0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] one page modified

This commit is contained in:
CPol 2021-06-04 15:00:45 +00:00 committed by gitbook-bot
parent f9715a71fe
commit 34c67314a6
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pentesting-web/xss-cross-site-scripting/README.md
View File

@ -20,7 +20,7 @@
3. Inside **JavaScript code**:
1. Can you escape the `<script>` tag?
2. Can you escape the string and execute different JS code?
3. Are your input in template literals \`\`\`\`\`\`\`\`?
3. Are your input in template literals \`\`?
4. Can you bypass protections?
4. If **used**:
1. You could exploit a **DOM XSS**, pay attention how your input is controlled and if your **controlled input is used by any sink.**
@ -420,6 +420,7 @@ This can be **abused** using: `${alert(1)}`
```javascript
<script>\u0061lert(1)</script>
<svg><script>alert&lpar;'1'&rpar;
```
### JavaScript bypass blacklists techniques