Browser validation for 0 false-positive

[Chandra158]

Hi @ItsIgnacioPortal, Thanks for keeping XSStrike alive.
I recently found this and want to use for a project. However, getting some false-positives. Looking at the commit history, I found some additional validation which was removed later.

Is your feature request related to a problem? Please describe.

To eliminate false-positives, is it possible to support browser validation ?
In the abandoned XSStrike repo, I see that it was added but then removed later. (not sure why)

Describe the solution you'd like

IMU and also from the above mentioned commits, this might work :

• for each success attack vector, try the actual attack in a headless browser
• check if we can get an alert, if yes it's a success (if not, there's high chance that it could be a false positive)