6Eyl
XSS inside anchor tag (<a>) without user interaction?
Is it possible to inject a payload inside <a> tag such that the script runs without user interaction?
The injection is inside the href attribute. I can inject onmouseover or onclick attributes, but user interaction is required.
The onfocus and autofocus trick does not work in <a> tag (correct me if I'm wrong).
In my case, the page cannot be loaded in iframe, so I can't do tricks with iframes.
Do you know some other tricks?
