XSS contexts / XSS in HTML tag attributes
Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no idea about first quote --> " , and last part of this script, --> x=" . What are they for?
There's explanation of this script:
Can someone please help me because I'm trying to figure out what is happening but I don't understand, please!
The first quote mark is there to terminate the attribute value. For example: <h1 href="user input">. If the user inputs a ", this allows them to terminate the attribute tag early. They can then add another attribute tag, that can perform a function (see Lab: Reflected XSS into attribute with angle brackets HTML-encoded).
This will still leave the closing quote tag for the original attribute value. Therefore, if we leave that it could cause an error to occur. In the case shown above, we add in x=" in order to prevent an error from occurring, and so repair the markup.
So in our case, we would have <h1 href="" autofocus onfocus=alert(document.domain) x="">