Blame src/lxml/html/tests/hackers-org-data/style-expression.data
Branch: b74dd5f56bf76def5aa8ea34e7d986ca0d582af2
Packit Service
b74dd5
Description: (this is really a hybrid of the above XSS vectors, but it really does show how hard STYLE tags can be to parse apart, like above this can send IE into a loop)
Packit Service
b74dd5
http://ha.ckers.org/xss.html#XSS_IMG_STYLE_expression
Packit Service
b74dd5
Options: -safe_attrs_only
Packit Service
b74dd5
Notes: Modified to avoid a parsing in libxml2 that ruins the XSS (the " marks).
Packit Service
b74dd5
Also there seemed to be an extra "p" in exppression
Packit Service
b74dd5
Packit Service
b74dd5
Packit Service
b74dd5
xss:ex/*XSS*//*/*/pression(alert('XSS'))">
Packit Service
b74dd5
----------
Packit Service
b74dd5