Why the “obvious” payload fails on an innerHTML sink, and what actually pops the alert.
<img src="https://cdn-images-1.medium.com/max/1536/1*_nGNsE4wNTwMqiSibS7s-A.png" title="DOM XSS in innerHTML Sink: Bypassing a Dead-End Tag With ” /> Why the “obvious” payload fails on an innerHTML sink, and what actually pops the alert.Continue reading on Medium » Read More JavaScript on Medium
#java