DEV Community

Artur Balsam
Artur Balsam

Posted on

PyScript XSS

Run XSS in Your browser

With additional steps


Last month Anaconda, release the PyScript Simplifying: The Python in browser, with HTML and JavaScript. Javascript and python, in the browser,. What can possibly can go wrong.

DISCLAIMER: It's fun post, pyscript is great idea, but as everything, security should be some concern.

PyScript XSS

Let's check how it works:

<!DOCTYPE html>
        <link rel="stylesheet" href="" />
        <script defer src=""></script>
        <py-script src="/"></py-script>
Enter fullscreen mode Exit fullscreen mode

print('as<img src=x onerror=alert(1)>df')
Enter fullscreen mode Exit fullscreen mode

and here we are, with XSS:

Image description


Make no mistake, The PyScript, is brilliant product! Just don't forget about security.

Top comments (0)