Skip to content

Instantly share code, notes, and snippets.

@EdOverflow

EdOverflow/code_snippets.md

Last active March 3, 2018 17:51
Show Gist options
  • Save EdOverflow/77b76bbb3188cffc096c198df8157bc0 to your computer and use it in GitHub Desktop.
Save EdOverflow/77b76bbb3188cffc096c198df8157bc0 to your computer and use it in GitHub Desktop.
Download ZIP
Ed's code snippets.
Raw
code_snippets.md

Ed's code snippets

Raw
searchParamsXSS.js
/*
Name: XSS demo using the searchParams API
Docs: https://developer.mozilla.org/en-US/docs/Web/API/URL/searchParams
http://example.com/?q="><img/src=x onerror=alert(1)>
*/
var url = new URL(document.location.href);
var output = url.searchParams.get("q");
var element = document.createElement('div');
element.id = "test";
document.body.appendChild(element);
document.getElementById("test").innerHTML = output;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment