XSS Testing Page

https://github.com/cujanovic/XSS-Testing-Page

Server header -> X-XSS-Protection: 0

======================================================================================================================
Parameter Name Reflected Context Example
tagName Inside a tag declaration ?tagName=foo <foo>...</foo>
attributeName Inside an attribute name ?attributeName=foo <div foo="">...</div>
singleQuotedAttributeValue Inside an attribute value delimeted by a single quote (') ?singleQuotedAttributeValue=foo <input value='foo'>...</input>
doubleQuotedAttributeValue Inside an attribute value delimeted by a double quote (") ?doubleQuotedAttributeValue=foo <input value="foo">...</input>
unquotedAttributeValue Inside an attribute value delimeted by a double quote (") ?unquotedAttributeValue=foo <input value=foo>...</input>
urlencodeuri Test if browser sends urlencode URI ?urlencodeuri=foo>'<; ?urlencodeuri=foo%3E%27%3C;
dom Test DOM /dom/#<s>sss</s> DOM
html In an HTML context ?html=foo <div>... foo ...</div>
html ahref In an HTML ahref context ?ahref=foo <a href="foo">... foo ...</a>
htmlComment Inside an HTML comment ?htmlComment=foo <!--... foo ... -->
styleTag Inside a CSS style tag ?styleTag=foo <style>... foo ...</div>
styleAttribute Inside a CSS style attribute ?styleAttribute=foo <div style="foo">...</div>
idAttribute Inside an ID attribute ?idAttribute=foo <div id="foo">...</div>
classAttribute Inside a CSS class name attribute ?classAttribute=foo <div class="foo">...</div>
jsSingleQuotedString Inside a sigle quoted string in JavaScript ?jsSingleQuotedString=foo <script> var str = 'foo'; </script>
jsDoubleQuotedString Inside a double quoted string in JavaScript ?jsDoubleQuotedString=foo <script> var str = "foo"; </script>
jsSingleLineComment Inside a single line JavaScript comment ?jsSingleLineComment=foo <script> // foo </script>
jsMultiLineComment Inside a multi line JavaScript comment ?jsMultiLineComment=foo <script> /* foo */ </script>
js Inside a JavaScript script tag context ?js=foo <script> foo </script>
======================================================================================================================
 
 
 
 
foo