Lab: DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
This lab contains a DOM-based cross-site scripting vulnerability in a AngularJS expression within the search functionality.
To solve this lab, perform a cross-site scripting attack that executes an AngularJS expression and calls the
- Enter a random alphanumeric string into the search box.
View the page source and observe that your random string is enclosed in an
Enter the following AngularJS expression in the search box:
- Click search.