Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
squarecapadmin
squarecapadmin / lxml python
Repository URL to install this package:
|
Version:
3.4.0 ▾
|
Description: Downlevel-Hidden-Hidden block (only works in IE5.0 and later and Netscape 8.1 in IE rendering engine mode). Some websites consider anything inside a comment block to be safe and therefore does not need to be removed, which allows our Cross Site Scripting vector. Or the system could add comment tags around something to attempt to render it harmless. As we can see, that probably wouldn't do the job
http://ha.ckers.org/xss.html#XSS_Downlevel-Hidden
Options: -comments, -processing_instructions
<div><!--[if gte IE 4]>
<SCRIPT>alert('XSS');</SCRIPT>
<![endif]--></div>
----------
<div></div>