This might be a silly thing to do; but I'm trying to allow 'some' HTML on a website (okay, it's probably a bad idea). But, for the sake of argument...
Is there ANY non-white space character you can place between an attrib开发者_Python百科ute and the '='s sign and still have a modern browser be able to interpret the attribute.
In other words; if the user enters:
<img src="pic1.jpg" width=50 height=50 onClick='alert("Hi");'>
Is there any character(s) that can appear after 'onClick' but before the '=' sign and still have it execute the javascript alert message in any of the big name browsers, besides spaces and enters?
As an example - I tried inserting ' ' (and it fails)...
But is there another clever way of interjecting something I might miss.
After a lot of looking; I've been unable to find anything that can appear between the 'attribute = value' that isn't white space.
 
         
                                         
                                         
                                         
                                        ![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif) 
                                         
                                         
                                         
                                         加载中,请稍侯......
 加载中,请稍侯......
      
精彩评论