js-xss icon indicating copy to clipboard operation
js-xss copied to clipboard

Published 20 hours ago verified publisher icon leizongmin

Filter style tag content

Open klukackova opened this issue 4 years ago • 2 comments

According to the documentation style attributes can be filtered using CSS filter. How can I filter also values between style tags not only attributes? E.g. <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE> is not filtered at all.

klukackova avatar Nov 02 '20 10:11 klukackova

I have tried that

Zhxhh avatar Nov 19 '20 07:11 Zhxhh

There is a package names cssfilter can filter style attribute, but filter CSS style from <style> tag is more complex than HTML, so this package xss currently does not supported this feature.

leizongmin avatar Dec 18 '20 08:12 leizongmin