Introducing XSSDB

Sun, 24 Sep 2006 11:18:37 GMT
by pdp

In a recent post David K suggested that the XSS cheat sheet hosted at is not as accessible as it should be.

RSnake, I didn't even know this attack vector was in your cheat sheet and I have been through it loads of times - A table of contents might be cool.

Over the weekend I composed a simple AJAX applications to provide a better way of previewing all attack vectors from RSnake's Cross-site scripting cheat sheet. RSnake has been working on it for quite long time and I really like what he has done so far.

I am planning to extend the attack database with some of my own findings, keeping the original database updated and intact. I am also working on some features that will allow user submissions so the community is able to provide some feedback as well.

Any comments and suggestions will be greatly appreciated. Currently XSSDB works in Firefox only. The application almost works in IE6 and IE7. There seams to be something wrong with Opera.

Archived Comments

Also happily works in Safari/Camino and FF
hi daniel, that's great news. How about the CSS? Is it working correctly? Do you have any suggestions or recommendations? Thanks.
exellent job tested in opera 9.02 working nice and your blog is very good Congratulations!
Steve ChristeySteve Christey
kudos to you and Rsnake for a great layout, and for giving names to these attacks. This is the best classification of XSS I've seen so far.
All of the cheat sheet content disappeared. Can you fix it?