Unicode encoding?

nikvujic
5 years ago

0

Hi,

Can someone please explain why this input does not work: <script>alert(‘HackThis!!’);</script>

Thank you

1reply
2voices
205views
dimooz
5 years ago

0

Html entities you put here are interpreted as classic string of chars, even if they can be viewed as special chars in your browser. You certainly expected that your browser turns it to special chars that can be part of page source code, but it doesn’t. Try something else.
I suggest you read this: https://excess-xss.com/, especially the “encoding” part.

Discussion thread has been locked. You can no longer add new posts.
1 of 2

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss