You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is prevented by CSP already, but good to prevent this case to benefit out-of-platform cases.
cases:
Example 1)
<svg><animatehref=#xssattributeName=hreffrom=javascript:alert(1)to=1 /><aid=xss><textx=20y=20>XSS</text></a>
Example 2)
<svg><sethref=#xssattributeName=hreffrom=?to=javascript:alert(1) /><aid=xss><textx=20y=20>XSS</text></a>
Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, again for disclosing of this case.
The text was updated successfully, but these errors were encountered:
Is prevented by CSP already, but good to prevent this case to benefit out-of-platform cases.
cases:
Thanks to the "JPCERT/CC Vulnerability Coordination Group" contact and the original reporter, Kenichi Okuno of Mitsui Bussan Secure Directions, Inc, again for disclosing of this case.
The text was updated successfully, but these errors were encountered: