Advanced XSS Techniques and Edge Cases

Mutation XSS (mXSS) exploits browser parsing differences to bypass filters. Certain HTML constructs parse differently in different contexts, allowing malicious code to emerge after filtering. Test with payloads that transform during parsing, especially in innerHTML assignments. While ZAP doesn't specifically test for mXSS, manual testing can identify these subtle vulnerabilities.

Polyglot payloads work across multiple contexts, useful when injection points are unclear. These payloads combine techniques to execute regardless of context. A well-crafted polyglot might work in HTML, JavaScript, and CSS contexts simultaneously. While complex to create, polyglots efficiently test applications with unclear input/output relationships.

Unicode and encoding bypasses exploit character set handling differences. Try Unicode equivalents of filtered characters, mixed encoding within single payloads, or overlong UTF-8 sequences. Some applications decode inputs multiple times, allowing double-encoded payloads to bypass initial filtering. These techniques require understanding of character encoding and application-specific behavior.