Given Haxxor goes to the Juice Shop
When she searches for "{iframe src="javascript:alert(xss)"}"
Then she sees an alert message containing "xss"
And she sees she has solved the "DOM XSS" challenge
When she searches for "{iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/771984076&color=%23ff5500&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"}{/iframe}"
Then she sees she has solved the "Bonus Payload" challenge
| Number of Scenarios | 2 | Total Duration | 11s |
| Total Number of Test Cases | 2 | Fastest Test | 5s |
| Number of Manual Test Cases | 0 | Slowest Test | 5s |
| Tests Started | Jul 04, 2025 13:41:35 | Average Execution Time | 5s |
| Tests Finished | Jul 04, 2025 13:41:46 | Total Execution Time | 10s |
| feature | Scenario | Context | Steps | Started | Total Duration | Result |
|---|---|---|---|---|---|---|
| Juice Shop is susceptible to XSS attacks | Haxxor injects HTML into the search input | 3 | 13:41:35 | 5s 781ms | ||
| Juice Shop is susceptible to XSS attacks | Haxxor can inject a payload into the page | 2 | 13:41:41 | 5s 196ms |