Menu
I'm trying to choose between a couple of different HTML parsers for a project I am working on, part of which accepts HTML input from the client.
I've built a simple automated test for each one, to see if they fit my needs. I have a large number of real-life HTML fragments to test, but they aren't enough for testing for safety, since they (probably) do not contain any malicious code.
I don't mind reviewing the outputs by hand.
My question is, is there a freely available database or list of HTML snippets containing malformed HTML and scripts intended for testing for XSS?
619
The ha.ckers XSS cheatsheet is pretty comprehensive, and was the catalyst for me to build a whitelist based sanitiser into jsoup.
146
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
