click javascript:alert() , it will run foreign code in js.checkio.org context
Good news: " -> " so autorun XSS are blocked
Feature? What about context changing? Attacker can use some obfuscated-like code to hack newbie users
Bug? Let's fix it
Created at: 2018/07/12 07:50; Updated at: 2018/07/12 08:11
