# Level 1: Reflected XSS into HTML context with nothing encoded

## <mark style="color:purple;">Objective</mark>

This lab contains a simple reflected cross-site scripting vulnerability in the search functionality.

To solve the lab, perform a cross-site scripting attack that calls the alert function.

## <mark style="color:purple;">Explanation</mark>

In this lab, the application reflects user input directly into the page's HTML context without applying proper encoding or sanitization. When a user enters a search term, the input is embedded in the HTML response. By injecting a malicious script, we can cause the browser to execute the script, demonstrating an XSS vulnerability. In this case, we aim to execute an `alert()` function to confirm the successful exploitation.

## <mark style="color:purple;">Resolution</mark>

1. Navigate to the search functionality of the application.
2. In the search input field, enter the following payload:

   ```html
   <script>alert('XSS test')</script>
   ```
3. Press Enter to submit the search.
4. Upon submission, an alert box will appear, confirming the successful execution of the script.
5. You will then see the lab completion notification.

<figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXcUZbYV30u0xQMsks0SeWVYxKheg1kHr61BqdlW_Qg2H8S1I-XckayFDVO8JC9-2T9WdYu_aSi2JzT49-ewb8GY2rlTn-La5A6B_ivzdZANW0yYFzFFGhX4pMqCfQikchX76UdJrw?key=-BCZ-tSX4vSf40JHJNVK-jBl" alt="" width="375"><figcaption></figcaption></figure>

## <mark style="color:purple;">Mitigation</mark>

* Always **sanitize user inputs** to prevent the injection of malicious scripts.
* **Escape output** before reflecting user input in the HTML context.
* Use **Content Security Policy (CSP)** headers to restrict the execution of malicious scripts.
* Implement **input validation** to filter out dangerous characters such as `<`, `>`, and `'`.