Digital garden

❯

❯

❯

Folder: wargame/portswigger/xss

15 items under this folder.

Feb 04, 2026
Portswigger-DOM XSS in document-write sink using source location-search
Feb 04, 2026
Portswigger-DOM XSS in innerHTML sink using source location-search
Feb 04, 2026
Portswigger-DOM XSS in jQuery anchor href attribute sink using location-search source
Feb 04, 2026
Portswigger-Reflected XSS in canonical link tag
Feb 04, 2026
Portswigger-Reflected XSS into HTML context with all tags blocked except custom ones
Feb 04, 2026
Portswigger-Reflected XSS into HTML context with most tags and attributes blocked
Feb 04, 2026
Portswigger-Reflected XSS into HTML context with nothing encoded
Feb 04, 2026
Portswigger-Reflected XSS into a JavaScript string with angle brackets HTML encoded
Feb 04, 2026
Portswigger-Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped
Feb 04, 2026
Portswigger-Reflected XSS into a JavaScript string with single quote and backslash escaped
Feb 04, 2026
Portswigger-Reflected XSS into attribute with angle brackets HTML-encoded
Feb 04, 2026
Portswigger-Reflected XSS with event handlers and href attributes blocked
Feb 04, 2026
Portswigger-Reflected XSS with some SVG markup allowed
Feb 04, 2026
Portswigger-Stored XSS into HTML context with nothing encoded
Feb 04, 2026
Portswigger-Stored XSS into anchor href attribute with double quotes HTML-encoded

Created with Quartz v4.5.1 © 2026

Blog