I want to inject XSS payload in an anchor tag, but the double quotes are being converted into %22

Question

The tag works like this:

<a ref="http://googl.com%22 onclick=alert(124)">http://google.com" onclick=alert(124)</a>

Here, the double quote I put is turned into %22. Is there a way to overcome it?

did you try single quotes? – TAHA SULTAN TEMURI Sep 29 '19 at 19:16 — TAHA SULTAN TEMURI, Sep 29 '19 at 19:16

yeah_well · Answer 1 · 2019-05-02T16:41:23.343

0

Here, the double quote I put is turned into %22. Is there a way to overcome it?

No. Double quotes changing into %22 is called url encoding, which is performed so that rendered page doesn't treat it as double quotes.

edited May 02 '19 at 16:41

answered May 02 '19 at 14:49

yeah_well

1 Answers1