Test XSS detection and protection features. Enable your extension and try the tests below.
Test 1: Basic XSS Attack Vectors
Test common XSS payloads that should be detected and blocked.
Test 2: DOM-based XSS
Test XSS through DOM manipulation methods.
Test 3: Obfuscated XSS Payloads
Test encoded and obfuscated XSS payloads that should still be detected.
Test 4: Advanced XSS Techniques
Test more sophisticated XSS attack techniques.
Test 5: Context-Aware Detection
Test that legitimate code (frameworks, first-party) is not flagged as false positives.
Test 6: Network-based XSS Vectors
Test XSS through network requests and responses.
Test 7: CSP Violation Detection
Test Content Security Policy violation detection. These tests require a page with CSP headers.
Note: CSP violations are detected automatically when a page has CSP headers and violations
occur.
To test CSP detection, you need a page with CSP enabled. The extension will detect and report violations.
⚠️ Test 8: Real-World High-Risk Attacks
These tests simulate real XSS attacks that come from first-party sources but are tainted.
They test our taint-aware first-party detection. These should trigger alerts even though they're from the same
origin.
How it works: These attacks use URL parameters, hash fragments, or user input that gets
reflected/executed.
Even though the code runs from the same origin (first-party), it should be detected because it's tainted.