source-git / python-lxml

Clone
Source Code
GIT

Files

  1.   d9acb67c9b615a0ad85ff8316fa45a8f0c5dd043
  2.   src
  3.   lxml
  4.   html
  5.   tests
  6.   hackers-org-data
  7.   downlevel-hidden.data
Blob Blame History Raw 
Description: Downlevel-Hidden-Hidden block (only works in IE5.0 and later and Netscape 8.1 in IE rendering engine mode). Some websites consider anything inside a comment block to be safe and therefore does not need to be removed, which allows our Cross Site Scripting vector. Or the system could add comment tags around something to attempt to render it harmless. As we can see, that probably wouldn't do the job
    http://ha.ckers.org/xss.html#XSS_Downlevel-Hidden
Options: -comments, -processing_instructions

<div><!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]--></div>
----------
<div></div>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation