File: xss-image.html

package info (click to toggle)
ruby-open-graph-reader 0.7.1%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 9,976 kB
  • sloc: ruby: 1,525; xml: 22; makefile: 2
file content (15 lines) | stat: -rw-r--r-- 727 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 
<!doctype html>
<html lang="en">
<head prefix="og: http://ogp.me/ns#">
<meta charset="utf-8">
<title>Cross site scripting image attempt</title>
<meta property="og:title" content="Cross site scripting image attempt">
<link rel="canonical" href="http://examples.opengraphprotocol.us/filters/xss-image.html">
<meta property="og:url" content="http://examples.opengraphprotocol.us/filters/xss-image.html">
<meta property="og:image" content="javascript:alert('XSS')">
</head>
<body>
<p>An attempt to introduce JavaScript in an og:image, which might be displayed as an &lt;img src&gt; on a consuming website.</p>
<p>Images are defined as http and https protocols only; javascript:* should not be an accepted value.</p>
</body>
</html>