This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Testing for DOM-based Cross site scripting (OTG-CLIENT-001)

From OWASP

Revision as of 13:35, 30 January 2009 by Runestone (talk | contribs) (New page: I've now tried this PoC code local and remotely without any receiving any alert box: <pre> <script> document.write("Site is at: " + document.location.href + "."); </script> </pre> I've tes...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

I've now tried this PoC code local and remotely without any receiving any alert box:

<script>
document.write("Site is at: " + document.location.href + ".");
</script>

I've tested this in both FF3, IE7 and IE5. Can anyone explain why this simple PoC won't work?

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Testing_for_DOM-based_Cross_site_scripting_(OTG-CLIENT-001)&oldid=52454"