With the new regime of server-side JavaScript frameworks such as Node.js, and advanced client-side JavaScript frameworks such as Backbone.js, XSS attacks are more dangerous than ever. This talk demonstrates a new method in automatically discovering XSS vulnerabilities that leverages PhantomJS, a headless, scriptable web browser, and Burp Suite Pro, a leading tool for any web application security consultant. xssValidator is a tool we have released to combine the functionality of Burp Suite Pro, and PhantomJS to take the headache out of validating potential XSS vulnerabilities by executing the page response within PhantomJS, and hooking suspicious javascript functions. These tools are completely open source, and available to anyone.