Client XSS Exercise-5
Enter Payload
Data Flow
| Source of Data | Data from Source | Data to Sink | Sink causing Execution | |||
|---|---|---|---|---|---|---|
| Window Message from | HTMLElement.innerHTML |
Vulnerable Code
window.onmessage = function (evt) {
let msgObj = evt.data;
let msg = "Welcome <b>" + msgObj.payload + "</b>!!";
document.getElementById("msgboard").innerHTML = msg;
};