id: addeventlistener-detect

info:
  name: AddEventlistener detection
  author: yavolo
  severity: info
  tags: xss
  reference: https://portswigger.net/web-security/dom-based/controlling-the-web-message-source

requests:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers:
      - type: word
        words:
          - 'window.addEventListener('
        part: body