[xss](http://"><a onmouseover=prompt(document.domain)>xss</a>) or like
'[xss](http://"><img src=x onerror=alert(document.cookie)>)' will end up getting parsed incorrectly and the embedded JS will run.
I've isolated this to the
RelativeLinkRewriter class and how it uses BeautifulSoup doesn't handle the incoming HTML (which is like
<a class="" href='http://"><img src=x onerror=alert(document.cookie)>'>xss</a> at this point). BeautifulSoup 4 does handle that correctly.
Log in to post a comment.