Xss question, JavaScript doesn't work


I decided to understand the essence and mechanism of xss. I wrote a simple html:

      </H1> <br />
          echo $_GET['in'];

If I refer to him like


then output the string I passed, but if I try to write a script

.../index.php?in=<script>alert('xss here')</script>

then nothing happens.

What am I doing wrong?

PS: JavaScript is enabled in the browser


Most likely, you are using Chrome: the Chrome XSS Auditor handles such simple reflected XSS, in which case messages about blocking script execution will be displayed on the "Console" tab of the developer panel.

But keep in mind that Chrome will not necessarily protect against any reflected XSS , you can still browse the search results by " chrome xss auditor bypass ".

I think this game from Google , where you can get acquainted with different types of XSS, will be of interest to you.

Scroll to Top