Open hybridwebdev opened 4 years ago
Simply setting a string to the following: <script>alert('arf, arf. Gotcha!');</script> and voila, your template will render it, script intact, resulting in the script running.
<script>alert('arf, arf. Gotcha!');</script>
Needless to say this is incredibly dangerous.
Simply setting a string to the following:
<script>alert('arf, arf. Gotcha!');</script>and voila, your template will render it, script intact, resulting in the script running.Needless to say this is incredibly dangerous.