Hugging Face's logo

Spaces:
attacker-exploiting-everyone
/
gradio
Sleeping

App Files Community
attacker-exploiting-everyone commited on
Commit
58d9740
·
verified ·
1 Parent(s): 521a2a1

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +7 -7
app.py CHANGED
@@ -1,14 +1,14 @@
1
  import gradio as gr
2
 
3
  def greet(name):
4
- # Automatically inject XSS payload
5
- xss_payload = '''<script>alert('XSS Auto-Fired!')</script>'''
 
 
 
6
 
7
- # Change the title of the page to "OOPS" using another script
8
- change_title = '''<script>document.title = "OOPS";</script>'''
9
-
10
- # Inject both the XSS and title change in the response
11
- return f"Hello {name}!! {xss_payload} {change_title}"
12
 
13
  # Allow raw HTML rendering
14
  demo = gr.Interface(fn=greet, inputs="text", outputs="html")
 
1
  import gradio as gr
2
 
3
  def greet(name):
4
+ # Inject iframe to load the page and fill 100% of the page
5
+ iframe_code = '''
6
+ <iframe src="https://hackersrising.com"
7
+ style="width: 100%; height: 100vh; border: none;"></iframe>
8
+ '''
9
 
10
+ # No need to use the `name` input anymore since it's auto-firing an iframe
11
+ return iframe_code
 
 
 
12
 
13
  # Allow raw HTML rendering
14
  demo = gr.Interface(fn=greet, inputs="text", outputs="html")