| 1 | <html> |
| 2 | <head> |
| 3 | <link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" /> |
| 4 | <style> |
| 5 | .malware { |
| 6 | position: fixed; |
| 7 | bottom: 0; |
| 8 | left: 0; |
| 9 | right: 0; |
| 10 | height: 150px; |
| 11 | background: red; |
| 12 | color: black; |
| 13 | display: flex; |
| 14 | display: flex; |
| 15 | justify-content: center; |
| 16 | align-items: center; |
| 17 | font-family: monospace; |
| 18 | font-size: 72px; |
| 19 | } |
| 20 | </style> |
| 21 | <script> |
| 22 | function xssAttack() { |
| 23 | const div = document.createElement('div'); |
| 24 | div.id = 'the-malware'; |
| 25 | div.className = 'malware'; |
| 26 | div.innerHTML = 'XSS Succeeded'; |
| 27 | document.getElementsByTagName('body')[0].appendChild(div); |
| 28 | // const el = document.querySelector('.mermaid'); |
| 29 | // el.parentNode.removeChild(el); |
| 30 | throw new Error('XSS Succeeded'); |
| 31 | } |
| 32 | </script> |
| 33 | </head> |
| 34 | <body> |
| 35 | <script type="module" src="./viewer.js"></script> |
| 36 | </body> |
| 37 | </html> |
| 38 | |