From fafc8c666f025708d1ebf512ba41ee72886c224b Mon Sep 17 00:00:00 2001 From: xanhacks Date: Sun, 7 Apr 2024 19:38:40 +0200 Subject: [PATCH] add Content-Type that can be used for XSS --- content/docs/http/content-type.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/docs/http/content-type.md b/content/docs/http/content-type.md index ec96bcb..5bb6f21 100644 --- a/content/docs/http/content-type.md +++ b/content/docs/http/content-type.md @@ -17,6 +17,10 @@ toc: true [Content-Type](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type) is an HTTP header used to indicate the media type (MIME type) of the resource being sent in the response body, such as "text/html" for HTML documents or "application/json" for JSON data. +## Content-Type that can be used for XSS + +- [Content-Type that can be used for XSS](https://github.com/BlackFan/content-type-research/blob/master/XSS.md) + ## Script loading Content-Type page What happens if a `script` tag load a javascript file from a page that returns `Content-Type: font/ttf`.