Javascript escape test

Date: 25.04.2024

In this blog post we test escaping the javascript tags.

Let us insert a script and and image. We want to display the image but not execute the script.

alt text

Now a sample script which deletes the whole body:

<script>
    const collection = document.getElementsByClassName("row");
    collection[0].innerHTML = "Hacked";
</script>

<script>
    const collection = document.getElementsByClassName("row");
    collection[0].innerHTML = "Hacked";
</script>

And now an example of code block.

1
2
3
4
<script>
  const collection = document.getElementsByClassName("row"); collection[0].innerHTML =
  "Hacked";
</script>

And now some Python code:

1
print('Hello World')