## https://sploitus.com/exploit?id=F15918C0-A80D-5493-9256-547BDA4C4BAB
# Hunar Intern โ XSS Fix (Assignment-2)
## Summary
I found an XSS vulnerability where user input was inserted directly into the page using `innerHTML`. This allowed injected `` tags to execute.
## Fix Applied
Replaced unsafe `innerHTML` insertion with `textContent` (or used an escaping function where appropriate). This prevents the browser from parsing user-supplied text as HTML, so scripts cannot execute.
## Test
Payload used: `alert('XSS Attack!');`
- Vulnerable: produced alert popup (see screenshots.pdf).
- Fixed: no alert popup; the payload is displayed as text.
## Files
- `vulnerable.html` โ original vulnerable example
- `fixed.html` โ patched version using `textContent`
- `screenshots.pdf` โ evidence (before & after)