XSS detection models are vulnerable to adversarial attacks, yet existing mutation-based evasion techniques suffer from limited systematization and poor reproducibility. To address this, we propose the first deep reinforcement learning (DRL)-driven iterative adversarial attack framework specifically designed for XSS detectors. Our method first decouples XSS payloads into semantic components and defines a component-level mutation action space; second, it introduces an XSS Oracle mechanism to ensure generated samples are both syntactically valid and semantically realistic, thereby eliminating validity threats; third, it establishes a standardized evaluation paradigm to enhance experimental rigor and reproducibility. Extensive experiments on state-of-the-art deep-learning-based XSS detectors demonstrate an average evasion rate of 96.2%, substantially outperforming baseline approaches. This work reveals the promise of DRL in generating structured web attacks and establishes a novel, principled paradigm for evaluating adversarial robustness of XSS detection systems.

Cross-site scripting (XSS) poses a significant threat to web application security. While Deep Learning (DL) has shown remarkable success in detecting XSS attacks, it remains vulnerable to adversarial attacks due to the discontinuous nature of its input-output mapping. These adversarial attacks employ mutation-based strategies for different components of XSS attack vectors, allowing adversarial agents to iteratively select mutations to evade detection. Our work replicates a state-of-the-art XSS adversarial attack, highlighting threats to validity in the reference work and extending it toward a more effective evaluation strategy. Moreover, we introduce an XSS Oracle to mitigate these threats. The experimental results show that our approach achieves an escape rate above 96% when the threats to validity of the replicated technique are addressed.