Wrapper_HTMLDataUrl

Wrapper_HTMLDataUrl

Represent an HTML payload in data: url format

Members

Methods

Constructor

Wrapper.js:458

new Wrapper_HTMLDataUrl()

Extends

Methods

Wrapper.js:470

iframe() → {Wrapper_HTML}

Transform any html data url into a <iframe src> payload.
The XSS will trigger on about:blank

Example
const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().script().dataUrl().iframe()

document.body.innerHTML = w.wrap(p)
Returns
Type
Wrapper_HTML
Wrapper.js:485

windowOpen() → {Wrapper_JS}

Transform any html data url into a window.open payload.
The XSS will trigger on about:blank

Example
const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new().script().dataUrl().windowOpen()

document.body.innerHTML = w.wrap(p)
Returns
Type
Wrapper_JS
Wrapper.js:92

wrap(payload) → {string}

Wrap a payload or a string and return it a as string

Example
const p = Payload.new().eval(() => alert(1))
const w = Wrapper.new()
const code = w.wrap(p)

eval(code)
Inherited From:
Parameters
Name Type Description
payload Payload | String

Payload to wrap
Returns
Type
string