XSS: bypassing html entity encoding of <,>,& characters [duplicate]
I am currently testing a webapplication that is sanitizing user input by html entity encoding special characters.
E.g. <script>alert(1)</script> becomes <script>alert(1)</script>
also the & symbo… Continue reading XSS: bypassing html entity encoding of <,>,& characters [duplicate]