Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

HTML:Use quotes within quotes within quotes

I'm stuck with this problem:

<body onload="document.body.innerHTML="<script>alert('hi')</script>"">

The problem is that i cant use quotes within quotes within quotes. Any ideas?

like image 973
flimmerkiste Avatar asked Nov 07 '13 19:11

flimmerkiste


1 Answers

To represent a " character inside an HTML attribute delimited by " characters, use the entity &quot;

I'd recommend attaching event listeners using JavaScript rather then using intrinsic event attributes though. It simplifies things greatly.

Note however, that browsers will not execute JavaScript added to the document with innerHTML. If you want to add a script programatically, the use createElement / appendChild et al.

like image 74
Quentin Avatar answered Oct 02 '22 13:10

Quentin