Burp Suite User Forum

Create new post

How does "Remove all JavaScript" work?

Hello | Last updated: Jan 21, 2016 08:39PM UTC

Does it only scan the response for <script></script> tags and remove those from the response? What about stuff like <input onclick="alert(1);"> And also, how does the removal work when faced with unequal opening and closing script tags like: 0 <script>1<script>2</script>3</script>4

PortSwigger Agent | Last updated: Jan 22, 2016 09:06AM UTC

Script within script tags and event handlers is removed. Burp makes a best effort to remove JS for testing purposes when this is enabled, but as per the documentation it is not guaranteed to remove all JS or be a substitute for a tool like NoScript.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.