Create a gist now

Instantly share code, notes, and snippets.

@caike /attack.md
Last active Jan 22, 2018

Embed
XSS attack demo with innerHTML

Tested with Chrome, Firefox and Safari.

The following code will not trigger an alert. target.innerHTML = "<script> alert('XSS Attack'); </script>";

The following code will trigger an alert. target.innerHTML = "<img src=x onerror=\"alert('XSS Attack')\" >";

@Tomas2D

This comment has been minimized.

Show comment
Hide comment
@Tomas2D

Tomas2D Jun 23, 2017

Good note!

Tomas2D commented Jun 23, 2017

Good note!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment