I've found that a user input was passed to jquery selector sink $() This is known to be vulnerable because having something like :
$("<img src='/' onerror=alert('xss');>")
Will result in an alert in the page
But in this case the user input was added to a class selector so the query looks like :
$(.somethingX)
Where X is the user input And because of that when adding something like a tag , it results in an error :
Uncaught Error: Syntax error, unrecognized expression: .someting <img src='/' onerror=alert('xss');>
So the question will be is there a way to bypass that and get xss ? Is appending something to the user input in this case enough to be secure ?
I've also tried to add something like valid class and then add h1:contains('payload') but this will not create the dom element ,because I think it was patched by jquery .
Thanks .
$('.foo<input here>').bar();. Why not use$('.foo'); alert('XSS'); //').bar();? If there's some specific restriction which prevents this, then you need to mention that in your question.$('.somethingX ' + userinput).$('.somethingX ' + userinput)which make it not possible to close the selector and you will get the same error .