From 47023d81c2b520157fd89873899236d4393e4d38 Mon Sep 17 00:00:00 2001
From: Nicolas <86839007+nbtetreault-eq@users.noreply.github.com>
Date: Thu, 29 Aug 2024 02:55:26 -0400
Subject: [PATCH] Update XSS_Filter_Evasion_Cheat_Sheet.md (#1477)

Should be a dot instead of a comma
---
 cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md b/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md
index e70fa934ac..03215028bd 100644
--- a/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md
+++ b/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.md
@@ -58,7 +58,7 @@ This XSS method uses the relaxed rendering engine to create an XSS vector within
 If the system does not allow quotes of any kind, you can `eval()` a `fromCharCode` in JavaScript to create any XSS vector you need:
 
 ```html
-<a href="javascript:alert(String,fromCharCode(88,83,83))">Click Me!</a>
+<a href="javascript:alert(String.fromCharCode(88,83,83))">Click Me!</a>
 ```
 
 ### Default SRC Tag to Get Past Filters that Check SRC Domain