if the url to my page is:
http://example.com/?=<script>alert(1)</script>
That will be sent as the referer header if I redirect or create an iframe to your page. Upon printing referer inside the iframe or elsewhere the script in the url will run just line for any other input as long as it's printed in the page without being encoded properly.
Erlend
if the url to my page is:
http://example.com/?=<script>alert(1)</script>
That will be sent as the referer header if I redirect or create an iframe to your page. Upon printing referer inside the iframe or elsewhere the script in the url will run just line for any other input as long as it's printed in the page without being encoded properly.
Erlend