|
|
|
|
|
|
by aj-code
5243 days ago
|
|
|
One of the most useful features of that site used to be that you could tell at a glance which browsers the XSS payload would work on, and which it wouldn't. It hasn't been updated for modern browsers so now you have to test each browser yourself. A lot of the payloads aren't based on browser "bugs" as such, more just the way browsers loosely interpret mangled HTML, CSS and JavaScript. Newer browsers tend to be stricter on what they'll interpret, especially when it comes to a potential XSS vector. The site doesn't seem to have been updated for anything after IE7 and Firefox 2, but I'm not aware of any better cheat sheets. Anyone got any? |
|
|