XSS Torture Test - does it exist?

Question

I\'m looking to write a html sanitiser, and obviously to test/prove that it works properly, I need a set of XSS examples to pitch against it to see how it performs. Here\'s a ni

Answer 1

You might try Jesse Ruderman's jsfunfuzz (http://www.squarefree.com/2007/08/02/introducing-jsfunfuzz/) that throws random data at your Javascript trying to break it. It seems the Firefox team has used this with great success.