Anti-XSS for PHP

{ @hacker | "try to bypass this XSS filter" }

github.com/voku/anti-xss



If you need some inspiration for new attacks, take a look at the PHPUnit tests. I have already included test from e.g. "DOMPurify", "JS-XSS" and "LaravelSecurity". Here you can find some more XSS strings:



PS: This demo, is also available at github.com and you can also create pull-requests, here.

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('Il y a une faille XSS')</script>

keyword(s):

description:

by | at 2019-08-16 19:48:26

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('Il y a une faille XSS')</script>

keyword(s):

description:

by | at 2019-08-16 16:12:38

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<svg><p><textarea><img ><>

result with twig: {{ xss.xss | escape }}:

<svg><p><textarea><img src="</textarea><img src=x onerror=1//">

keyword(s): foo,bar

description: test from DOMPurify

by Lars | at 2019-08-15 01:27:47

BY LARS MOELLEKEN WITH HATE IN 2015