Revisiting XSS Sanitization
A talk by Ashar Javed
@
width:expre/**/ssion(alert(1)) is an old trick discussed in SLA.CKERS
BUT we have ...
Question: How to get rid of `color`?
"PHPSESSID" cookie is not httpOnly ....
Internally it is treated as ...
Useful in cases if sites automatically insert anchor tag (<a>) around image ...
https://html5sec.org/innerhtml/ (Mario Heiderich's Utility)
Demo (Issue Fixed) http://jsfiddle.net/7qgt9wrw/3/
Developers of the WYSIWYG editors think that developers of the server-side/back-end or web applications will do sanitization while developers of web applications are happy to include WYSIWYG editors "AS IT IS" ...