About the Author

Chris Shiflett

Hi, I’m Chris: web craftsman, community leader, husband, father, and partner at Fictive Kin.


XSS Is Still Tricky

This works in Safari, Firefox, Chrome, and Opera.

<!DOCTYPE html>
<head>
<title>Oh no!</title>
<script type="text/javascript">
    var xss = "</script><script>alert('XSS');</script>";
</script>
</head>
<body>
<p>And you thought parsers were smart.</p>
</body>
</html>

About this post

XSS Is Still Tricky was posted on Fri, 08 Mar 2013. If you liked it, follow me on Twitter or share:

1 comments

Hello! What’s your name?

Want to comment? Please connect with Twitter to join the discussion.