What is the difference between HTML Injection and XSS?

HTML injection focuses on injecting and rendering HTML tags to modify page appearance or create fake forms, whereas Cross-Site Scripting (XSS) involves executing malicious JavaScript code within the victim's browser.

What types of injection does this skill cover?

It covers Reflected (GET and POST), Stored (persistent), URL-based, and CSS-based injection scenarios, including bypass techniques for common filters.

Can this skill help me fix identified vulnerabilities?

Yes, it provides specific remediation guidance and secure code examples for PHP, Python, and JavaScript to properly escape output and validate input.

How do I prevent HTML injection in my application?

Prevention involves using context-aware output encoding (like htmlspecialchars), strict input whitelisting, and implementing strong Content Security Policies (CSP) and WAF rules.

Does it support automated testing tools?

The skill includes methodologies for integrating with professional tools like Burp Suite and OWASP ZAP, as well as providing custom Python fuzzing scripts for automation.

HTML Injection Security Testing

Name: HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

0•

Security & Testing

Identifies and tests for HTML injection vulnerabilities to secure web applications against content manipulation and phishing attacks.

This Claude Code skill provides a comprehensive framework for security researchers and developers to detect, exploit, and mitigate HTML injection vulnerabilities. It guides users through the entire testing lifecycle—from mapping potential injection surfaces and executing basic payloads to constructing complex phishing simulations and defacement scenarios. By offering detailed remediation strategies for various programming languages like PHP, Python, and JavaScript, it ensures that identified weaknesses can be properly patched through input validation, output encoding, and modern security headers.

Key Features

01Advanced bypass techniques for evading basic filters and WAFs

02Phishing and defacement attack simulation for impact assessment

03Extensive library of test payloads for tags, attributes, and CSS injection

040 GitHub stars

05Step-by-step workflow for identifying reflected and stored injection points

06Detailed remediation guidance for multiple backend and frontend environments

Use Cases

01Performing security audits on web application input fields and URL parameters

02Generating remediation reports with specific code fixes for development teams

03Simulating content manipulation attacks to test web application firewalls (WAF)

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Advanced bypass techniques for evading basic filters and WAFs

02Phishing and defacement attack simulation for impact assessment

03Extensive library of test payloads for tags, attributes, and CSS injection

040 GitHub stars

05Step-by-step workflow for identifying reflected and stored injection points

06Detailed remediation guidance for multiple backend and frontend environments

Use Cases

01Performing security audits on web application input fields and URL parameters

02Generating remediation reports with specific code fixes for development teams

03Simulating content manipulation attacks to test web application firewalls (WAF)

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill