> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# Reflected XSS into a JavaScript string with single quote and backslash escaped

> PortSwigger Web Security Academy lab: Reflected XSS into a JavaScript string with single quote and backslash escaped. Topic: Cross-Site Scripting (XSS).

# Reflected XSS into a JavaScript string with single quote and backslash escaped

<p className="machine-summary"><span className="prompt"><code>\$ tldr</code></span> PortSwigger · Cross-Site Scripting (XSS)</p>

<div className="machine-meta">
  | ·            | ·                                                                                                                               |
  | ------------ | ------------------------------------------------------------------------------------------------------------------------------- |
  | Platform     | PortSwigger Web Security Academy                                                                                                |
  | Topic        | Cross-Site Scripting (XSS)                                                                                                      |
  | Difficulty   | <span className="dbadge dbadge-medium">PRACTITIONER</span>                                                                      |
  | Official lab | [Open](https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-string-single-quote-backslash-escaped) |
</div>

## Solve the lab

| Language | Author          | Format | Link                                                                                                                            |
| -------- | --------------- | ------ | ------------------------------------------------------------------------------------------------------------------------------- |
| 🇬🇧 EN  | **PortSwigger** | Texto  | [Open](https://portswigger.net/web-security/cross-site-scripting/contexts/lab-javascript-string-single-quote-backslash-escaped) |

## Resources by skill

| Skill                      | Source      | Link                                                                                       |
| -------------------------- | ----------- | ------------------------------------------------------------------------------------------ |
| Cross-Site Scripting (XSS) | HackTricks  | [Open](https://book.hacktricks.wiki/en/pentesting-web/xss-cross-site-scripting/index.html) |
| Cross-Site Scripting (XSS) | PortSwigger | [Open](https://portswigger.net/web-security/cross-site-scripting)                          |

## Related skills

[Cross-Site Scripting (XSS)](/en/skills/xss)

***

## Comments & tips

Solved this lab a different way? Share it here — comments live in [GitHub Discussions](https://github.com/FFuson/HTB_Writeups/discussions).

<div className="rootea-giscus-wrap" data-giscus-term="lab:cross-site-scripting-contexts-javascript-string-single-quote-backslash-escaped" data-giscus-lang="en" />

*Last updated: 2026-06-07*

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"TechArticle","name":"Reflected XSS into a JavaScript string with single quote and backslash escaped","headline":"Reflected XSS into a JavaScript string with single quote and backslash escaped — PortSwigger lab index","url":"https://rootea.es/en/portswigger/labs/cross-site-scripting/contexts-javascript-string-single-quote-backslash-escaped","inLanguage":"en","about":[{"@type":"Thing","name":"PortSwigger Web Security Academy"},{"@type":"Thing","name":"Cross-Site Scripting (XSS)"}],"isPartOf":{"@type":"WebSite","name":"rootea.es","url":"https://rootea.es"},"author":{"@type":"Organization","name":"rootea.es"}}`}
</script>
