The idea is that when the Red Boxes go Green, the vulnerability is fixed.
The web/IE automationis done using WatiN with detection for popup-windows (i.e. the XSS alert).
The fuzz payloads come from FuzzDB and are used to give the target developer multiple examples of the XSS payloads that he/she needs to mitigate (this is much better then the current practice of only providing one XSS example, which tends to promote the 'fix by making the exploit not work' practice)
Here is the UnitTest Code.
