Does it provide payloads for modern web frameworks?

Yes, it includes techniques for identifying vulnerable sinks and sources common in modern JavaScript frameworks, including DOM-based injection points.

Can this skill help bypass Content Security Policies (CSP)?

It includes specific methods to test for CSP weaknesses and provides bypass techniques for common filter configurations to ensure your security headers are robust.

What types of XSS can this skill identify?

This skill provides techniques for identifying all three major types: Stored XSS (persistent), Reflected XSS (non-persistent), and DOM-based XSS (client-side processing).

Is it safe to use on production systems?

The skill includes operational guardrails advising users to never inject payloads that could damage production systems or exfiltrate real user data beyond the authorized scope.

Does it provide remediation advice?

Yes, the skill delivers actionable recommendations for fixing vulnerabilities, including input sanitization, output encoding, and secure CSP configurations.

XSS & HTML Injection Security Testing

Name: XSS & HTML Injection Security Testing
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Identifies and exploits cross-site scripting and HTML injection vulnerabilities to secure web applications against sophisticated client-side attacks.

The XSS & HTML Injection Testing skill provides a comprehensive methodology for security professionals and developers to systematically evaluate web applications for injection flaws. It enables the detection and demonstration of stored, reflected, and DOM-based XSS through a library of advanced payloads and bypass techniques for common filters and encodings. By simulating real-world attack vectors like session hijacking, credential theft, and UI manipulation, this skill helps teams validate their input sanitization logic and Content Security Policy (CSP) configurations to build more resilient web environments.

Key Features

01Comprehensive filter and encoding bypass techniques

021 GitHub stars

03Remediation guidance for input sanitization and CSP hardening

04Advanced payload crafting for cookie theft and session hijacking

05Detection of stored, reflected, and DOM-based XSS vulnerabilities

06HTML injection methods for phishing and UI manipulation simulations

Use Cases

01Demonstrating the business impact of client-side vulnerabilities to stakeholders

02Validating the effectiveness of web application firewalls and input filters

03Conducting security audits and penetration tests on web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill