# Cross Site Scripting

- [¿XSS?](/web/cross-site-scripting/xss.md)
- [Lab 1: Reflected XSS into HTML context with nothing encoded](/web/cross-site-scripting/lab-1-reflected-xss-into-html-context-with-nothing-encoded.md): https://portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded
- [Lab 2: Stored XSS into HTML context with nothing encoded](/web/cross-site-scripting/lab-2-stored-xss-into-html-context-with-nothing-encoded.md): https://portswigger.net/web-security/cross-site-scripting/stored/lab-html-context-nothing-encoded
- [Lab 3: DOM XSS in document.write sink using source location.search](/web/cross-site-scripting/lab-3-dom-xss-in-document.write-sink-using-source-location.search.md): https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink
- [Lab 4: DOM XSS in innerHTML sink using source location.search](/web/cross-site-scripting/lab-4-dom-xss-in-innerhtml-sink-using-source-location.search.md): https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-innerhtml-sink
- [Lab 5: DOM XSS in jQuery anchor href attribute sink using location.search source](/web/cross-site-scripting/lab-5-dom-xss-in-jquery-anchor-href-attribute-sink-using-location.search-source.md): https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-jquery-href-attribute-sink