Closed andreyshiryaev closed 1 year ago
Both cases seem to work fine for me. What do you expect as output in each case?
I expect that onerror='alert(document.cookie)' and jAvascript:alert('test2') will be removed.
I try to fix XSS
Strange. Both work fine for me. Can you provide a short code example that shows the issue?
Strange. Both work fine for me. Can you provide a short code example that shows the issue?
FIY the variant with empty src works in the console project for me too. It is my mistake sorry. It does not work only non-URI value
UPDATE maybe it happens with different text could you please give some advice on how to use sanitizer with such text from HTML editor? thanks
The case <IMG SRC=jAvascript:alert('test2')>
does not work in your demo because you have not included src
in the UriAttributes
collection. The UriAttributes
collection determines the attributes which will be subject to URI sanitization.
I'm not sure I understand the <p><img><img src=''alert(document.cookie)'> <img><img></p>
case. What do you expect as output? There doesn't seem to be an img element that needs to be sanitized. The src="..."
part is just text, it's not an attribute of an element.
The case
<IMG SRC=jAvascript:alert('test2')>
does not work in your demo because you have not includedsrc
in theUriAttributes
collection. TheUriAttributes
collection determines the attributes which will be subject to URI sanitization.I'm not sure I understand the
<p><img><img src=''alert(document.cookie)'> <img><img></p>
case. What do you expect as output? There doesn't seem to be an img element that needs to be sanitized. Thesrc="..."
part is just text, it's not an attribute of an element.
Thanks a lot. Close the issue
The case
<IMG SRC=jAvascript:alert('test2')>
does not work in your demo because you have not includedsrc
in theUriAttributes
collection. TheUriAttributes
collection determines the attributes which will be subject to URI sanitization. I'm not sure I understand the<p><img><img src=''alert(document.cookie)'> <img><img></p>
case. What do you expect as output? There doesn't seem to be an img element that needs to be sanitized. Thesrc="..."
part is just text, it's not an attribute of an element.Thanks a lot. Close the issue. It is problem with the front side too. it send wrong data
Good day
<img src='http://url.to.file.which/not.exist1' onerror='alert(document.cookie)'>
works fineBut I found 2 issues
when i try to clear
<img src='' onerror='alert(document.cookie)'>
nothing happens i expect that to be deletedonerror='alert(document.cookie)'
I expect like <img src='''>
<IMG SRC=jAvascript:alert('test2')>
I expect like <img src='''>