Difference between revisions of "User talk:Jeff Williams"

From OWASP
Jump to: navigation, search
Line 4: Line 4:
 
}}
 
}}
  
;Injecting DOWN:The less common way to perform XSS injection is to introduce a code subcontext without closing the current context. For example, if you change <img src="...UNTRUSTED DATA HERE..." /> to <img src="javascript:alert(1)" /> you do not have to escape the HTML attribute context.  Instead, you introduce context that allows scripting within the src attribute. Another example is the expression() functionality in CSS properties. Even though you may not be able to escape a quoted CSS property to inject up, you may be able to introduce something like xss:expression(document.write(document.cookie)) without ever leaving the current context.
+
<img src="javascript:alert(1)" />

Revision as of 13:44, 5 November 2009

<img src="javascript:alert(1)" />