Issue:

The cross-site scripting vulnerability has not been fixed in the comment function.

Test 1: Embedded script

You may be trying to filter certain keywords such as removing the word script. This is not how you should try to fix a XSS vulnerability. Please review the Defense section of the lesson and try again.

Test 2: HTML Element Parser

You may be trying to filter or user regular expressions such as accounting for a specific element. We want to account for all elements. Please review the Defense section of the lesson and try again.

Did this answer your question?