-
For web, JavaScript `alert` can be used.
-
I included the javascript below in the `index.html` and is working fine (!). Try to navigate with `index.html#6gycfqf0` or `index.html#geohash:6gycfqf0` with this javascript:
```js
var hash =…
-
FF 42 supports the ES6 Reflect API. New DOMXSS sink:
Reflect.set(location, 'href', 'javascript:alert(1)')
https://t.co/lHFWLJzRC6
-
**Describe the bug**
I have notes that include Templater (plugin) code snippets I keep for reference. When I use Quickadd (capture mode) to insert content into these notes, the Templater code is exec…
-
- Site: [//172.17.0.1](//172.17.0.1)
- Site: [http://172.17.0.1](http://172.17.0.1)
**New Alerts**
- **Cross Site Scripting (Reflected)** [40012] total: 1:
- [http://172.17.0.1/xss1.php?su…
-
```
What steps will reproduce the problem?
Use this HTML page on MSIE
base2 Element.getAttribute test
one
two
base2.JavaScript.bind(window);
base2.DOM.bind(document);
var x = d…
-
Code like
RuBB.to_html('[url=http://www.google.com" onclick=javascript:alert(window.location) rel=nofollow]google[/url]')
produces HTML with executable javascript code. While slashing all quotes wou…
-
-
```
I added the following code on my screen. But when I scan a barcode nothing
happens.
$(document).ready(function() {
char0 = new Array("§", "32");
char1 = new Array("…
-
https://github.com/revel/revel/blob/a3d7a7c23ca885cc5036d3641ede49ce4a14ee2e/validators.go#L473:L526
Normal HTML tags are detected just fine, but when a tag is self-closing, such as:
``
``
Go …