DEV Community

Artur Balsam
Artur Balsam

Posted on

PyScript XSS

#xss #security #python #pyscript

Run XSS in Your browser

With additional steps

Intro

Last month Anaconda, release the PyScript https://github.com/pyscript/pyscript. Simplifying: The Python in browser, with HTML and JavaScript. Javascript and python, in the browser,. What can possibly can go wrong.

DISCLAIMER: It's fun post, pyscript is great idea, but as everything, security should be some concern.

PyScript XSS

Let's check how it works:
index.html

<!DOCTYPE html>
<html>
    <head>
        <link rel="stylesheet" href="https://pyscript.net/alpha/pyscript.css" />
        <script defer src="https://pyscript.net/alpha/pyscript.js"></script>
    </head>
    <body>
        <py-script src="/test.py"></py-script>
    </body>
</html>
Enter fullscreen mode Exit fullscreen mode

test.py

print('as<img src=x onerror=alert(1)>df')
Enter fullscreen mode Exit fullscreen mode

and here we are, with XSS:

Image description

Outro

Make no mistake, The PyScript, is brilliant product! Just don't forget about security.

Top comments (0)

Read next

nkusikevin profile image

Empowering Farmers with Data-Driven Crop Recommendations

Nkusi kevin -

sachadee profile image

Encrypt/Decrypt Data between Python 3 and JavaScript (AES algorithm)

SachaDee -

calsoftinc profile image

Importance of Cyber Security in Business Continuity

calsoftinc -

jamesbmour profile image

Mastering LangChain: Part 1 - Introduction to LangChain and Its Key Components

James -