Open klukackova opened 3 years ago
According to the documentation style attributes can be filtered using CSS filter. How can I filter also values between style tags not only attributes? E.g. <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE> is not filtered at all.
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE>
I have tried that
Zhxhh
commented
3 years ago
According to the documentation style attributes can be filtered using CSS filter. How can I filter also values between style tags not only attributes? E.g.
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE>is not filtered at all.