vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update XSS.md

Browse Source
This commit is contained in:
Mehdi 2023-09-16 17:27:45 +03:30 committed by GitHub
parent 3675947a74
commit 193b28a467
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
XSS.md
View File

@ -2,14 +2,14 @@
**Web Content-Types to XSS** **Web Content-Types to XSS**
The following content types can execute XSS in all browsers: The following content types can execute XSS in all browsers:
* text/html * `text/html`
* application/xhtml+xml * `application/xhtml+xml`
* application/xml * `application/xml`
* text/xml * `text/xml`
* image/svg+xml * `image/svg+xml`
* text/plain (?? not in the list but I think I saw this in a CTF) * `text/plain` (?? not in the list but I think I saw this in a CTF)
* application/rss+xml (off) * `application/rss+xml` (off)
* application/atom+xml (off) * `application/atom+xml` (off)
In other browsers other Content-Types can be used to execute arbitrary JS, check: In other browsers other Content-Types can be used to execute arbitrary JS, check: