2008-09-17 18:23:44

xavierkym
» FTalkFreak
FTalk Level: zero
1651
0
1969-12-31

Re: [spoiler][b]Do not remove these notices[/b] [quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u

onerror is actually the old fashion way of catching an error in a webpage caused by some Javascript error. Since onerror can handle a function, it can be used as an XSS Vector just like what we are doing right now. Apparently, most browsers can read this function and it is therefore a cross-browser XSS Vector. onerror can work in img tag, script tag or a tag. Because onerror can handle functions and stuffs like that, we can use createElement to insert a new tag, well in this case a script tag (to load our JS Codes). Actually, we shouldn't be bothered about this. :lol:

Last edited by xavierkym (2008-09-17 18:24:04)

Board footer

© 2024 F Talk

Current time is 19:39

[ 12 queries - 0.088 second ]
Privacy Policy