An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Geek Repo:Geek Repo
Github PK Tool:Github PK Tool