User talk:CSteipp (WMF)/Training/VulnTagging js

Answers

 * This is an example of a DOM-based XSS. A javascript event handler can be added to the link when it is written into the dom by manipulating the class name of the selected ul element on the page. This made easier in part because jQuery's .html, which uses .innerHTML, will convert &amp;quot; into a " in the DOM automatically.

For example, adding a page that contains:  attack! 

will result in the following html after the javascript runs:

 attack! Edit Tags