Share
## https://sploitus.com/exploit?id=F15918C0-A80D-5493-9256-547BDA4C4BAB
# Hunar Intern โ€” XSS Fix (Assignment-2)

## Summary
I found an XSS vulnerability where user input was inserted directly into the page using `innerHTML`. This allowed injected `` tags to execute.

## Fix Applied
Replaced unsafe `innerHTML` insertion with `textContent` (or used an escaping function where appropriate). This prevents the browser from parsing user-supplied text as HTML, so scripts cannot execute.

## Test
Payload used: `alert('XSS Attack!');`
- Vulnerable: produced alert popup (see screenshots.pdf).
- Fixed: no alert popup; the payload is displayed as text.

## Files
- `vulnerable.html` โ€” original vulnerable example
- `fixed.html` โ€” patched version using `textContent`
- `screenshots.pdf` โ€” evidence (before & after)