I'm making an API and part of that API involves appending a bunch of XSS vectors to HTTP parameters.
"><svg/onload=prompt(/OPENBUGBOUNTY/)>
How can I detect whether the relevant XSS vectors which contain JS have been executed or not?
At first, I thought it would be as simple as checking the source for reflection but this isn't a failsafe method and will induce a lot of false positives.
Is there any simple method and efficient method available to deal with this?
The relevant vectors will always be assigned a static text value (ie 'XSS').
Aucun commentaire:
Enregistrer un commentaire