Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

This post intends to serve as a guide for a common bypass technique when you're up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite's Intruder functionality to learn which tags are allowed. Table of Contents: Setting the…

What is a Cross-site scripting attack? How to prevent XSS attack

Example code and XSS attacks

XSS‐immune: a Google chrome extension‐based XSS defensive framework for contemporary platforms of web applications - Gupta - 2016 - Security and Communication Networks - Wiley Online Library

Bypassing modern XSS mitigations with code-reuse attacks - Truesec

A Pentester's Guide to Cross-Site Scripting (XSS)

Bypassing Signature-Based XSS Filters: Modifying HTML - PortSwigger

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

Understanding XSS Attacks

Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes

Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes