+ Start a Discussion
Nuno MatosNuno Matos 

Trailhead Simulate a Cross-Site Scripting Attack

Hello,

I'm trying to complete the Simulate a Cross-Site Scripting Attack but I get the error:

Challenge Not yet complete... here's what's wrong: 
It doesn't appear that you've successfully simulated a cross-site scripting attack using the Visualforce page. Please try again.

My input is: <a onmouseover = "alert(\'This is an xss attack.\')">xss attack</a>
The org is connected to Trailhead, however, it seems that the Trailhead Tracker isn't installed. Isn't this package usually required to track access the orgs used in Trailhead?
Best Answer chosen by Nuno Matos
Nuno MatosNuno Matos

I figured it out. Althought my input caused the popup to appear, it seems that for the challenge no spaces could exist:

<a onmouseover="alert(\'XSS Attack\')"> any text</a>

Seems obvious now but the js was executed regardless.

All Answers

Nuno MatosNuno Matos

I figured it out. Althought my input caused the popup to appear, it seems that for the challenge no spaces could exist:

<a onmouseover="alert(\'XSS Attack\')"> any text</a>

Seems obvious now but the js was executed regardless.

This was selected as the best answer
Venkata Pokala 5Venkata Pokala 5
Hello - I am not able to complete this trailhead challenge. Will some one guide me where I need to place below code to complete this challenge? If possible will you please post entire code for this visualforce page?

<a onmouseover="alert(\'XSS Attack\')"> any text</a>
Joanna Knott 44Joanna Knott 44
@venkata, click on XSS Basic Challenge, paste the following in the challenge box: <a onmouseover="alert(\'XSS Attack\')"> any text </a>
Click on Attempt XSS!, click on check Challenge in the Trailhead
shradha mhaskeshradha mhaske
For completeing this challenge follow below steps - 
I have Sign up For Kingdom Management application dev org.
Connect the dev org to your trailhead account by clicking manage hands on org from your accounts.
Click XSS Basics Challenge tab.
Insert following code in message box and click Attempt XSS! button.
<a onmouseover="alert(\'XSS Attack\')"> any text </a>

any text message will appear below the Attempt Xss! button. 
Hover over the cursor on any text message. The pop up will appear as XSS attack.