发表新帖
发表新帖

XSS Torture Test - does it exist?

后端 未结
关注
4 410
孤城傲影
孤城傲影 2021-01-31 10:57

I\'m looking to write a html sanitiser, and obviously to test/prove that it works properly, I need a set of XSS examples to pitch against it to see how it performs. Here\'s a ni

相关标签:
4条回答
  • 不知归路
    2021-01-31 11:25

    XSS Me is a great Firefox plugin you can run against your sanitizer.

    0 讨论(0)
  • 北荒
    2021-01-31 11:27

    Take a look at this XSS Cheat List : https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

    0 讨论(0)
  • 不思量自难忘°
    2021-01-31 11:38

    You might try Jesse Ruderman's jsfunfuzz (http://www.squarefree.com/2007/08/02/introducing-jsfunfuzz/) that throws random data at your Javascript trying to break it. It seems the Firefox team has used this with great success.

    0 讨论(0)
  • 耶瑟儿~
    2021-01-31 11:43

    Check out OWASP. They have good guidance on how XSS works, what to look for, and even the WebGoat project, where you can try your hand on a vulnerable site.

    0 讨论(0)
 看不清?
提交回复
热议问题