What kind of remediation advice does it provide?

It offers specific guidance on implementing robust input sanitization, output encoding, and secure Content Security Policy (CSP) headers to prevent injection attacks.

Is this skill intended for malicious use?

No, it is designed strictly for authorized security testing and education. Users must have explicit written permission before testing any target application.

Can it help bypass Content Security Policies (CSP)?

The skill includes advanced techniques for testing and bypassing CSP configurations using various tag, attribute, and encoding variations.

Does this skill support DOM-based XSS detection?

Yes, it provides specific workflows for identifying dangerous sinks and sources within client-side JavaScript to detect and exploit DOM-based vulnerabilities.

What is the XSS and HTML Injection Testing skill?

It is a specialized capability for Claude Code designed to help security researchers and developers identify, exploit, and remediate client-side injection vulnerabilities in web applications.

XSS and HTML Injection Security Tester

Name: XSS and HTML Injection Security Tester
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Conducts comprehensive security assessments to identify and demonstrate cross-site scripting and HTML injection vulnerabilities in web applications.

This skill empowers developers and security professionals to systematically audit web applications for client-side injection flaws using Claude Code. By providing structured workflows for detecting stored, reflected, and DOM-based XSS, it enables the creation of sophisticated proof-of-concept payloads for session hijacking, credential theft, and UI redressing. It includes advanced techniques for bypassing common security filters and Content Security Policies, ensuring a thorough evaluation of an application's defensive posture while providing actionable remediation guidance and robust encoding strategies.

主要功能

01Systematic detection of stored, reflected, and DOM-based XSS vulnerabilities

02Comprehensive HTML injection strategies for UI redressing and phishing assessments

03Filter bypass techniques including encoding, obfuscation, and tag variations

04Detailed remediation recommendations and CSP configuration guidance

050 GitHub stars

06Advanced payload generation for session hijacking and credential theft simulations

使用场景

01Developing proof-of-concept exploits for bug bounty submissions or internal reports

02Performing security audits and penetration tests on web application input vectors

03Validating the effectiveness of input sanitization and output encoding mechanisms

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front xss-html-injection

For use in Claude.ai and ChatGPT

Download Skill