Summary

This PR implements an advanced XSS Context Analyzer with intelligent payload selection capabilities, addressing issue #5838.

Key Features

1. Extended Context Detection (12 contexts)

• HTML Text Context
• HTML Tag Context
• HTML Attribute Context
• JavaScript Context
• JavaScript Template Context
• CSS Context
• URL Context
• HTML Comment Context
• Script Block Context
• Style Block Context
• Srcdoc Context
• Template Context

2. Smart Payload Selection

• Automatically selects the most appropriate payload based on detected context
• Confidence scoring for each detected context
• Payload suggestions tailored to each context type

3. Advanced Detection Capabilities

• Escaped/executable detection
• URL attribute detection (href, src, action, etc.)
• Event handler detection (onclick, onerror, etc.)
• Script block analysis
• Style block analysis

4. Comprehensive Test Coverage

• Table-driven tests for all context types
• Helper function tests
• Benchmark tests
• All tests pass

Improvements Over Existing PRs

1. More Context Types: 12 contexts vs 8 in other PRs
2. Smart Payload Selection: Automatically chooses best payload
3. Confidence Scoring: Reliability indicators for detections
4. Better Test Coverage: Comprehensive test suite
5. Performance: Includes benchmark tests

Testing

ash cd pkg/protocols/common/xss go test -v

All tests pass.

Checklist

• PR created against dev branch
• Tests added
• All tests pass
• No modifications to existing files
• Comprehensive documentation in code

/claim #5838

Summary by CodeRabbit

• New Features

  • Added an XSS context analyzer that identifies injection-relevant contexts across HTML text, attributes, JavaScript, CSS, URLs, and script/style blocks and surfaces per-context findings.
  • Provides context-specific payload suggestions and a smart recommender that selects the best payload based on analysis confidence.

• Tests

  • Added unit tests and a benchmark covering context detection, helper predicates, payload suggestion logic, and smart-payload selection.