tests/security/test_xss.py

import requests


def test_xss_registration():
    url = "http://127.0.0.1:8000/api/v1/insightfy/register"
    payload = {
        "email": "<script>alert('XSS')</script>",
        "mobile": "+14155552671",
        "name": "Test User"
    }
    response = requests.post(url, json=payload)
    assert "<script>alert('XSS')</script>" not in response.text, "XSS vulnerability detected!"