| Advantages | Disadvantages | ||
| This method [66] , according to the researchers, is intended for JSP-based web-related applications and is a jCute concolic testing. They employ static analysis and real-time monitoring. When an XSS attack is attempted, it helps to establish the relationship between input and output values that facilitate the attack. | Since this method relies on jCute concolic testing, output variables with more than three of the characters cannot be recognized. | ||
| The researchers [67] proposed that in addition to being able to detect XSS attack vectors constructed utilizing new HTML5 features, this approach is targeted for webmail applications. Five injection points in the webmail system are used to inject attack vectors for the purpose of testing. As the last step, it is determined whether or not an attack vector was thoroughly sanitized. | In this method, HTML5 tags and attributes are the sole attack vectors it considers, ignoring other potentially dangerous circumstances. | ||
| In [68] , the authors have taken precautionary measures against XSS attacks by employing static analysis, pattern matching, and context-aware sanitization techniques. | In order to use this method, sanitized code must be manually entered into the website. | ||
| The researchers [69] who conducted the study hypothesized that fuzz testing activates XSS vulnerabilities. Fuzz testing is a black-box detection method that makes use of malicious payload injection into web applications. It’s more accurate to think of it as a two-step extension of the LigRE model: first, the production of malicious input, and then the taint analysis in order to find the vulnerability. For instance, it avoids a cross-site scripting attack that is stored as well as reflected. | This would necessitate an application reset for live applications, which is not an option. Additionally, human interpretation is essential to the process of developing attack vectors. | ||
| In [70] script characteristics can be used to detect malicious script injection, according to the authors. These features are taken and then evaluated to see how they are used to create harmful scripts in this case. Once the malicious script and benign script are detected, they can be utilized to identify an XSS attack and prevent further damage. | Partially injected scripts and obfuscated script injection are ineffective with this strategy. | ||
| In [71] Django Checker is a dynamic taint analysis tool proposed by the authors. This method determines whether the primitives of the sanitizers that are already in use in the web application are proper. It also determines the context in which these attributes are used and assesses the appropriateness of implementing sanitization. It determines whether or not sanitization is context-sensitive. | This technique is limited to Django-based web applications and cannot detect DOM-based XSS attacks. | ||
| Researchers [72] have proposed a method based on discovering the discrepancies between inserted values and previously established values. Each site extracts JS code and tests to see if it differs from the known value. As a result, code injection flaws like XSS can be detected more easily. | However, if the Javascript context is ignored, XSS can also take advantage of other contexts, such as URL parameters and style sheet features. Attack vectors such as these can’t be stopped by this method. | ||