Categories

← View All Tools

XSS Payload Detector

Detect XSS (Cross-Site Scripting) attack vectors in input strings

### XSS Payload Detector This tool helps identify potential XSS vulnerabilities in your input: **Detection Categories:** - **Script Tags**: <script>, </script>, <script.*?> - **Event Handlers**: onclick, onload, onerror, onmouseover, etc. - **Dangerous Protocols**: javascript:, vbscript:, data: - **iframe/frame**: <iframe>, <frame> - **Object/Embed**: <object>, <embed> - **Style Injection**: <style>, expression(), -moz-binding - **SVG-based XSS**: <svg> tags with event handlers - **DOM-based XSS**: innerHTML, eval(), document.write() **Risk Levels:** - **LOW**: Basic HTML tags without scripts - **MEDIUM**: Event handlers and protocols - **HIGH**: Script tags and encoded payloads - **CRITICAL**: Complete, executable XSS payloads **Example Attack Patterns:** - <script>alert('XSS')</script> - <img src=x onerror=alert('XSS')> - <svg onload=alert('XSS')> - javascript:alert('XSS') - <iframe src="javascript:alert('XSS')"> - %3Cscript%3Ealert('XSS')%3C/script%3E **Use Cases:** - Validate user input before rendering - Scan log files for XSS attempts - Review code for potential vulnerabilities - Security testing and penetration testing - Educational tool for learning XSS attacks

Detect onclick, onload, onerror, and other event handlers

Detect <script> tags and related patterns

Detect javascript:, vbscript:, data: protocols

Detect URL-encoded and HTML entity-encoded attacks

Decode HTML entities and URL encoding before analysis

Maximum depth for nested pattern analysis

API Documentation

Request Endpoint

POST /en/api/tools/xss-payload-detector

Request Parameters

Parameter Name Type Required Description
text textarea Yes -
checkEventHandlers checkbox No Detect onclick, onload, onerror, and other event handlers
checkScriptTags checkbox No Detect