What is the difference between HTML injection and XSS?

While both involve injecting code, HTML injection specifically focuses on rendering HTML tags to change page appearance or create fake forms, whereas XSS (Cross-Site Scripting) involves executing malicious JavaScript in the victim's browser.

Is this skill compatible with tools like Burp Suite?

Absolutely. The skill includes specialized workflows designed to complement professional security tools like Burp Suite and OWASP ZAP for automated fuzzing and manual verification.

Can this skill help me fix identified vulnerabilities?

Yes, it provides detailed remediation guidance, including secure coding practices like using htmlspecialchars in PHP, context-aware escaping in modern frameworks, and implementing Content Security Policies.

What are the common signs of an HTML injection vulnerability?

A common sign is 'reflection,' where user-provided input (like a search query or username) is displayed back on the page without proper encoding, allowing tags like or to be interpreted by the browser.

HTML Injection Security Testing

Name: HTML Injection Security Testing
Author: sickn33

bysickn33

•

2,290

•

Security & Testing

Identifies and tests HTML injection vulnerabilities in web applications to prevent content defacement and phishing attacks.

This skill provides a comprehensive methodology for security professionals and developers to detect, exploit, and remediate HTML injection vulnerabilities. It guides users through mapping application surfaces, executing basic and advanced injection payloads, simulating phishing scenarios, and implementing robust security measures like context-aware output encoding and Content Security Policy (CSP) headers to protect against malicious content manipulation. By following its structured workflows, teams can proactively secure their web applications against common injection-based threats.

Key Features

012,290 GitHub stars

02Step-by-step workflows for reflected and stored injection testing

03Extensive payload library for testing defacement and phishing scenarios

04Advanced bypass techniques for escaping basic input filters and WAFs

05Detailed remediation guidance with language-specific secure coding examples

06Automated and manual injection point mapping for web forms and URLs

Use Cases

01Performing security audits and penetration tests on web applications

02Simulating phishing attacks to assess user risk and application vulnerability

03Validating input sanitization and output encoding logic during the development lifecycle

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sickn33/antigravity-awesome-skills html-injection-testing

For use in Claude.ai and ChatGPT

Download Skill