-
```
using: http://shellinabox.googlecode.com/svn/trunk/demo/demo.html
but with linkifyURLs = 2 (instead of 1), print:
print "javascript:'@1.3.3.7/http://',alert(1);"
it will create a link that whe…
-
1. url-rule-set에서 denfender는 파라미터별로 설정할 수 밖에 없나요? url별로 설정할 수는 없나요?
2. lucy-xss-default-sax.xml에 허용하는 attribute들이 정의되어있던데 같은 테그들도 있더라고요. default-sax.xml에는 모든 태그들을 허용한것으로 보면 되나요?
3. 2번이 맞다면 script 태…
-
htmx evaluates javascript from the tags for the received content (which is great!) - however, in some cases it may be desirable to not re-execute the scripts when the page is loaded from history (e.g…
-
If you don't hook anyone, because you don't want to notify, and click 'Post' you get the following JavaScript alert:
 {
var resp = {
"name": "Mick",
"count": 30,
"thumbnail" : "http://loca…
-
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **PII Disclosure** [10062] total: 1:
- [https://www.zaproxy.org/docs/desktop/addons/websockets/pscanrules/](https:…
-
```
I had a bad export script, and the label property was omitted. I got a
javascript alert for each and ever record, with no way to stop it (or even
switch to another tab in FF). It was clearly user …
-
```
I had a bad export script, and the label property was omitted. I got a
javascript alert for each and ever record, with no way to stop it (or even
switch to another tab in FF). It was clearly user …
-
```
I had a bad export script, and the label property was omitted. I got a
javascript alert for each and ever record, with no way to stop it (or even
switch to another tab in FF). It was clearly user …
-
```
I had a bad export script, and the label property was omitted. I got a
javascript alert for each and ever record, with no way to stop it (or even
switch to another tab in FF). It was clearly user …