ym/xss-demo-server.js

## xss-demo-server.js
var http = require('http')
  , qs   = require('querystring');

http.createServer(function (req, res) {
	try {
		res.writeHead(200, {'Content-Type': 'text/html'});

		if (req.method == 'POST') {
			var result = '';

			req.on('data', function(chunk) {
				result += chunk.toString();
			});

			req.on('end', function() {
				result = qs.parse(result)['name'];

				res.end('<h2>XSS Demo Page</h2><form method="post" action="/xss"><label>Name: <input type="text" name="name" value="' + result + '" /></label><script>alert("Hello ' + result + '");</script><input type="submit" value="Submit" /></form>\n');
			});
		} else {
			res.end('<h2>XSS Demo Page</h2><form method="post" action="/xss"><label>Name: <input type="text" name="name" /></label><input type="submit" value="Submit" /></form>\n');
		}
	} catch(e) {
		console.error(e);
	}

}).listen(1234);

console.log('Server running at http://127.0.0.1:1234/');
	var http = require('http')
	, qs = require('querystring');

	http.createServer(function (req, res) {
	try {
	res.writeHead(200, {'Content-Type': 'text/html'});

	if (req.method == 'POST') {
	var result = '';

	req.on('data', function(chunk) {
	result += chunk.toString();
	});

	req.on('end', function() {
	result = qs.parse(result)['name'];

	res.end('<h2>XSS Demo Page</h2><form method="post" action="/xss"><label>Name: <input type="text" name="name" value="' + result + '" /></label><script>alert("Hello ' + result + '");</script><input type="submit" value="Submit" /></form>\n');
	});
	} else {
	res.end('<h2>XSS Demo Page</h2><form method="post" action="/xss"><label>Name: <input type="text" name="name" /></label><input type="submit" value="Submit" /></form>\n');
	}
	} catch(e) {
	console.error(e);
	}

	}).listen(1234);

	console.log('Server running at http://127.0.0.1:1234/');