Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
The XSS Tester module is a quality assurance tool that helps module developers and site owners to test for XSS vulnerabilities in their projects.
When enabled and configured, it will add two buttons at the top of Drupal forms. These buttons can prefill text inputs with an XSS test. If this form value is used in an insecure manner, the alert will be displayed showing the $form_id and element name.
Do not use this module on a production site.
Do not use this module on a development site and assign permissions to untrusted users.
If you do either of these things, you may risk a security vulnerability being found without your knowledge.
If you discover a security vulnerability with either Drupal core, or a contributed module, please keep it confidential and submit your concern to the Drupal security team.
Do not rely on this module as the sole testing for handling user input.
This module is a tool to help find XSS issues, but developers should also be
familiar with how to handle text in a secure fashion.
Minimally maintained
