A powerful XSS protection.

NoXSS is a client-side library which closes 99% of all the XSS vulnerabilities on your website.

Did you know that nearly all XSS attacks against you are passed through links? In most cases evil code is sent in query parameters.

Installation

Simply place the following code line right after the <head> tag:

<script src="https://code.noxss.org/noxss.min.js?1568927262"></script>

Demo

Consider the following PHP script:

One can simply break out of the quotes and inject, for example, the following payload for the name parameter:

';window['alert']('Cross-site scripting');//

Result without NoXSS Result with NoXSS

© NoXSS Project 2018-2019