GitBook: [master] one page modified
This commit is contained in:
parent
f9715a71fe
commit
34c67314a6
@ -20,7 +20,7 @@
|
||||
3. Inside **JavaScript code**:
|
||||
1. Can you escape the `<script>` tag?
|
||||
2. Can you escape the string and execute different JS code?
|
||||
3. Are your input in template literals \`\`\`\`\`\`\`\`?
|
||||
3. Are your input in template literals \`\`?
|
||||
4. Can you bypass protections?
|
||||
4. If **used**:
|
||||
1. You could exploit a **DOM XSS**, pay attention how your input is controlled and if your **controlled input is used by any sink.**
|
||||
@ -420,6 +420,7 @@ This can be **abused** using: `${alert(1)}`
|
||||
|
||||
```javascript
|
||||
<script>\u0061lert(1)</script>
|
||||
<svg><script>alert('1')
|
||||
```
|
||||
|
||||
### JavaScript bypass blacklists techniques
|
||||
|
Loading…
Reference in New Issue
Block a user