+ 2
can anyone suggest me the payload for cross site scripting which can bypass the filter which is bloking ">" and event handlers
this is the code function escape(input) { // apply strict filter rules of level 0 // filter ">" and event handlers input = input.replace(/>|on.+?=|focus/gi, '_'); return '<input value="' + input + '" type="text">'; }
1 Odpowiedź