The first step of the payload is to set the location property which is a built-in JavaScript object that represents the URL of the current page, and setting it to a new URL is constructed using a template string that includes the following components...
View the page source and observe that your canary is between the angularJS script. Remember that you are dealing with angularJS sandbox, that means regular attack vectors are not going to work. For being able to deliver a successfull XSS attack you have to bypass the angularJS sandbox.
First we need to search for a valid HTML tag.I assume you know how to do that process(you should have been solved previous labs before than that) but if you are not comfortable about how to do it, you can visit this link.
However, you cannot use these alternative payloads in this situation because you are not allowed to use white spaces and some characters are literally banned. That s why, in order to filling the white spaces you need to use multi-line comment feature(/***/). It is possible use /***/ statement for both opening and closing a comment line on the same line.