chiroyce — 2/18/2022, 2:04:20 PM

<img src="x" onerror="alert('hi! here is some fresh new xss, enjoy🍴 ')">

♥ 5 ↩ 0 💬 5 comments

comments

quantum-codes:

Did this ever work? I found out that almost none of the attributes get passed through the API

3/3/2022, 8:16:41 AM
quantum-codes:

*I tested style attribute too. Didn’t work

3/3/2022, 8:17:04 AM
silly:

No

2/19/2022, 10:41:19 AM
lily:

even if this worked jeffalo’s dompurify would cut the invalid src and possibly the onerror @jeffalo pls confirm

2/18/2022, 10:08:38 PM
jeffalo:

👍

2/19/2022, 6:16:09 PM