In this lab, all tags are blocked, and we have to create a new tag.
We will create a new tag with id “x
” with an event “onfocus
” to trigger the alert()
function. Then, we use a hash (#
) to focus on this element. We use tabindex attribute to specify the tab order of the “x
” element.
<script>
location = 'https://lab-id.web-security-academy.net/?search=%3Cniek+id=x+onfocus=alert(document.cookie)+tabindex=1%3E#x';
</script>
You need to change lab-id
.
![](https://niekdang.wordpress.com/wp-content/uploads/2020/05/image-56.png?w=1024)