xssxsrf xssXSS攻击全称跨站脚本攻击(Cross Site Scripting) xsrf参考链接token的引入CSRF(Cross-site request forgery)跨站请求伪造,也被称为“One Click Attack”或者Session Riding,通常缩写为CSRF或者XSRF oauth 2.0
