... and use alert(document.domain) or alert(window.origin) instead.
Blog post: [ Ссылка ]
Sponsored by Google for their Bug Hunter University: [ Ссылка ]
00:00 - Intro
00:47 - Why Do We Use Alert(1) for XSS?
02:25 - alert(1) Popup is NOT Proof of a Vulnerability!
03:07 - Invalid XSS Example 1 on Blogger
04:43 - Sandbox Subdomains
06:27 - Sandboxed iframes
08:29 - Invalid XSS Example 2 on Google Sites
09:50 - Why Should You Care About Invalid XSS Issues?
10:55 - Summary
11:55 - Outro
-=[ ❤️ Support ]=-
→ per Video: [ Ссылка ]
→ per Month: [ Ссылка ]
-=[ 🐕 Social ]=-
→ Twitter: [ Ссылка ]
→ Website: [ Ссылка ]
→ Subreddit: [ Ссылка ]
→ Facebook: [ Ссылка ]
![](https://i.ytimg.com/vi/KHwVjzWei1c/maxresdefault.jpg)