Course

This lab presents a puzzle designed to help you trigger a Cross-Site Scripting (XSS) vulnerability. The key to solving this challenge lies in understanding how the Ruby method `String#gsub` operates, especially concerning backreferences when a match is found.

To begin, explore the method `String#gsub` and pay special attention to backreferences. Examples provided, like `"hello".gsub(/l+/, "\0")` and `"hello".gsub(/l+/, "\&")`, will be particularly useful. Ensure that you fully grasp why the payload you discover works, as this understanding is crucial for mastering XSS vulnerabilities.