/claim #5838

Proposed Changes

I have added an intelligent XSS Context Analyzer in pkg/fuzz/analyzers/xss. It uses golang.org/x/net/html for proper HTML tokenization, allowing it to accurately detect reflection in:

• HTML Text
• Script Blocks
• Attribute Values & Names
• HTML Comments

Proof

Verified with 6 local unit tests. All tests passed. Output: — PASS: TestDetermineContext (0.00s) — PASS: TestDetermineContext/HTML_Text_Context (0.00s) — PASS: TestDetermineContext/Script_Block_Context (0.00s) — PASS: TestDetermineContext/Attribute_Value_Context (0.00s) — PASS: TestDetermineContext/Attribute_Name_Context (0.00s) — PASS: TestDetermineContext/HTML_Comment_Context (0.00s)

Checklist

• PR created against the correct branch (dev)
• Tests added to prove the feature works

Summary by CodeRabbit

• New Features

  • Added an XSS context analyzer that detects payload reflection in HTTP responses and reports the precise reflection context (HTML text, attribute name, attribute value, script block, HTML comment, or unknown).

• Tests

  • Added tests validating context detection across varied HTML constructs to ensure accurate classification of reflected payloads.