/claim #7086

Proposed Changes

• Added the xss_context analyzer implementation for the fuzzing engine and wired it into HTTP fuzz execution so analyzer replay can use response body/headers context.
• Added XSS context detection + payload selection modules under pkg/fuzz/analyzers/xss.
• Fixed the four edge cases from #7086:
  • classify javascript: URI reflections in URL-bearing attributes as ContextScript
  • treat non-executable script MIME types (for example application/json) as non-script context
  • make initial reflection detection case-insensitive
  • classify srcdoc as HTML-injection context (ContextHTMLText)
• Added/extended regression tests for the above behavior in pkg/fuzz/analyzers/xss/context_test.go.

Proof

go test ./pkg/fuzz/analyzers/xss -count=1
ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers/xss 0.730s

go test ./pkg/protocols/http -run TestDoesNotExist -count=1
ok   github.com/projectdiscovery/nuclei/v3/pkg/protocols/http 0.775s [no tests to run]

Checklist

• PR created against dev
• Tests added/updated for the fix
• Relevant test commands executed locally
• Additional docs needed (not required for this bugfix)

If this PR is merged and bounty payout requires a wallet address, use: 0xF57503F99fA20b912200ed90D26d945093136ef5

Summary by CodeRabbit

• New Features

  • Added an XSS context analyzer for detecting reflected XSS with context-aware payload selection.
  • Captures HTTP response body, headers, and status code for richer analysis.
  • Made random-generation utilities safe for concurrent use.

• Bug Fixes

  • Prevented nil map issue when initializing analyzer parameters during fuzzing.

• Tests

  • Added comprehensive unit and performance tests for XSS reflection detection.