More Demos

HTML5 Client-side Stored XSS in Web SQL Database

Insecure Example 1:

In this example the user entered tweet is stored and displayed without any form of encoding.
This results in a Stored Cross-site scripting vulnerability.

Try to submit a tweet with HTML inside it and it will be rendered.


Offline Twitter:

What's happening?