https://github.com/kevin-mizu/gmsgadget

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.
https://github.com/kevin-mizu/gmsgadget

bypass csp csrf gadgets html html-injection javascript pentesting sanitizer web xss

Last synced: 22 days ago
JSON representation

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.

Host: GitHub
URL: https://github.com/kevin-mizu/gmsgadget
Owner: kevin-mizu
License: gpl-3.0
Created: 2025-07-21T18:08:53.000Z (9 months ago)
Default Branch: main
Last Pushed: 2026-02-04T11:28:36.000Z (3 months ago)
Last Synced: 2026-02-04T23:41:51.493Z (3 months ago)
Topics: bypass, csp, csrf, gadgets, html, html-injection, javascript, pentesting, sanitizer, web, xss
Language: JavaScript
Homepage: https://gmsgadget.com/
Size: 381 KB
Stars: 130
Watchers: 5
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

# GMSGadget

GMSGadget (Give Me a Script Gadget) is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.

*It's important to note that this is not a list of exploits. The gadgets listed here are either patched vulnerabilities or intended JavaScript behaviors that can be leveraged to bypass HTML restrictions.*

This repository is only here for contributors; please use the website to search through gadgets: https://gmsgadget.com/

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/kevin-mizu/gmsgadget

Awesome Lists containing this project

README