Meter HTML5 XSS filter bypass

I was playing around with some new HTML5 features and noticed a funny one. Meter gives you a cool progress bar on-the-fly – https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meter Immediately I thought about using it to bypass some WRONG blacklist tags XSS filter and add a event to it: [code]<meter onmouseover="alert(1)"[/code] You can check it on https://jsfiddle.net/btksfbbx/ Nowadays this doesn’t… Continue reading Meter HTML5 XSS filter bypass