Skip to content

Instantly share code, notes, and snippets.

Last active May 3, 2017 02:22
Show Gist options
  • Save gcollazo/a6555aa4b9deb68fb8c76e6322e1c9c0 to your computer and use it in GitHub Desktop.
Save gcollazo/a6555aa4b9deb68fb8c76e6322e1c9c0 to your computer and use it in GitHub Desktop.
New Twiddle
import Ember from 'ember';
import hbs from 'htmlbars-inline-precompile';
export default Ember.Component.extend({
layout: hbs`
<a href={{attrs.input}}>CLICK</a>
import Ember from 'ember';
export default Ember.Controller.extend({
userInput: "javascript:alert('1')"
<h1>Ember XSS PoC</h1>
<p>Ember escapes input and prevents XSS</p>
Enter string to be injected:
{{input type="text" value=userInput}}<br />
{{my-component input=userInput}}
"version": "0.12.1",
"EmberENV": {
"options": {
"use_pods": false,
"enable-testing": false
"dependencies": {
"jquery": "",
"ember": "2.12.0",
"ember-template-compiler": "2.12.0",
"ember-testing": "2.12.0"
"addons": {
"ember-data": "2.12.1"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment