In short Stored (persistent) XSS: Filtered Reflected (non-persistent) XSS DOM-Based: Partial In tag: No In Javascript: No In [tag] parameter: Filtered In HTML: Filtered HTTP Response Splitting: No* * HTTP Response Splitting can used to switch XSS filter of via X-XSS-Protection header. |