DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Awesome XSS stuff

XSS'OR - Hack with JavaScript.

A container repository for my public web hacks!

A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

实时上线的 XSS 盲打平台

The Serverless Blind XSS App

Getting started with java code auditing 代码审计入门的小项目

Mike North's Web Security Course

The popular NoScript Security Suite browser extension.

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

Antenna是58同城安全团队打造的一款辅助安全从业人员验证网络中多种漏洞是否存在以及可利用性的工具。其基于带外应用安全测试(OAST)通过任务的形式，将不同漏洞场景检测能力通过插件的形式进行集合，通过与目标进行out-bind的数据通信方式进行辅助检测。

A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Examples of security features (or mishaps) on web applications -- these are mostly examples and tutorials from the WASEC book.

XSS scanner that detects Cross-Site Scripting vulnerabilities in website by injecting malicious scripts

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

收集本人自接触渗透测试用于漏洞验证的所有热门CVE、POC、CNVD攻击有效载荷+测试工具+FUZZ,一个仓库满足许多攻击测试场景,开箱即用.

This extension will help you to detect GET/POST based XSS vulnerability in any website easily