Skip to content

Tag: xss

What does =_= mean in JavaScript or HTML?

Reading this XSS cheat sheet, I noticed a special usage I have never seen: What does “=_=” mean? It’s below the sentence “On Mouse Over​”. Answer It’s just an attribute on the element. It doesn’t have any meaning by itself, so it may be present simply as a red herring…

How can prevent Stored XSS by iframe?

I use Extjs and JS to build a dialog where can display my html data from DB, that data is wrapped with iframe like this: I tried to add sandbox to iframe, but it doesn’t work, the XSS alert still show. Then I tried to change to <iframe src=’#’… sandbox>, but XSS alert still show.…

Are there different types of HTML closing tags

Recently I came across this type of tag in an HTML: <x/ id=”someId” onpointermove=alert`hello`> This data was fetched from the server as a JSON and then written into the HTML view. The HTML view displays the data with no issues. However, on running the request that just fetches the data in a…

What makes an input vulnerable to XSS?

I’ve been reading about XSS and I made a simple form with a text and submit input, but when I execute <script>alert();</script> on it, nothing happens, the server gets that string and that’s all. What do I have to do for make it vulnerable?? (then I’ll learn what I shouldn’…