Y
Hacker News
new
|
ask
|
show
|
jobs
by
_RPM
4294 days ago
Oh I see. This makes sense. This doesn't seem challenging to prevent. A simple replacement of characters on the HTML entity table would have prevented this instead of putting arbitrary text onto standard output.
2 comments
finnn
4294 days ago
Correct. The purpose of this post is to demonstrate yet another class of website that does not validate user input.
link
0x0
4294 days ago
Yep, missing that is what makes this an "XSS" :)
link