You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For some reason, certain payloads, such as <img src='1' onerror='{JAVASCRIPT}' are generating race conditions in which legitimate XSS payload execution is not being marked as executed, and payloads that don't execute are being marked as validated.
For the time being throttling the requests seems to decrease the likelihood of running into this behavior, but I'm still looking into the real cause.
For some reason, certain payloads, such as
<img src='1' onerror='{JAVASCRIPT}'are generating race conditions in which legitimate XSS payload execution is not being marked as executed, and payloads that don't execute are being marked as validated.For the time being throttling the requests seems to decrease the likelihood of running into this behavior, but I'm still looking into the real cause.