An interactive PSA by Brian Lechthaler
note: if you're viewing this on GitHub the following line willl not contain a clickable link. Thanks, GitHub security team!
Is your markdown parser vulnerable to XSS? click here to find out!
This is totally harmless. All we're trying to do here is pop open an alert in the browser.
But think about the implications of this. We can run whatever javascript we'd like anywhere
-
Obtain explicit permission from the owner of the app you're testing this on.
-
Copy the unformatted version of this paste
-
Try to "Preview" or "Submit"
-
Try Clicking the link in the Proof of Concept.
License: Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)
You can find me here:
-
GitHub: brianlechthaler
-
Twitter: @brianlechthaler