Update: [XSS Filter Evasion Cheat Sheet] #1254 (#1255)

* Update XSS_Filter_Evasion_Cheat_Sheet.md XSS Locator (Polygot): - added newline - added ` * Update cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md Additional changes (suggested): - typo polyglot - updated attribution Co-authored-by: Shlomo Zalman Heigh <[email protected]> --------- Co-authored-by: Shlomo Zalman Heigh <[email protected]>
OWASP · Dec 7, 2023 · cc04f3a · cc04f3a
1 parent 1080d9e
commit cc04f3a
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md b/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md
@@ -16,9 +16,12 @@ This is a normal XSS JavaScript injection, and most likely to get caught but I s
 
 ### XSS Locator (Polygot)
 
-The following is a "polygot test XSS payload." This test will execute in multiple contexts including html, script string, js and URL. Thank you to [Gareth Heyes](https://twitter.com/garethheyes) for this [contribution](https://twitter.com/garethheyes/status/997466212190781445).
+The following is a "polyglot test XSS payload." This test will execute in multiple contexts including html, script string, js and URL. (Based on this [tweet](https://twitter.com/garethheyes/status/997466212190781445) by [Gareth Heyes](https://twitter.com/garethheyes)).
 
-`javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>`
+```
+javascript:/*--></title></style></textarea></script></xmp>
+<svg/onload='+/"`/+/onmouseover=1/+/[*/[]/+alert(42);//'>
+```
 
 ### Malformed A Tags