Reflected XSS into a JavaScript string with angle brackets HTML encoded (Video solution)

preview_player
Показать описание
This video shows the lab solution of "Reflected XSS into a JavaScript string with angle brackets HTML encoded" from Web Security Academy (Portswigger)

Рекомендации по теме
Комментарии
Автор

i have just found that you can put -, +, == or === between this injection '-alert(1)-'

examples: (test them in browser's console)
var a = ' ';
var a = ' ';

ZTechSecurity
Автор

This is more understandable injection
';alert(1)//

can you please explain this
'-alert(1)-'

ZTechSecurity
Автор

Why do we need such symbols though (-, +, ==, ===) and not just do 'alert(1)' ?

giannis
join shbcf.ru