1. Web Security Academy
  2. Cross-site scripting
  3. Contexts
  4. AngularJS
  5. Lab

Lab: Reflected XSS with AngularJS sandbox escape without strings

EXPERT

This lab uses AngularJS in an unusual way where the $eval function is not available and you will be unable to use any strings in AngularJS.

To solve the lab, perform a cross-site scripting attack that escapes the sandbox and executes the alert function without using the $eval function.