<div onclick="alert(0)">whoops</div> If you want to dive down the rabbit hole, h... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

johnsoft on Jan 30, 2019 | parent | context | favorite | on: Why isn't the internet more fun and weird?

  <div onclick="alert(0)">whoops</div>

If you want to dive down the rabbit hole, here's a good place to start: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_She...

_bxg1 on Jan 30, 2019 [–]

Ah right, duh. Still, I feel like there would be an enumerable set of properties that can execute JS.

marcosdumay on Jan 30, 2019 | [–]

There is an enumerable set of HTML and CSS properties, so yeah.

That document is scary! There are 70 different ways to encode an opening angle bracket, what is just a tiny side note...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact