base
Overview
The HTML <base> element specifies the base URL to use for all relative URLs in a document.
If multiple <base> elements are used, only the first href and first target are obeyed — all others are ignored.
Relative URL redirection
<base>
tag injection allows redirecting relative URLs to an arbitrary host.
For example, for the following page, the browser will request a script from https://attacker-website.com/assets/some-script.js
.
In other words, if there is a way to inject the <base>
tag it is possible to inject arbitrary JavaScipt code to the <scripts>
elements that download scripts using relative URLs.
Last updated