Say I have the following script
var a = document.getElementById('in').value; escape(a);
Is it possible to bypass the escape function to do some XSS? I have tried );alert(1); to no avail. I have tried “);alert(1); but that doesn’t work either. I’m guessing its because
document.getElementById returns a string. Anyway to bypass it?