Reflected XSS

You can find all Reflected XSS Portswigger labs writeups.

Reflected XSS into HTML context with nothing encoded

Reflected XSS into attribute with angle brackets HTML-encoded

Reflected XSS into a JavaScript string with angle brackets HTML encoded

Reflected XSS into HTML context with most tags and attributes blocked

Reflected XSS into HTML context with all tags blocked except custom ones

Reflected XSS with some SVG markup allowed

Reflected XSS in canonical link tag

Reflected XSS into a JavaScript string with single quote and backslash escaped

Reflected XSS into a JavaScript string with angle brackets and double quotes HTML-encoded and single quotes escaped

Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and backticks Unicode-escaped

Reflected XSS with event handlers and href attributes blocked

Reflected XSS in a JavaScript URL with some characters blocked

Last updated 1 year ago