This repository has been archived by the owner on Jan 10, 2023. It is now read-only.
xss in css context #34
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello, I am trying to find a way how to perform XSS in style tags. However it seems to me that unless I rely on deprecated or not fixed features of old browsers like :expression and -moz-binding the following pages cannot be exploted. Is it true? If so, could you give me a hint on how to exploit them?
The testcases:
/serverside/escapeHtml/css_style
/serverside/escapeHtml/css_style_font_value
/serverside/escapeHtml/css_style_value
/serverside/encodeUrl/css_style
/serverside/encodeUrl/css_style_value
/serverside/encodeUrl/css_style_value
The text was updated successfully, but these errors were encountered: