mu #6

 
nailuj src #3873

Wait is apioforum vulnerable to XSS? Mods do you mind if I test in a separate thread?

caesar src #3874

presumably only innocent tags are allowed, like marquee.

razorlovesbees src #3875

<><script>alert('a')</script>

ubq323 (bureaucrat) src #3876

i don't understand why people keep testing this, the code is right here

caesar src #3877

img is not an innocent tag. it has scriptoid attributes. like onerror=.

nailuj src #3878

The code is blocking certain attributes

please log in to reply to this thread