Test a method against a list of XSS known.

Overview

php-xss-tests

Test a method against a list of XSS known.

How to run

Just execute "run.sh", it will start a docker container to do all stuff.

How I know if my code was successfull ?

After run the container the dirs/files below will be created:

  • html/
    • [timestamp]/
      • xss/ <- HTML with XSS
        • *.html
      • no-xss/ <- HTML with cleanned XSS
        • *.html
  • report/
    • report.[timestamp].csv

You should open the HTML to see if XSS is working, if not your code was successfull.

About the XSS list

All the XSS in "xss-fixture.txt" was obtained from https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

Known issues

The "html" dir is creted from the container and is owned by "root" user.

You might also like...
Enable method chaining or fluent expressions for any value and method.

PHP Pipe Operator A (hopefully) temporary solution to implement the pipe operator in PHP. Table of contents Requirements How to install How to use The

A Composer script to run a 'test' or 'spec' Composer script against multiple PHP versions.

composer-multitest composer-multitest is a Composer script that runs a test or spec Composer script against multiple PHP versions managed by PHPBrew o

Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.
Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.

This is a port of the VCR Ruby library to PHP. Record your test suite's HTTP interactions and replay them during future test runs for fast, determinis

this package can help you to test race condition in Laravel Feature Test
this package can help you to test race condition in Laravel Feature Test

Laravel Async Testing this package can help you to test race condition in Laravel Feature Test Requirements Laravel versions 5.7, 6.x, 7.x and 8.x PHP

SNIA SSS PTS test suite based on SNIA's Solid State Storage Performance Test Specification for Transcend products
SNIA SSS PTS test suite based on SNIA's Solid State Storage Performance Test Specification for Transcend products

SNIA-SSS-PTS ABSTRACT SNIA SSS PTS describes a solid state storage device-level performance test methodology, test suite and reporting format intended

PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly frontend application for the raw metrics stream measured by PHP Depend.

PHPMD PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly

The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3
The Current US Version of PHP-Nuke Evolution Xtreme v3.0.1b-beta often known as Nuke-Evolution Xtreme. This is a hardened version of PHP-Nuke and is secure and safe. We are currently porting Xtreme over to PHP 8.0.3

2021 Nightly Builds Repository PHP-Nuke Evolution Xtreme Developers TheGhost - Ernest Allen Buffington (Lead Developer) SeaBeast08 - Sebastian Scott B

 Known: a social group platform
Known: a social group platform

Known: a social group platform Installation One-click Known sites If you want to install on your own web space, we recommend Reclaim Hosting, which in

Pokeproject is a web application born from my passion for the known franchise Pokémon.
Pokeproject is a web application born from my passion for the known franchise Pokémon.

POKEPROJECT Gotta catch em' all! About Pokeproject Pokeproject is a web application born from my passion for the known franchise Pokémon. I decided to

A Laravel package for quickly adding .well-known URLs

A Laravel package for quickly adding .well-known URLs well-known is a Laravel package for quickly adding well-known locations (RFC8615) to a Laravel a

SPAM Registration Stopper is a Q2A plugin that prevents highly probable SPAM user registrations based on well-known SPAM checking services and other techniques

SPAM Registration Stopper [by Gabriel Zanetti] Description SPAM Registration Stopper is a Question2Answer plugin that prevents highly probable SPAM us

PHP Class Encoding featuring popular Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strings.
PHP Class Encoding featuring popular Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strings.

forceutf8 PHP Class Encoding featuring popular \ForceUTF8\Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strin

Audit your PHP version for known CVEs and patches

PHP Version Audit PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new re

This library extends the 'League OAuth2 Client' library to provide OpenID Connect Discovery support for supporting providers that expose a .well-known configuration endpoint.

OpenID Connect Discovery support for League - OAuth 2.0 Client This library extends the League OAuth2 Client library to provide OpenID Connect Discove

PHP Template Attribute Language — template engine for XSS-proof well-formed XHTML and HTML5 pages

PHPTAL - Template Attribute Language for PHP Requirements If you want to use the builtin internationalisation system (I18N), the php-gettext extension

Second Stage XSS

SSX Second Stage XSS, This tool will help you to exploit XSS more deeply. Installation: Clone this project This app need permission to write on curren

A simple place to learn XSS
A simple place to learn XSS

XSSPlayground A simple place to learn XSS. Made for myself to learn and to help others (please do use!) Disclaimer This is a works in progress and wil

XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Open eClass 2.3 Disclaimer This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to exper

HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

Owner
null
XSS, CSRF, SQLi, RFI attacks/defences in eClass site.

Open eClass 2.3 Disclaimer This repository contained a vulnerable version of eclass (check very first commit for initial version, if you want to exper

Vissarion Moutafis 10 Feb 14, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

TYPO3 GitHub Department 18 Jul 18, 2022
🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

Optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar

Jens Segers 1.2k Jan 2, 2023
Security advisories as a simple composer exclusion list, updated daily

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

Roave, LLC 2.5k Jan 5, 2023
QaraTMS is open source test case, test suites, test plans and test runs management tool.

QaraTMS - Open Source Test Management System QaraTMS is open source test management software for managing test suites, test cases, test plans, test ru

Alex H 29 Dec 22, 2022
㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

Lars Moelleken 570 Dec 16, 2022
Dobren Dragojević 6 Jun 11, 2023
List of Magento extensions with known security issues.

Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software

Sansec 184 Dec 7, 2022