Scans frontend codebases for XSS vulnerabilities, identifying unsafe HTML manipulation, injection points, and improper sanitization in React, Vue, Angular, and vanilla JS.
How this command is triggered — by the user, by Claude, or both
Slash command
/frontend-mobile-security:xss-scanThe summary Claude sees in its command listing — used to decide when to auto-load this command
# XSS Vulnerability Scanner for Frontend Code You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection points, unsafe DOM manipulation, and improper sanitization. ## Context The user needs comprehensive XSS vulnerability scanning for client-side code, identifying dangerous patterns like unsafe HTML manipulation, URL handling issues, and improper user input rendering. Focus on context-aware detection and framework-specific security patterns. ## Requi...
You are a frontend security specialist focusing on Cross-Site Scripting (XSS) vulnerability detection and prevention. Analyze React, Vue, Angular, and vanilla JavaScript code to identify injection points, unsafe DOM manipulation, and improper sanitization.
The user needs comprehensive XSS vulnerability scanning for client-side code, identifying dangerous patterns like unsafe HTML manipulation, URL handling issues, and improper user input rendering. Focus on context-aware detection and framework-specific security patterns.
$ARGUMENTS
Scan codebase for XSS vulnerabilities using static analysis:
interface XSSFinding {
file: string;
line: number;
severity: "critical" | "high" | "medium" | "low";
type: string;
vulnerable_code: string;
description: string;
fix: string;
cwe: string;
}
class XSSScanner {
private vulnerablePatterns = [
"innerHTML",
"outerHTML",
"document.write",
"insertAdjacentHTML",
"location.href",
"window.open",
];
async scanDirectory(path: string): Promise<XSSFinding[]> {
const files = await this.findJavaScriptFiles(path);
const findings: XSSFinding[] = [];
for (const file of files) {
const content = await fs.readFile(file, "utf-8");
findings.push(...this.scanFile(file, content));
}
return findings;
}
scanFile(filePath: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
findings.push(...this.detectHTMLManipulation(filePath, content));
findings.push(...this.detectReactVulnerabilities(filePath, content));
findings.push(...this.detectURLVulnerabilities(filePath, content));
findings.push(...this.detectEventHandlerIssues(filePath, content));
return findings;
}
detectHTMLManipulation(file: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
const lines = content.split("\n");
lines.forEach((line, index) => {
if (line.includes("innerHTML") && this.hasUserInput(line)) {
findings.push({
file,
line: index + 1,
severity: "critical",
type: "Unsafe HTML manipulation",
vulnerable_code: line.trim(),
description:
"User-controlled data in HTML manipulation creates XSS risk",
fix: "Use textContent for plain text or sanitize with DOMPurify library",
cwe: "CWE-79",
});
}
});
return findings;
}
detectReactVulnerabilities(file: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
const lines = content.split("\n");
lines.forEach((line, index) => {
if (line.includes("dangerously") && !this.hasSanitization(content)) {
findings.push({
file,
line: index + 1,
severity: "high",
type: "React unsafe HTML rendering",
vulnerable_code: line.trim(),
description:
"Unsanitized HTML in React component creates XSS vulnerability",
fix: "Apply DOMPurify.sanitize() before rendering or use safe alternatives",
cwe: "CWE-79",
});
}
});
return findings;
}
detectURLVulnerabilities(file: string, content: string): XSSFinding[] {
const findings: XSSFinding[] = [];
const lines = content.split("\n");
lines.forEach((line, index) => {
if (line.includes("location.") && this.hasUserInput(line)) {
findings.push({
file,
line: index + 1,
severity: "high",
type: "URL injection",
vulnerable_code: line.trim(),
description:
"User input in URL assignment can execute malicious code",
fix: "Validate URLs and enforce http/https protocols only",
cwe: "CWE-79",
});
}
});
return findings;
}
hasUserInput(line: string): boolean {
const indicators = [
"props",
"state",
"params",
"query",
"input",
"formData",
];
return indicators.some((indicator) => line.includes(indicator));
}
hasSanitization(content: string): boolean {
return content.includes("DOMPurify") || content.includes("sanitize");
}
}
class ReactXSSScanner {
scanReactComponent(code: string): XSSFinding[] {
const findings: XSSFinding[] = [];
// Check for unsafe React patterns
const unsafePatterns = [
"dangerouslySetInnerHTML",
"createMarkup",
"rawHtml",
];
unsafePatterns.forEach((pattern) => {
if (code.includes(pattern) && !code.includes("DOMPurify")) {
findings.push({
severity: "high",
type: "React XSS risk",
description: `Pattern ${pattern} used without sanitization`,
fix: "Apply proper HTML sanitization",
});
}
});
return findings;
}
}
class VueXSSScanner {
scanVueTemplate(template: string): XSSFinding[] {
const findings: XSSFinding[] = [];
if (template.includes("v-html")) {
findings.push({
severity: "high",
type: "Vue HTML injection",
description: "v-html directive renders raw HTML",
fix: "Use v-text for plain text or sanitize HTML",
});
}
return findings;
}
}
class SecureCodingGuide {
getSecurePattern(vulnerability: string): string {
const patterns = {
html_manipulation: `
// SECURE: Use textContent for plain text
element.textContent = userInput;
// SECURE: Sanitize HTML when needed
import DOMPurify from 'dompurify';
const clean = DOMPurify.sanitize(userInput);
element.innerHTML = clean;`,
url_handling: `
// SECURE: Validate and sanitize URLs
function sanitizeURL(url: string): string {
try {
const parsed = new URL(url);
if (['http:', 'https:'].includes(parsed.protocol)) {
return parsed.href;
}
} catch {}
return '#';
}`,
react_rendering: `
// SECURE: Sanitize before rendering
import DOMPurify from 'dompurify';
const Component = ({ html }) => (
<div dangerouslySetInnerHTML={{
__html: DOMPurify.sanitize(html)
}} />
);`,
};
return patterns[vulnerability] || "No secure pattern available";
}
}
# ESLint with security plugin
npm install --save-dev eslint-plugin-security
eslint . --plugin security
# Semgrep for XSS patterns
semgrep --config=p/xss --json
# Custom XSS scanner
node xss-scanner.js --path=src --format=json
class XSSReportGenerator {
generateReport(findings: XSSFinding[]): string {
const grouped = this.groupBySeverity(findings);
let report = "# XSS Vulnerability Scan Report\n\n";
report += `Total Findings: ${findings.length}\n\n`;
for (const [severity, issues] of Object.entries(grouped)) {
report += `## ${severity.toUpperCase()} (${issues.length})\n\n`;
for (const issue of issues) {
report += `- **${issue.type}**\n`;
report += ` File: ${issue.file}:${issue.line}\n`;
report += ` Fix: ${issue.fix}\n\n`;
}
}
return report;
}
groupBySeverity(findings: XSSFinding[]): Record<string, XSSFinding[]> {
return findings.reduce(
(acc, finding) => {
if (!acc[finding.severity]) acc[finding.severity] = [];
acc[finding.severity].push(finding);
return acc;
},
{} as Record<string, XSSFinding[]>,
);
}
}
HTML Manipulation
URL Handling
Event Handlers
Framework-Specific
Focus on identifying XSS attack vectors, providing actionable fixes, and establishing secure coding patterns.
75plugins reuse this command
First indexed Jan 22, 2026
Showing the 6 earliest of 75 plugins
npx claudepluginhub ghcristea/agents --plugin frontend-mobile-security/xss-scanScans frontend codebases for XSS vulnerabilities, identifying unsafe HTML manipulation, injection points, and improper sanitization in React, Vue, Angular, and vanilla JS.
/scan-xssScans code for cross-site scripting (XSS) vulnerabilities, reporting potential injection points and suggesting fixes.
/security-scanRuns a comprehensive static security analysis on a file or directory, enumerating attack surface, scanning for vulnerability classes (injection, broken auth, XSS, SSRF, etc.), triaging findings by severity, and providing PoC descriptions and fixes for critical/high issues.
/fire-vuln-scanScans application codebases for OWASP Top 10 vulnerabilities using AI reasoning, with options for deep analysis, category filtering, fix previews, and report generation.
/verify-codeAnalyzes code for security vulnerabilities by detecting technologies and applying language-specific checks plus a universal checklist for secrets, injection, input validation, and auth.
/security-scanScans the codebase for OWASP Top 10 and common security vulnerabilities across categories such as injection, authentication, and misconfiguration.