Category Archives: dom

I have the following JS (using jQuery for brevity’s sake but it isn’t necessary for the question):

$(“<i></i>”).html(userInput);

Is it possible for someone to input some string, userInput, such that they successfully execute… Continue reading XSS outside of the DOM→

<div id=”cat”></div>
<script>
$(“#cat”).html(location.pathname);
</script>

I think that example would work, but anyway, if location.pathname has to be a valid page, can this be exploited?

Edit: I’m … Continue reading Can location.pathname lead to XSS?→

<div id=”cat”></div>
<script>
$(“#cat”).html(location.pathname);
</script>

I think that example would work, but anyway, if location.pathname has to be a valid page, can this be exploited?

Edit: I’m … Continue reading Can location.pathname lead to XSS?→