This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CRV2 RevCodeXSS"
(Created page with "Where can XSS occur?? '''HTML Body Context'''<br> <nowiki><span>UNTRUSTED DATA</span></nowiki><br> ''' HTML Attribute Context'''<br> <nowiki><input type="text" name="fname" v...") |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Where can XSS occur?? | + | =='''Where can XSS occur??'''== |
− | + | ===HTML Body Context<br>=== | |
<nowiki><span>UNTRUSTED DATA</span></nowiki><br> | <nowiki><span>UNTRUSTED DATA</span></nowiki><br> | ||
− | ''' | + | |
− | HTML Attribute Context'''<br> | + | ==='''HTML Attribute Context'''===<br> |
− | <nowiki><input type="text" name="fname" value="UNTRUSTED DATA"></nowiki> | + | <nowiki><input type="text" name="fname" value="UNTRUSTED DATA"></nowiki><br> |
attack: "><script>/* bad stuff */</script><br> | attack: "><script>/* bad stuff */</script><br> | ||
− | '''HTTP GET Parameter Context'''<br> | + | ==='''HTTP GET Parameter Context'''===<br> |
<nowiki><a href="/site/search?value=UNTRUSTED DATA">clickme</a></nowiki><br> | <nowiki><a href="/site/search?value=UNTRUSTED DATA">clickme</a></nowiki><br> | ||
− | attack: " onclick="/* bad stuff */" | + | attack: " onclick="/* bad stuff */"<br> |
− | '''URL Context'''<br> | + | ==='''URL Context'''===<br> |
<nowiki><a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" /></nowiki> <br> | <nowiki><a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" /></nowiki> <br> | ||
− | attack: javascript:/* BAD STUFF */ | + | attack: javascript:/* BAD STUFF */<br> |
+ | |||
+ | ==='''CSS Value Context'''===<br> | ||
+ | <div style="width: UNTRUSTED DATA;">Selection</div> | ||
+ | attack: expression(/* BAD STUFF */)<br> | ||
+ | |||
+ | ==='''JavaScript Variable Context'''===<br> | ||
+ | <script>var currentValue='UNTRUSTED DATA';</script> <br> | ||
+ | |||
+ | <script>someFunction('UNTRUSTED DATA');<br> | ||
+ | |||
+ | </script> attack: ');/* BAD STUFF */<br> | ||
+ | |||
+ | ==='''JSON Parsing Context'''===<br> | ||
+ | JSON.parse(UNTRUSTED JSON DATA)<br> |
Latest revision as of 13:51, 2 May 2013
Where can XSS occur??
HTML Body Context
<span>UNTRUSTED DATA</span>
===HTML Attribute Context===
<input type="text" name="fname" value="UNTRUSTED DATA">
attack: "><script>/* bad stuff */</script>
===HTTP GET Parameter Context===
<a href="/site/search?value=UNTRUSTED DATA">clickme</a>
attack: " onclick="/* bad stuff */"
===URL Context===
<a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" />
attack: javascript:/* BAD STUFF */
===CSS Value Context===
attack: expression(/* BAD STUFF */)
===JavaScript Variable Context===
<script>var currentValue='UNTRUSTED DATA';</script>
<script>someFunction('UNTRUSTED DATA');
</script> attack: ');/* BAD STUFF */
===JSON Parsing Context===
JSON.parse(UNTRUSTED JSON DATA)