Hello my Friends,
this time in english 😉
Even though json_encode does not allow slashes – so you cant use javascript tags here.
Now the question is -> can i make xss Nevertheless json_encode?
YES YOU CAN! – Just pass the following for XSS a json_encode encoded string:
<img%20src=x%20onerror=alert(document.cookie);>
Now it works very well as you see 😉
Greetings
burncycle