Create a gist now

Instantly share code, notes, and snippets.

@caike /attack.md
Last active Nov 25, 2015

What would you like to do?
XSS attack demo with innerHTML

Tested with Chrome, Firefox and Safari.

The following code will not trigger an alert. target.innerHTML = "<script> alert('XSS Attack'); </script>";

The following code will trigger an alert. target.innerHTML = "<img src=x onerror=\"alert('XSS Attack')\" >";

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment