Can a data URI be used to perform XSS?

Can a data URI be used to perform XSS?

This is our attempt to explore different ways by which data URI can be used to perform XSS. Data URI, defined by RFC 2397, is a smart way of embedding small files in line in HTML documents.

How to protect your web application from XSS?

One of the solutions implemented to protect web applications against XSS is the keyword blacklisting. Web application developers blacklist special keywords such as javascript, script, alert, round brackets, etc. Data URI allows us to use base64-encoded string as our injection payload. This helps us to bypass filters based on the blacklist approach.

How does a data URI work in HTML?

Data URI, defined by RFC 2397, is a smart way of embedding small files in line in HTML documents. Instead of linking to a file stored locally on the server, the file is provided within the URL itself as a base64-encoded string of data preceded by a mime-type.

How to bypass XSS filters using data URIs Paladion?

The mediatype is a MIME-type string, such as “image/jpeg” for a JPEG image file. If omitted, it defaults to text/plain;charset=US-ASCII. If the data is textual, you can simply embed the text (using the appropriate entities or escapes based on the enclosing document’s type).

How are data URIs used in object tag?

Here, we used the data URI payload as a value assigned to the ‘data’ attribute of the ‘object’ tag. The tag is used to include objects such as images, audio, videos, Java applets, ActiveX, PDF, and Flash. The ‘data’ attribute of the object tag defines a URL that refers to the object’s data.

How to resolve XSS vulnerability in an href tag?

For example an alert script can be pushed into the href of the following url: This is just a location where a user can page between a table of different results and is dynamically added to a jsp via a java TagSupport. I have tried swapping this href location out with a javascript call, but the vulnerability remains.