Difference between revisions of "User talk:Jeff Williams"

Jump to: navigation, search
(One intermediate revision by the same user not shown)
Line 1: Line 1:
|title=Weather in Oklahoma City
;Injecting DOWN:The less common way to perform XSS injection is to introduce a code subcontext without closing the current context. For example, if you change <img src="...UNTRUSTED DATA HERE..." /> to <img src="javascript:alert(1)" /> you do not have to escape the HTML attribute context.  Instead, you introduce context that allows scripting within the src attribute. Another example is the expression() functionality in CSS properties. Even though you may not be able to escape a quoted CSS property to inject up, you may be able to introduce something like xss:expression(document.write(document.cookie)) without ever leaving the current context.
<img src="javascript:alert(1)" />

Latest revision as of 14:53, 5 November 2009

<img src="javascript:alert(1)" />