Texts/codes to test for XSS attacks in my software/website
-
05-07-2019 - |
Question
Firstly, I do not have any malicious intent out of this question. I would like to know what text to copy paste and test in my text areas and text boxes to see if they are stripped correctly.
Currently I use something as limited as:
<script>
alert('xss');
</script>
<a href="www.test.com" onclick="javascript:alert('xss');">test</a>
<img src="http://localhost/logo.gif" onclick="alert('xss');">
Can someone provide or suggest a comprehensive list of tests to check if my site is XSS-proof.
Thank you for your time.
Solution
Parse all the <code>
tags from http://ha.ckers.org/xssAttacks.xml.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow