search

s0md3v / AwesomeXSS

Awesome XSS stuff
MIT License
4.74k stars 767 forks source link

use // to close a tag instead of > #3

Closed Ppsoft1991 closed 5 years ago

Ppsoft1991 commented 5 years ago

Hello,In your tricks "

you can use // to close a tag instead of >

.",I tried it in chrome,but its not worked,It's specific browser or version?

s0md3v commented 5 years ago

There must be a > somewhere later in the code. For example, the following works

<body>
<svg onload=alert()//
<span>This works</span>
</body>

While this one doesn't

<span>Doesn't work</span>
<svg onload=alert()//