Welcome Guest, Not a member yet? Register   Sign In
XSS replaces in the documentation
#13

(02-15-2018, 08:01 AM)Elias Wrote:
Code:
<video src="https://www.w3schools.com/html/mov_bbb.mp4"></video>
has src and xss_clean() replaces HTML characters.

Is this the right behavior?

Yes, that's what this means:

(02-14-2018, 11:28 AM)Narf Wrote: Anything that has an 'src' attribute can link external resources and trigger their execution, and thus - XSS.
Reply


Messages In This Thread
XSS replaces in the documentation - by Elias - 02-02-2018, 11:57 AM
RE: XSS replaces in the documentation - by Elias - 02-10-2018, 12:46 PM
RE: XSS replaces in the documentation - by falko - 02-10-2018, 11:23 PM
RE: XSS replaces in the documentation - by PaulD - 02-11-2018, 04:08 AM
RE: XSS replaces in the documentation - by Elias - 02-11-2018, 09:57 AM
RE: XSS replaces in the documentation - by PaulD - 02-11-2018, 11:15 AM
RE: XSS replaces in the documentation - by Narf - 02-12-2018, 06:24 AM
RE: XSS replaces in the documentation - by Elias - 02-12-2018, 07:21 AM
RE: XSS replaces in the documentation - by Narf - 02-14-2018, 11:28 AM
RE: XSS replaces in the documentation - by Elias - 02-15-2018, 08:01 AM
RE: XSS replaces in the documentation - by Narf - 02-22-2018, 01:31 AM



Theme © iAndrew 2016 - Forum software by © MyBB