Re: [spoiler][b]Do not remove these notices[/b]
[quote=eehjhay]Due to Major Forum Clean-up, some old topics related to linkers will be moved to [url=http://theftalk.com/f52-Archives.html]Archive[/u
[quote=bobcbar]Understand, did you see this post from xavier?
xavierkym wrote:
onerror is actually the old fashion way of catching an error in a webpage caused by some Javascript error. Since onerror can handle a function, it can be used as an XSS Vector just like what we are doing right now. Apparently, most browsers can read this function and it is therefore a cross-browser XSS Vector.
onerror can work in img tag, script tag or a tag. Because onerror can handle functions and stuffs like that, we can use createElement to insert a new tag, well in this case a script tag (to load our JS Codes).
Actually, we shouldn't be bothered about this.
Last edited by xavierkym (2008-09-17 17:24:04)[/quote]
now I understand....
thank yeah:lol: