Open alexattws opened 8 years ago
To replicate the injection, change data-vide-bg attribute in one of the example to:
<... data-vide-bg="video/ocean?"'><script>alert('pwned');</script>" >
To fix this, ESCAPE PROPERLY, PEOPLE!!! Jesus!
sources += '<source src="' + $("<div>").text(path.mp4).html() + '.mp4" type="video/mp4">';
To replicate the injection, change data-vide-bg attribute in one of the example to:
<... data-vide-bg="video/ocean?"'><script>alert('pwned');</script>" >To fix this, ESCAPE PROPERLY, PEOPLE!!! Jesus!
sources += '<source src="' + $("<div>").text(path.mp4).html() + '.mp4" type="video/mp4">';