I came across these codes and I think a XSS exploit can be squeeze out of here but I don’t understand what this code does exactly. So I couldn’t write any successful XSS payload.
var hashvalue = window.location.hash.substring(1);
var i = $("[id *= ‘" + hashvalue + "’]");
Can you explain (specifically the role of * , $ and [ ] signs) the code a bit more?
I am not that good at JS so don’t judge me too much
Thanks in advance