0

I am supposed to make a DOM based XSS attack what means that I insert a HTML element with javascript code. (for example an <iframe>)

I have this search box in the html file:

<span id="searchValue" [innerHTML]="searchValue"></span>

What is the [innerHTML]="searchValue" property does? How can I use this search input to place an element in the HTML code?

I know in javascript you can change the value between the element opening and closing tag with innerHTML, but here I have no idea what it does.

Thanks in advance.

stacktrace2234
  • 159
  • 2
  • 11
  • Is this Angular? https://stackoverflow.com/a/34424375/1871033 – CherryDT Apr 19 '21 at 17:44
  • I'm assuming a homework question, so I'll just provide a hint... The issue that is trying to be conveyed is that whatever gets typed into the search box is squirted, without validation, directly into the DOM as a child of the span (most likely by a poorly written backend). Say you typed `my name is stacktrace2234`, then you could format your search term to be bold when it is shown back to you. There exist other tags too, which might lead to far worse mischief. – spender Apr 19 '21 at 17:44
  • Yes, it is an angular application that I have to use. – stacktrace2234 Apr 19 '21 at 18:00

0 Answers0