Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add XSS validation function #237

Closed
tmbrbr opened this issue Nov 28, 2024 · 1 comment
Closed

Add XSS validation function #237

tmbrbr opened this issue Nov 28, 2024 · 1 comment
Assignees
@tmbrbr
Labels
enhancement New feature or request

Comments

@tmbrbr
Copy link
Contributor

tmbrbr commented Nov 28, 2024

When validating XSS by hand, typically the alert() function is used as a payload. This is hard to automate as alerts can be called by the website during normal operation, but also because the alert also requires interaction.

In order to validate potential XSS during tests we usually inject a JavaScript function into the page. The XSS is then triggered with a payload which calls this function with a specific unique input (e.g. a hex string). We then listen for the function call and check whether the input matches the value in the payload.

In cases where it is not possible to inject a custom script or listen for the answer, it would be great to have a function taking a single argument and writing a unique message to stdout.
@tmbrbr tmbrbr self-assigned this Nov 28, 2024
@tmbrbr tmbrbr added the enhancement New feature or request label Nov 28, 2024
@tmbrbr tmbrbr mentioned this issue Dec 4, 2024
Merged
@tmbrbr
Copy link
Contributor Author

tmbrbr commented Dec 10, 2024

Implemented in #242

@tmbrbr tmbrbr closed this as completed Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tmbrbr tmbrbr

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tmbrbr