I do inspect element and in href link convert it to javascript:alert(‘1’) after removing the original link and press enter.After clicking on the link on website,it pops up. So is this self xss?
No. That’s not even normal XSS. If you’re manually editing the webpage in dev tools, you can do whatever you want. XSS should not require and input from the user, or at least nothing out of the ordinary, for something to happen. Self-XSS requires specific user-input to make something happen to that same user.