Javascript escape test
Date: 25.04.2024
In this blog post we test escaping the javascript tags.
Let us insert a script and and image. We want to display the image but not execute the script.
Now a sample script which deletes the whole body:
<script> const collection = document.getElementsByClassName("row"); collection[0].innerHTML = "Hacked"; </script> <script> const collection = document.getElementsByClassName("row"); collection[0].innerHTML = "Hacked"; </script>
And now an example of code block.
1 2 3 4 |
|
And now some Python code:
1 |
|