Y
Hacker News
new
|
ask
|
show
|
jobs
by
nickmccann
4397 days ago
The second question disallows the script tag.
1 comments
tieTYT
4397 days ago
How
is it doing that?
link
wasd
4397 days ago
Using <script> ... as a payload won't work because the browser won't execute scripts added after the page has loaded.
link
goblin89
4396 days ago
The browser smartly won't execute scripts added
through innerHTML
, but it probably should be noted that jquery's html() method will[0]. There's always a way to shoot yourself in the foot. :)
[0]
http://api.jquery.com/html/
link
tetrep
4397 days ago
(spoilers!)
https://developer.mozilla.org/en-US/docs/Web/API/Element.inn...
link
hckr1292
4397 days ago
it's not blocking the scripts from being inserted. Inspect the DOM and you'll see them there.
link