All my decks
[CTRL+Enter] (1)
makandra dev (1)
makandra Curriculum (0)
makandra Operations (0)
DevOps Curriculum (0)
makandra dev
Stephan Plöderl

Testing for XSS in Markdown Fields

github.com

...markdown from user input, an attacker might be able to use this to inject javascript code into the source code of your page. The linked github page is a collection...

...common markdown XSS payloads which is handy for writing tests. Producing arbitrary links: [Basic](javascript:alert('Basic')) [Local Storage](javascript:alert(JSON.stringify(localStorage))) [CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive')) [URL](javascript://www.google.com...

This website uses short-lived cookies to improve usability.
or learn more