mu

nailuj 1y316d src #3873

Wait is apioforum vulnerable to XSS? Mods do you mind if I test in a separate thread?

caesar 1y316d src #3874

presumably only innocent tags are allowed, like marquee.

razorlovesbees 1y316d src #3875

<><script>alert('a')</script>

ubq323 (bureaucrat) 1y316d src #3876

i don't understand why people keep testing this, the code is right here

caesar 1y316d src #3877

img is not an innocent tag. it has scriptoid attributes. like onerror=.

nailuj 1y316d src #3878

The code is blocking certain attributes

please log in to reply to this thread

mu #6