XSS attempt

Submitted by nitori at July 19, 2023, 6:23 AM in test

![" onload="console.log('Im in your mainframe :3')"](/apple-touch-icon-precomposed.png)

turns into

Comments

You must log in or register to comment.

nitori wrote at July 19, 2023, 6:23 AM (edited at July 19, 2023, 6:23 AM)

ebic fail

again, good HTML sanitizing

nitori wrote at July 21, 2023, 10:04 AM

Hmm let's try adding a span into a link

[<span onload="console.log('Im in your mainframe :3')"></span>](/)

turns into

<span onload="console.log('Im in your mainframe :3')"></span>

nitori wrote at July 21, 2023, 10:29 AM

bold?

[<b onclick="console.log('Im in your mainframe :3')">I should not appear as bold</span>](/)

turns into

<b onclick="console.log('Im in your mainframe :3')">I should not appear as bold</span>

nitori wrote at July 21, 2023, 10:30 AM

cool, no arbitrary element addition