In problem 1, since there are no quotes, there are lots of characters that
will terminate an attribute, like %00, %08, CR, LF, VT, space, tab, etc...
I think you're out of luck on problem 2. You *can* break out of a quoted
string inside javascript without the corresponding quote by "injecting up"
a...
will terminate an attribute, like %00, %08, CR, LF, VT, space, tab, etc...
I think you're out of luck on problem 2. You *can* break out of a quoted
string inside javascript without the corresponding quote by "injecting up"
a...
[ more ]