STEP 1: Inspect the Site Name element
STEP 2: Remove client side restrictions
Replace the existing input field to increase the maxsize field and remove the characters allowed property as follows:
<input type="text" placeholder="Name of site" maxsize="100" class="form-control" required="" name="name">
STEP 3: Edit the ex1.js file to remove character encoding
var siteName = $(".ex1 input[type='text']").val().trim().replace(/</g, "<").replace(/>/g, ">"); var siteURL = $(".ex1 input[type='url']").val().trim().replace(/</g, "<").replace(/>/g, ">");
STEP 4: Enter the XSS payload
After the client side validation and sanitizing is removed, enter the following payload into the “Site Name” field and click “Submit”.