External URL in XSS test cases

In order to test for XSS vulnerabilities via an Electron application running locally, this project should not use external, out of end-user control XSS payloads hosted on third-party services such as the one present in xss.html.

XSSTRON/xss.html

Line 26 in 02ab3e7

var ujs1 = `///xsstron.herokuapp.com/x.php`

XSSTRON/xssp.html

Line 27 in 02ab3e7

var ujs1 = `///qrsha.000webhostapp.com/xsstron.php`

I control this domains and there isn't any thing to worry about you can change them to your URL, source code of the file is:

<?php

header("Content-Type: application/javascript");
function cors() {
    
    if (isset($_SERVER['HTTP_ORIGIN'])) {

        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
    }
    
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");         
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    
        exit(0);
    }
    
    echo "javascript:top.pinghost(1)//<img src=x onerror=top.pinghost(1)>";
}

cors();
?>