1. Web Security Academy
  2. Cross-site scripting
  3. DOM-based
  4. Lab

Lab: DOM XSS in jQuery anchor href attribute sink using location.search source

APPRENTICE

This lab contains a DOM-based cross-site scripting vulnerability in the submit feedback page. It uses the jQuery library's $ selector function to find an anchor element, and changes its href attribute using data from location.search.

To solve this lab, make the "back" link execute the alert function.