javaµÄ·þÎñ·µ»ØÎı¾£¬ÈçºÎչʾ£¿

дÁËÒ»¸öservlet£¬¿ÉÒÔ·µ»ØÒ»¸öͼƬ£¬Ò²¿ÉÒÔ·µ»ØÒ»¸öÊý×Ö
¶ÔÓÚÇ°ÕßÔÚhtmlÒ³ÃæÖÐʹÓà <img src="http://127.0.0.1/serv?a=1">¼´¿ÉÔÚÒ³ÃæÖÐÏÔʾ³öÀ´
¶ÔÓÚºóÕßÔõôдÄØ£¿
http://127.0.0.1/serv?a=2£¬ÔÚÒ³ÃæÖÐÏÔʾµÄÊÇÕâ¸öµØÖ·£¬¶ø²»ÊÇ·µ»ØµÄÊý×Ö½á¹û¡£

Ôõô°ì£¿

---

ÔÚJAVAºǫ́°Ñhttp://127.0.0.1/serv?a=2´æµ½requestÀï
request.setAttribute("url","http://127.0.0.1/serv?a=2");

È»ºóÔÚתÏòµÄÒ³ÃæÀïд <img src="+${requestScope.url}+">

---

HTML code:

<script>
window.onload=function(){
document.getElementById("pad").innerHTML = document.getElementById("hf").contentWindow.document.body.innerHTML;
}
</script>
<span id="pad"></span>
<iframe id="hf" src="http://127.0.0.1/serv?a=2" style="display:none"></iframe>

---

¶àлhookee£¡
Õâ¸ö·½·¨ºÃÓõĺÜ
ÄÜ·ñ´ó¸Å˵һÏÂÔ­Àí£¿
ÁíÍâÎÒÒ²¿´µ½Ëµ

ÓÃdom¶¯Ì¬´´½¨Ò»¸öscript¶ÔÏó

var script=document.createElement("script");
script.src=imgsrc;
document.body.appendChild(script);

ÕâÖÖ·½·¨ÄÜʵÏÖÒªÇóµÄ¹¦ÄÜô£¿
¶àл