nightcoder26/injection-attack.md

Created October 18, 2025 14:30

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/nightcoder26/c44a325dc62107aa3d99302cc6f2f561.js"></script>
Save nightcoder26/c44a325dc62107aa3d99302cc6f2f561 to your computer and use it in GitHub Desktop.

Download ZIP

diff between regular js and react's jsx while handling injections

Raw

injection-attack.md

Regular html against injections

  <div id="hello">
  <script>
  const inp = "<img src='x' onerror ='alert(\"whoops, hacked!\")'>"
  document.getElementById("hello").innerHTML =  inp;
  </script>
  </div>

This executes the code, and pops up an alert.

const inp = "<img src='x' onerror='alert(\"whoops, hacked\")'>";
return <div>{inp}</div>;

This only renders the text, unlike regular js.

nightcoder26/injection-attack.md

Select an option

No results found

Select an option

No results found

Regular html against injections