So I want to create a basic form that is vulnurable to XSS for demo purposes. The code I've written looks like this
<html>
<body>
<h1>
Enter your name
</h1>
<form action="xssDemo.php" method="post">
<label> What is your name? </label>
<input type="text" name="yourName" size="30">
<input type="submit" name='Btn' value="Submit">
</form>
<?php
if(isset($_POST["Btn"])) {
echo "Hello " . $_POST["yourName"];
}
?>
</body>
</html>
The idea is for it to allow me to demo reflected XSS attacks by entering <script>alert("XSS")</script>
However, Apache apparently has some built in security against XSS attacks as it filters my attack. How do I shut that off in Apache? Using XAMPP and Chrome if that matters.
Edit: Output is just "Hello "