Educational Tool
XSS Testing & Prevention Lab
A playground for developers to test and fix Cross-Site Scripting vulnerabilities.
1. Classic Script Tag
Basic
<script>alert('XSS Test')</script>
How to fix: Use
htmlspecialchars() in PHP or textContent in JS to encode < and > characters.
2. Image Source Error
Attribute
<img src=x onerror="alert('XSS Test')">
How to fix: Sanitize HTML attributes and use a Content Security Policy (CSP) to block inline scripts.
3. SVG Vector
Advanced
<svg onload="alert('XSS Test')">
How to fix: Validate file uploads and use a library like DOMPurify to strip dangerous tags from user input.
4. JavaScript URI
Link
<a href="javascript:alert('XSS Test')">Click me</a>
How to fix: Always validate protocols in URLs. Only allow
http: or https: for link destinations.
Security Warning: This tool is for authorized security testing and education only. Never use these payloads on websites you do not own.
