<button onclick=“myFunction()”>Try it</button>

<script> function myFunction() { alert(“I am an alert box!”); } </script>

  • melroy@kbin.melroy.orgOP
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    @Teppic Yea, so for the folks who are thinking what is going on. I was checking whether Kbin is correctly escaping HTML/JS code from the body content when posting a thread or post. If this code create a button on your kbin instance with a pop-up alert, you should really upgrade your kbin instance indeed. As you stated correctly, this is very innocent code can’t do any harm. However, if you are very handy you could do all kind of HTML or JS injection into this site. Without people / users even noticing.