Create a gist now

Instantly share code, notes, and snippets.

@caike /attack.md
Last active Nov 25, 2015

XSS attack demo with innerHTML

Tested with Chrome, Firefox and Safari.

The following code will not trigger an alert. target.innerHTML = "<script> alert('XSS Attack'); </script>";

The following code will trigger an alert. target.innerHTML = "<img src=x onerror=\"alert('XSS Attack')\" >";

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment