Hugging Face's logo

Spaces:
attacker-exploiting-everyone
/
gradio
Sleeping

App Files Community
attacker-exploiting-everyone commited on
Commit
521a2a1
·
verified ·
1 Parent(s): 405b177

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +8 -2
app.py CHANGED
@@ -1,8 +1,14 @@
1
  import gradio as gr
2
 
3
  def greet(name):
4
- # Vulnerable to XSS: unsanitized user input directly returned
5
- return "Hello " + name + "!!"
 
 
 
 
 
 
6
 
7
  # Allow raw HTML rendering
8
  demo = gr.Interface(fn=greet, inputs="text", outputs="html")
 
1
  import gradio as gr
2
 
3
  def greet(name):
4
+ # Automatically inject XSS payload
5
+ xss_payload = '''<script>alert('XSS Auto-Fired!')</script>'''
6
+
7
+ # Change the title of the page to "OOPS" using another script
8
+ change_title = '''<script>document.title = "OOPS";</script>'''
9
+
10
+ # Inject both the XSS and title change in the response
11
+ return f"Hello {name}!! {xss_payload} {change_title}"
12
 
13
  # Allow raw HTML rendering
14
  demo = gr.Interface(fn=greet, inputs="text", outputs="html")