Home Page › Forums › General Discussions › Cybersecurity › My XSS attempt doesn’t seem to work on a simple HTML page I made › Reply To: My XSS attempt doesn’t seem to work on a simple HTML page I made
-
Hey @techblazes ! Answered in Discord but will also answer here for anyone else wondering.
Your sample code is vulnerable and does work with certain payloads.
.innerHTML doesn’t allow for scripts to be executed, so it actually prevents XSS payloads that use script tags (like <script>alert(1)</script>)
It does not prevent XSS payloads that make use of onload events, like: <img src=x onerror=alert();>