XSS Train
Cross-site scripting labs for web application security enthusiasts
Train 1
Let's start from URL
Train 2
Form
Train 3
User agent
Train 4
Referer
Train 5
Cookie
Train 6
Local storage
Train 7
Login page
Train 8
Logged in page
Train 9
Stored XSS
Train 10
Base64 encoding
Train 11
Removes alert
Train 12
Removes script
Train 13
Removes img, alert, prompt and script
Train 14
Converts < and > to HTML entities
Train 15
RegEx filter #1
Train 16
RegEx filter #2
Train 17
RegEx filter #3
Train 18
Converts all HTML reserved characters to HTML entities + URL decode
Train 19
Converts special characters to HTML entities
Train 20
Converts special characters to HTML entities on an HTML input value
Train 21
Converts special characters to HTML entities on an HTML input value + capitalizes all characters