This repository was archived by the owner on Jan 10, 2023. It is now read-only.
This repository was archived by the owner on Jan 10, 2023. It is now read-only.
xss in css context #34
Description
Hello, I am trying to find a way how to perform XSS in style tags. However it seems to me that unless I rely on deprecated or not fixed features of old browsers like :expression and -moz-binding the following pages cannot be exploted. Is it true? If so, could you give me a hint on how to exploit them?
The testcases:
/serverside/escapeHtml/css_style
/serverside/escapeHtml/css_style_font_value
/serverside/escapeHtml/css_style_value
/serverside/encodeUrl/css_style
/serverside/encodeUrl/css_style_value
/serverside/encodeUrl/css_style_value