<- Back to sandbox

Sandbox: Cross-Site Scripting (XSS)

Enter HTML/JS snippets. The API will analyze them for XSS / malicious payload patterns and log attempts.

Educational note: In production, combine server-side validation, output encoding, Content Security Policy (CSP), and security headers.