Back to Tools

XSS Prevention Tool

Encode input to prevent XSS attacks and detect potential XSS payloads

When to Use Each Encoding

  • HTML: Content in HTML body
  • JS: Strings in JavaScript
  • URL: Query parameters
  • CSS: Values in stylesheets

Best Practices

  • Always encode output, not input
  • Use context-specific encoding
  • Implement Content Security Policy
  • Use HttpOnly and Secure cookies

Common XSS Vectors

<script>alert(1)</script><img src=x onerror=alert(1)><svg onload=alert(1)>javascript:alert(1)<a href="javascript:..."><div onmouseover=alert(1)>