Cross Site Scripting with URL protocol schema javascript
I’m testing a web application and I found a XSS vulnerability. I can inject schemas like data:// or tel:// but they have blocked the javascript:// schema. On current browsers the origin is null if I use data:// so data:// is not good.
I ha…