|
|
|
|
|
|
by mike-cardwell
3973 days ago
|
|
|
XSS by writing the message: <i<script></script>mg src="#" onerror="alert(1)">
Just stripping out tags doesn't work. Stripping out the script tags there simply ends up creating another new tag. You need to understand and implement proper escaping. |
|
|