WAF Tester

Query parameter names for XSS

• XSS in HTML context - ?globalHtml=payload
• XSS in HTML attribute context - ?attributeHtml=payload

Limitations

• Only use one context at a time. Multiple injection points are not considered at the moment.
• Must execute arbitrary Javascript. This means an alert(1) at the minumum. This proves you can call any function and pass multiple arguments to it.