Tuesday, November 27, 2018

New comment by batiste in "Richard Stallman: We Can Do Better Than Bitcoin"

Edit: I answered completely off base. Misunderstood the question. My hunch on the original question: Maybe some system only allow injected JS? Wordpress anyone? Not quite sure.

Yes, I learned it not so long ago in fact and I am a bit ashamed of it.

Try to save this into a HTML file:

  
  
"} If you execute just the JavaScript in your browser console: perfectly fine, valid JS. Now open the HTML file in a browser: powned.

This the because the browser has a HTML parsing phase, and only after JS is executed.

When . It doesn't matter if the happened to be inside the context of a JavaScript string. At this point the browser doesn't know about JS.



from Hacker News - New Comments: "WordPress" https://ift.tt/2FG9Fdm
via IFTTT

No comments:

Post a Comment

GB's Fery fights off Bergs and nosebleeds to reach fourth round

British wildcard Arthur Fery beats Zizou Bergs to reach the Wimbledon fourth round and keep home singles hopes alive - despite suffering thr...