0
0
Testing Fundamentalstesting~10 mins

XSS testing in Testing Fundamentals - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to create a simple XSS test payload.

Testing Fundamentals
payload = "<script>[1]</script>"
Drag options to blanks, or click blank then click option'
Aalert('XSS')
Bprint('XSS')
Cconsole.log('XSS')
Ddocument.write('XSS')
Attempts:
3 left
💡 Hint
Common Mistakes
Using print() which is not valid JavaScript in browsers.
Using console.log() which does not create a visible popup.
2fill in blank
medium

Complete the code to safely encode user input to prevent XSS.

Testing Fundamentals
def encode_input(user_input):
    return user_input.replace('&', '[1]').replace('<', '&lt;').replace('>', '&gt;')
Drag options to blanks, or click blank then click option'
A&quot;
B&lt;
C&amp;
D&gt;
Attempts:
3 left
💡 Hint
Common Mistakes
Replacing '<' or '>' instead of '&' in this step.
Using incorrect HTML entity codes.
3fill in blank
hard

Fix the error in the test code that checks for XSS vulnerability.

Testing Fundamentals
def test_xss_vulnerability(response):
    assert '[1]' in response.text
Drag options to blanks, or click blank then click option'
Aalert('XSS')
B<script>alert('XSS')</script>
C<script>console.log('XSS')</script>
Dscript>alert('XSS')<script
Attempts:
3 left
💡 Hint
Common Mistakes
Checking only for 'alert('XSS')' which can be incomplete.
Using malformed script tags that won't match the response.
4fill in blank
hard

Fill both blanks to create a test that submits an XSS payload and checks the response.

Testing Fundamentals
def test_submit_xss(client):
    payload = "<script>[1]</script>"
    response = client.post('/submit', data={'input': payload})
    assert '[2]' in response.text
Drag options to blanks, or click blank then click option'
Aalert('XSS')
B<script>alert('XSS')</script>
Calert('Test')
D<script>alert('Test')</script>
Attempts:
3 left
💡 Hint
Common Mistakes
Using mismatched alert messages in payload and assertion.
Checking only for the alert text without script tags.
5fill in blank
hard

Fill all three blanks to create a dictionary comprehension that filters safe inputs and encodes them.

Testing Fundamentals
safe_inputs = {input: input.replace('&', '[3]').replace('<', '[1]').replace('>', '[2]') for input in inputs if '<script>' not in input}
Drag options to blanks, or click blank then click option'
A&lt;
B&gt;
C&amp;
D&quot;
Attempts:
3 left
💡 Hint
Common Mistakes
Using wrong HTML entities or missing replacements.
Not filtering out inputs with