Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Z
Z
zlodiak2020-09-17 16:23:19
JavaScript
zlodiak, 2020-09-17 16:23:19

Why doesn't xss work?

I wrote two versions of the same code. The bottom line is that the user enters malicious code into the input field: As a result, the jquery code executes the alert command. And the nativeJS code does not execute. LIVE DEMO Please help me to make the nativeJS code also execute the alert command. It is not necessary to use innerHTML. I tried using createElement/createTextNode instead of innerHTML , but that didn't work either. Although the jquery method uses them, judging by the sources
<script>alert('xss attack')</script>





Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
N
Nikita Mikhailov, 2020-09-17
@Psixodelik

Script elements inserted using innerHTML do not execute when they are inserted.

The
Xs standard, how jQuery does it all inside, but apparently they process it in their own way. You can still use XSS, just not as explicitly.
For example, this will work<img src='x' onerror='alert(1)'>

Similar questions
V
Vladimir Kapalev2021-03-27 10:25:24
Which program to batch replace text from a list from a file using regular expressions? 3Reply
V
Vadik Serebryansky2019-09-11 15:11:27
Will Sandy Bridge Xeon run on 1600 RAM and B number? 1Reply
A
AlexStartsev2017-04-13 12:46:13
What are the current TODO plugins for Sublime Text 3? 3Reply
E
Eugene2017-04-15 14:01:09
What are the ways in which python scripts interact? 7Reply
U
Utopia2015-04-23 02:42:24
How is the messenger connection and network operation implemented? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question