Overview

This PR implements the XSS Context Analyzer as requested in #5838. It introduces a specialized analyzer that probes for reflections and identifies the HTML context to optimize subsequent fuzzing payloads.

Key Features

• Probing: Sends a specialized canary to detect active filters.
• Tokenization: Uses html.Tokenizer to identify exact reflection contexts (e.g., Attribute, Script, RCDATA).
• Engine Integration: Merged into pkg/fuzz/execute.go to inject context results into input.Values.

Verification

• Ran go build ./cmd/nuclei/ successfully.
• Verified context identification reduces redundant requests by failing fast on unexploitable parameters.

/claim #5838

Summary by CodeRabbit

Release Notes

• New Features
  • Added XSS context analysis to the security testing workflow. The fuzzer now automatically analyzes HTTP responses to identify potential Cross-Site Scripting vulnerabilities and enriches the fuzzing data with detected XSS context information.