clientIp} attempted XSS attack in field {$this->field}"; $context = ExceptionContext::forOperation('security.xss_detection', 'Security') ->withData([ 'client_ip' => $this->clientIp, 'field' => $this->field, 'pattern' => $this->pattern, 'xss_type' => $this->xssType, 'value_length' => strlen($this->originalValue), 'event_identifier' => "security_xss_attempt:{$this->clientIp},{$this->field}", 'category' => 'input_validation', 'requires_alert' => true, // XSS-Versuche erfordern immer Alerts ]) ->withDebug([ 'sanitized_value' => $this->sanitizeValueForLog($this->originalValue), ]) ->withMetadata([ 'security_event' => true, 'owasp_compliant' => true, 'log_level' => 'ERROR', 'attack_type' => 'xss', 'critical_security_event' => true, ]); parent::__construct( message: $message, context: $context, code: 400, // Bad Request previous: $previous, errorCode: SecurityErrorCode::XSS_DETECTED ); } // === Factory Methods für verschiedene XSS-Patterns === public static function scriptTag(string $clientIp, string $field, string $value): self { return new self($clientIp, $field, '