Y
Hacker News
new
|
ask
|
show
|
jobs
by
wasd
4397 days ago
Using <script> ... as a payload won't work because the browser won't execute scripts added after the page has loaded.
1 comments
goblin89
4396 days ago
The browser smartly won't execute scripts added
through innerHTML
, but it probably should be noted that jquery's html() method will[0]. There's always a way to shoot yourself in the foot. :)
[0]
http://api.jquery.com/html/
link
[0] http://api.jquery.com/html/