Example XSS vulnerable scripts' source codes.
- classic: use your classic XSS knowledge to redirect the post page to google.com
- blacklist: do the same thing with prev. task but
<script>and</script>is forbidden by the script. - post-data: make the square in the action page in color "purple".
- post-data: change the content of the action page to string "AUCC"
- localstorage: make the score show 100 even when page is refreshed.
.. feel free to ask your questions as "issues" in github.