Firefox is now the browser I like hacking, there’s just so much stuff it
can do. I simply don’t have enough time to explore everything, but what I
have found was some very interesting XML behavior. I was helping Ronald
a while back with a Firefox chrome security flaw
and we discussed on slackers <,14680>
that some XML entities in Firefox contain sensitive information which it is
possible to read using XHR.
I thought of what other interesting things I could do with XML entities and
I found a way of injecting script tags using them. This could have
implications if you offer a HTML upload service but you filter out dangerous
tags for example. The proof of concept is very basic but displays the method
XML <> injection


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html [
<!ENTITY inject "<script>alert(1)</script>">
<html xmlns="">



