Lab reflected xss into a template literal with ang d29d19db42be4bef831d2f4393310fdf
Lab: Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped
after making a search we can see a
as we can see what ever our search term is is being reflected inside of the string literal.
and
using ${funciton} will execute javascript without escaping the string literal.
so our payload can be
${alert(1)}
