the0d0re9
commented
4 years ago Just checked, they don't seem to work, there's a whitelist rather than a blacklist, so most of the onload/onerror badness is blocked.
Closed dalf closed 4 years ago
the0d0re9
commented
4 years ago Just checked, they don't seem to work, there's a whitelist rather than a blacklist, so most of the onload/onerror badness is blocked.
asciimoo
commented
4 years ago Great, thanks!
Check if the XSS in https://github.com/terjanq/Tiny-XSS-Payloads are blocked by Morty.