← All Labs
Reflected XSS — Attribute Context
ProfileMe reflects your name into the `value` attribute of an input field. Angle brackets are escaped so a normal <img onerror> payload won't work. Find a way to break out anyway.
ProfileMe reflects your name into the `value` attribute of an input field. Angle brackets are escaped so a normal <img onerror> payload won't work. Find a way to break out anyway.