XSS Inside the text part of an <a> tag



  • How do I xss inside

    <a href="https://gooogle.com">here</a>
    

    ? I have tried normally using alert() but it didn't work



  • Well, without context this is a bit tough--where did you add the alert()?

    If you have control over the full

    <a>
    

    tag then you can simply add an event listener like onmouseover="alert('xxs'")"

    However, there is some niche use where if you only have control over the href= attribute value that you could even try replacing the URL with javascript:alert(1) and it can trigger a XXS.

    I hope this helps!


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2