This injection creates a custom tag with the ID x, which contains an onfocus event handler that triggers the alert function. The hash at the end of the URL focuses on this element as soon as the page is loaded, causing the alert payload to be called.
Community solutions
Michael Sommer
Want to track your progress and have a more personalized learning experience? (It's free!)