Menu
I have been doing some testing with XSS and I created a simple form with one text input and the php at the top of the page echoes out the value, like this:
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Mysite</title>
</head>
<body>
<?php if(isset($_POST['name'])) {
$name = $_POST['name'];
echo $name;
}
?>
<form action="" method="post">
<input type="text" name="name"/>
<input type="submit" value="Submit" />
</form>
</body>
</html>
I entered a javascript code in the text input like this:
<script type="text/javascript">alert('XSS!');</script>
When I do this in Google Chrome I get nothing, no output, no alert box and no errors. But when I view it in Internet Explorer I get the alert box as expected.
Why is this happening?
271
Chrome has a built in xss filter:
http://blog.securitee.org/?p=37
and
https://security.stackexchange.com/questions/16247/does-google-chrome-protect-against-cross-site-scripting-xss
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
