InformAction Forums

I could be wrong about this question or idea. XSS can be an issue when utilizing payment links within a website. I gather the link could be malicious and send payment info to someone other than you'd wish. Would element properties 8 assist in determining the link itself?
Element Properties 8
My understanding is element properties will reveal the destinating url via context menu.

Looks like that feature is built into SeaMonkey, so I've played with it a bit, and yes it reveals a link's href but you can't always tell if a URL is malicious just by looking at it.

Also, since you're probably allowing JS on the pages you're using to submit the payment/info, it's possible for links to change their destination URL or load additional (malicious) pages only when you're clicking on them, and "Properties" doesn't help you determine whether that will happen.

Firefox has element inspectors built-in too.

I'm not sure what kind of page flow you're describing here, but if you're worried about a shop sending payment info to someone other than eg Paypal, then XSS is not the issue. That's a simple matter of whether you trust the person you're doing business with.

The situation where you need to worry about XSS is when you're logged into a sensitive site, like Amazon, and then some other site you visit, perhaps completely unrelated, is able to send a request that will cause their own JavaScript to run on Amazon. Thus allowing them to make you buy the attacker's products, etc.