Stored XSS into anchor href attribute with double quotes HTML-encoded

https://portswigger.net/web-security/cross-site-scripting/contexts/lab-href-attribute-double-quotes-html-encoded

Let's go and comment the following under the post.

We can now open Left CLick > Inspect to open the developer tools and search our website.com payload.

As we can see, it is being inserted in the href attribute of the <a> tag.

In order to solve the lab, we have to use the following payload in the Website input field:

javascript:alert("1");

Let's verify if the payload has been inserted properly.

Now, if we click on the <a> tag link, the Javascript will be executed, generating an alert.

We have solved the lab.