About the Author

Chris Shiflett

Hi, I’m Chris: web craftsman, community leader, husband, father, and partner at Fictive Kin.

XSS Is Still Tricky

This works in Safari, Firefox, Chrome, and Opera.

<!DOCTYPE html>
<title>Oh no!</title>
<script type="text/javascript">
    var xss = "</script><script>alert('XSS');</script>";
<p>And you thought parsers were smart.</p>

About this post

XSS Is Still Tricky was posted on Fri, 08 Mar 2013. If you liked it, follow me on Twitter or share:


Hello! What’s your name?

Want to comment? Please connect with Twitter to join the discussion.