Vulnerable Example
Click to test a real attack:
Secure Example (Fixed)
Explanation
What is XSS?
Cross-Site Scripting (XSS) is a vulnerability where attackers inject malicious JavaScript into a web page, which then executes in the victim’s browser.
How the Vulnerability Works
In the vulnerable example, user input is directly inserted into the page using
innerHTML. This allows the browser to interpret the input as HTML and execute scripts.
Attack Example
<img src=x onerror=alert('XSS')>
This payload executes JavaScript when the image fails to load, demonstrating an XSS attack.
How It Was Fixed
The secure version uses textContent instead of innerHTML.
This ensures that user input is treated as plain text, not executable code.
Key Takeaway
Never trust user input. Always encode or sanitize data before rendering it in the browser.
Phishing Detection
Identify whether the following URL is safe or phishing: