Snippet, a browser handling the script
var script = document.createElement('script') | |
script.innerText = 'var s = "</script><script>alert(\'whoops!\')</script>"'; | |
console.log(script.outerHTML); | |
>>> <script>var s = "</script><script>alert('whoops!')</script>"</script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment