4.2.4. XSS数据源

4.2.4.1. URL

• location
• location.href
• location.pathname
• location.search
• location.hash
• document.URL
• document.documentURI
• document.baseURI

4.2.4.2. Navigation

• window.name
• document.referrer

4.2.4.3. Communication

• Ajax
• Fetch
• WebSocket
• PostMessage

4.2.4.4. Storage

• Cookie
• LocalStorage
• SessionStorage