HTML5 Zone is brought to you in partnership with:

Chris is a DZone MVB and is not an employee of DZone and has posted 8 posts at DZone. You can read more from them at their website. View Full User Profile

XSS Is Still Tricky

03.18.2013
| 2249 views |
  • submit to reddit

 This works in Safari, Firefox, Chrome, and Opera.

<!DOCTYPE html>
<head>
<title>Oh no!</title>
<script type="text/javascript">
    var xss = "</script><script>alert('XSS');</script>";
</script>
</head>
<body>
<p>And you thought parsers were smart.</p>
</body>
</html>




Published at DZone with permission of Chris Shiflett, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)