XSS Payload Generator

Build authorized XSS proof payloads by reflection context, tune proof variables, copy encoding variants, and capture report-ready notes.

Workbench mode

Pick the reflection context, tune proof variables, and copy the right encoding.

Payload presets

Start from a common context, proof, callback, CSP, or bypass workflow.

Proof variables

Proof function

Event handler

Callback URL

Marker

DOM sink

CSP nonce

Filters and encoding

17 payloads match the current filters.

XSS workflow

Step 1

Locate reflection

Step 2

Identify context

Step 3

Break out safely

Step 4

Prove execution

Step 5

Document fix

Use the smallest proof that matches the reflection context before moving to encoded or bypass variants.

This payload is likely affected by Content Security Policy. Check script-src, event handlers, and nonce behavior.

Generated payload

HTML Body - Script tag proof

raw