From 85e29df90719b8cfc63f7652050129413994cc37 Mon Sep 17 00:00:00 2001
From: xanhacks <xanhacks@protonmail.com>
Date: Mon, 3 Jul 2023 10:22:06 +0200
Subject: [PATCH] add innerText vs innerHTML

---
 content/en/docs/topics/xss.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/content/en/docs/topics/xss.md b/content/en/docs/topics/xss.md
index 2ebc9de..6357ddd 100644
--- a/content/en/docs/topics/xss.md
+++ b/content/en/docs/topics/xss.md
@@ -64,6 +64,27 @@ self[Object.keys(self)[5]]("XSS")
 >>> Array(316) [ "close", "stop", "focus", "blur", "open", "alert", "confirm", "prompt", "print", "postMessage", … ]
 ```
 
+### innerHTML vs innerText
+
+```html
+<head>
+	<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.6/purify.min.js"></script>
+</head>
+<body>
+	<p id="input">&lt;img src=x onerror=alert() /&gt;</p>
+	<p id="tmp"></p>
+	<p id="output"></p>
+
+	<script>
+		console.log(input.innerText); // <img src=x onerror="alert()" />
+		console.log(input.innerHTML); // &lt;img src=x onerror="alert()" /&gt;
+		let clean = DOMPurify.sanitize(input.innerHTML);
+		tmp.innerHTML = clean; // No XSS
+		output.innerHTML = tmp.innerText; // XSS here
+	</script>
+</body>
+```
+
 ### Anchors fuzzing
 
 #### Javascript protocol