HTML facts﹕ <input type="image"> and a <frame> XSS bypass
j0r1anSome HTML facts I learned today:
- First one’s just weird likely not useful but
<input type="image">is a thing apparently. It acts as a submit button and sendsx/ycoordinates of your mouse as extra parameters. who the heck uses this. - Another that may be useful for XSS filter bypasses, as it’s an unusual tag name, which a blocklist may miss. If your input starts before the body you can use the
<frame>element inside of a<frameset>:
<frameset>
<frame src="javascript:alert(origin)">
</frameset>