You are currently viewing Reflected XSS in canonical link tag

Reflected XSS in canonical link tag

introduction to Reflected XSS in canonical link tag

In Reflected XSS in canonical link tag, Reflected Cross-Site Scripting (XSS) in the canonical link tag is a web security vulnerability where untrusted user input is not properly sanitized or encoded. This vulnerability allows attackers to inject malicious scripts or code, potentially leading to unauthorized actions or sensitive information theft. To mitigate this vulnerability, web developers should ensure user input is validated and encoded, ensuring data adheres to expected formats and rejects malicious input. Prioritizing web security, implementing secure coding practices, and conducting regular security assessments can minimize the risk of XSS vulnerabilities, maintaining web application integrity, protecting user data, and promoting a safe online environment.

Lab Solutions | Practical Work Time Reflected XSS in canonical link tag

This lab reflects user input in a canonical link tag and escapes angle brackets.

To solve the lab, perform a cross-site scripting attack on the home page that injects an attribute that calls the alert function.

To assist with your exploit, you can assume that the simulated user will press the following key combinations:

  • Alt+X

Please note that the intended solution to this lab is only possible in Chrome.

Stepwise Solution of the lab:-

After accessing the lab without any further ado, we will be applying this below payload.


Now press enter and let’s see what will happen.

BOOM! We’ve successfully solved this lab.

I hope you had loved reading this article after you had completed this article we highly recommend you to study the next article: Reflected XSS into a JavaScript string with single quote and backslash escaped, please don’t forget to leave a comment over here and share it with your friends as well, Good Luck!

Thank you for reading, if this article really helps you then do share it with your mates.
And follow @masaudsec on Twitter.


What is web security?

Website security refers to protecting a website or web application from cyberattacks, unauthorized access, or other security threats.

What is web application security?

Web application security means protecting a website from cyberattacks. These attacks may include vulnerabilities such as SQL injection, XSS, file inclusion, and others.

Which of the following is a good security practice for web browsing?

It is always a good practice to use an up-to-date browser with timely updates. Keep your browser plugins up-to-date, avoid malicious websites and links, and always enable 2-factor authentication while avoiding clickjacking.

How to find someone’s social security number on the dark web

Searching for someone’s social security number or credit card information on the dark web is illegal and unethical. It is important to always avoid such activities and protect yourself and others from cyber threats.

Leave a Reply