Create a gist now

Instantly share code, notes, and snippets.

@caike /attack.md
Last active Jun 23, 2017

What would you like to do?
XSS attack demo with innerHTML

Tested with Chrome, Firefox and Safari.

The following code will not trigger an alert. target.innerHTML = "<script> alert('XSS Attack'); </script>";

The following code will trigger an alert. target.innerHTML = "<img src=x onerror=\"alert('XSS Attack')\" >";

Tomas2D commented Jun 23, 2017

Good note!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment