New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "classic" DOM-based XSS #217
Comments
Implement, for instance, client-side sorting.
|
Possible resource(s) on implementation: |
(possible leverage point for #217)
Question to the XSS pros out there: Can you exploit by injecting into
when it's later used as follows in the middle of the
My naive attack attempt ℹ️Please note: I do not want to wrap it into something like |
(possible leverage point for #217)
Is it implementable what @nunoloureiro said ? because we already have a anchor for search route i.e. |
@CaptainFreak The new order tracking would be a perfect fresh place for this, I guess! |
Are we still less of a DOM-based XSS ? @bkimminich :) |
Ok, not really ... :-) |
This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs. |
Current XSS Tier 1 also submits the attacked parameter to the server, so it might be confused with reflected XSS. Having a "classic" client-only DOM-based XSS vulnerability would be nice.
see https://github.com/eoftedal/writings/blob/master/published/owasp_top_10_for_js_-_xss.md
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: