Security

XSS Payload Detector

Detect XSS (Cross-Site Scripting) attack vectors in input strings

json· JSON resultOpen tool

Quick start

Call this tool from your code in three languages.

cURL

curl -X POST 'https://api.elysiatools.com/en/api/tools/xss-payload-detector' \
  -H 'Content-Type: application/json' \
  -d '{"text":"Enter text or code to scan for XSS attack vectors...","checkEventHandlers":true,"checkScriptTags":true,"checkProtocols":true,"checkEncoded":true,"decodeEntities":true,"maxDepth":3}'

API reference

Send a POST request with your inputs as JSON. File parameters require a separate upload first.

Endpoint

HTTP

POST https://api.elysiatools.com/en/api/tools/xss-payload-detector

Parameters

Name	Type	Required	Description
text	textarea	Yes	—
checkEventHandlers	checkbox	No	Detect onclick, onload, onerror, and other event handlers
checkScriptTags	checkbox	No	Detect <script> tags and related patterns
checkProtocols	checkbox	No	Detect javascript:, vbscript:, data: protocols
checkEncoded	checkbox	No

MCP integration

Add this tool to your Model Context Protocol server so AI agents can list and call it.

Server configuration

Add this block to your MCP client configuration:

mcp.json

{
  "mcpServers": {
    "elysiatools-xss-payload-detector": {
      "name": "xss-payload-detector",
      "description": "Detect XSS (Cross-Site Scripting) attack vectors in input strings",
      "baseUrl": "https://api.elysiatools.com/mcp/sse?toolId=xss-payload-detector",
      "command": "",
      "args": [],
      "env": {},
      "isActive": true,
      "type": "sse"
    }
  }
}

List available tools

After connecting to the SSE endpoint, list the exposed tools:

tools/list

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/list"
}

Call this tool

Invoke the tool by its id, passing arguments built from its parameters:

tools/call

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/call",
  "params": {
    "name": "xss-payload-detector",
    "arguments": {
  "text": "Enter text or code to scan for XSS attack vectors...",
  "checkEventHandlers": true,
  "checkScriptTags": true,
  "checkProtocols": true,
  "checkEncoded": true,
  "decodeEntities": true,
  "maxDepth": 3
}
  }
}

Chain multiple tools in one session with a comma-separated toolId list, e.g. /mcp/sse?toolId=png-to-webp,jpg-to-webp,gif-to-webp (max 20).

Questions or issues? Contact [email protected]

Browse tools Open tool