Client XSS Exercise-4

Previous Next
Enter Payload

Data Flow

Source of Data Data from Source Data to Sink Sink causing Execution
WebSocket message from HTMLElement.innerHTML

Vulnerable Code


    let ws = new WebSocket(webSocketUrl);
    ws.onmessage = function (evt) {
        
        let rawMsg = evt.data;
        let msgJson = JSON.parse(rawMsg);
        let msg = "Welcome <b>" + msgJson.payload + "</b>!!";
        document.getElementById("msgboard").innerHTML = msg;
    };