PR

/claim #5838

Proposed changes

  • add a new xss_context analyzer under pkg/fuzz/analyzers/xss
  • classify reflected payload contexts using the HTML tokenizer into:
    • script
    • attribute
    • comment
    • html
    • raw_html
  • use the final generated value (FuzzGenerated.Value) when replaying analyzer requests
  • restore component state after analyzer request execution
  • cap response-body reads to 10 MiB using io.LimitReader
  • register analyzer in the HTTP protocol package
  • update analyzer valid values in schema comments and syntax reference

Proof

go test ./pkg/fuzz/analyzers/xss -count=1

go test ./pkg/fuzz/... -count=1

go test ./pkg/protocols/http -count=1

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers/xss    0.741s

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz                  0.863s

?    github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers        [no test files]

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers/time   3.378s

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/analyzers/xss    1.857s

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component        1.079s

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/dataformat       1.271s

?    github.com/projectdiscovery/nuclei/v3/pkg/fuzz/frequency        [no test files]

ok   github.com/projectdiscovery/nuclei/v3/pkg/fuzz/stats            0.241s

ok   github.com/projectdiscovery/nuclei/v3/pkg/protocols/http        9.267s

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Summary by CodeRabbit

  • New Features

    • Added XSS Context Analyzer to detect and classify where injected payloads are reflected (script, attribute, comment, HTML) and report highest-severity context.

  • Documentation

    • Updated docs to include new analyzer option (xss_context) in valid values and removed a trailing formatting artifact.

  • Tests

    • Added comprehensive tests validating context classification, analyzer behavior, payload handling, and component rebuild/restoration.

Claim

Total prize pool $200
Total paid $0
Status Pending
Submitted February 23, 2026
Last updated February 23, 2026

Contributors

GO

GOR GEVORKYAN

@BitCoinKing

 100%

Sponsors

PR

ProjectDiscovery

@projectdiscovery

$200