Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
JavaScript injection example
<!DOCTYPE html>
<h1>Example Scenario</h1>
<p>Save this locally as an HTML file and try it out. Open it and then look in your Firebug
or developer console. More details here:</p>
<p>What follows is an example of JavaScript injection. The real-world scenario might involve
a simple blog web application involving Title and Body fields. The submitted values can sneak past HTML
tag stripping functions like PHP's strip_tags(). I haven't tested against built-in tag-stripping
function found in other languages.</p>
<!-- Everything between the H2 tags was entered into the Blog Title field -->
<h2>Title with injection <script a="</h2>
<!-- Everything between the DIV tags was entered into the Blog Body field -->
">console.log('JavaScript successfully injected!');</script
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment