Skip to main content

Stored XSS into anchor href attribute with double quotes HTML-encoded

$ tldr PortSwigger · Cross-Site Scripting (XSS)

Solve the lab

Resources by skill

Cross-Site Scripting (XSS)

Comments & tips

Solved this lab a different way? Share it here — comments live in GitHub Discussions.
Last updated: 2026-05-08