mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-15 20:05:13 +02:00
13 lines
394 B
Go
13 lines
394 B
Go
// XSS — positive fixture.
|
|
// Vulnerable: echoes raw user input into HTML output without escaping.
|
|
// Entry: RenderPage(userInput string) Cap: HTML_ESCAPE
|
|
// Expected verdict: Confirmed (<script>NYX_XSS_CONFIRMED</script> echoed)
|
|
|
|
package entry
|
|
|
|
import "fmt"
|
|
|
|
func RenderPage(userInput string) {
|
|
fmt.Print("__NYX_SINK_HIT__\n")
|
|
fmt.Print("<html><body>" + userInput + "</body></html>\n")
|
|
}
|