JavaScript via CSS Hello, are there still possibilities to execute JavaScript via stylesheets? The common methods like expression or moz-binding are not working in modern web browsers. It seems that Mozilla completely removed the -moz-binding functionality. Regards http://sla.ckers.org/forum/read.php?2,49857,49857#msg-49857 Tue, 21 May 2013 12:37:30 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?2,49857,50371#msg-50371 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50371#msg-50371
Cool

Also if you wrap around the style with svg tags you can use the newer entites too such as : etc which is pretty useful for bypasses since filters tend to think entities won't work in style blocks.]]> Gareth Heyes XSS Info Sun, 01 Jul 2012 16:11:29 -0500 http://sla.ckers.org/forum/read.php?2,49857,50370#msg-50370 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50370#msg-50370
I added it to the description for #9 few days ago and your link to hackvertor.]]> LeverOne XSS Info Sat, 30 Jun 2012 16:46:10 -0500 http://sla.ckers.org/forum/read.php?2,49857,50369#msg-50369 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50369#msg-50369
I think Opera stops javascript: now but allows data

<style>*{-o-link:'data:text/html,%3Cimg%20src%3D1%20onerror%3Dalert(1)%20%2F%3E';-o-link-source:current}</style>
<a xlink:href=123>test</a>]]> Gareth Heyes XSS Info Sat, 30 Jun 2012 16:17:42 -0500 http://sla.ckers.org/forum/read.php?2,49857,50368#msg-50368 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50368#msg-50368
1) http://html5sec.org/#9
2) http://html5sec.org/#90
3) http://html5sec.org/#129]]> LeverOne XSS Info Sat, 30 Jun 2012 12:25:56 -0500 http://sla.ckers.org/forum/read.php?2,49857,50367#msg-50367 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50367#msg-50367 Gareth Heyes XSS Info Fri, 29 Jun 2012 15:23:05 -0500 http://sla.ckers.org/forum/read.php?2,49857,50364#msg-50364 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50364#msg-50364 Jean Pascal Pereira XSS Info Mon, 25 Jun 2012 07:49:47 -0500 http://sla.ckers.org/forum/read.php?2,49857,50117#msg-50117 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50117#msg-50117 Gareth Heyes XSS Info Mon, 18 Jun 2012 07:12:27 -0500 http://sla.ckers.org/forum/read.php?2,49857,50116#msg-50116 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50116#msg-50116 Jean Pascal Pereira XSS Info Sun, 17 Jun 2012 09:06:01 -0500 http://sla.ckers.org/forum/read.php?2,49857,50115#msg-50115 Re: JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,50115#msg-50115 cr101 XSS Info Wed, 13 Jun 2012 10:08:23 -0500 http://sla.ckers.org/forum/read.php?2,49857,49857#msg-49857 JavaScript via CSS http://sla.ckers.org/forum/read.php?2,49857,49857#msg-49857
are there still possibilities to execute JavaScript via stylesheets?

The common methods like expression or moz-binding are not working in modern web browsers. It seems that Mozilla completely removed the -moz-binding functionality.

Regards]]> Jean Pascal Pereira XSS Info Tue, 29 May 2012 06:10:52 -0500