0
0
Testing Fundamentalstesting~20 mins

XSS testing in Testing Fundamentals - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame
Challenge - 5 Problems
🎖️
XSS Testing Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding XSS Attack Types

Which of the following best describes a Reflected XSS attack?

AMalicious script is stored on the server and executed when a user accesses the stored data.
BMalicious script is injected into a database and affects all users accessing the data.
CMalicious script is executed only after user authentication bypass.
DMalicious script is embedded in a URL and executed immediately when the URL is clicked.
Attempts:
2 left
💡 Hint

Think about when the malicious script runs immediately after clicking a link.

Predict Output
intermediate
2:00remaining
Detecting XSS Vulnerability in Input Handling

What will be the output of the following simplified server-side code snippet when the input is <script>alert('XSS')</script>?

Testing Fundamentals
def render_page(user_input):
    return f"<html><body>Welcome {user_input}</body></html>"

print(render_page("<script>alert('XSS')</script>"))
A<html><body>Welcome <script>alert('XSS')</script></body></html>
B<html><body>Welcome &lt;script&gt;alert('XSS')&lt;/script&gt;</body></html>
C<html><body>Welcome </body></html>
DSyntaxError due to unescaped characters
Attempts:
2 left
💡 Hint

Check if the input is escaped or not before rendering.

assertion
advanced
2:00remaining
Writing Assertion for XSS Prevention Test

Which assertion correctly verifies that a web page output does NOT contain executable script tags after input sanitization?

Aassert page_content.contains('<script>')
Bassert '<script>' not in page_content
Cassert page_content == '<script>'
Dassert page_content.indexOf('<script>') >= 0
Attempts:
2 left
💡 Hint

Think about how to confirm the absence of script tags.