fofofofoxier
commented
5 years ago BTW, the phenomenon of html inject is quite terrible, I tryed typing in html tags with on* properties, the js always runs
Open fofofofoxier opened 5 years ago
fofofofoxier
commented
5 years ago BTW, the phenomenon of html inject is quite terrible, I tryed typing in html tags with on* properties, the js always runs
The editor alerts a prompt if type in such content:
"<img src=x onerror=prompt(/joker/);>"