b\u3061\u3087\u3063\u3068\u3057\u305f JavaScript \u3092\u8a18\u8ff0\u3057\u3088\u3046\u3068\u601d\u3063\u305f\u306e\u3060\u304c\u3001\u306a\u304b\u306a\u304b\u3046\u307e\u304f\u3044\u304b\u306a\u304b\u3063\u305f\u306e\u3067\u3001WordPress \u306e\u52d5\u4f5c\u3068 JavaScript \u3092\u8a18\u8ff0\u3059\u308b\u65b9\u6cd5\u3092\u691c\u8a3c\u3057\u3066\u307f\u305f\u3002 \u203b\u672c\u8a18\u4e8b\u306f […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,1],"tags":[],"class_list":["post-2049","post","type-post","status-publish","format-standard","hentry","category-web-develop","category-etc"],"_links":{"self":[{"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/posts\/2049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/comments?post=2049"}],"version-history":[{"count":20,"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/posts\/2049\/revisions"}],"predecessor-version":[{"id":2069,"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/posts\/2049\/revisions\/2069"}],"wp:attachment":[{"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/media?parent=2049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/categories?post=2049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.united-bears.co.jp\/blog\/wp-json\/wp\/v2\/tags?post=2049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}