I have the following JS (using jQuery, though I don't think jQuery is necessary for the question):
$("<i></i>").html(userInput);
Is it possible for someone to input some string, userInput, such that they successfully execute an XSS attack?
I've tried inputting a script tag with an alert in it, but it doesn't execute - I believe because it's outside the DOM, but I couldn't find any resources to confirm this
Aucun commentaire:
Enregistrer un commentaire