You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 19, 2018. It is now read-only.
Angle bracket entities in a href attribute cause the closing quote for the attribute to be converted to an entity, leaving the tag open. Other tags containing scripts can then be added after it.
Angle bracket entities in a href attribute cause the closing quote for the attribute to be converted to an entity, leaving the tag open. Other tags containing scripts can then be added after it.
Input:
<a href='</a>'>Link</a><a href='</a>'<script>alert(1)</script>'>Link</a>
Output:
<a href="</a>">Link</a><a href="</a>'<script>alert(1)</script>">Link</a>
The text was updated successfully, but these errors were encountered: