Hacker News new | ask | show | jobs
by jannyfer 2927 days ago
Mind explaining how that text input field creates an XSS opportunity?

> XSS enables attackers to inject client-side scripts into web pages viewed by other users.

Nobody other than you will see your alert("this is bad") so this doesn't seem like XSS.
1 comments
erickj 2927 days ago
that's until OP decides tonight that the tool is so pouplar that sticking a database behind it to serve anonymous examples MUST be a good idea, e.g.
link