Lab: Clobbering DOM attributes to bypass HTML filters

This lab uses the HTML Janitor library, which is vulnerable to DOM clobbering. To solve this lab, construct a vector that bypasses the filter and uses DOM clobbering to inject a vector that calls the print() function. You may need to use the exploit server to enable your vector to auto-execute in the victim's browser.

https://portswigger.net/

The library uses the attributes' property to filter HTML attributes. However, it is still possible to clobber the attributes' property itself, causing the length to be undefined. This allows us to inject any attributes we want into the form element. In this case, we use the on focus attribute to smuggle the print() function.

When the iframe is loaded, it adds the #x fragment to the end of the page URL after a 500ms delay. The delay is necessary to make sure that the comment containing the injection is loaded before the JavaScript is executed. This causes the browser to focus on the element with the ID "x", which is the form we created inside the comment. The on focus event handler then calls the print() function.