After user submit a html form, on post back when browser renders a page, if one of the input field value is script tag with function surrounded by quote, will the browser ever execute the script and is it considered as XSS attack?
For Example:
<form>
<input type="hidden" id="Id" name="Id" value="<script>alert('test');</script>">
</form>
My quick test doesn't seems to execute the script. (Why?)
DAST scanner is reporting this as XSS issue
