Reputation: 334
XSS via img tag, redundant semicolons?
I was looking over the WebGoat exercises, and for one question they ask that you create a JavaScript alert using an img tag.
Their solution is thus:
<img src=x onerror=;;alert('XSS') />
Looking at their solution, I wonder why two (as opposed to just one) semicolns are necessary before the actual alert?
Upvotes: 4
Views: 1892
Answers (1)
Reputation: 1272
Indeed the semicolons aren't necessary i just tested the same tag w/o the semicolons on FF5 and Chrome latest, they both send the alerts with this
<img src=x onerror=;;alert('XSS') />
<img src=x onerror=alert('XSS') />
<img src="x" onerror="alert('XSS')" />
i think they are trying to stop the onerror event in the first semicolon, then output the bogus code out of the event in the alert
i tried this
<img src=x onerror=alert('eventfire');;alert('XSS') />
and it encloses both alerts inside the event, so its not running the second alert outside the event scope.
answer? seems to be doing the same thing w/o the semicolons (maybe there for old browsers that parse the html poorly and execute the alert outside the scope of the event???)
Upvotes: 1
Related Questions
- Sanitize image content and remove embedded Javascript
- XSS on img tag onerror
- XSS safe img src insertion
- Is escaping image url ok?
- XSS attack with javascript in img src attribute
- Cross-site scripting from an Image
- Why are javascript: URIs allowed in the src attribute of <img> tags?
- xss attack with img hex code
- What browsers allow javascript to be the source of image tags?
- How do you allow the usage of an <img> while preventing XSS?