ch0ic3/XSS
1
0
Fork 0
mirror of https://github.com/ShadowByte1/XSS.git synced 2024-12-18 10:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
ShadowByte 2024-08-07 14:17:47 +10:00 committed by GitHub
parent c2c96ef08b
commit 83ea59c835
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -634,6 +634,7 @@ event: message\ndata: <script>alert('XSS via EventSource')</script>\n\n
CSS Content Property Injection
If an application allows user input in CSS properties without sanitization, it can lead to XSS.
Note:most browsers consider the content property text not html and this works under very certain conditions unsure whether the browser still accepts this however i have inserted here as a use case.
```
<style>
.content::before { content: '<img src=x onerror=alert("XSS via CSS Content Property")>'; }