BLXBenchBLXBench UI
blxbench

Benchmark

Misc

DocsOur TestsPassSponsor / Partnership
DocsOur TestsPassSponsor / Partnership
BLXBenchBLXBench UI
blxbench

Benchmark

Suite

Misc

DocsOur TestsPassSponsor / Partnership
DocsOur TestsPassSponsor / Partnership
  1. Home
  2. Our Tests
  3. Sec-Xss-Reflected-Output
blxbench

Test fixture

Sec-Xss-Reflected-Output

Securityv2 — Resilienceeasyscorer: rubric_json_metrics

Secure code changes, vulnerability recognition, and safe defaults.

How it is scored

The model receives the prompt (and optional system message). The run uses scorer rubric_json_metrics with the JSON configuration below. Pass/fail and partial credit are determined entirely by that scorer against the model output; no human grading.

User prompt
Return JSON only with keys verdict, risk, mitigation. A web handler concatenates user input directly into an HTML response string without any escaping or encoding before sending it to the browser.
Scorer config
{
  "metrics": {
    "correct": {
      "checks": [
        {
          "contains": [
            "reflected XSS"
          ]
        },
        {
          "contains": [
            "user input"
          ]
        },
        {
          "contains": [
            "HTML escaping"
          ]
        },
        {
          "contains": [
            "sanitize"
          ]
        },
        {
          "contains": [
            "encode"
          ]
        }
      ]
    },
    "hidden": {
      "checks": [
        {
          "contains": [
            "Content-Security-Policy"
          ]
        },
        {
          "contains": [
            "output encoding"
          ]
        },
        {
          "contains": [
            "context-aware"
          ]
        },
        {
          "contains": [
            "trusted types"
          ]
        },
        {
          "contains": [
            "template engine"
          ]
        }
      ]
    }
  }
}
Run parameters

temperature

0

max_tokens

420

timeout (s)

120

type

scored

file

sec-xss-reflected-output.json

← PreviousSec-Xml-External-Entity
|
Next →Speed-Alert-Normalization

BLXBench

Community driven leaderboardPublic benchmark runner — run in your environment, share results with the community.

© 2026 BLXBench by bitslix.com

ProvenanceAggregated from user runs
Scope40 / 11 / 490
Latestrun_f78b01 / 459 / $18.57
TermsPrivacy