Posts tagged: #testing
A sandboxed XSS playground is useful only if it makes isolation, parser context, and execution limits explicit.
URL encoding, HTML entities, Base64, and JavaScript escaping change meaning depending on order. This article explains the operational mistakes.