WebFu Dojo – XSS self defence

Kung Fu master

Welcome my young apprentice so you want to learn how to defend yourself from the onslaught of XSS ninjas do you? Well in my first Dojo lesson I shall show you techniques of the shaolin crane style to defend yourself from the XSS punch.

XSS roundhouse

Use the roundhouse wisely my young master and always proceed with caution. When a XSS ninja attacks you with the XSS punch:-

"><script>alert(/XSS PUNCH/)</script>

You should respond quickly with the XSS roundhouse:-

if (top == self) {
 setInterval('alert(/XSS ROUNDHOUSE/)',500)
} else {
 top.location.href = 'http://www.yourdojohere';

I hope you enjoyed this lesson and if you require more tutoring consult the Grandmaster snake, Master null byte, The shaolin warriors or Pai Mei DaCat

14 Responses to “WebFu Dojo – XSS self defence”

  1. Ronald writes:

    haha! excellent! πŸ˜€

    Got some WebFu also in store soon!

  2. Gareth Heyes writes:

    Ah excellent master null byte, I look forward to learning the style of the dragon πŸ™‚ hehhe

  3. Marco Ramilli writes:

    HeHeHe, Funny really Funny stuff !

  4. .mario writes:

    *Shaolin warrior bows in awe*

    N1! πŸ™‚

  5. Pai Mei DaCat writes:

    Hehe this r0x πŸ˜›

    lately I’m seeing a lot of code that would be very cool implemented in a PHP-IPS.. it’s possible, but hard.. πŸ˜›

  6. sirdarckcat writes:

    Hehe this r0x πŸ˜›

    lately IÒ€ℒm seeing a lot of code that would be very cool implemented in a PHP-IPS.. itÒ€ℒs possible, but hard.. πŸ˜›

  7. Gareth Heyes writes:

    @Shaolin warrior mario

    I’m honoured with your presence *bow*, your IDS tiger style is legendary.

    @Pai Mei DaCat

    Likewise I’m honoured *bow* your obscufication whirlwind kick is impressive.

  8. Gareth Heyes writes:

    On a serious note….

    I’ve been thinking of implementing a WebFu self defence kit for a bit of fun, it would include the PHPIDS to detect the attacks. What do you think? Want to help? πŸ™‚

  9. Iehrepus writes:

    haha,I find a fun:


    this is the code :
    <script type=”text/javascript”>
    if (top != self) {
    top.location.href = ‘http://superhei.blogbus.com/’;

  10. Iehrepus writes:

    test by Ie7 πŸ™‚

  11. Gareth Heyes writes:


    I’m not sure what you’re pointing out here, yes my blog does have frame protection. If you want to translate then please disable javascript when translating.

    Thanks for testing in IE7 πŸ˜‰

  12. DaCat writes:


    Oh the WebFu lessons are going to be against the all mighty powerfull PHP-IDS, .mario and christ1an? maybe also ma1?

    well, this will be interesting..

  13. .mario writes:

    “IÒ€ℒve been thinking of implementing a WebFu self defence kit for a bit of fun”

    Yep – the calls for a PHPIPS start to get louder and louder. Let’s IM about that as soon as you have some time. There are already many ideas drawn together.

  14. Gareth Heyes writes:

    Yep I’ll look forward to it πŸ™‚