XSS attack to bypass htmlspecialchars() function in value attribute

Question

Let\'s say we have this form, and the possible part for a user to inject malicious code is this below

...


        

Answer 1

You cannt exploit that input field which contain that func but you can exploit any btn or paragraph or heading or text near it by: like you can add this on btn -> onclick=alert('Hello')