I'm stuck with this problem:
<body onload="document.body.innerHTML="<script>alert('hi')</script>"">
The problem is that i cant use quotes within quotes within quotes. Any ideas?
To represent a "
character inside an HTML attribute delimited by "
characters, use the entity "
I'd recommend attaching event listeners using JavaScript rather then using intrinsic event attributes though. It simplifies things greatly.
Note however, that browsers will not execute JavaScript added to the document with innerHTML
. If you want to add a script programatically, the use createElement
/ appendChild
et al.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With