+ 2

can anyone suggest me the payload for cross site scripting which can bypass the filter which is bloking ">" and event handlers

this is the code function escape(input) { // apply strict filter rules of level 0 // filter ">" and event handlers input = input.replace(/>|on.+?=|focus/gi, '_'); return '<input value="' + input + '" type="text">'; }

19th May 2020, 5:19 AM
Sahil Soni
Sahil Soni - avatar
1 Réponse