From d5211f0a0f33ef18dafcc5447dde40c4c51c8e80 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Mon, 17 Feb 2014 06:45:38 -0800
Subject: [PATCH] Added detectXSS operator.

---
 Reference-Manual.mediawiki | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki
index dd5474d..0f39a9b 100644
--- a/Reference-Manual.mediawiki
+++ b/Reference-Manual.mediawiki
@@ -3523,6 +3523,17 @@ Your site has a wide '''select'''ion of computers.
 SecRule REQUEST_URI "@detectSQLi" "id:152"
 </pre>
 
+== detectXSS == 
+'''Description:''' Returns true if XSS injection is found. This operator uses LibInjection to detect XSS attacks.
+
+'''Version:''' This functionality is under testing. Currently the code is hosted under the branch: [https://github.com/SpiderLabs/ModSecurity/tree/libinject_detect_xss libinject_detect_xss].
+
+'''Example:'''
+<pre>
+# Detect XSS Injection inside request body 
+SecRule REQUEST_BODY "\@detectXSS" "id:12345,log,deny"
+</pre>
+
 == endsWith == 
 '''Description:''' Returns true if the parameter string is found at the end of the input. Macro expansion is performed on the parameter string before comparison.