oops.png

Any thoughts on "Make HTML dirty again!" ?
Posted in General Discussion by @albertl




albertl

Researcher

I have looked into this challenge for a few days. Tried many payload already and feeling lost

Here are some of my thoughts:

  1. seems it filter out html tag that are not on the whitlelist .
  2. JavaScript action would be denied
  3. only certain attribute is kept , others like event handler is filtered

Can anyone share some hints or direction ? Thank you so much


Posted on 2019-02-04