Enter the following into the into the search box:
<img src=1 onerror=alert(1)>
- Click "Search".
The value of the
src attribute is invalid and throws an error. This triggers the
onerror event handler, which then calls the
alert() function. As a result, the payload is executed whenever the user's browser attempts to load the page containing your malicious post.