[xss] lab reflected xss into a javascript string w 11f4c5dffabc4305a14b616e7cb7b6a7
[XSS] Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded
so again we’re being enclosed within single quotes
so I did a view input until I got to know that it didn’t encode ‘ ; - or ( ) characters so we can effectively escape this javascript string by commenting out the ending of it.
so the payload was
'-alert(1);//
