The Spanner logo
    • Home
    • Blog
      • Blog home
      • RSS
    • Login
    • Home
    • Blog
      • Blog home
      • RSS
    • Login
    The Spanner logo

    The Spanner
    Web security blog

    Made by Gareth Heyes
    Follow me on Twitter: @garethheyes

    Javascript for hackers!

    Hackvertor logo
    Shazzer logo
    My Github account
    Recent posts
    Introducing Feedworm: A Privacy-First RSS Reader That Lives in DevToolsSpeedy RSVP extensionAutoVaderHackvertor history and tag finderShadow Repeater v1.2.3 releaseBurp Hackvertor v2.1.24 releaseHacking roomsXSSing TypeErrors in SafarivalueOf: Another way to get thisMaking the Unexploitable Exploitable with X-Mixed-Replace on FirefoxThe curious case of the evt parameterCSS-Only Tic Tac Toe ChallengeRewriting relative urls with the base tag in SafariBypassing DOMPurify with mXSSNew IE mutation vectorHow I smashed MentalJSMentalJS DOM bypassAnother XSS auditor bypassXSS Auditor bypassBypassing the IE XSS filterUnbreakable filterMentalJS bypassesmXSSJava SerializationBypassing the XSS filter using function reassignmentRPOSandboxed jQueryX-Domain scroll detection on IE using focusEpic fail IEnew operatorDecoding complex non-alphanumeric JavaScriptHacking FirefoxDOM ClobberingBypassing XSS AuditorThe evolution of codeNon-Alpha PHP in 6-7 charsetTweetable PHP-Non AlphaMentalJS for PHPOpera x domain with video tutorialSandboxing and parsing jQuery in 100ms

    WebFu Dojo - XSS self defence

    By Gareth Heyes (@hackvertor)

    Published 18 years 7 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

    ← Back to articles

    [Blocked Image]

    Welcome my young apprentice so you want to learn how to defend yourself from the onslaught of XSS ninjas do you? Well in my first Dojo lesson I shall show you techniques of the shaolin crane style to defend yourself from the XSS punch.

    XSS roundhouse

    Use the roundhouse wisely my young master and always proceed with caution. When a XSS ninja attacks you with the XSS punch:-

    <pre lang="javascript"> &quot;&gt;&lt;script&gt;alert(/XSS PUNCH/)&lt;/script&gt; </pre>

    You should respond quickly with the XSS roundhouse:-

    <pre lang="javascript"> &lt;script&gt; if (top == self) { setInterval('alert(/XSS ROUNDHOUSE/)',500) } else { top.location.href = 'http://www.yourdojohere'; } &lt;/script&gt; </pre>

    I hope you enjoyed this lesson and if you require more tutoring consult the Grandmaster snake, Master null byte, The shaolin warriors or Pai Mei DaCat

    ← Back to articles