[转载]Client-side JavaScript XSS Scanner (POC)

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

This POC shows how easy is to implement XSS scanner by using only JavaScript and a few tricks from the Web2.0 world. Similar technique can be easily implemented into AJAX/XSS worms which will allow them to propagate across several domains and also find new vulnerabilities on their own. Don't be evil. Use the POC for educational and demonstration purposes only.

http://www.gnucitizen.org/blog/javascript-xss-scanner