DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Awesome XSS stuff

XSS'OR - Hack with JavaScript.

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

A container repository for my public web hacks!

The popular NoScript Security Suite browser extension.

Getting started with java code auditing 代码审计入门的小项目

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Use DOMPurify on server and client in the same way

实时上线的 XSS 盲打平台

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

Proactively protect your Node.js web services

The Serverless Blind XSS App

Mike North's Web Security Course

Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.

This extension will help you to detect GET/POST based XSS vulnerability in any website easily