1. Web Security Academy
  2. DOM-based
  3. DOM clobbering
  4. Lab

Lab: Clobbering DOM attributes to bypass HTML filters


This lab uses the HTMLJanitor library, which is vulnerable to DOM clobbering. To solve this lab, construct a vector that bypasses the filter and uses DOM clobbering to inject a vector that calls the print() function. You may need to use the exploit server in order to make your vector auto-execute in the victim's browser.


The intended solution to this lab will not work in Firefox. We recommend using Chrome to complete this lab.

Register for free to track your learning progress

The benefits of working through PortSwigger's Web Security Academy
  • Practise exploiting vulnerabilities on realistic targets.

  • Record your progression from Apprentice to Expert.

  • See where you rank in our Hall of Fame.

Already got an account? Login here