xss cheat sheet

Introduction
This cheat sheet is meant to be used by bug hunters, penetration testers, security
analysts, web application security students and enthusiasts.
It’s about Cross-Site Scripting (XSS), the most widespread and common flaw found
in the World Wide Web.

There’s lot of work done in this field and it’s not the purpose of this book to cover
them all. What you will see here is XSS content created or curated by me. I’ve tried to
select what I think it’s the most useful info about that universe, most of the time using
material from my own blog which is dedicated to that very security flaw.

Keep in mind that you might need to adapt some of the info presented here to your
own scenario (like single to double quotes and vice-versa). Although I try to give you
directions about it, any non-imagined specific behavior from you target application
might influence the outcome.
A last tip: follow instructions strictly. If something is presented in an HTML fashion,
it’s because it’s meant to be used that way. If not, it’s probably javascript code that can
be used (respecting syntax) both in HTML and straight to existing js code. Unless told
otherwise.
I sincerely hope it becomes an easy-to-follow consulting material for most…