<p>I'm stuck with this problem:</p> <pre class="prettyprint"><code><body onload="document.body.innerHTML="<script>alert('hi')</script>""> </code></pre> <p>The problem is that i cant use quotes within quotes within quotes. Any ideas?</p>

HTML:Use quotes within quotes within quotes

Tags:

javascript

html

string

quotes

double-quotes

I'm stuck with this problem:

<body onload="document.body.innerHTML="<script>alert('hi')</script>"">

The problem is that i cant use quotes within quotes within quotes. Any ideas?

973

asked Nov 07 '13 19:11

flimmerkiste

1 Answers

To represent a " character inside an HTML attribute delimited by " characters, use the entity "

I'd recommend attaching event listeners using JavaScript rather then using intrinsic event attributes though. It simplifies things greatly.

Note however, that browsers will not execute JavaScript added to the document with innerHTML. If you want to add a script programatically, the use createElement / appendChild et al.

answered Oct 02 '22 13:10

Quentin

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With