This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
CRV2 RevCodeXSS
From OWASP
Revision as of 13:44, 2 May 2013 by EoinKeary (talk | contribs) (Created page with "Where can XSS occur?? '''HTML Body Context'''<br> <nowiki><span>UNTRUSTED DATA</span></nowiki><br> ''' HTML Attribute Context'''<br> <nowiki><input type="text" name="fname" v...")
Where can XSS occur??
HTML Body Context
<span>UNTRUSTED DATA</span>
HTML Attribute Context
<input type="text" name="fname" value="UNTRUSTED DATA">
attack: "><script>/* bad stuff */</script>
HTTP GET Parameter Context
<a href="/site/search?value=UNTRUSTED DATA">clickme</a>
attack: " onclick="/* bad stuff */"
URL Context
<a href="UNTRUSTED URL">clickme</a> <iframe src="UNTRUSTED URL" />
attack: javascript:/* BAD STUFF */
