XSS #1

Open

Description

opened

Interesting project! I found this little thing:

Input:

{
 "foo": "bar",
 "test": "<script>alert()</script>"
}

Output:

1"><tr><th>foo</th><td>bar</td></tr><tr><th>test</th><td><script>alert()</script></td></tr></table>

The <script>alert()</script> should be encoded to avoid XSS.

No one assigned

No labels

No projects

No milestone

None yet

No branches or pull requests