XSS(DOM)
interface
Source code
<?php
# No protections, anything goes
?>
Infiltration step
The first step: Click the select button and find that the url column has changed, and it is learned that the get method is used.
Step 2: Modify English to, press Enter to access the modified url, find a pop-up window, and the injection is successful.