Let’s start by analyzing the code first
the code takes a value from GET parameter called “ricardo” and assigns it to the form’s action
then the code will submit the form automatically after 2 seconds.
so the whole game is on action, now there is a neat trick if you know it already then it’s a very easy level if not then you will learn something new.
and that’s it , although you have to wait 2 seconds for the alert box to launch.
And this is the solution for Ricardo PwnFunction XSS, i hope you learnt a new concept that you can use in your XSS hunting or in you web development career