Join us on May 15 for a live demo of how Burp Suite DAST solves real-world security challenges. Register Now

Login

Products Solutions Research Academy Support Company

Customers About Blog Careers Legal Contact Resellers

My account Customers About Blog Careers Legal Contact Resellers

Burp Suite DAST The enterprise-enabled dynamic web vulnerability scanner.

Burp Suite Professional The world's #1 web penetration testing toolkit.

Burp Suite Community Edition The best manual tools to start web security testing. View all product editions

Burp Scanner

Burp Suite's web vulnerability scanner

Burp Suite's web vulnerability scanner'

Attack surface visibility Improve security posture, prioritize manual testing, free up time. CI-driven scanning More proactive security - find and fix vulnerabilities earlier. Application security testing See how our software enables the world to secure the web. DevSecOps Catch critical bugs; ship more secure software, more quickly. Penetration testing Accelerate penetration testing - find more bugs, more quickly. Automated scanning Scale dynamic scanning. Reduce risk. Save time/money. Bug bounty hunting Level up your hacking and earn more bug bounties. Compliance Enhance security monitoring to comply with confidence.

View all solutions

Product comparison

What's the difference between Pro and Enterprise Edition?

Burp Suite Professional vs Burp Suite Enterprise Edition

Support Center Get help and advice from our experts on all things Burp. Documentation Tutorials and guides for Burp Suite. Get Started - Professional Get started with Burp Suite Professional. Get Started - Enterprise Get started with Burp Suite Enterprise Edition. User Forum Get your questions answered in the User Forum. Downloads Download the latest version of Burp Suite.

Visit the Support Center

Downloads

Download the latest version of Burp Suite.

The latest version of Burp Suite software for download

Academy home

Dashboard
Learning paths
Latest topics
Web cache deception Web LLM attacks API testing NoSQL injection Race conditions View all topics
All content
All labs All topics Mystery labs
Hall of Fame
Leaderboard Interview - Kamil Vavra Interview - Johnny Villarreal Interview - Andres Rauschecker
Get started
Get certified
Get certified How to prepare How it works Practice exam Exam hints and guidance What the exam involves FAQs Validate your certification

Back to all topics

Cross-site scripting (XSS)

What is XSS?
How does XSS work?
Impact of an attack
Proof of concept
Testing
Reflected XSS
- Impact
- Contexts
- Testing
- FAQs
Stored XSS
DOM-based XSS
- Testing
- Exploiting
XSS contexts
Exploiting XSS vulnerabilities
Dangling markup injection
- Preventing attacks
Content security policy (CSP)
Preventing XSS attacks
Cheat sheet
View all XSS labs

Web Security Academy
Cross-site scripting
Contexts
Lab

Lab: Reflected XSS in canonical link tag

PRACTITIONER

This lab reflects user input in a canonical link tag and escapes angle brackets.

To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function.

To assist with your exploit, you can assume that the simulated user will press the following key combinations:

ALT+SHIFT+X
CTRL+ALT+X
Alt+X

Please note that the intended solution to this lab is only possible in Chrome.

Solution

Visit the following URL, replacing YOUR-LAB-ID with your lab ID:
https://YOUR-LAB-ID.web-security-academy.net/?%27accesskey=%27x%27onclick=%27alert(1)
This sets the X key as an access key for the whole page. When a user presses the access key, the alert function is called.
To trigger the exploit on yourself, press one of the following key combinations:
- On Windows: ALT+SHIFT+X
- On MacOS: CTRL+ALT+X
- On Linux: Alt+X

Community solutions

z3nsh3ll

Michael Sommer

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy

Practise exploiting vulnerabilities on realistic targets.
Record your progression from Apprentice to Expert.
See where you rank in our Hall of Fame.

As we use reCAPTCHA, you need to be able to access Google's servers to use this function.

Already got an account? Login here

Find XSS vulnerabilities using Burp Suite

Try for free

Burp Suite

Web vulnerability scanner Burp Suite Editions Release Notes

Vulnerabilities

Cross-site scripting (XSS) SQL injection Cross-site request forgery XML external entity injection Directory traversal Server-side request forgery

Customers

Organizations Testers Developers

Company

About Careers Contact Legal Privacy Notice

Insights

Web Security Academy Blog Research

Follow us

© 2025 PortSwigger Ltd.