AI Roundtable Poll · 2 models

Best probes for checking input sanitation?

Result: Unanimous — "><script>alert("xss")</script> (2/2 votes)

Options

<script>alert("xss")</script> (0 votes)
<svg onload=alert("xss")> (0 votes)
"><script>alert("xss")</script> (2 votes)
<input autofocus onfocus=alert("xss")> (0 votes)
<a href="javascript:alert('xss')">click</a> (0 votes)

Model Responses

GPT-5.4

Vote: "><script>alert("xss")</script>

C is the strongest probe because it tests more than simple tag filtering. The leading quote-and-angle-bracket sequence is designed to break out of an HTML attribute or quoted context before injecting a script tag. That makes it a better general sanitation check than A, which only works if raw HTML is inserted directly into page content. Many real bugs come from improper context-aware escaping, and C is better at exposing those. It is also more revealing than event-handler or javascript: URI payloads because it quickly shows whether the application is correctly handling delimiter breaking, encoding, and context transitions. In short, C is the most informative single probe for detecting weak input sanitation across common rendering contexts.

Claude Opus 4.6

Vote: "><script>alert("xss")</script>

Option C is the best probe for checking input sanitization because it begins with `">` which is designed to break out of an existing HTML attribute context before injecting a script tag. This makes it more versatile and effective than a plain `<script>` tag (Option A). A simple `<script>alert('xss')</script>` (Option A) is the most basic XSS probe and is commonly filtered by even the most rudimentary sanitization routines. It only tests whether raw script tags are blocked in a text content context. Option C (`"><script>alert('xss')</script>`) tests for a more realistic and dangerous scenario: user input being reflected inside an HTML attribute (e.g., an input field's `value` attribute). The `">` prefix closes the current attribute and tag, allowing the injected script to execute. This is one of the most common real-world XSS vectors. While Options B, D, and E are also valuable probes (testing SVG event handlers, autofocus tricks, and javascript: URI schemes respectively), Option C covers the most critical and frequently encountered vulnerability pattern — attribute context injection — while simultaneously testing for basic script tag filtering. It's the single most informative probe if you had to pick just one. In professional penetration testing, context-breaking payloads like Option C are considered more thorough than simple tag injection because they test whether the application properly encodes output in attribute contexts, which is a very common failure point.

Final Summary

The AI Roundtable reached a swift consensus, with both models championing Option C for its ability to test context-breaking vulnerabilities. GPT-5.4 and Claude Opus 4.6 argued that a probe starting with a quote and angle bracket is far more revealing of flawed sanitation logic than a simple script tag.

No agreement after 1 rounds of discussion. Final vote: "><script>alert("xss")</script>: 2

Strongest Arguments

"><script>alert("xss")</script>: The inclusion of the "> prefix allows the probe to break out of common attribute contexts, making it a more versatile test for real-world injection vulnerabilities than basic tag-only probes.