Server-Side Cross Site Scripting (XSS) Filter

This line is harmless and will remain unchanged

Click me please! I'm a naughty line. I'll remain but without the onclick event

XSS?

asas

Status (a computed field!): Draft

Edit This Document.

Here's the HTML that was stored:

 <p style="font-weight:bold;">This line is harmless and will remain unchanged</p>
<img src="#alert(&apos;XSS&apos;);" />


<p>Click me please! I&apos;m a naughty line. I&apos;ll remain but without the onclick event</p>

<span style="xss:(alert(&quot;XSS&quot;))">XSS?</span>
<img src="#alert(&apos;xss&apos;)" />
<p style="xss:/*
*/(alert(&quot;XSS&quot;))">asas</p>
&lt;

Server-Side Cross Site Scripting (XSS) Filter

Here's the HTML that was stored:

Demos

Demos

Demos

Demos

Learn More