Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
DOM-XSS for img.src
<script>
/* In old browsers this worked: <img src=javascript:alert(1)> , tried it for DOM-XSS
in the latest Chrome and it's not working. Any payload I can set to
"user_controlled_variable" to have javascript execution?
Reference for old browsers: https://html5sec.org/#63
.mario mentioned that it is possible to DoS firefox by setting the img.src to "javascript:while(1){}";.
* Confirmed with latest Firefox
* alert() calls are not allowed
* Can't run other javascript code since it is a very restricted javascript sandbox.
*/
...
el = document.createElement('img');
el.src = user_controlled_variable;
...
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment